$code = ""; $clen = strlen($chars) - 1; while (strlen($code) < $length) { $code .= $chars[mt_rand(0, $clen)]; } return $code; } $sessionProvider = ProviderFactory::getSessions(null); if ($action == "logoff") { $sessionProvider->closeSession($ticket); $ticket = ''; } else { if ($action = "logon") { $userProvider = new XmlUsersDB(); if ($userProvider->checkUser($usr, $psw)) { $ticket = getUserHash(); $sessionProvider->setSession($usr, $ticket); } } } $_SESSION["ticket"] = $ticket; $authorizedUser = $sessionProvider->getAuthorizedUser($ticket); $userProvider = ProviderFactory::getUsers(); $authorizedUserName = $userProvider->getUserName($authorizedUser); if ($ticket == '') { ?> <div id="authorizationPanel"> <form action="logon.php" method="post"> <div><span class="local" ar-locale-id="login">Логин</span>: <input type="text" name="tbLogin"/></div> <div><span class="local" ar-locale-id="password">Пароль</span>: <input type="password" name="tbPassword"/></div>
<?php session_start(); require_once dirname(__FILE__) . DIRECTORY_SEPARATOR . '../../config/constants.php'; require_once dirname(__FILE__) . DS . '../../src/connection.php'; require_once dirname(__FILE__) . DS . '../../src/protectCSRF.php'; if ($_POST) { extract($_POST); $token = isset($token) ? $token : null; $email = isset($email) ? $email : null; $senha = isset($senha) ? $senha : null; checkTokenIsValid($token); $email = antiInjection($email); $senha = antiInjection($senha); //Recupera senha criptografada (HASH) $hash = getUserHash($email); //Verifica se senha digitada é válida no banco //Tem que ser um array $dataPasswordVerify = ['email' => $email, 'senha' => $senha, 'hash' => $hash]; if (passwordCheck($dataPasswordVerify) === false) { header('Location: ' . SITE_URL . 'index.php'); } else { header('Location: ' . SITE_URL . 'dashboard.php'); } } else { header('Location: ' . SITE_URL . 'index.php'); } /** * Função para verificar se a senha digitada é a correta * e verifica se houve alteração no algoritmo de HASH do PHP * Caso positívo altera o algoritmo de HASH
<?php require_once 'functions.php'; if (!isset($_POST['submitted'])) { echo "GET OUT!"; } else { $userNameOrEmail = $_POST['userName']; $userPass = $_POST['userPassword']; $hash = getUserHash($userNameOrEmail); $passwordMatch = password_verify($userPass, $hash); if ($passwordMatch) { $userData = getUserData($userNameOrEmail); $token = array("user_id" => $userData['user_id'], "permissions" => $userData['group_id'], "iat" => time(), "exp" => time() + 14 * 24 * 60 * 60, "iss" => BASE_URL, "uip" => $_SERVER['REMOTE_ADDR']); $key = getSessionKey(); $jwt = JWT::encode($token, $key, 'HS256'); setUserToken($userData['user_id'], $jwt); $userData['session_token'] = $jwt; $_SESSION['userData'] = $userData; header("Location: ."); } else { header("Location: ./login?err=invalid"); } }
$params["user_id"] = $DB->sanitize($_REQUEST["user_id"]); // End Parameters // Get all Reports in range $sql = "SELECT * from orders join contacts on orders.contact_id = contacts.contact_id where order_status_id = 5 AND DateCompleted >= '" . $params["startDate"] . "' AND DateCompleted <= '" . $params["endDate"] . "' ORDER BY order_id"; $result = $DB->query($sql); if (!$result) { $DB->close(); echo "No Sales Found in that Date Range"; exit; } $orders = array(); while ($orderRow = mysql_fetch_assoc($result)) { $orders[$orderRow["order_id"]] = $orderRow; } // Get All Users $users = getUserHash($DB); $orderHash = buildOrdersByUsersHash($DB, $users, $orders); $user_id = $params["user_id"]; // Build Order Hash by User $highestEarned = 0; foreach ($orderHash as $userHash) { $commTotal = 0; $bonusTotal = 0; $adjustmentTotal = 0; foreach ($userHash["commissions"] as $comm) { $commTotal += $comm["commission"]; $adjustmentTotal += $comm["adjustment"]; } $total = $commTotal + $bonusTotal + $adjustmentTotal; $firephp->log("Total: " . $total . " Highest: " . $highestEarned); if ($total > $highestEarned) {
function checkUserHash($username, $hash) { $stored_hash = getUserHash($username); if ($hash == $stored_hash) { return true; } else { return false; } }