コード例 #1
0
ファイル: Uthando.php プロジェクト: shaunfreeman/Uthando-CMS
 private function getAuthorize()
 {
     if (isset($_SESSION['user_id']) && isset($_SESSION['username']) && isset($_SESSION['user_group']) && UthandoUser::checkUser()) {
         // Query the database.
         $row = $this->getResult('user_id, username, user_group', $this->registry->user . 'users', $this->registry->user . 'user_groups', array('where' => 'user_id=' . $_SESSION['user_id'], 'and' => "user_group != 'registered'"), false);
         if ($row) {
             if ($row->username == $_SESSION['username'] && $row->user_id == $_SESSION['user_id'] && $row->user_group == $_SESSION['user_group']) {
                 $this->upid = $this->setUserPermissions($_SESSION['user_group']);
                 if ($this->upid > 0 && $this->upid < 4) {
                     $this->authorized = true;
                 }
             }
         }
     }
 }
コード例 #2
0
ファイル: login.php プロジェクト: shaunfreeman/Uthando-CMS
<?php

// no direct access
defined('PARENT_FILE') or die('Restricted access');
if (UthandoUser::checkUser() && !UthandoUser::authorize()) {
    // Apply form element filters.
    $form->applyFilter('__ALL__', 'escape_data');
    $email = $form->exportValue('email');
    $rand_chars = $_SESSION['rand_chars'];
    unset($_SESSION['rand_chars']);
    foreach ($rand_chars as $key => $value) {
        $password[$value] = $form->exportValue('pwd' . $key);
    }
    // If user exists then login user else display form.
    $sql = $this->registry->db->query("\n\t\tSELECT user_id, CONCAT(first_name, ' ', last_name) AS name, user_group, password, iv\n\t\tFROM " . $this->registry->user . "users\n\t\tNATURAL JOIN " . $this->registry->user . "user_groups\n\t\tWHERE email = :email\n\t\tAND user_group='registered'\n\t", array(':email' => $email));
    $num_rows = count($sql);
    if ($num_rows == 1) {
        // login user.
        $row = $sql[0];
        // decrypt password.
        $decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
        // split the password for checking.
        $decrypted = str_split($decrypted);
        // check password against the characters submitted
        foreach ($password as $key => $value) {
            $pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
        }
        // did it pass?
        $validated = true;
        foreach ($pwd_validate as $value) {
            if (!$value) {
コード例 #3
0
ファイル: login.php プロジェクト: shaunfreeman/Uthando-CMS
<?php

// no direct access
defined('PARENT_FILE') or die('Restricted access');
if (UthandoUser::checkUser() && !$this->authorize()) {
    // Apply form element filters.
    $form->applyFilter('__ALL__', 'escape_data');
    $username = $form->exportValue('username');
    $rand_chars = $_SESSION['rand_chars'];
    unset($_SESSION['rand_chars']);
    foreach ($rand_chars as $key => $value) {
        $password[$value] = $form->exportValue('pwd' . $key);
    }
    // If user exists then login user else display form.
    $row = $this->registry->db->getRow("\n\t\tSELECT user_id, username, user_group, password, iv\n\t\tFROM {$this->registry->user}users\n\t\tNATURAL JOIN {$this->registry->user}user_groups\n\t\tWHERE username='******'\n\t\tAND user_group != 'registered'\n\t");
    $num_rows = count($row);
    if ($num_rows == 1) {
        // decrypt password.
        $decrypted = UthandoUser::decodePassword($row->password, $user_config->get('key', 'cipher'), $row->iv);
        // split the password for checking.
        $decrypted = str_split($decrypted);
        // check password against the characters submitted
        foreach ($password as $key => $value) {
            $pwd_validate[$key] = $value == $decrypted[$key - 1] ? true : false;
        }
        // did it pass?
        $validated = TRUE;
        foreach ($pwd_validate as $value) {
            if (!$value) {
                $validated = FALSE;
            }