function usr_create($data) { global $kga, $conn; // find random but unused user id do { $data['usr_ID'] = random_number(9); } while (usr_get_data($data['usr_ID'])); $data = clean_data($data); $values['usr_name'] = MySQL::SQLValue($data['usr_name']); $values['usr_ID'] = MySQL::SQLValue($data['usr_ID'], MySQL::SQLVALUE_NUMBER); $values['usr_grp'] = MySQL::SQLValue($data['usr_grp'], MySQL::SQLVALUE_NUMBER); $values['usr_sts'] = MySQL::SQLValue($data['usr_sts'], MySQL::SQLVALUE_NUMBER); $values['usr_active'] = MySQL::SQLValue($data['usr_active'], MySQL::SQLVALUE_NUMBER); $table = $kga['server_prefix'] . "usr"; $result = $conn->InsertRow($table, $values); if ($result === false) { return false; } else { if (isset($data['usr_rate'])) { if (is_numeric($data['usr_rate'])) { save_rate($usr_id, NULL, NULL, $data['usr_rate']); } else { remove_rate($usr_id, NULL, NULL); } } return $data['usr_ID']; } }
// = authentication method = // ========================= require WEBROOT . 'auth/kimai.php'; $authPlugin = new KimaiAuth(); $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : ''; $banned = false; switch ($action) { case 'login': $name = htmlspecialchars(trim($_REQUEST['name'])); $password = $_REQUEST['password']; // perform login of user if ($authPlugin->authenticate($name, $password, $userId)) { if ($userId === false) { $userId = usr_create(array('usr_name' => $name, 'usr_grp' => $authPlugin->getDefaultGroupId(), 'usr_sts' => 2, 'usr_active' => 1)); } $userData = usr_get_data($userId); if ($userData['ban'] < $kga['conf']['loginTries'] || time() - $userData['banTime'] > $kga['conf']['loginBanTime']) { // logintries not used up OR // bantime is over // => grant access $keymai = random_code(30); setcookie("kimai_key", $keymai); setcookie("kimai_usr", $userData['usr_name']); loginSetKey($userId, $keymai); header("Location: record.php"); } else { // login attempt even though logintries are used up and bantime is not over => deny setcookie("kimai_key", "0"); setcookie("kimai_usr", "0"); loginUpdateBan($userId); $banned = true;
/** * Adds a new user * * @param array $data username, email, and other data of the new user * @global array $kga kimai-global-array * @return boolean true on success, false on failure * @author ob */ function usr_create($data) { global $kga, $pdo_conn; $p = $kga['server_prefix']; // find random but unused user id do { $data['usr_ID'] = random_number(9); } while (usr_get_data($data['usr_ID'])); $data = clean_data($data); $pdo_query = $pdo_conn->prepare("INSERT INTO {$p}usr (\n `usr_ID`,\n `usr_name`,\n `usr_grp`,\n `usr_sts`,\n `usr_active`\n ) VALUES (?, ?, ?, ?, ?)"); $result = $pdo_query->execute(array($data['usr_ID'], $data['usr_name'], $data['usr_grp'], $data['usr_sts'], $data['usr_active'])); if ($result == true) { if (isset($data['usr_rate'])) { if (is_numeric($data['usr_rate'])) { save_rate($usr_id, NULL, NULL, $data['usr_rate']); } else { remove_rate($usr_id, NULL, NULL); } } return $data['usr_ID']; } else { return false; } }