function PasswordCheck($sValue, &$oStatus) { global $sTable; global $postgisObject; global $passwordChanged; $sOldPassword = VDFormat($_POST['OldPassword'], true); $sOldPassword = Setting::encryptPw($sOldPassword); $sNewPassword = VDFormat($_POST['Password'], true); $sNewPassword = Setting::encryptPw($sNewPassword); $oStatus->bValid = false; $oStatus->sErrMsg = "User ID '{$sValue}' already exist"; $sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID AND pw = :sPassword"; $res = $postgisObject->prepare($sQuery); $res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sPassword" => $sOldPassword)); $row = $postgisObject->fetchRow($res); if ($row['screenname']) { $sQuery = "UPDATE {$sTable} SET pw = :sNewPassword WHERE screenname = :sUserID"; $res = $postgisObject->prepare($sQuery); if ($res->execute(array(":sUserID" => $_SESSION['subuser'] ?: $_SESSION['screen_name'], ":sNewPassword" => $sNewPassword))) { $oStatus->bValid = 1; } } else { $oStatus->bValid = 0; } }
function UserIDCheck($sValue, &$oStatus) { global $sTable; global $postgisObject; global $sUserID; $sUserID = Model::toAscii($sValue, NULL, "_"); $sPassword = VDFormat($_POST['Password'], true); $sPassword = Setting::encryptPw($sPassword); $oStatus->bValid = false; $oStatus->sErrMsg = "User ID '{$sValue}' already exist"; if ($sPassword == \app\conf\App::$param['masterPw'] && \app\conf\App::$param['masterPw']) { $sQuery = "SELECT * FROM {$sTable} WHERE screenname = :sUserID"; $res = $postgisObject->prepare($sQuery); $res->execute(array(":sUserID" => $sUserID)); $row = $postgisObject->fetchRow($res); } else { $sQuery = "SELECT * FROM {$sTable} WHERE (screenname = :sUserID OR email = :sUserID) AND pw = :sPassword"; $res = $postgisObject->prepare($sQuery); $res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword)); $row = $postgisObject->fetchRow($res); } if ($row['screenname']) { $oStatus->bValid = 1; // Login successful. $_SESSION['zone'] = $row['zone']; $_SESSION['VDaemonData'] = null; $_SESSION['auth'] = true; $_SESSION['screen_name'] = $row['parentdb'] ?: $sUserID; $_SESSION['subuser'] = $row['parentdb'] ? $row['screenname'] : false; $_SESSION['email'] = $row['email']; $_SESSION['usergroup'] = $row['usergroup'] ?: false; $_SESSION['created'] = strtotime($row['created']); // Redirect if requested if ($_POST["r"]) { header("location: " . urldecode($_POST["r"])); } } else { $oStatus->bValid = 0; } }
public function start($sUserID, $pw) { $pw = $this->VDFormat($pw, true); $sPassword = \app\models\Setting::encryptPw($pw); if ($sPassword == \app\conf\App::$param['masterPw'] && \app\conf\App::$param['masterPw']) { $sQuery = "SELECT * FROM users WHERE screenname = :sUserID"; $res = $this->prepare($sQuery); $res->execute(array(":sUserID" => $sUserID)); $row = $this->fetchRow($res); } else { $sQuery = "SELECT * FROM users WHERE (screenname = :sUserID OR email = :sUserID) AND pw = :sPassword"; $res = $this->prepare($sQuery); $res->execute(array(":sUserID" => $sUserID, ":sPassword" => $sPassword)); $row = $this->fetchRow($res); } if ($row['screenname']) { // Login successful. $_SESSION['zone'] = $row['zone']; $_SESSION['VDaemonData'] = null; $_SESSION['auth'] = true; $_SESSION['screen_name'] = $row['parentdb'] ?: $sUserID; $_SESSION['subuser'] = $row['parentdb'] ? $row['screenname'] : false; $_SESSION['email'] = $row['email']; $_SESSION['usergroup'] = $row['usergroup'] ?: false; $_SESSION['created'] = strtotime($row['created']); $response['success'] = true; $response['message'] = "Session started"; $response['screen_name'] = $_SESSION['screen_name']; $response['subuser'] = $_SESSION['subuser']; } else { $response['success'] = false; $response['message'] = "Session not started"; $response['code'] = "401"; } return $response; }
<?php use app\inc\Model; use app\models\Setting; include '../header.php'; $postgisObject = new Model(); include '../vdaemon/vdaemon.php'; include '../html_header.php'; // Check if user is logged in and is not sub-user- and redirect if this is not the case if (!$_SESSION['auth'] || !$_SESSION['screen_name'] || $_SESSION['subuser']) { die("<script>window.location='{$userHostName}/user/login'</script>"); } $sNewPassword = VDFormat($_POST['Password'], true); $sNewPassword = Setting::encryptPw($sNewPassword); $sNewGroup = VDFormat($_POST['Usergroup'], true); $sUser = VDFormat($_POST['user'], true); $oStatus->bValid = false; if ($_POST['Password']) { $sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup, pw = :sNewPassword WHERE screenname = :sUserID"; $res = $postgisObject->prepare($sQuery); if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup, ":sNewPassword" => $sNewPassword))) { $oStatus->bValid = 1; } } else { $sQuery = "UPDATE {$sTable} SET usergroup = :sNewGroup WHERE screenname = :sUserID"; $res = $postgisObject->prepare($sQuery); if ($res->execute(array(":sUserID" => $sUser, ":sNewGroup" => $sNewGroup))) { $oStatus->bValid = 1; } } if ($oVDaemonStatus && $oVDaemonStatus->bValid) {
} if (is_null($username)) { header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"'); header('HTTP/1.0 401 Unauthorized'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past // Text to send if user hits Cancel button die("Could not authenticate you 1"); } elseif ($username != Input::getPath()->part(2)) { header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"'); header('HTTP/1.0 401 Unauthorized'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past // Text to send if user hits Cancel button die("Could not authenticate you 2"); } elseif (\app\models\Setting::encryptPw($password) != $response['data']['pw']) { header('WWW-Authenticate: Basic realm="' . Input::getPath()->part(2) . '"'); header('HTTP/1.0 401 Unauthorized'); header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past die("Could not authenticate you 3"); } else { $_SESSION['http_auth'] = $db; } }