Exemple #1
0
function checkAuth()
{
    global $accessLevel;
    $error = '';
    global $connection;
    if (is_resource($connection)) {
        if (isset($_COOKIE['USER'], $_COOKIE['PWD']) && $_COOKIE['USER'] != '' && $_COOKIE['PWD'] != '') {
            $result = mysql_query("SELECT * FROM users WHERE user = '******'USER']) . "' AND pwd = '" . mysql_real_escape_string($_COOKIE['PWD']) . "' LIMIT 1;") or die(mysql_error());
            if (mysql_num_rows($result) > 0) {
                $row = mysql_fetch_object($result);
                $accessLevel = $row->access_level;
                $return = true;
            } else {
                setcookie('USER', '1', time() - 3600);
                setcookie('PWD', '1', time() - 3600);
            }
        } elseif (isset($_POST['login'], $_POST['pwd'])) {
            $result = mysql_query("SELECT * FROM users WHERE user = '******'login']) . "' AND pwd = '" . mysql_real_escape_string(md5($_POST['pwd'])) . "' LIMIT 1;") or die(mysql_error());
            if (mysql_num_rows($result) > 0) {
                $row = mysql_fetch_assoc($result);
                $accessLevel = $row['access_level'];
                setcookie('USER', $row['user']);
                setcookie('PWD', $row['pwd']);
                //header('Location: index.php');
                $return = true;
            } else {
                $error .= "User name or password is incorrect<br />";
            }
        }
        if (isset($return)) {
            return adjustMySqlDb($return);
        }
    } else {
        $error .= "The connection is lost<br />";
    }
    renderAuthForm($error, $_POST);
    exit;
}
Exemple #2
0
<?php 
if (!isset($connection)) {
    include "pos-dbc.php";
}
adjustMySqlDb();
function checkAuth($post = false)
{
    $multiply = 1;
    $keeptime = is_numeric($post) ? (double) $post : 30;
    if (!empty($_REQUEST['vtime'])) {
        $keeptime = (double) $_REQUEST['vtime'];
    }
    if (!empty($_REQUEST['vmult'])) {
        $multiply = (double) $_REQUEST['vmult'];
    }
    $keeptime = $keeptime * $multiply;
    $post = is_numeric($post) ? false : $post;
    $isAjax = isset($_SERVER['HTTP_X_REQUESTED_WITH']) ? trim($_SERVER['HTTP_X_REQUESTED_WITH']) : '';
    global $operator, $accessLevel;
    $accessLevel = 1;
    if (strtolower($isAjax) != 'xmlhttprequest' && (count($_POST) == 0 && !$post || $post)) {
        if (!$post && !empty($_COOKIE['noauth'])) {
            $cdata = json_decode(base64_decode($_COOKIE['noauth']));
            $operator = $cdata->name;
            $accessLevel = $cdata->level;
            //setcookie('noauth', $_COOKIE['noauth'], time()+$keeptime, '/');
        } else {
            if (isset($_REQUEST['vcode'])) {
                $opcode = mysql_query("SELECT * FROM employee WHERE vcode='{$_REQUEST['vcode']}' AND ifnull(ended,99999999999)>=" . time() . " ORDER BY id LIMIT 0,1");
                if (mysql_num_rows($opcode) > 0) {
                    $opdata = mysql_fetch_assoc($opcode);