Exemple #1
0
/**
 * Log the user in
 * @param uname the name of the user logging in
 * @param pass the password of the user logging in
 * @param whether or not to remember this login
 * @returns bool
 * @return true if the user successfully logged in, false otherwise
 */
function pnUserLogIn($uname, $pass, $rememberme)
{
    list($dbconn) = pnDBGetConn();
    $pntable = pnDBGetTables();
    if (!pnUserLoggedIn()) {
        // Get user information
        $userscolumn =& $pntable['users_column'];
        $userstable = $pntable['users'];
        $query = "SELECT {$userscolumn['uid']},\n                         {$userscolumn['pass']}\n                  FROM {$userstable}\n                  WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
        $result = $dbconn->Execute($query);
        if ($result->EOF) {
            return false;
        }
        list($uid, $realpass) = $result->fields;
        $result->Close();
        // Confirm that passwords match
        if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
            return false;
        }
        // Set user session information (new table)
        $sessioninfocolumn =& $pntable['session_info_column'];
        $sessioninfotable = $pntable['session_info'];
        $query = "UPDATE {$sessioninfotable}\n                  SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n                  WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
        $dbconn->Execute($query);
        // Set session variables
        pnSessionSetVar('uid', (int) $uid);
        if (!empty($rememberme)) {
            pnSessionSetVar('rememberme', 1);
        }
    }
    return true;
}
/**
 * Log the user in
 *
 * @param uname $ the name of the user logging in
 * @param pass $ the password of the user logging in
 * @param whether $ or not to remember this login if not set false
 * @return bool true if the user successfully logged in, false otherwise
 */
function pnUserLogIn($uname, $pass, $rememberme = false)
{
    $uname = isset($uname) ? $uname : '';
    if (!pnVarValidate($uname, 'uname') || !isset($pass)) {
        return false;
    }
    if (!pnUserLoggedIn()) {
        // get the database connection
        $dbconn =& pnDBGetConn(true);
        $pntable =& pnDBGetTables();
        // Get user information
        $userscolumn =& $pntable['users_column'];
        $userstable = $pntable['users'];
        $query = "SELECT {$userscolumn['uid']},\n                         {$userscolumn['pass']}\n                  FROM {$userstable}\n                  WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
        $result =& $dbconn->Execute($query);
        if ($result->EOF) {
            return false;
        }
        list($uid, $realpass) = $result->fields;
        $result->Close();
        // check if we need to create a session
        if (!session_id()) {
            // Start session
            if (!pnSessionSetup()) {
                die('Session setup failed');
            }
            if (!pnSessionInit()) {
                die('Session initialisation failed');
            }
        }
        // Confirm that passwords match
        if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
            return false;
        }
        // Set user session information (new table)
        $sessioninfocolumn =& $pntable['session_info_column'];
        $sessioninfotable = $pntable['session_info'];
        $query = "UPDATE {$sessioninfotable}\n                  SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n                  WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
        $dbconn->Execute($query);
        // Set session variables
        pnSessionSetVar('uid', (int) $uid);
        if (!empty($rememberme)) {
            pnSessionSetVar('rememberme', 1);
        }
        // now we've logged in the permissions previously calculated are invalid
        $GLOBALS['authinfogathered'] = 0;
    }
    return true;
}
//Connect to the database
if (($sql = connectToDatabase()) == false) {
    loginFail();
}
//Does the user exist?
$query = "SELECT * FROM user WHERE username='******'";
//Run query
if (!($queryResult = mysqli_query($sql, $query))) {
    loginFail();
}
if (mysqli_num_rows($queryResult) != 1) {
    loginFail();
}
$userInfo = mysqli_fetch_assoc($queryResult);
//We now have the user info.. check password to verify
if (!comparePasswords($userInfo["password"], $pswd)) {
    loginFail();
}
//Copy the userId into a session variable
$_SESSION["userid"] = $userInfo["userid"];
//Success! Login in to the lobby.
loginSuccess();
//---------------------------------------------
//Returns direction of pages to login page
//---------------------------------------------
function loginFail()
{
    //Close the sql connection
    mysqli_close($sql);
    //Update session info
    $_SESSION['invalidArguments'] = true;