private function getAuthorize()
{
if (isset($_SESSION['user_id']) && isset($_SESSION['username']) && isset($_SESSION['user_group']) && UthandoUser::checkUser()) {
// Query the database.
$row = $this->getResult('user_id, username, user_group', $this->registry->user . 'users', $this->registry->user . 'user_groups', array('where' => 'user_id=' . $_SESSION['user_id'], 'and' => "user_group != 'registered'"), false);
if ($row) {
if ($row->username == $_SESSION['username'] && $row->user_id == $_SESSION['user_id'] && $row->user_group == $_SESSION['user_group']) {
$this->upid = $this->setUserPermissions($_SESSION['user_group']);
if ($this->upid > 0 && $this->upid < 4) {
$this->authorized = true;
}
}
}
}
}
<?php
// no direct access
defined('PARENT_FILE') or die('Restricted access');
if (UthandoUser::checkUser() && !UthandoUser::authorize()) {
// Apply form element filters.
$form->applyFilter('__ALL__', 'escape_data');
$email = $form->exportValue('email');
$rand_chars = $_SESSION['rand_chars'];
unset($_SESSION['rand_chars']);
foreach ($rand_chars as $key => $value) {
$password[$value] = $form->exportValue('pwd' . $key);
}
// If user exists then login user else display form.
$sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email));
$num_rows = count($sql);
if ($num_rows == 1) {
// login user.
$row = $sql[0];
// decrypt password.
$decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
// split the password for checking.
$decrypted = str_split($decrypted);
// check password against the characters submitted
foreach ($password as $key => $value) {
$pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
}
// did it pass?
$validated = true;
foreach ($pwd_validate as $value) {
if (!$value) {
<?php
// no direct access
defined('PARENT_FILE') or die('Restricted access');
if (UthandoUser::checkUser() && !$this->authorize()) {
// Apply form element filters.
$form->applyFilter('__ALL__', 'escape_data');
$username = $form->exportValue('username');
$rand_chars = $_SESSION['rand_chars'];
unset($_SESSION['rand_chars']);
foreach ($rand_chars as $key => $value) {
$password[$value] = $form->exportValue('pwd' . $key);
}
// If user exists then login user else display form.
$row = $this->registry->db->getRow("\n\t\tSELECT user_id, username, user_group, password, iv\n\t\tFROM {$this->registry->user}users\n\t\tNATURAL JOIN {$this->registry->user}user_groups\n\t\tWHERE username='******'\n\t\tAND user_group != 'registered'\n\t");
$num_rows = count($row);
if ($num_rows == 1) {
// decrypt password.
$decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
// split the password for checking.
$decrypted = str_split($decrypted);
// check password against the characters submitted
foreach ($password as $key => $value) {
$pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
}
// did it pass?
$validated = TRUE;
foreach ($pwd_validate as $value) {
if (!$value) {
$validated = FALSE;
}
