function doLogin($username, $password)
{
$correctLogin = false;
$errMsgId = 1;
//Look for username row
$result = preparedStmt("SELECT id, username, level, enabled, failed_logins, password, salt FROM users WHERE username=?", array("s", "{$username}"));
$userData = $result ? $result[0] : 0;
//If username exists
if ($userData) {
$userId = $userData['id'];
$pwHash = hash('sha256', $password . "{" . $userData['salt'] . "}");
//If account is disabled - send error
if (!$userData['enabled']) {
$errMsgId = 2;
} else {
if ($userData['password'] == $pwHash) {
$correctLogin = true;
$level = $userData['level'];
//'Remember me' checkbox - http://tycoontalk.freelancer.com/php-forum/47470-tip-passwords-security-remember-me.html
if ($_POST['rememberme']) {
$cookieHash = hash('sha256', $userData['password'] . "{" . $userData['salt'] . "}");
//Hash of pw hash+salt
$expire = time() + 7776000;
//90 days
setcookie('sg_timesheetUN', $userData['username'], $expire, "/");
//Make available from root
setcookie('sg_timesheetPW', $cookieHash, $expire, "/");
}
}
}
//Log failed attempts & disable account after 10 wrong tries
if (!$correctLogin && $userData['enabled']) {
$failedLogins = $userData['failed_logins'] + 1;
if ($failedLogins > 9) {
$result = preparedStmt("UPDATE users SET enabled=0 WHERE id=?", array("i", $userId));
}
$result = preparedStmt("UPDATE users SET failed_logins={$failedLogins} WHERE id=?", array("i", $userId));
}
}
// Successful - Flatten incorrect logins and start session
if ($correctLogin) {
$result = preparedStmt("UPDATE users SET failed_logins=0 WHERE id=?", array("s", $userId));
createUserSession($userData['username'], $level);
}
return array("success" => $correctLogin, "msgId" => $errMsgId);
}
<?php
session_start();
if (!isset($_SESSION["username"])) {
$isRememberedLogin = "";
//Test for remember me cookie
if (isset($_COOKIE['sg_timesheetUN'], $_COOKIE['sg_timesheetPW'])) {
$username = $_COOKIE['sg_timesheetUN'];
//Look for username row
$result = preparedStmt("SELECT username, password, level, enabled, salt FROM users WHERE username=?", array("s", $username));
$userData = $result ? $result[0] : 0;
if ($userData) {
if ($userData['enabled']) {
$cookieHash = hash('sha256', $userData['password'] . "{" . $userData['salt'] . "}");
//Hash of pw hash+salt
if ($cookieHash == $_COOKIE['sg_timesheetPW']) {
$isRememberedLogin = true;
createUserSession($username, $userData['level']);
}
}
}
}
if (!$isRememberedLogin) {
$_SESSION["deniedURL"] = getPageURL();
header("Location:login_page.php");
exit;
}
}
$description = isset($data->description) ? $data->description : "";
$jobnum = isset($data->jobnum) ? $data->jobnum : "";
$client = isset($data->client) ? $data->client : "";
$contact = isset($data->contact) ? $data->contact : "";
$total_mins = isset($data->total_mins) ? $data->total_mins : "";
$complete = isset($data->complete) ? $data->complete : "";
$status = isset($data->status) ? $data->status : "";
if ($action == "edit") {
if (intval($id) < 100) {
//If id < 100, it's a temp id so a new row
//Row is new
$result = preparedStmt("INSERT INTO timesheet (who,date_timestamp,time_start,time_end,description,jobnum,client,contact,total_mins,complete,last_change,status) VALUES (?,?,?,?,?,?,?,?,?,?,NOW(),1)", array("sisssissii", $who, $date_timestamp, $time_start, $time_end, $description, $jobnum, $client, $contact, $total_mins, $complete));
$newId = mysqli_insert_id($mysqli);
//Get last index created
$newIds[$id] = $newId;
//Save for updating front end
} else {
//Row already exists
$result = preparedStmt("UPDATE timesheet SET who=?,date_timestamp=?,time_start=?,time_end=?,description=?,jobnum=?,client=?,contact=?,total_mins=?,complete=?,last_change=NOW(),status=? WHERE id=?", array("sisssissiiii", $who, $date_timestamp, $time_start, $time_end, $description, $jobnum, $client, $contact, $total_mins, $complete, $status, $id));
}
}
if ($action == "remove") {
//Soft delete only - sets status to 0
if (intval($id) > 99) {
//Less than 100 is temp ids for new rows
$result = preparedStmt("UPDATE timesheet SET status=0 WHERE id=?", array("i", $id));
}
}
}
$retArray = array("status" => $result ? 1 : 0, "newIds" => $newIds);
echo json_encode($retArray);
include "../config/settings.php";
include "db_connect.php";
include "utils.php";
include "test_login_user.php";
$loggedInUser = $_SESSION["username"];
$numRows = $_GET['numrows'];
$showDeleted = $_GET['showdeleted'];
$selectStmt = "SELECT id,who,date_timestamp,time_start,time_end,description,jobnum,client,contact,total_mins,complete,status FROM timesheet ";
if ($_SESSION["level"] == "administrator") {
//Admins get everyone's entries
if ($showDeleted) {
$entries = preparedStmt($selectStmt . "ORDER BY date_timestamp DESC LIMIT ?", array("i", $numRows));
} else {
$entries = preparedStmt($selectStmt . "WHERE status=1 ORDER BY date_timestamp DESC LIMIT ?", array("i", $numRows));
}
} else {
if ($showDeleted) {
$entries = preparedStmt($selectStmt . "WHERE who=? ORDER BY date_timestamp DESC LIMIT ?", array("si", $loggedInUser, $numRows));
} else {
$entries = preparedStmt($selectStmt . "WHERE who=? AND status=1 ORDER BY date_timestamp DESC LIMIT ?", array("si", $loggedInUser, $numRows));
}
}
$sep = "";
$returnStr = "[";
foreach ($entries as $i => $row) {
$returnStr .= $sep . json_encode($row);
$sep = ",";
}
$returnStr .= "]";
echo $returnStr;
