Esempio n. 1
0
 public function user_login($p_username, $p_password)
 {
     $json_result = array("success" => true, "iduser" => -1, "username" => "N/A", "fullname" => "", "error_msg" => "");
     if (empty($p_username) || empty($p_password)) {
         $json_result["error_msg"] .= "Error, please fill username and password.";
         $json_result["success"] = false;
     }
     if ($json_result["success"]) {
         $qry_count_str = "SELECT COUNT(`iduser`)\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t    AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
         $qry_sel_str = "SELECT *\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t    AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD));
         $res_count = $this->db_link->query($qry_count_str);
         if ($res_count != false) {
             $fa_count = $res_count->fetch(PDO::FETCH_NUM);
             if ($fa_count[0] == 1) {
                 $res_sel = $this->db_link->query($qry_sel_str);
                 if ($res_sel != false) {
                     $fa_sel = $res_sel->fetch(PDO::FETCH_ASSOC);
                     $json_result["success"] = true;
                     $json_result["iduser"] = $fa_sel["iduser"];
                     $json_result["username"] = $fa_sel["username"];
                     $json_result["fullname"] = $fa_sel["fullname"];
                     bsession_life(SESSION_PATH);
                     $_SESSION[SESSION_NAME]["iduser"] = $fa_sel["iduser"];
                     $_SESSION[SESSION_NAME]["username"] = $fa_sel["username"];
                     $_SESSION[SESSION_NAME]["fullname"] = $fa_sel["fullname"];
                 } else {
                     $json_result["success"] = false;
                     $tmp_error = $res_sel->errorInfo();
                     $json_result["error_msg"] = "Error:" . $tmp_error[2];
                 }
             } else {
                 $json_result["success"] = false;
                 $json_result["error_msg"] = "Username/password is invalid. Please try again.";
             }
         } else {
             $json_result["success"] = false;
             $tmp_error = $res_count->errorInfo();
             $json_result["error_msg"] = "Error:" . $tmp_error[2];
         }
     }
     return json_encode($json_result);
 }
Esempio n. 2
0
<?php

require_once '../config.php';
bsession_life(SESSION_PATH);
require_once '../db.php';
require_once '../class/BLogin.php';
require_once '../class/BCrud.php';
$OBLogin = new BLogin($bfurn_db);
$OBLogin->login_protect();
$OBCrud = new BCrud($bfurn_db);
switch ($_REQUEST["section"]) {
    case "db_privilege":
        switch ($_REQUEST["crud"]) {
            case "read":
                $qry_sel = "SELECT * FROM `privilege`";
                echo json_encode($OBCrud->read($qry_sel));
                break;
        }
        break;
    case "user":
        switch ($_REQUEST["crud"]) {
            case "create":
                $username = $bfurn_db->quote(strtolower($_REQUEST["username"]));
                $password = $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD));
                $iduser_group = $_REQUEST["iduser_group"];
                $fullname = $bfurn_db->quote($_REQUEST["fullname"]);
                $email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]);
                $qry_ins = "INSERT INTO `user`(`username`,`password`,iduser_group,email,fullname)\n\t\t\tVALUES({$username},{$password},{$iduser_group},{$email},{$fullname})";
                echo json_encode($OBCrud->create($qry_ins));
                break;
            case "read":