$col_user_password_salt_exists = isset($row['user_password_salt']) ? true : false;
if ($col_user_password_salt_exists) {
require 'include/passwordhash.inc.php';
$sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '{$user}'";
$result = cpg_db_query($sql);
$password_params = $result->fetchAssoc(true);
}
if (!$col_user_password_salt_exists || !$password_params['user_password_salt']) {
$sql = "SELECT user_active FROM {$CONFIG['TABLE_PREFIX']}users WHERE user_group = 1 AND user_name = '{$user}' AND (user_password = '******' OR user_password = '******')";
$result = cpg_db_query($sql);
if (!$result->numRows()) {
//not authenticated, try mysql account details
html_auth_box('MySQL');
die;
}
} elseif (!cpg_password_validate($pass, $password_params)) {
//not authenticated, try mysql account details
html_auth_box('MySQL');
die;
}
//authenticated, do the update
$_SESSION['auth'] = true;
start_update();
} else {
//try to autenticate via MySQL details (in configuration)
if ($superCage->post->getEscaped('user') == $CONFIG['dbuser'] && $superCage->post->getEscaped('pass') == $CONFIG['dbpass']) {
//authenticated, do the update
$_SESSION['auth'] = true;
start_update();
} else {
//no go, try again
public function login($username = null, $password = null, $remember = false)
{
global $CONFIG;
// Create the session_id from concat(cookievalue,client_id)
$session_id = $this->session_id . $this->client_id;
// Check the login method (username, email address or both)
switch ($CONFIG['login_method']) {
case 'both':
$sql_user_email = "(user_name = '{$username}' OR user_email = '{$username}')";
break;
case 'email':
$sql_user_email = "user_email = '{$username}'";
break;
case 'username':
default:
$sql_user_email = "user_name = '{$username}'";
break;
}
$sql = "SELECT user_password, user_password_salt, user_password_hash_algorithm, user_password_iterations FROM {$this->usertable} WHERE {$sql_user_email} AND user_active = 'YES' LIMIT 1";
$result = $this->query($sql);
if (!$result->numRows()) {
return false;
}
require 'include/passwordhash.inc.php';
$password_params = $result->fetchAssoc(true);
// Check for user in users table
$sql = "SELECT user_id, user_name, user_password FROM {$this->usertable} WHERE {$sql_user_email} ";
if (!$password_params['user_password_salt']) {
$sql .= "AND BINARY user_password = '******'";
} elseif (!cpg_password_validate($password, $password_params)) {
return false;
}
$sql .= " AND user_active = 'YES' LIMIT 1";
$result = $this->query($sql);
if (!$result->numRows()) {
return false;
}
$USER_DATA = $result->fetchAssoc(true);
// Update lastvisit value and salt password if needed
$salt_password = !$password_params['user_password_salt'] ? ', ' . cpg_password_create_update_string($password) : '';
$sql = "UPDATE {$this->usertable} SET user_lastvisit = NOW() {$salt_password} WHERE user_id = {$USER_DATA['user_id']}";
$this->query($sql);
// If this is a 'remember me' login set the remember field to true
if ($remember) {
$remember_sql = ",remember = '1' ";
// Change cookie life time to 2 weeks
if (CPG_COOKIES_ALLOWED) {
setcookie($this->client_id, $this->session_id, time() + CPG_WEEK * 2, $CONFIG['cookie_path']);
}
} else {
$remember_sql = '';
// Kill the cookie when closing the browser
if (CPG_COOKIES_ALLOWED) {
setcookie($this->client_id, $this->session_id, 0, $CONFIG['cookie_path']);
}
}
// Update guest session with user's information
$sql = "UPDATE {$this->sessionstable} SET ";
$sql .= "user_id = {$USER_DATA['user_id']} ";
$sql .= $remember_sql;
$sql .= "WHERE session_id = '" . md5($session_id) . "'";
$this->query($sql);
return $USER_DATA;
}
