/** * Log a user in * * @param string $user User name * @param string $pass Password * @return bool */ function openIdLogin($url) { /* here the openid auth should take place */ try { $openid = new LightOpenID($_SERVER['HTTP_HOST']); if (!$openid->mode) { $openid->identity = $url; header('Location: ' . $openid->authUrl()); } elseif ($openid->mode == 'cancel') { return false; } else { $identity = $openid->data['openid_identity']; $sel1 = $conn->query("SELECT ID from openids WHERE identity='{$identity}'"); if ($row = $sel1->fetch()) { $id = $row['ID']; } else { return false; } // die("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID=$id"); $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE ID={$id}"); $chk = $sel1->fetch(); if ($chk["ID"] != "") { $rolesobj = new roles(); $now = time(); $_SESSION['userid'] = $chk['ID']; $_SESSION['username'] = stripslashes($chk['name']); $_SESSION['lastlogin'] = $now; $_SESSION['userlocale'] = $chk['locale']; $_SESSION['usergender'] = $chk['gender']; $_SESSION["userpermissions"] = $rolesobj->getUserRole($chk["ID"]); $userid = $_SESSION['userid']; $seid = session_id(); $staylogged = getArrayVal($_POST, 'staylogged'); if ($staylogged == 1) { setcookie("PHPSESSID", "{$seid}", time() + 14 * 24 * 3600); } $upd1 = $conn->prepare("UPDATE user SET lastlogin = ? WHERE ID = ?"); $upd1Stmt = $upd1->execute(array($now, $userid)); return true; } else { return false; } } } catch (ErrorException $e) { return false; } }
/** * Log a user in * * @param string $user User name * @param string $pass Password * @return bool */ function login($user, $pass) { global $conn; if (!$user) { return false; } $user = $conn->quote($user); $pass = sha1($pass); $sel1 = $conn->query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = {$user} OR email = {$user}) AND pass = '******'"); $chk = $sel1->fetch(); if ($chk["ID"] != "") { $rolesobj = new roles(); $now = time(); $_SESSION['userid'] = $chk['ID']; $_SESSION['username'] = stripslashes($chk['name']); $_SESSION['lastlogin'] = $now; $_SESSION['userlocale'] = $chk['locale']; $_SESSION['usergender'] = $chk['gender']; $_SESSION["userpermissions"] = $rolesobj->getUserRole($chk["ID"]); $userid = $_SESSION['userid']; $seid = session_id(); $staylogged = getArrayVal($_POST, 'staylogged'); if ($staylogged == 1) { setcookie("PHPSESSID", "{$seid}", time() + 14 * 24 * 3600); } $upd1 = $conn->query("UPDATE user SET lastlogin = '******' WHERE ID = {$userid}"); return true; } else { return false; } }
/** * Log a user in * * @param string $user User name * @param string $pass Password * @return bool */ function login($user, $pass) { if (!$user) { return false; } //fixed by for CS 577 Lab 6 using `prepare` statement //note conn is defined in class.datenbank.php assuming we have access to that we can do this: $stmnt = $conn->prepare("SELECT ID,name,locale,lastlogin,gender FROMuser WHERE (name=? OR email=?) AND pass=?"); $stmnt->bind_param("sss", $user, $user, sha1($pass)); $stmnt->execute(); $stmnt->bind_result($bind_ID, $bind_name, $bind_locale, $bind_lastlogin, $bind_gender); $chk = $stmnt->fetch(); if ($bind_ID != "") { $rolesobj = new roles(); $now = time(); $_SESSION['userid'] = $bind_ID; $_SESSION['username'] = stripslashes($bind_name); $_SESSION['lastlogin'] = $now; $_SESSION['userlocale'] = $bind_locale; $_SESSION['usergender'] = $bind_gender; $_SESSION["userpermissions"] = $rolesobj->getUserRole($bind_ID); $userid = $_SESSION['userid']; $seid = session_id(); $staylogged = getArrayVal($_POST, 'staylogged'); if ($staylogged == 1) { setcookie("PHPSESSID", "{$seid}", time() + 14 * 24 * 3600); } $upd1 = mysql_query("UPDATE user SET lastlogin = '******' WHERE ID = {$userid}"); return true; } else { return false; } }
/** * Log a user in * * @param string $user User name * @param string $pass Password * @return bool */ function login($user, $pass) { if (!$user) { return false; } $user = mysql_real_escape_string($user); $pass = mysql_real_escape_string($pass); $pass = sha1($pass); $sel1 = mysql_query("SELECT ID,name,locale,lastlogin,gender FROM user WHERE (name = '$user' OR email = '$user') AND pass = '******'"); $chk = mysql_fetch_array($sel1); if ($chk["ID"] != "") { $rolesobj = new roles(); $now = time(); $_SESSION['userid'] = $chk['ID']; $_SESSION['username'] = stripslashes($chk['name']); $_SESSION['lastlogin'] = $now; $_SESSION['userlocale'] = $chk['locale']; $_SESSION['usergender'] = $chk['gender']; $_SESSION["userpermissions"] = $rolesobj->getUserRole($chk["ID"]); $userid = $_SESSION['userid']; $seid = session_id(); $staylogged = getArrayVal($_POST, 'staylogged'); if ($staylogged == 1) { setcookie("PHPSESSID", "$seid", time() + 14 * 24 * 3600); } $upd1 = mysql_query("UPDATE user SET lastlogin = '******' WHERE ID = $userid"); return true; } else { return false; } }