예제 #1
0
function verify_login($username, $password, $dbLink) {
    // If the username or password is blank then return FALSE.
    if(!$username || !$password) {
        return FALSE;
    }

    // Get the md5 hash of the password and query the database.
    $pwHash = md5($password);
    $query = "SELECT * FROM ".$_SESSION["TBL_AUTH"]." WHERE username='******' AND pwhash='".$pwHash."'";
    $result = perform_query($query, $dbLink, $_SERVER['PHP_SELF']);

    if(num_rows($result) == 1) {
        $sql = "SELECT * FROM ui_layout WHERE userid=(SELECT id FROM users WHERE username='******')";
        $res = perform_query($sql, $dbLink, $_SERVER['PHP_SELF']);
        if(num_rows($res)==0){
            reset_layout($username);
        }
        $sessionId = session_id();
        $_SESSION["pageId"] = "searchform" ;
        $expTime = time()+$_SESSION["SESS_EXP"];
        $expTimeDB = date('Y-m-d H:i:s', $expTime);
        $query = "UPDATE ".$_SESSION["TBL_AUTH"]." SET sessionid='".$sessionId."', 
            exptime='".$expTimeDB."' WHERE username='******'";
        $result = perform_query($query, $dbLink, $_SERVER['PHP_SELF']);
        return TRUE;
    }
    else {
        return FALSE;
    }
}
예제 #2
0
         if (getgroup($user) !== "{$group}") {
             $sql = "UPDATE groups SET groupname='{$group}' WHERE userid=(SELECT id FROM users WHERE username='******')";
             $result = perform_query($sql, $dbLink, $_SERVER['PHP_SELF']);
             // echo "aff = " .mysql_affected_rows();
             if (mysql_affected_rows() != 1) {
                 $sql = "REPLACE INTO groups (userid, groupname) SELECT (SELECT id FROM users WHERE username='******'), '{$group}'";
                 perform_query($sql, $dbLink, $_SERVER['PHP_SELF']);
             }
             echo "Assigned {$user} to {$group}<br>";
         } else {
             echo "{$user} is already assigned to {$group}<br>";
         }
     }
     break;
 case "reset_layout":
     reset_layout($_SESSION['username']);
     echo "Your UI Layout has been reset.";
     break;
 case "portlet_group_perm":
     $all = get_input('all');
     if ($all == "off") {
         $AND = "AND userid=0";
     }
     // echo "ALL = $all<br>";
     foreach ($_GET as $key => $arrValue) {
         $value[$key] = addslashes($arrValue);
         $header = str_replace("_", " ", $key);
         $group = $value[$key];
         // echo "$header = $group<br>";
         if (stristr($header, 'action') === FALSE && stristr($header, 'all') === FALSE) {
             if ($AND) {