예제 #1
0
             $_SESSION['error'] = message_error(pg_last_error($db_connection));
             header("Location: ../showcase/php/php_showcase_data_manipulation.php");
         }
     } else {
         header("Location: ../showcase/php/php_showcase_data_manipulation.php");
     }
 } else {
     if (isset($_POST['edit_mode'])) {
         if (!isset($_POST['password']) || isset($_POST['password']) && strlen($_POST['password']) == 0) {
             $password = null;
         }
         if (strlen(create_error_string($login, $password, $email, $gender)) == 0) {
             $update_user_sql = "UPDATE users SET superuser = '******', email = '{$email}', note = '{$note}', gender = '{$gender}'";
             if (isset($_POST['password']) && strlen($password) > 0) {
                 $salt_hash = create_salt();
                 $password_hash = create_password_hash($password, $salt_hash);
                 $update_user_sql .= ", password_hash = '{$password_hash}', salt_hash = '{$salt_hash}' ";
             }
             $update_user_sql .= "WHERE login LIKE '{$login}'";
             if ($update_user_sql_result = pg_query($db_connection, $update_user_sql)) {
                 $_SESSION['info'] = message_info("User " . $login . " updated successfully.");
                 header("Location: ../showcase/php/php_showcase_db_diagnostics.php");
             } else {
                 $_SESSION['error'] = message_error(pg_last_error($db_connection));
                 header("Location: ../showcase/php/php_showcase_data_manipulation.php");
             }
         } else {
             header("Location: ../showcase/php/php_showcase_data_manipulation.php");
         }
     } else {
         $_SESSION['error'] = message_warning("User with login {$login} already exists.");
예제 #2
0
파일: login.php 프로젝트: Zinkarah/psw
}
if (!isset($_POST['login']) || !isset($_POST['password'])) {
    $_SESSION['error'] = message_error("Login and/or password not set.");
    header('Location: ../../showcase/php/php_showcase_login.php');
    exit;
}
$db_connection = pg_connect("host={$host} port={$port} dbname={$db_name} user={$db_user} password={$db_password}");
if (!$db_connection) {
    $_SESSION['error'] = "Error connecting to the database - " . pg_last_error($db_connection) . ".";
} else {
    $login = $_POST['login'];
    $password = $_POST['password'];
    $salt_hash_sql = "SELECT salt_hash FROM users WHERE login LIKE '{$login}'";
    if ($salt_hash_sql_result = pg_query($db_connection, $salt_hash_sql)) {
        $hash_row = pg_fetch_assoc($salt_hash_sql_result);
        $password_hash = create_password_hash($password, $hash_row['salt_hash']);
        $login_sql = "SELECT * FROM users WHERE login LIKE '{$login}' AND password_hash LIKE '{$password_hash}'";
        if ($login_sql_result = pg_query($db_connection, $login_sql)) {
            if (pg_num_rows($login_sql_result) == 1) {
                $_SESSION['logged_in'] = $login;
                $user_row = pg_fetch_assoc($login_sql_result);
                $_SESSION['superuser'] = $user_row['superuser'];
                unset($_SESSION['error']);
                pg_free_result($login_sql_result);
                header('Location: ../../showcase/php/php_showcase_main.php');
            } else {
                $_SESSION['error'] = message_error("Login or password incorrect - password / salt combo: " . $login . " / " . $password_hash);
                header('Location: ../../showcase/php/php_showcase_login.php');
            }
        } else {
            $_SESSION['error'] = message_error("Unable to retrieve information from database = " . pg_last_error($db_connection) . ".");