public function dologin($login, $password)
{
$bdd = Bdd::getInstance();
$user = $this->simpleSelect(array($bdd->quoteIdent(self::USERNAME) . "=:login"), array("login" => $login));
if ($user->isEmpty()) {
Logger::debug("User {$login} not found");
return false;
}
$hash = $user->get(self::PASSWORD);
$pwd = new Password();
if (!$pwd->check($password, $hash)) {
Logger::debug("Invalid password for {$login}");
return false;
}
Logger::debug("User {$login} authenticated");
return $user->getId();
}
public function createUser($username, $password, $firstName, $lastName)
{
if (!$this->DB) {
return false;
}
if (!$username || !$password || !$firstName || !$lastName) {
return false;
}
$password = new Password($password);
//Bad password
if (!$password->check()) {
return false;
}
$users = $this->query("SELECT username FROM users WHERE username = '******'", array($username));
//User already exists
if (count($users) > 0) {
return false;
}
$createUser = $this->query("INSERT INTO users (username, pass, fname, lname) VALUES ('%s', '%s', '%s', '%s')", array(htmlspecialchars($username), $password->getHash(), htmlspecialchars($firstName), htmlspecialchars($lastName)));
return $createUser;
}
/**
* Checks if a given $password matches this member's password
*
* @param string $password Password to check
* @return boolean
*/
public function checkPassword($password)
{
// user's password is not hashed, hash it
if (isset($this->data['password']) && $this->data['password'] !== '') {
$this->set('password', $this->data['password']);
$this->save();
}
// now look for passwords
if ($this->get('password_hash')) {
// check for new password
return Password::check($password, $this->get('password_hash'));
} elseif ($this->get('encrypted_password')) {
// legacy: check for old password
return $this->matches_old_password($password);
}
return false;
}
* Created by PhpStorm.
* User: ArtofWack
* Date: 1/22/2016
* Time: 5:29 PM
*/
require_once '../config.php';
require_once '../scrypt.php';
session_start();
$username = mysqli_real_escape_string($link, htmlspecialchars($_POST['username']));
$email = mysqli_real_escape_string($link, htmlspecialchars($_POST['email']));
$pass = htmlspecialchars($_POST['pass']);
$sql = 'SELECT password FROM admins WHERE email = "' . $email . '" AND username = "******";';
$result = $link->query($sql);
if ($result->num_rows == 1) {
$result = $result->fetch_assoc();
if (Password::check($pass, $result['password'])) {
$_SESSION['username'] = $username;
$_SESSION['email'] = $email;
$file = fopen("../admin/adminLOG.log", "a");
$logdate = date('m-d-Y - H:i:s');
if ($file) {
fwrite($file, $_SESSION['username'] . " --- " . $_SESSION['email'] . "\t Logged In @ " . $logdate . "\n");
fclose($file);
}
$sql = 'UPDATE admins SET lastLogin = NOW() WHERE email = "' . $email . '";';
$link->query($sql);
}
}
/*
if (isset($result))
$result->free();
global $db;
$result;
if (isset($_POST['email'])) {
$email = $_POST['email'];
$result = $db->query("SELECT id, pass FROM users WHERE email='{$email}'");
} else {
$area = $_POST['area'];
$num = $_POST['num'];
$result = $db->query("SELECT id, pass FROM users WHERE area='{$area}' AND num = '{$num}'");
}
if ($result->num_rows == 0) {
echo json_encode(array("id" => 0));
} else {
$result = $result->fetch_assoc();
$id = $result['id'];
if (Password::check($_POST['pass'], $result['pass'])) {
$result = $db->query("Select id, email, first, last, url, area, num FROM users WHERE id='{$id}'");
echo json_encode((object) mysqli_fetch_assoc($result), JSON_NUMERIC_CHECK);
} else {
echo json_encode(array("id" => -1));
}
}
});
$app->get('/tutors', function () {
global $db;
$tid = $_GET['tid'];
$sid = $_GET['sid'];
$result = $db->query("SELECT id, first, last, url, area, num FROM tutors INNER JOIN users ON tutors.uid = users.id WHERE users.status = 'active' AND tutors.tid = '{$tid}' AND tutors.sid = '{$sid}'");
if ($result->num_rows > 0) {
$array1 = [];
while ($row = $result->fetch_assoc()) {
* Created by PhpStorm.
* User: ArtofWack
* Date: 10/31/2015
* Time: 9:58 PM
*/
require_once "../config.php";
require_once "../scrypt.php";
session_start();
$email = $_POST['email'];
$pass = $_POST['pass'];
$sql = 'SELECT passwd FROM guests WHERE email="' . $email . '";';
$result = $link->query($sql);
if ($result->num_rows == 1) {
$res = $result->fetch_assoc();
echo $res[0];
if (Password::check($pass, $res['passwd'])) {
$sql = 'SELECT firstName, lastName FROM guests WHERE email="' . $email . '";';
$result = $link->query($sql);
$res = $result->fetch_assoc();
$_SESSION['username'] = strtoupper($res['firstName'] . " " . $res['lastName']);
$_SESSION['email'] = $email;
echo 'logged';
$file = fopen("../files/guestLOG.log", "a");
if ($file) {
fwrite($file, $_SESSION['email'] . "\t Logged In @ " . date('m-d-Y - H:i:s') . "\n");
fclose($file);
}
} else {
echo 'Login Credentials Incorrect';
}
} else {
function auth_internal($user, $pass)
{
if ($user == "") {
// Don't bother authenticating an empty username
return false;
// ticket #335
}
global $dbh;
require_once 'maia_db/scrypt.php';
$email = "";
$testpass = md5($pass);
$sth = $dbh->prepare("SELECT users.email, maia_users.password " . "FROM users, maia_users " . "WHERE users.id = maia_users.primary_email_id " . "AND maia_users.user_name = ? ");
if (PEAR::isError($sth)) {
die($sth->getMessage());
}
$res = $sth->execute(array($user));
if (PEAR::isError($sth)) {
die($sth->getMessage());
}
if ($row = $res->fetchrow()) {
$email = $row["email"];
$userpass = $row["password"];
}
$sth->free();
if (empty($email)) {
return false;
}
if (strlen($userpass) == 32) {
// legacy password
if ($userpass === $testpass) {
return $email;
} else {
return false;
}
}
// Only reached if scrypt password
if (Password::check($pass, $userpass)) {
return $email;
} else {
return false;
}
}
