public function checkCredentials($username, $password)
{
// A UserID of 0 from the database indicates that the username/password pair
// could not be found in the database
$userID = 0;
$digest = '';
try {
$dbh = DatabaseHelpers::getDatabaseConnection();
// Build a prepared statement that looks for a row containing the given
// username/password pair
$stmt = $dbh->prepare('SELECT UserID, Password FROM Users WHERE ' . 'Username=:username ' . 'LIMIT 1');
$stmt->bindParam(':username', $username, PDO::PARAM_STR);
$success = $stmt->execute();
// If results were returned from executing the MySQL command, we
// have found the user
if ($success) {
// Ensure provided password matches stored hash
$userData = $stmt->fetch();
$digest = $userData['Password'];
if (crypt($password, $digest) == $digest) {
$userID = $userData['UserID'];
}
}
$dbh = null;
} catch (PDOException $e) {
$userID = 0;
$digest = '';
}
return array($userID, $username, $digest);
}
function checkLoggedIn($page)
{
$loginDiv = '';
$action = '';
if (isset($_POST['action'])) {
$action = stripslashes($_POST['action']);
}
session_start();
// Check if we're already logged in, and check session information against cookies
// credentials to protect against session hijacking
if (isset($_COOKIE['project-name']['userID']) && crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], $_COOKIE['project-name']['secondDigest']) == $_COOKIE['project-name']['secondDigest'] && (!isset($_COOKIE['project-name']['username']) || isset($_COOKIE['project-name']['username']) && Users::checkCredentials($_COOKIE['project-name']['username'], $_COOKIE['project-name']['digest']))) {
// Regenerate the ID to prevent session fixation
session_regenerate_id();
// Restore the session variables, if they don't exist
if (!isset($_SESSION['project-name']['userID'])) {
$_SESSION['project-name']['userID'] = $_COOKIE['project-name']['userID'];
}
// Only redirect us if we're not already on a secured page and are not
// receiving a logout request
if (!isSecuredPage($page) && $action != 'logout') {
header('Location: ./');
exit;
}
} else {
// If we're not already the login page, redirect us to the login page
if ($page != Page::LOGIN) {
header('Location: login.php');
exit;
}
}
// If we're not already logged in, check if we're trying to login or logout
if ($page == Page::LOGIN && $action != '') {
switch ($action) {
case 'login':
$userData = Users::checkCredentials(stripslashes($_POST['login-username']), stripslashes($_POST['password']));
if ($userData[0] != 0) {
$_SESSION['project-name']['userID'] = $userData[0];
$_SESSION['project-name']['ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['project-name']['userAgent'] = $_SERVER['HTTP_USER_AGENT'];
if (isset($_POST['remember'])) {
// We set a cookie if the user wants to remain logged in after the
// browser is closed
// This will leave the user logged in for 168 hours, or one week
setcookie('project-name[userID]', $userData[0], time() + 3600 * 168);
setcookie('project-name[username]', $userData[1], time() + 3600 * 168);
setcookie('project-name[digest]', $userData[2], time() + 3600 * 168);
setcookie('project-name[secondDigest]', DatabaseHelpers::blowfishCrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], 10), time() + 3600 * 168);
} else {
setcookie('project-name[userID]', $userData[0], false);
setcookie('project-name[username]', '', false);
setcookie('project-name[digest]', '', false);
setcookie('project-name[secondDigest]', DatabaseHelpers::blowfishCrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], 10), time() + 3600 * 168);
}
header('Location: ./');
exit;
} else {
$loginDiv = '<div id="login-box" class="error">The username or password ' . 'you entered is incorrect.</div>';
}
break;
// Destroy the session if we received a logout or don't know the action received
// Destroy the session if we received a logout or don't know the action received
case 'logout':
default:
// Destroy all session and cookie variables
$_SESSION = array();
setcookie('project-name[userID]', '', time() - 3600 * 168);
setcookie('project-name[username]', '', time() - 3600 * 168);
setcookie('project-name[digest]', '', time() - 3600 * 168);
setcookie('project-name[secondDigest]', '', time() - 3600 * 168);
// Destory the session
session_destroy();
$loginDiv = '<div id="login-box" class="info">Thank you. Come again!</div>';
break;
}
}
return $loginDiv;
}
public function getPanel()
{
$this->disabled = TRUE;
$s = '';
$h = 'htmlSpecialChars';
foreach ($this->queries as $i => $query) {
list($sql, $params, $time, $rows, $connection, $source) = $query;
$explain = NULL;
// EXPLAIN is called here to work SELECT FOUND_ROWS()
if ($this->explain && preg_match('#\\s*\\(?\\s*SELECT\\s#iA', $sql)) {
try {
$cmd = is_string($this->explain) ? $this->explain : 'EXPLAIN';
$explain = $connection->queryArgs("{$cmd} {$sql}", $params)->fetchAll();
} catch (PDOException $e) {
}
}
$s .= '<tr><td>' . sprintf('%0.3f', $time * 1000);
if ($explain) {
static $counter;
$counter++;
$s .= "<br /><a href='#' class='nette-toggler' rel='#nette-DbConnectionPanel-row-{$counter}'>explain ►</a>";
}
$s .= '</td><td class="nette-DbConnectionPanel-sql">' . DatabaseHelpers::dumpSql(self::$maxLength ? Strings::truncate($sql, self::$maxLength) : $sql);
if ($explain) {
$s .= "<table id='nette-DbConnectionPanel-row-{$counter}' class='nette-collapsed'><tr>";
foreach ($explain[0] as $col => $foo) {
$s .= "<th>{$h($col)}</th>";
}
$s .= "</tr>";
foreach ($explain as $row) {
$s .= "<tr>";
foreach ($row as $col) {
$s .= "<td>{$h($col)}</td>";
}
$s .= "</tr>";
}
$s .= "</table>";
}
if ($source) {
$s .= DebugHelpers::editorLink($source[0], $source[1])->class('nette-DbConnectionPanel-source');
}
$s .= '</td><td>';
foreach ($params as $param) {
$s .= Debugger::dump($param, TRUE);
}
$s .= '</td><td>' . $rows . '</td></tr>';
}
return empty($this->queries) ? '' : '<style> #nette-debug td.nette-DbConnectionPanel-sql { background: white !important }
#nette-debug .nette-DbConnectionPanel-source { color: #BBB !important } </style>
<h1>Queries: ' . count($this->queries) . ($this->totalTime ? ', time: ' . sprintf('%0.3f', $this->totalTime * 1000) . ' ms' : '') . '</h1>
<div class="nette-inner nette-DbConnectionPanel">
<table>
<tr><th>Time ms</th><th>SQL Statement</th><th>Params</th><th>Rows</th></tr>' . $s . '
</table>
</div>';
}
/**
* Displays complete result set as HTML table for debug purposes.
* @return void
*/
public function dump()
{
DatabaseHelpers::dumpResult($this);
}
