/**
* Checks a Security token against the token stored in the users session.
*/
public static function CheckSecurityToken($token = null)
{
if ($token == null && Value::SetAndNotNull($_POST, 'securitytoken')) {
$token = $_POST['securitytoken'];
}
return Value::SetAndEqualTo($token, $_SESSION, SECURITY_TOKEN);
}
/**
* Get the userid from a given username and password hash.
* @param string $username The username hash.
* @param string $password (optional) The password hash
* @return integer The ID for the requested username hash (or 0 if not found)
**/
private static function FetchUserId($username, $password = EMPTYSTRING)
{
$result = 0;
$sql = EMPTYSTRING;
if (Value::SetAndEqualTo(EMPTYSTRING, $password)) {
if ($stmt = Database::GetLink()->prepare('SELECT user_id FROM Login WHERE username_hash=?;')) {
$stmt->bindParam(1, $username, PDO::PARAM_STR, 255);
$stmt->execute();
$stmt->bindColumn(1, $id);
$stmt->fetch();
$stmt->closeCursor();
if ($id != null) {
$result = $id;
}
}
} else {
if ($stmt = Database::GetLink()->prepare('SELECT user_id FROM Login WHERE username_hash=? AND password_hash=?;')) {
$stmt->bindParam(1, $username, PDO::PARAM_STR, 255);
$stmt->bindParam(2, $password, PDO::PARAM_STR, 255);
$stmt->execute();
$stmt->bindColumn(1, $id);
$stmt->fetch();
$stmt->closeCursor();
if ($id != null) {
$result = $id;
}
}
}
return $result;
}
