public function user_login($p_username, $p_password)
{
$json_result = array("success" => true, "iduser" => -1, "username" => "N/A", "fullname" => "", "error_msg" => "");
if (empty($p_username) || empty($p_password)) {
$json_result["error_msg"] .= "Error, please fill username and password.";
$json_result["success"] = false;
}
if ($json_result["success"]) {
$qry_count_str = "SELECT COUNT(`iduser`)\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
$qry_sel_str = "SELECT *\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
$res_count = $this->db_link->query($qry_count_str);
if ($res_count != false) {
$fa_count = $res_count->fetch(PDO::FETCH_NUM);
if ($fa_count[0] == 1) {
$res_sel = $this->db_link->query($qry_sel_str);
if ($res_sel != false) {
$fa_sel = $res_sel->fetch(PDO::FETCH_ASSOC);
$json_result["success"] = true;
$json_result["iduser"] = $fa_sel["iduser"];
$json_result["username"] = $fa_sel["username"];
$json_result["fullname"] = $fa_sel["fullname"];
bsession_life(SESSION_PATH);
$_SESSION[SESSION_NAME]["iduser"] = $fa_sel["iduser"];
$_SESSION[SESSION_NAME]["username"] = $fa_sel["username"];
$_SESSION[SESSION_NAME]["fullname"] = $fa_sel["fullname"];
} else {
$json_result["success"] = false;
$tmp_error = $res_sel->errorInfo();
$json_result["error_msg"] = "Error:" . $tmp_error[2];
}
} else {
$json_result["success"] = false;
$json_result["error_msg"] = "Username/password is invalid. Please try again.";
}
} else {
$json_result["success"] = false;
$tmp_error = $res_count->errorInfo();
$json_result["error_msg"] = "Error:" . $tmp_error[2];
}
}
return json_encode($json_result);
}
<?php
require_once '../config.php';
bsession_life(SESSION_PATH);
require_once '../db.php';
require_once '../class/BLogin.php';
require_once '../class/BCrud.php';
$OBLogin = new BLogin($bfurn_db);
$OBLogin->login_protect();
$OBCrud = new BCrud($bfurn_db);
switch ($_REQUEST["section"]) {
case "db_privilege":
switch ($_REQUEST["crud"]) {
case "read":
$qry_sel = "SELECT * FROM `privilege`";
echo json_encode($OBCrud->read($qry_sel));
break;
}
break;
case "user":
switch ($_REQUEST["crud"]) {
case "create":
$username = $bfurn_db->quote(strtolower($_REQUEST["username"]));
$password = $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD));
$iduser_group = $_REQUEST["iduser_group"];
$fullname = $bfurn_db->quote($_REQUEST["fullname"]);
$email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]);
$qry_ins = "INSERT INTO `user`(`username`,`password`,iduser_group,email,fullname)\n\t\t\tVALUES({$username},{$password},{$iduser_group},{$email},{$fullname})";
echo json_encode($OBCrud->create($qry_ins));
break;
case "read":