Beispiel #1
0
 public function user_login($p_username, $p_password)
 {
     $json_result = array("success" => true, "iduser" => -1, "username" => "N/A", "fullname" => "", "error_msg" => "");
     if (empty($p_username) || empty($p_password)) {
         $json_result["error_msg"] .= "Error, please fill username and password.";
         $json_result["success"] = false;
     }
     if ($json_result["success"]) {
         $qry_count_str = "SELECT COUNT(`iduser`)\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t    AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
         $qry_sel_str = "SELECT *\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t    AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
         $res_count = $this->db_link->query($qry_count_str);
         if ($res_count != false) {
             $fa_count = $res_count->fetch(PDO::FETCH_NUM);
             if ($fa_count[0] == 1) {
                 $res_sel = $this->db_link->query($qry_sel_str);
                 if ($res_sel != false) {
                     $fa_sel = $res_sel->fetch(PDO::FETCH_ASSOC);
                     $json_result["success"] = true;
                     $json_result["iduser"] = $fa_sel["iduser"];
                     $json_result["username"] = $fa_sel["username"];
                     $json_result["fullname"] = $fa_sel["fullname"];
                     bsession_life(SESSION_PATH);
                     $_SESSION[SESSION_NAME]["iduser"] = $fa_sel["iduser"];
                     $_SESSION[SESSION_NAME]["username"] = $fa_sel["username"];
                     $_SESSION[SESSION_NAME]["fullname"] = $fa_sel["fullname"];
                 } else {
                     $json_result["success"] = false;
                     $tmp_error = $res_sel->errorInfo();
                     $json_result["error_msg"] = "Error:" . $tmp_error[2];
                 }
             } else {
                 $json_result["success"] = false;
                 $json_result["error_msg"] = "Username/password is invalid. Please try again.";
             }
         } else {
             $json_result["success"] = false;
             $tmp_error = $res_count->errorInfo();
             $json_result["error_msg"] = "Error:" . $tmp_error[2];
         }
     }
     return json_encode($json_result);
 }
Beispiel #2
0
     $username = $bfurn_db->quote(strtolower($_REQUEST["username"]));
     $password = $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD));
     $iduser_group = $_REQUEST["iduser_group"];
     $fullname = $bfurn_db->quote($_REQUEST["fullname"]);
     $email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]);
     $qry_ins = "INSERT INTO `user`(`username`,`password`,iduser_group,email,fullname)\n\t\t\tVALUES({$username},{$password},{$iduser_group},{$email},{$fullname})";
     echo json_encode($OBCrud->create($qry_ins));
     break;
 case "read":
     $qry_sel = "SELECT u.iduser,u.username, ug.`name` AS groupname, u.iduser_group, u.fullname, u.email\n\t\t\tFROM `user` u\n\t\t\tLEFT JOIN `user_group` ug\n\t\t\t\tON(u.iduser_group = ug.iduser_group)";
     echo json_encode($OBCrud->read($qry_sel));
     break;
 case "update":
     $iduser = $_REQUEST["iduser"];
     $username = $bfurn_db->quote(strtolower($_REQUEST["username"]));
     $password = empty($_REQUEST["password"]) ? '' : $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD));
     $iduser_group_old = $_REQUEST["iduser_group_old"];
     $iduser_group = $_REQUEST["iduser_group"];
     $fullname = $bfurn_db->quote($_REQUEST["fullname"]);
     $email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]);
     //BEGIN DELETE privilege_user_revoke FIRST===================================
     if ($iduser_group_old != $iduser_group) {
         $qry_del = "DELETE FROM privilege_user_revoke WHERE iduser={$iduser}";
         $ret_del = $OBCrud->destroy($qry_del);
         if (!$ret_del["success"]) {
             echo json_encode($ret_del);
             break;
         }
     }
     //END DELETE privilege_user_revoke FIRST*****************************
     $set_qry = "SET `username`={$username}, `iduser_group`={$iduser_group}, `fullname`={$fullname}, email={$email}";