forked from PecanProject/pecan
/
common.php
130 lines (107 loc) · 2.77 KB
/
common.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
<?php
require("config.php");
# Single shared connection
$pdo=null;
# make sure we do a session start
session_start();
# ----------------------------------------------------------------------
# DATABASE FUNCTIONS
# ----------------------------------------------------------------------
function open_database() {
global $db_bety_hostname;
global $db_bety_username;
global $db_bety_password;
global $db_bety_database;
global $db_bety_type;
global $pdo;
$pdo = new PDO("${db_bety_type}:host=${db_bety_hostname};dbname=${db_bety_database}", $db_bety_username, $db_bety_password);
}
function close_database() {
global $pdo;
$pdo = null;
}
function error_database() {
global $pdo;
$tmp = $pdo->errorInfo();
return $tmp[2];
}
# ----------------------------------------------------------------------
# USER FUNCTIONS
# ----------------------------------------------------------------------
function login($username, $password) {
global $pdo;
if (isset($_SESSION['userid']) && ($username == $_SESSION['userid'])) {
return TRUE;
}
if ($pdo == null) {
open_database();
}
$stmt = $pdo->prepare("SELECT * FROM users WHERE login=?");
if (!$stmt->execute(array($username))) {
die('Invalid query : [' . error_database() . ']' . $pdo->errorInfo());
}
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$stmt->closeCursor();
if (!isset($row['salt'])) {
return FALSE;
}
$digest = encrypt_password($password, $row['salt']);
if ($digest == $row['crypted_password']) {
$_SESSION['userid']=$row['id'];
$_SESSION['username']=$row['name'];
$_SESSION['useraccess']=$row['access_level'];
$_SESSION['userpageaccess']=$row['page_access_level'];
return TRUE;
} else {
return FALSE;
}
}
function encrypt_password($password, $salt) {
global $REST_AUTH_SITE_KEY;
global $REST_AUTH_DIGEST_STRETCHES;
$digest=$REST_AUTH_SITE_KEY;
for($i=0; $i<$REST_AUTH_DIGEST_STRETCHES; $i++) {
$digest=sha1($digest . "--" . $salt . "--" . $password . "--" . $REST_AUTH_SITE_KEY);
}
return $digest;
}
function logout() {
unset($_SESSION['userid']);
unset($_SESSION['username']);
unset($_SESSION['useraccess']);
unset($_SESSION['userpageaccess']);
}
function get_userid() {
if (isset($_SESSION['userid'])) {
return $_SESSION['userid'];
} else {
return -1;
}
}
function check_login() {
return isset($_SESSION['userid']);
}
function get_user_name() {
if (isset($_SESSION['username'])) {
return $_SESSION['username'];
} else {
return FALSE;
}
}
function get_acccess_level() {
global $anonymous_level;
if (isset($_SESSION['useraccess'])) {
return $_SESSION['useraccess'];
} else {
return $anonymous_level;
}
}
function get_page_acccess_level() {
global $anonymous_page;
if (isset($_SESSION['userpageaccess'])) {
return $_SESSION['userpageaccess'];
} else {
return $anonymous_page;
}
}
?>