Ejemplo n.º 1
0
function session_verify_fingerprint()
{
    if (empty($_SESSION["userid"])) {
        return false;
    }
    return $_SESSION["fingerprint"] == session_create_fingerprint();
}
Ejemplo n.º 2
0
if (!empty($_SESSION["userid"])) {
    header("Location: {$successpage}");
} elseif ($_SERVER['REQUEST_METHOD'] == "POST") {
    if (!empty($_POST["username"]) && !empty($_POST["password"])) {
        $dbh = db_connect();
        $sql = "SELECT id, \"user\", hash, salt, name, admin FROM users WHERE \"user\" = :username";
        $sth = $dbh->prepare($sql, array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
        $sth->execute(array(":username" => $_POST["username"]));
        $data = $sth->fetch(PDO::FETCH_ASSOC);
        if ($data && hash("sha256", $_POST["password"] . $data["salt"]) == $data["hash"]) {
            $_SESSION["userid"] = $data["id"];
            $_SESSION["username"] = $data["user"];
            $_SESSION["usernick"] = $data[$data["name"] ? "name" : "user"];
            $_SESSION["useradmin"] = $data["admin"];
            $_SESSION["salt"] = hash("sha256", $_SERVER["REQUEST_TIME"]);
            $_SESSION["fingerprint"] = session_create_fingerprint();
            if (array_key_exists("redirectto", $_GET)) {
                header("Location: " . rawurldecode($_GET["redirectto"]));
            } elseif (array_key_exists("backto", $_SESSION)) {
                header("Location: " . $_SESSION["backto"]);
            } elseif (array_key_exists("HTTP_REFERER", $_SERVER)) {
                header("Location: " . rawurldecode($_SERVER["HTTP_REFERER"]));
            } else {
                header("Location: {$successpage}");
            }
        } else {
            $error = _("Incorrect username or password");
            error_log("[" . date('d/M/Y:H:i:s O') . "] authentication failure: [client: " . $_SERVER['REMOTE_ADDR'] . "] [user: "******"]\n", 3, "/var/log/taxidi.log");
        }
    } else {
        $error = _("Form not completed");