PHP Secure::check Examples

Programming Language: PHP

Class/Type: Secure

Method/Function: check

Examples at hotexamples.com: 1

PHP Secure::check - 1 examples found. These are the top rated real world PHP examples of Secure::check extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

bdd(12)

userExists(2)

getHash(2)

connect(2)

csrf_checknredir(2)

do_hash(2)

sign(1)

session_start(1)

secureGlobals(1)

saveHash(1)

salt(1)

pathFile(1)

open(1)

make(1)

_getconnect_ok(1)

getConnect(1)

_session_start_on(1)

frmlock_checknredir(1)

csrf_generate(1)

createResponse(1)

createRequest(1)

closeConnect(1)

check(1)

frmlock_generate(1)

Example #1

Show file

File: account.php Project: superwow/cms

 public static function userCheck($ACP = false)
 {
     global $CURUSER, $AUTH_DB, $DB, $CORE;
     //If we are not logged in empty the session meaning logout
     if (!isset($_SESSION['uid']) || !isset($_SESSION['pass'])) {
         return;
     }
     //get the user id if set
     $id = 0 + (int) $_SESSION['uid'];
     //empty session if there is no id or the passhash is incorrect length
     if (!$id || strlen($_SESSION['pass']) != 40) {
         return;
     }
     //get the column names for table accounts
     $columns = CORE_COLUMNS::get('accounts');
     //Select accounts_more
     $res = $AUTH_DB->prepare("SELECT * FROM `" . $columns['self'] . "` WHERE `" . $columns['id'] . "` = :id LIMIT 1");
     $res->bindParam(':id', $id, PDO::PARAM_INT);
     $res->execute();
     $row = $res->fetch();
     unset($res);
     //If user with that ID actually exists else empty session
     if (!$row) {
         $_SESSION = array();
         return;
     }
     //check user pass
     if (strtolower($_SESSION['pass']) !== strtolower($row['sha_pass_hash'])) {
         $_SESSION = array();
         return;
     }
     //if this is check for the admin panel
     if ($ACP) {
         $perms = new Permissions($row[$columns['id']]);
         //check if the account is allowed
         if (!$perms->IsAllowedToUseACP()) {
             $_SESSION = array();
             return;
         }
         //save the permission object
         $CURUSER->setPermissionsObject($perms);
     }
     //let's add some security to the session
     $ss = new Secure();
     $ss->cb = true;
     $ss->cib = 2;
     //if the session is stolen we empty it
     if (!$ss->check()) {
         unset($ss);
         $_SESSION = array();
         return;
     }
     unset($ss);
     //find the webiste record
     $res = $DB->prepare("SELECT * FROM `account_data` WHERE `id` = :id LIMIT 1");
     $res->bindParam(':id', $id, PDO::PARAM_INT);
     $res->execute();
     $webRow = $res->fetch(PDO::FETCH_ASSOC);
     unset($res);
     //create new translated row
     $newRow['id'] = $row[$columns['id']];
     $newRow['username'] = $row[$columns['username']];
     $newRow['shapasshash'] = $row[$columns['shapasshash']];
     $newRow['lastip'] = $row[$columns['lastip']];
     $newRow['lastlogin'] = $row[$columns['lastlogin']];
     $newRow['flags'] = $row[$columns['flags']];
     $newRow['email'] = $row[$columns['email']];
     $newRow['joindate'] = $row[$columns['joindate']];
     $newRow['recruiter'] = $row[$columns['recruiter']];
     //merge the website row with the newly made auth row
     if ($webRow) {
         $newRow = array_merge($newRow, $webRow);
     }
     //set the CMS database accounts_more record of this user
     $CURUSER->setrecord($newRow);
     //free the result and unset the row
     unset($row);
     unset($newRow);
     //if the session is not tagged as logged we do so
     if (!isset($_SESSION['logged'])) {
         $_SESSION['logged'] = '1';
     }
 }