public static function importUser($affiliate_id, $install_db) { // Grab user from directtrack db. //$s_addcode = db::escape($pub); $user = db::getRow("select * from prosper_master.affiliates WHERE affiliate_id='{$affiliate_id}'"); //md5 the user pass with salt $user_pass = salt_user_pass($_SESSION['login_pass']); $mysql['user_pass'] = db::escape($user_pass); //insert this user $user_sql = " \tINSERT INTO {$install_db}.`202_users`\n\t\t\t\t\t \tSET\tuser_email='" . $user['email'] . "',\n\t\t\t\t\t \t\tuser_name='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t \t\taddCode='" . $user['addCode'] . "',\n\t\t\t\t\t \t\tuser_timezone='-5',\n\t\t\t\t\t \t\tuser_time_register=NOW()"; //die($user_sql); $user_result = db::execute($user_sql); $user_id = mysql_insert_id(db::$db_write); $mysql['user_id'] = db::escape($user_id); $mysql['affiliate_id'] = $user['affiliate_id']; $md5token = md5(serialize($user) . uniqid()); $_SESSION['authtoken'] = $md5token; db::execute("insert into prosper_master.login_tokens(affiliate_id, user_id, user_name, token)\n\t\t values ('" . $mysql['affiliate_id'] . "', '" . $mysql['user_id'] . "', '" . $user['addCode'] . "', '" . $md5token . "');"); //update user preference table $user_sql = "INSERT INTO {$install_db}.`202_users_pref` SET user_id='" . $mysql['user_id'] . "'"; $user_result = db::execute($user_sql); }
public static function login($user, $pass) { $subdomain = self::getClientSite(); global $mode; if ($mode != 'single' && (!client_installed($subdomain) || $subdomain == 'auth')) { // Do a quick lookup to see if this login was correct. if (self::isValidDTLogin($user, $pass, true)) { // Pass some kind of authentication details. Also verify that // they haven't already claimed a subdomain. $_SESSION['login_user'] = $user; $_SESSION['login_pass'] = $pass; forward("/new-subdomain.php"); exit; } else { die("No such luck."); } } $mysql = array(); $mysql['user_name'] = db::escape($user); $mysql['user_pass'] = db::escape(salt_user_pass($pass)); $mysql['subdomain'] = db::escape($subdomain); //check to see if this user exists $user_sql = "SELECT *\r\n FROM \t202_users\r\n WHERE user_name='" . $mysql['user_name'] . "'\r\n AND user_pass='******'user_pass'] . "'"; $user_row = db::getRow($user_sql); if (!$user_row) { throw new Exception('Your username or password is incorrect.'); } //set session variables $_SESSION['session_fingerprint'] = md5('session_fingerprint' . $_SERVER['HTTP_USER_AGENT'] . session_id()); $_SESSION['session_time'] = time(); $_SESSION['user_name'] = $user_row['user_name']; $_SESSION['user_id'] = $user_row['user_id']; $_SESSION['addCode'] = $user_row['addCode']; $_SESSION['user_api_key'] = $user_row['user_api_key']; $_SESSION['user_stats202_app_key'] = $user_row['user_stats202_app_key']; $_SESSION['user_timezone'] = $user_row['user_timezone']; return true; }
//check tokens //if ($_POST['token'] != $_SESSION['token']) { $error['token'] = '<div class="error">You must use our forms to submit data.</div'; } if ($_POST['user_pass'] == '') { $error['user_pass'] = '******'; } if ($_POST['user_pass'] == '') { $error['user_pass'] .= '<div class="error">You must type verify your password</div>'; } if (strlen($_POST['user_pass']) < 6 or strlen($_POST['user_pass']) > 15) { $error['user_pass'] .= '<div class="error">Passwords must be 6 to 15 characters long</div>'; } if ($_POST['user_pass'] != $_POST['verify_user_pass']) { $error['user_pass'] .= '<div class="error">Your passwords did not match, please try again</div>'; } if (!$error) { $user_pass = salt_user_pass($_POST['user_pass']); $mysql['user_pass'] = mysql_real_escape_string($user_pass); $mysql['user_id'] = mysql_real_escape_string($user_row['user_id']); $user_sql = "UPDATE \t202_users\n\t\t\t\t\t\t SET\t\tuser_pass='******'user_pass'] . "',\n\t\t\t\t\t\t\t\t\tuser_pass_time='0'\n\t\t\t\t\t\t WHERE\tuser_id='" . $mysql['user_id'] . "'"; $user_result = _mysql_query($user_sql); $success = true; } } $html['user_name'] = htmlentities($user_row['user_name'], ENT_QUOTES, 'UTF-8'); //if password was changed succesfully if ($success == true) { _die("<div style='text-align: center'><br/>Congratulations, your password has been reset.<br/>\n\t\t You can now <a href=\"/xtracks-login.php\">login</a> with your new password</div>"); } if ($error['user_pass_key']) { _die("<div style='text-align: center'><br/>" . $error['user_pass_key'] . "<p>Please use the <a href=\"/202-lost-pass\">password retrieval tool</a> to get a new password reset key.</p></div>"); }