/**
* Log the user in
* @param uname the name of the user logging in
* @param pass the password of the user logging in
* @param whether or not to remember this login
* @returns bool
* @return true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme)
{
list($dbconn) = pnDBGetConn();
$pntable = pnDBGetTables();
if (!pnUserLoggedIn()) {
// Get user information
$userscolumn =& $pntable['users_column'];
$userstable = $pntable['users'];
$query = "SELECT {$userscolumn['uid']},\n {$userscolumn['pass']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result = $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($uid, $realpass) = $result->fields;
$result->Close();
// Confirm that passwords match
if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
return false;
}
// Set user session information (new table)
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "UPDATE {$sessioninfotable}\n SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
$dbconn->Execute($query);
// Set session variables
pnSessionSetVar('uid', (int) $uid);
if (!empty($rememberme)) {
pnSessionSetVar('rememberme', 1);
}
}
return true;
}
/**
* Log the user in
*
* @param uname $ the name of the user logging in
* @param pass $ the password of the user logging in
* @param whether $ or not to remember this login if not set false
* @return bool true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme = false)
{
$uname = isset($uname) ? $uname : '';
if (!pnVarValidate($uname, 'uname') || !isset($pass)) {
return false;
}
if (!pnUserLoggedIn()) {
// get the database connection
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Get user information
$userscolumn =& $pntable['users_column'];
$userstable = $pntable['users'];
$query = "SELECT {$userscolumn['uid']},\n {$userscolumn['pass']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result =& $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($uid, $realpass) = $result->fields;
$result->Close();
// check if we need to create a session
if (!session_id()) {
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
}
// Confirm that passwords match
if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
return false;
}
// Set user session information (new table)
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "UPDATE {$sessioninfotable}\n SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
$dbconn->Execute($query);
// Set session variables
pnSessionSetVar('uid', (int) $uid);
if (!empty($rememberme)) {
pnSessionSetVar('rememberme', 1);
}
// now we've logged in the permissions previously calculated are invalid
$GLOBALS['authinfogathered'] = 0;
}
return true;
}
//Connect to the database
if (($sql = connectToDatabase()) == false) {
loginFail();
}
//Does the user exist?
$query = "SELECT * FROM user WHERE username='******'";
//Run query
if (!($queryResult = mysqli_query($sql, $query))) {
loginFail();
}
if (mysqli_num_rows($queryResult) != 1) {
loginFail();
}
$userInfo = mysqli_fetch_assoc($queryResult);
//We now have the user info.. check password to verify
if (!comparePasswords($userInfo["password"], $pswd)) {
loginFail();
}
//Copy the userId into a session variable
$_SESSION["userid"] = $userInfo["userid"];
//Success! Login in to the lobby.
loginSuccess();
//---------------------------------------------
//Returns direction of pages to login page
//---------------------------------------------
function loginFail()
{
//Close the sql connection
mysqli_close($sql);
//Update session info
$_SESSION['invalidArguments'] = true;