Ejemplo n.º 1
0
 public static function Login()
 {
     $DB = GetDB();
     self::$authenticated = false;
     self::$superuser = false;
     self::$username = null;
     $cookie_settings = self::GetCookieSettings();
     if (isset($_REQUEST[self::FIELD_USERNAME])) {
         if (String::IsEmpty($_REQUEST[self::FIELD_USERNAME])) {
             self::$error = 'The username field was left blank';
             return;
         }
         if (String::IsEmpty($_REQUEST[self::FIELD_PASSWORD])) {
             self::$error = 'The password field was left blank';
             return;
         }
         $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=? AND `password`=?', array($_REQUEST[self::FIELD_USERNAME], sha1($_REQUEST[self::FIELD_PASSWORD])));
         if (!$account) {
             self::$error = 'The supplied username/password combination is not valid';
             return;
         } else {
             $session = sha1(uniqid(rand(), true));
             $DB->Update('INSERT INTO `tbx_administrator_session` VALUES (?,?,?,?,?)', array($account['username'], $session, sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR'], time()));
             $DB->Update('INSERT INTO `tbx_administrator_login_history` VALUES (?,?,?)', array($account['username'], Database_MySQL::Now(), $_SERVER['REMOTE_ADDR']));
             setcookie(self::COOKIE_NAME, self::FIELD_USERNAME . '=' . urlencode($account['username']) . '&' . self::FIELD_SESSION . '=' . urlencode($session), $_REQUEST[self::FIELD_REMEMBER] ? time() + self::SESSION_LENGTH : null, $cookie_settings['path'], $cookie_settings['domain']);
             self::$username = $account['username'];
             self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
             self::$privileges = $account['privileges'];
             self::$authenticated = true;
         }
     } else {
         if (isset($_COOKIE[self::COOKIE_NAME])) {
             $cookie = array();
             parse_str($_COOKIE[self::COOKIE_NAME], $cookie);
             $DB->Update('DELETE FROM `tbx_administrator_session` WHERE `timestamp` < ?', array(time() - self::SESSION_LENGTH));
             $session = $DB->Row('SELECT * FROM `tbx_administrator_session` WHERE `username`=? AND `session`=? AND `browser`=? AND `ip_address`=?', array($cookie[self::FIELD_USERNAME], $cookie[self::FIELD_SESSION], sha1($_SERVER['HTTP_USER_AGENT']), $_SERVER['REMOTE_ADDR']));
             if (!$session) {
                 setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
                 self::$error = 'Your control panel session has expired';
                 return;
             } else {
                 $account = $DB->Row('SELECT * FROM `tbx_administrator` WHERE `username`=?', array($session['username']));
                 if (!$account) {
                     setcookie(self::COOKIE_NAME, false, time() - self::SESSION_LENGTH, $cookie_settings['path'], $cookie_settings['domain']);
                     self::$error = 'Invalid control panel account';
                     return;
                 } else {
                     self::$username = $account['username'];
                     self::$superuser = $account['type'] == self::TYPE_SUPERUSER;
                     self::$privileges = $account['privileges'];
                     self::$authenticated = true;
                 }
             }
         }
     }
     return self::$authenticated;
 }