function checkSMSAccess() { global $db; $username = loadvar('username'); $password = loadvar('password'); $result = $db->selectQuery('select count(*), urid from ' . Config::dbSurvey() . '_users where username=\'' . prepareDatabaseString($username) . '\' and status=1 and aes_decrypt(password, \'' . Config::smsPasswordKey() . '\') = \'' . prepareDatabaseString($password) . '\''); //echo 'select count(*), urid from ' . Config::dbSurvey() . '_users where username="******" and status=1 and aes_decrypt(password, "' . Config::smsPasswordKey() . '") = "' . prepareDatabaseString($password) . '"'; $row = $db->getRow($result); if ($row[0] == 1) { $_SESSION['URID'] = $row['urid']; return true; } else { $logactions = new LogActions(); $logactions->addAction('', '', "loginwrong", USCIC_SMS); } return false; }
static function getSelectQuery() { return '*, aes_decrypt(password, "' . Config::smsPasswordKey() . '") as password '; }
function saveChanges() { global $db; $query = 'UPDATE ' . Config::dbSurvey() . '_users SET '; $query .= 'username = ?, '; $query .= 'name = ?, '; $query .= 'settings = ?, '; $query .= 'password = aes_encrypt(?, "' . Config::smsPasswordKey() . '"), '; $query .= 'filter = ?, '; $query .= 'regionfilter = ?, '; $query .= 'testmode = ?, '; $query .= 'status= ?, '; $query .= 'sup= ?, '; $query .= 'usertype = ?, '; $query .= 'usersubtype = ?, '; $query .= 'access = ?, '; $query .= 'lastdata = ?,'; $query .= 'communication = ? '; $query .= 'WHERE urid = ?'; $bp = new BindParam(); $bp->add(MYSQL_BINDING_STRING, $this->getUsername()); $bp->add(MYSQL_BINDING_STRING, $this->getName()); $bp->add(MYSQL_BINDING_STRING, $this->getSettings()); $bp->add(MYSQL_BINDING_STRING, $this->getPassword()); $bp->add(MYSQL_BINDING_INTEGER, $this->getFilter()); $bp->add(MYSQL_BINDING_INTEGER, $this->getRegionFilter()); $bp->add(MYSQL_BINDING_INTEGER, $this->getTestMode()); $bp->add(MYSQL_BINDING_INTEGER, $this->getStatus()); $bp->add(MYSQL_BINDING_INTEGER, $this->getSupervisor()); $bp->add(MYSQL_BINDING_INTEGER, $this->getUserType()); $bp->add(MYSQL_BINDING_INTEGER, $this->getUserSubType()); $bp->add(MYSQL_BINDING_STRING, $this->getAccess()); $bp->add(MYSQL_BINDING_STRING, $this->getLastData()); $bp->add(MYSQL_BINDING_INTEGER, $this->getCommunication()); $bp->add(MYSQL_BINDING_INTEGER, $this->getUrid()); return $db->executeBoundQuery($query, $bp->get()); }