function userIsLoggedIn() { $user = new ProcessUsers(); if (isset($_POST['action']) and $_POST['action'] == 'login') { if (!isset($_POST['username']) or $_POST['username'] == '' or !isset($_POST['password']) or $_POST['password'] == '') { $GLOBALS['loginError'] = 'Please fill in both fields'; return FALSE; } $password = sha1($_POST['password'] . 'lfiDE3VtFQEK57a2CEupBN6I27B3E5H4'); $userExists = $user->databaseContainsUser($_POST['username'], $password); if ($userExists) { session_start(); $_SESSION['loggedIn'] = TRUE; $_SESSION['username'] = $_POST['username']; $_SESSION['password'] = $password; return TRUE; } else { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['username']); unset($_SESSION['password']); $GLOBALS['loginError'] = 'The specified username address or password was incorrect.'; return FALSE; } } if (isset($_POST['action']) and $_POST['action'] == 'logout') { session_start(); unset($_SESSION['loggedIn']); unset($_SESSION['username']); unset($_SESSION['password']); header('Location: ' . $_POST['goto']); exit; } session_start(); if (isset($_SESSION['loggedIn'])) { $userExists = $user->databaseContainsUser($_SESSION['username'], $_SESSION['password']); return $userExists; } }
<?php require_once $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/modules/users/models/processUsers.php"; require_once $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/includes/helpers.inc.php"; define("ADMIN_PAGEHEADER", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/views/templates/header.html.php"); define("ADMIN_PAGEFOOTER", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/views/templates/footer.html.php"); define("DATABASE", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/includes/db.inc.php"); define("CMS_ERROR", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/views/error.html.php"); define("USERS_LIST", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/modules/users/views/users.html.php"); define("USER_FORM", $_SERVER['DOCUMENT_ROOT'] . "/helpdesk/modules/users/views/form.html.php"); $validateUser = new ProcessUsers(); if (isset($_GET['add'])) { $pageTitle = 'New user'; $action = 'addform'; $name = ''; $password = ''; $login = ''; $email = ''; $authorid = ''; $id = ''; $button = 'Add user'; include_once ADMIN_PAGEHEADER; include_once USER_FORM; include_once ADMIN_PAGEFOOTER; exit; } if (isset($_GET['addform'])) { $data['login'] = $_POST['username']; $data['password'] = $_POST['password']; $data['email'] = $_POST['email']; $data['name'] = $_POST['name'];