Ejemplo n.º 1
0
     $col_user_password_salt_exists = isset($row['user_password_salt']) ? true : false;
     if ($col_user_password_salt_exists) {
         require 'include/passwordhash.inc.php';
         $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '{$user}'";
         $result = cpg_db_query($sql);
         $password_params = $result->fetchAssoc(true);
     }
     if (!$col_user_password_salt_exists || !$password_params['user_password_salt']) {
         $sql = "SELECT user_active FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '{$user}' AND (user_password = '******' OR user_password = '******')";
         $result = cpg_db_query($sql);
         if (!$result->numRows()) {
             //not authenticated, try mysql account details
             html_auth_box('MySQL');
             die;
         }
     } elseif (!cpg_password_validate($pass, $password_params)) {
         //not authenticated, try mysql account details
         html_auth_box('MySQL');
         die;
     }
     //authenticated, do the update
     $_SESSION['auth'] = true;
     start_update();
 } else {
     //try to autenticate via MySQL details (in configuration)
     if ($superCage->post->getEscaped('user') == $CONFIG['dbuser'] && $superCage->post->getEscaped('pass') == $CONFIG['dbpass']) {
         //authenticated, do the update
         $_SESSION['auth'] = true;
         start_update();
     } else {
         //no go, try again
Ejemplo n.º 2
0
 public function login($username = null, $password = null, $remember = false)
 {
     global $CONFIG;
     // Create the session_id from concat(cookievalue,client_id)
     $session_id = $this->session_id . $this->client_id;
     // Check the login method (username, email address or both)
     switch ($CONFIG['login_method']) {
         case 'both':
             $sql_user_email = "(user_name = '{$username}' OR user_email = '{$username}')";
             break;
         case 'email':
             $sql_user_email = "user_email = '{$username}'";
             break;
         case 'username':
         default:
             $sql_user_email = "user_name = '{$username}'";
             break;
     }
     $sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$this->usertable} WHERE {$sql_user_email} AND user_active = 'YES' LIMIT 1";
     $result = $this->query($sql);
     if (!$result->numRows()) {
         return false;
     }
     require 'include/passwordhash.inc.php';
     $password_params = $result->fetchAssoc(true);
     // Check for user in users table
     $sql = "SELECT user_id, user_name, user_password FROM {$this->usertable} WHERE {$sql_user_email} ";
     if (!$password_params['user_password_salt']) {
         $sql .= "AND BINARY user_password = '******'";
     } elseif (!cpg_password_validate($password, $password_params)) {
         return false;
     }
     $sql .= " AND user_active = 'YES' LIMIT 1";
     $result = $this->query($sql);
     if (!$result->numRows()) {
         return false;
     }
     $USER_DATA = $result->fetchAssoc(true);
     // Update lastvisit value and salt password if needed
     $salt_password = !$password_params['user_password_salt'] ? ', ' . cpg_password_create_update_string($password) : '';
     $sql = "UPDATE {$this->usertable} SET user_lastvisit = NOW() {$salt_password} WHERE user_id = {$USER_DATA['user_id']}";
     $this->query($sql);
     // If this is a 'remember me' login set the remember field to true
     if ($remember) {
         $remember_sql = ",remember = '1' ";
         // Change cookie life time to 2 weeks
         if (CPG_COOKIES_ALLOWED) {
             setcookie($this->client_id, $this->session_id, time() + CPG_WEEK * 2, $CONFIG['cookie_path']);
         }
     } else {
         $remember_sql = '';
         // Kill the cookie when closing the browser
         if (CPG_COOKIES_ALLOWED) {
             setcookie($this->client_id, $this->session_id, 0, $CONFIG['cookie_path']);
         }
     }
     // Update guest session with user's information
     $sql = "UPDATE {$this->sessionstable} SET ";
     $sql .= "user_id = {$USER_DATA['user_id']} ";
     $sql .= $remember_sql;
     $sql .= "WHERE session_id = '" . md5($session_id) . "'";
     $this->query($sql);
     return $USER_DATA;
 }