/** * Checks a Security token against the token stored in the users session. */ public static function CheckSecurityToken($token = null) { if ($token == null && Value::SetAndNotNull($_POST, 'securitytoken')) { $token = $_POST['securitytoken']; } return Value::SetAndEqualTo($token, $_SESSION, SECURITY_TOKEN); }
/** * Get the userid from a given username and password hash. * @param string $username The username hash. * @param string $password (optional) The password hash * @return integer The ID for the requested username hash (or 0 if not found) **/ private static function FetchUserId($username, $password = EMPTYSTRING) { $result = 0; $sql = EMPTYSTRING; if (Value::SetAndEqualTo(EMPTYSTRING, $password)) { if ($stmt = Database::GetLink()->prepare('SELECT user_id FROM Login WHERE username_hash=?;')) { $stmt->bindParam(1, $username, PDO::PARAM_STR, 255); $stmt->execute(); $stmt->bindColumn(1, $id); $stmt->fetch(); $stmt->closeCursor(); if ($id != null) { $result = $id; } } } else { if ($stmt = Database::GetLink()->prepare('SELECT user_id FROM Login WHERE username_hash=? AND password_hash=?;')) { $stmt->bindParam(1, $username, PDO::PARAM_STR, 255); $stmt->bindParam(2, $password, PDO::PARAM_STR, 255); $stmt->execute(); $stmt->bindColumn(1, $id); $stmt->fetch(); $stmt->closeCursor(); if ($id != null) { $result = $id; } } } return $result; }