function PasswordCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $passwordChanged;
$sOldPassword = VDFormat($_POST['OldPassword'], true);
$sOldPassword = Setting::encryptPw($sOldPassword);
$sNewPassword = VDFormat($_POST['Password'], true);
$sNewPassword = Setting::encryptPw($sNewPassword);
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
$sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID AND pw = :sPassword";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sPassword" => $sOldPassword));
$row = $postgisObject->fetchRow($res);
if ($row['screenname']) {
$sQuery = "UPDATE {$sTable} SET pw = :sNewPassword WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sNewPassword" => $sNewPassword))) {
$oStatus->bValid = 1;
}
} else {
$oStatus->bValid = 0;
}
}
function UserIDCheck($sValue, &$oStatus)
{
global $sTable;
global $postgisObject;
global $sUserID;
$sUserID = Model::toAscii($sValue, NULL, "_");
$sPassword = VDFormat($_POST['Password'], true);
$sPassword = Setting::encryptPw($sPassword);
$oStatus->bValid = false;
$oStatus->sErrMsg = "User ID '{$sValue}' already exist";
if ($sPassword == \app\conf\App::$param['masterPw'] && \app\conf\App::$param['masterPw']) {
$sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID));
$row = $postgisObject->fetchRow($res);
} else {
$sQuery = "SELECT * FROM {$sTable} WHERE (screenname = :sUserID OR email = :sUserID) AND pw = :sPassword";
$res = $postgisObject->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword));
$row = $postgisObject->fetchRow($res);
}
if ($row['screenname']) {
$oStatus->bValid = 1;
// Login successful.
$_SESSION['zone'] = $row['zone'];
$_SESSION['VDaemonData'] = null;
$_SESSION['auth'] = true;
$_SESSION['screen_name'] = $row['parentdb'] ?: $sUserID;
$_SESSION['subuser'] = $row['parentdb'] ? $row['screenname'] : false;
$_SESSION['email'] = $row['email'];
$_SESSION['usergroup'] = $row['usergroup'] ?: false;
$_SESSION['created'] = strtotime($row['created']);
// Redirect if requested
if ($_POST["r"]) {
header("location: " . urldecode($_POST["r"]));
}
} else {
$oStatus->bValid = 0;
}
}
public function start($sUserID, $pw)
{
$pw = $this->VDFormat($pw, true);
$sPassword = \app\models\Setting::encryptPw($pw);
if ($sPassword == \app\conf\App::$param['masterPw'] && \app\conf\App::$param['masterPw']) {
$sQuery = "SELECT * FROM users WHERE screenname = :sUserID";
$res = $this->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID));
$row = $this->fetchRow($res);
} else {
$sQuery = "SELECT * FROM users WHERE (screenname = :sUserID OR email = :sUserID) AND pw = :sPassword";
$res = $this->prepare($sQuery);
$res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword));
$row = $this->fetchRow($res);
}
if ($row['screenname']) {
// Login successful.
$_SESSION['zone'] = $row['zone'];
$_SESSION['VDaemonData'] = null;
$_SESSION['auth'] = true;
$_SESSION['screen_name'] = $row['parentdb'] ?: $sUserID;
$_SESSION['subuser'] = $row['parentdb'] ? $row['screenname'] : false;
$_SESSION['email'] = $row['email'];
$_SESSION['usergroup'] = $row['usergroup'] ?: false;
$_SESSION['created'] = strtotime($row['created']);
$response['success'] = true;
$response['message'] = "Session started";
$response['screen_name'] = $_SESSION['screen_name'];
$response['subuser'] = $_SESSION['subuser'];
} else {
$response['success'] = false;
$response['message'] = "Session not started";
$response['code'] = "401";
}
return $response;
}
<?php
use app\inc\Model;
use app\models\Setting;
include '../header.php';
$postgisObject = new Model();
include '../vdaemon/vdaemon.php';
include '../html_header.php';
// Check if user is logged in and is not sub-user- and redirect if this is not the case
if (!$_SESSION['auth'] || !$_SESSION['screen_name'] || $_SESSION['subuser']) {
die("<script>window.location='{$userHostName}/user/login'</script>");
}
$sNewPassword = VDFormat($_POST['Password'], true);
$sNewPassword = Setting::encryptPw($sNewPassword);
$sNewGroup = VDFormat($_POST['Usergroup'], true);
$sUser = VDFormat($_POST['user'], true);
$oStatus->bValid = false;
if ($_POST['Password']) {
$sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup, pw = :sNewPassword WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup, ":sNewPassword" => $sNewPassword))) {
$oStatus->bValid = 1;
}
} else {
$sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup WHERE screenname = :sUserID";
$res = $postgisObject->prepare($sQuery);
if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup))) {
$oStatus->bValid = 1;
}
}
if ($oVDaemonStatus && $oVDaemonStatus->bValid) {
}
if (is_null($username)) {
header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"');
header('HTTP/1.0 401 Unauthorized');
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
// Text to send if user hits Cancel button
die("Could not authenticate you 1");
} elseif ($username != Input::getPath()->part(2)) {
header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"');
header('HTTP/1.0 401 Unauthorized');
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
// Text to send if user hits Cancel button
die("Could not authenticate you 2");
} elseif (\app\models\Setting::encryptPw($password) != $response['data']['pw']) {
header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"');
header('HTTP/1.0 401 Unauthorized');
header("Cache-Control: no-cache, must-revalidate");
// HTTP/1.1
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
// Date in the past
die("Could not authenticate you 3");
} else {
$_SESSION['http_auth'] = $db;
}
}
