/** * Logs a user in * @param string $userEmail Email address the user is trying to login as * @param string $password The password the user is trying to login as * @return bool|string Returns false if the login is successful or returns an error string if unsuccessful */ public static function login($userEmail, $password) { //Retrieve information from the users table if (!($conn = DatabaseUtil::db_connect(DatabaseUtil::DATABASE_USER))) { return 'Database Error contact administration.'; } if ($result = DatabaseUtil::get($conn, 'SELECT * FROM users WHERE emailAddress=? LIMIT 1', [$userEmail])) { //check the password $result = array_shift($result); if (self::hash($password, $result->salt) == $result->password) { SessionUtil::session_set('loggedIn', self::user_token($result->salt)); SessionUtil::session_set('user', serialize($result)); } else { return 'Email or Password are incorrect.'; } } else { return 'Email or Password are incorrect.'; } }
private function render_add_user() { $errorMessage = ''; //Check to see if the add button was pressed if (param('btnAdd')) { //Check the token if (SessionUtil::session('token') != param('hidToken')) { $errorMessage .= 'Invalid Token try again. '; } //Validation Block if (!ValidationUtil::text(param('txtName'), 30, 1)) { $errorMessage .= 'You must provide a name between 1 and 30 characters long. '; } if (!ValidationUtil::email(param('txtEmail'))) { $errorMessage .= 'Email is invalid. '; } if (!ValidationUtil::text(param('txtCompany'), 30, 1)) { $errorMessage .= 'You must provide a company name with a max of 30 characters. '; } if (!ValidationUtil::text(param('txtPassword'), 12, 8)) { $errorMessage .= 'You must enter in a password that is a min of 8 and a max of 12. '; } if (!$errorMessage) { $errorMessage = $this->add_user(); } } //Set the token for the page $token = SessionUtil::token(); SessionUtil::session_set('token', $token); //Render the page ?> <div class="admin-page-wrapper"> <form action="/pages/admin/useradmin.php?subPage=Add User" method="post"> <div class="admin-user-wrapper"> <h1>Add User</h1> <?php //Check to see if there is any messages and display them if there is any if ($errorMessage) { echo '<span class="warning">' . $errorMessage . '</span>'; } ?> <div class="user-admin-content"> <input type="hidden" name="hidToken" value="<?php echo $token; ?> " /> <label for="txtName">User Name:</label><br /> <input type="text" name="txtName" id="txtName" /><br /> <label for="txtEmail">Email:</label><br /> <input type="email" name="txtEmail" id="txtEmail" /><br /> <label for="txtCompany">Company:</label><br /> <input type="text" name="txtCompany" id="txtCompany" /><br /> <label for="txtPassword">Password:</label><br /> <input type="text" name="txtPassword" id="txtPassword" value="<?php echo AuthenticationUtil::generate_password(); ?> " /> </div> <h3>Privileges</h3> <div> <input type="checkbox" name="cbxPrivs[]" value="<?php echo AuthenticationUtil::PRIVILEGE_VIEW_MERCHANT_PAGE; ?> " id="cbx1" /> <label for="cbx1">Merchant View</label><br /> <input type="checkbox" name="cbxPrivs[]" value="<?php echo AuthenticationUtil::PRIVILEGE_VIEW_ADMIN_PAGE; ?> " id="cbx2" /> <label for="cbx2">Admin View</label><br /> <input type="checkbox" name="cbxPrivs[]" value="<?php echo AuthenticationUtil::PRIVILEGE_ASSIGN_PRIVILEGES; ?> " id="cbx3" /> <label for="cbx3">Assign Privileges</label><br /> <input type="checkbox" name="cbxPrivs[]" value="<?php echo AuthenticationUtil::PRIVILEGE_PAGE_ADMIN; ?> " id="cbx4" /> <label for="cbx4">Admin Pages</label><br /> <input type="checkbox" name="cbxPrivs[]" value="<?php echo AuthenticationUtil::PRIVILEGE_USER_ADMIN; ?> " id="cbx5" /> <label for="cbx5">Admin Users</label><br /> </div> <input type="submit" name="btnAdd" /> </div> </form> </div> <?php }