function validateUser($username = '', $password = '')
{
global $db;
if (!$username || !$password) {
return $this->responseXML('10', SOAP_NO_USER_PW, 'error');
}
// This portion is specific to the application database name, fields and password validation methods
// validate user with db (call validation function)
$result = $db->Execute("SELECT admin_pass FROM " . TABLE_USERS . " WHERE admin_name='{$username}'");
if ($result->RecordCount() == 0) {
return $this->responseXML('11', SOAP_USER_NOT_FOUND, 'error');
}
if (!pw_validate_password($password, $result->fields['admin_pass'])) {
return $this->responseXML('12', SOAP_PASSWORD_NOT_FOUND, 'error');
}
return true;
// if both the username and password are correct
}
} elseif ($enc_key) {
if (!pw_validate_encrypt($enc_key)) {
$error = $messageStack->add(ERROR_WRONG_ENCRYPT_KEY, 'error');
}
}
if (!$error) {
$_SESSION['admin_encrypt'] = $enc_key;
$messageStack->add(GEN_ENCRYPTION_KEY_SET, 'success');
}
break;
case 'encrypt_key':
validate_security($security_level, 4);
$old_key = db_prepare_input($_POST['old_encrypt_key']);
$new_key = db_prepare_input($_POST['new_encrypt_key']);
$new_key_confirm = db_prepare_input($_POST['new_encrypt_confirm']);
if (defined('ENCRYPTION_VALUE') && !pw_validate_password($old_key, ENCRYPTION_VALUE)) {
$error = $messageStack->add(ERROR_OLD_ENCRYPT_NOT_CORRECT, 'error');
}
if (strlen($new_key) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = $messageStack->add(sprintf(ENTRY_PASSWORD_NEW_ERROR, ENTRY_PASSWORD_MIN_LENGTH), 'error');
}
if ($new_key != $new_key_confirm) {
$error = $messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
}
if (!$error) {
write_configure('ENCRYPTION_VALUE', pw_encrypt_password($new_key));
$messageStack->add(GEN_ENCRYPTION_KEY_CHANGED, 'success');
}
break;
default:
}
// the mfg signoff is required and present
$sql = "select admin_pass from " . TABLE_USERS . " where admin_id = '" . $user_mfg . "'";
$result = $db->Execute($sql);
if (!pw_validate_password($pw_mfg, $result->fields['admin_pass'])) {
$error = true;
$messageStack->add(WO_MFG_PASSWORD_BAD, 'error');
} else {
$sql_data_array['mfg_id'] = $user_mfg;
$sql_data_array['mfg_date'] = date('Y-m-d H:i:s');
}
}
if (isset($_POST['user_qa']) && $user_qa > 0) {
// the qa signoff is required and present
$sql = "select admin_pass from " . TABLE_USERS . " where admin_id = '" . $user_qa . "'";
$result = $db->Execute($sql);
if (!pw_validate_password($pw_qa, $result->fields['admin_pass'])) {
$error = true;
$messageStack->add(WO_QA_PASSWORD_BAD, 'error');
} else {
$sql_data_array['qa_id'] = $user_qa;
$sql_data_array['qa_date'] = date('Y-m-d H:i:s');
}
}
if (isset($_POST['data_value'])) {
if ($data_value == '') {
$error = true;
$messageStack->add(WO_DATA_VALUE_BLANK, 'error');
} else {
$sql_data_array['data_value'] = $data_value;
}
}
}
if (!$error) {
$_SESSION['admin_encrypt'] = $enc_key;
$messageStack->add(GEN_ENCRYPTION_KEY_SET, 'success');
}
break;
case 'encrypt_key':
if ($security_level < 4) {
$messageStack->add_session(ERROR_NO_PERMISSION, 'error');
gen_redirect(html_href_link(FILENAME_DEFAULT, gen_get_all_get_params(array('action')), 'SSL'));
break;
}
$old_key = db_prepare_input($_POST['old_encrypt_key']);
$new_key = db_prepare_input($_POST['new_encrypt_key']);
$new_key_confirm = db_prepare_input($_POST['new_encrypt_confirm']);
if (ENCRYPTION_VALUE && !pw_validate_password($old_key, ENCRYPTION_VALUE)) {
$error = true;
$messageStack->add(ERROR_OLD_ENCRYPT_NOT_CORRECT, 'error');
}
if (strlen($new_key) < ENTRY_PASSWORD_MIN_LENGTH) {
$error = true;
$messageStack->add(ENTRY_PASSWORD_NEW_ERROR, 'error');
}
if ($new_key != $new_key_confirm) {
$error = true;
$messageStack->add(ENTRY_PASSWORD_NEW_ERROR_NOT_MATCHING, 'error');
}
if (!$error) {
$db->Execute("update " . TABLE_CONFIGURATION . " set configuration_value = '" . pw_encrypt_password($new_key) . "' \r\n\t\twhere configuration_key = 'ENCRYPTION_VALUE'");
$messageStack->add(GEN_ENCRYPTION_KEY_CHANGED, 'success');
}