public function auth(&$view = null, $SESSINFO, $auth_datasource, $loginerror = null) { if (isset($_POST[_USERNAME_NAME_]) && isset($_POST[_PASS_NAME_])) { $db = dataSource::getDataSource($this->auth_datasource, 'db_inc'); $columns = implode(', ', $SESSINFO); $str = 'SELECT ' . $columns . ' FROM ' . _DB_PF_ . _USER_TABLE_ . ' WHERE ' . _USERNAME_ . ' = ? AND ' . _PASS_ . ' = ?'; if (defined('_AUTH_ENC_')) { $enc = _AUTH_ENC_; $password = $enc($_POST[_PASS_NAME_]); } else { $password = $_POST[_PASS_NAME_]; } $result = $db->query($str, array($_POST[_USERNAME_NAME_], $password)); if ($CRD = $result->fetch()) { foreach ($SESSINFO as $key) { $_SESSION[_SESS_MY_KEY_][$key] = $CRD[$key]; } $str = "UPDATE " . _DB_PF_ . _USER_TABLE_ . " SET last_login = now() WHERE id = ?"; $db->update($str, array($CRD['id'])); $str = "SELECT DATE_FORMAT(last_login, '%Y/%m/%d %k:%i') AS last_login FROM " . _DB_PF_ . _USER_TABLE_ . " WHERE id = ?"; $LL = $db->query($str, array($CRD['id']))->fetch(); $_SESSION[_SESS_MY_KEY_]['last_login'] = $LL['last_login']; return $_SESSION[_SESS_MY_KEY_][_LANG_NAME_]; } else { $this->showLogin($view, $loginerror[_DEFAULT_LANG_]); } } else { $this->showLogin($view); } }
public function auth(&$view = null, $SESSINFO, $auth_datasource) { if (!$_SERVER['PHP_AUTH_DIGEST']) { $headers = getallheaders(); if ($headers['Authorization']) { $_SERVER['PHP_AUTH_DIGEST'] = $headers['Authorization']; } } if ($_SERVER['PHP_AUTH_DIGEST']) { // Checking up the content of PHP_AUTH_DIGEST $needed_parts = array('nonce' => true, 'nc' => true, 'cnonce' => true, 'qop' => true, 'username' => true, 'uri' => true, 'response' => true); $data = array(); $matches = array(); preg_match_all('/(\\w+)=("([^"]+)"|([a-zA-Z0-9=.\\/\\_-]+))/', $_SERVER['PHP_AUTH_DIGEST'], $matches, PREG_SET_ORDER); foreach ($matches as $m) { if ($m[3]) { $data[$m[1]] = $m[3]; } else { $data[$m[1]] = $m[4]; } unset($needed_parts[$m[1]]); } if ($needed_parts) { $data = array(); } $columns = implode(', ', $SESSINFO); $db = dataSource::getDataSource($this->auth_datasource, 'db_inc'); $str = 'select ' . $columns . ' from ' . _DB_PF_ . _USER_TABLE_ . ' where ' . _USERNAME_ . ' = ?'; $result = $db->query($str, array($data['username'])); $db->close(); if ($CRD = $result->fetch()) { $A1 = md5($data['username'] . ':' . _DIGEST_REALM_ . ':' . $CRD[_PASS_]); $A2 = md5($_SERVER['REQUEST_METHOD'] . ':' . $data['uri']); $valid_response = md5($A1 . ':' . $data['nonce'] . ':' . $data['nc'] . ':' . $data['cnonce'] . ':' . $data['qop'] . ':' . $A2); if ($data['response'] != $valid_response) { unset($_SERVER['PHP_AUTH_DIGEST']); } else { foreach ($SESSINFO as $key) { if ($key == _PASS_) { continue; } $_SESSION[_SESS_MY_KEY_][$key] = $CRD[$key]; } return $_SESSION[_SESS_MY_KEY_][_LANG_NAME_]; } } } $this->print_auth_header(); showError::haltOnError(_DIGEST_FAILED_TXT_); exit; }
public function connectDB() { $this->db = dataSource::getDataSource('dbConnecter', 'db_inc'); }