public function login(array $data)
{
$db = DB::Instance();
$query = 'SELECT id FROM customers WHERE username='******'username']) . ' AND password=md5(' . $db->qstr($data['password']) . ') AND website_id=' . WEBSITE_ID;
$id = $db->GetOne($query);
if ($id !== false) {
setLoggedIn();
$_SESSION['cms_username'] = $data['username'];
$_SESSION['customer_id'] = $id;
$query = 'SELECT firstname || \' \' || surname FROM person p JOIN customers c ON (p.id=c.person_id) WHERE c.id=' . $db->qstr($id);
$_SESSION['cms_fullname'] = $db->GetOne($query);
} else {
sendTo();
}
sendTo('loggedin');
}
public function login(array $data)
{
$db =& DB::Instance();
$query = 'SELECT c.id FROM customers c
JOIN person_contact_methods pcm ON (c.person_id=pcm.person_id AND pcm.type=\'E\')
WHERE pcm.contact=' . $db->qstr($data['username']) . ' AND c.password=md5(' . $db->qstr($data['password']) . ') AND c.website_id=' . WEBSITE_ID;
$id = $db->GetOne($query);
if ($id !== false) {
setLoggedIn();
$_SESSION['cms_username'] = $data['username'];
$_SESSION['customer_id'] = $id;
$query = 'SELECT firstname || \' \' || surname FROM person p JOIN customers c ON (p.id=c.person_id) WHERE c.id=' . $db->qstr($id);
$_SESSION['cms_fullname'] = $db->GetOne($query);
} else {
sendTo();
}
}
public function login()
{
$injector = $this->_injector;
$authentication = $injector->Instantiate('LoginHandler');
$flash = Flash::Instance();
if ($authentication->interactive()) {
if (!isset($this->username) || !isset($_POST['password'])) {
$flash->addError("Please enter a username and password");
sendTo();
}
}
if (isset($_POST['rememberUser']) && $_POST['rememberUser'] == 'true') {
setcookie("username", $this->username, time() + 3600);
}
$available = SystemCompanySettings::Get('access_enabled');
if ($available == 'NONE') {
$flash->addError('The system is unavailable at present');
} elseif ($authentication->doLogin() !== FALSE) {
$user = DataObjectFactory::Factory('User');
$user->load($this->username);
if ($user->access_enabled == 't') {
setLoggedIn();
$_SESSION['username'] = $this->username;
$user->update($_SESSION['username'], 'last_login', date('Y-m-d H:i:s'));
if (isset($_POST['ajax'])) {
// If login due to timeout prior to ajax request
// need to override ajax request to display full
unset($_POST['ajax']);
if (isset($_SERVER['HTTP_REFERER'])) {
// If browser agent supports http_referer
// use this address instead of ajax request
$url = parse_url($_SERVER['HTTP_REFERER']);
unset($_POST);
$components = explode('&', $url['query']);
foreach ($components as $component) {
list($key, $value) = explode('=', $component);
$_POST[$key] = $value;
}
}
}
$controller = !empty($_POST['controller']) ? $_POST['controller'] : '';
$module = !empty($_POST['module']) ? $_POST['module'] : '';
if (!empty($_POST['submodule'])) {
$module = array($module, $_POST['submodule']);
}
$action = !empty($_POST['action']) && $_POST['action'] != 'login' ? $_POST['action'] : '';
unset($_POST['controller']);
unset($_POST['module']);
unset($_POST['action']);
unset($_POST['username']);
unset($_POST['password']);
unset($_POST['rememberUser']);
unset($_POST['csrf_token']);
// before we send away, lets cleanup the users tmp directory
// deletes any file older than 'yesturday', just to keep the file size down
clean_tmp_directory(DATA_USERS_ROOT . $_SESSION['username'] . '/TMP/');
if (AUDIT || get_config('AUDIT_LOGIN')) {
$audit = Audit::Instance();
$audit->write('login', TRUE, microtime(TRUE) - START_TIME);
$audit->update();
}
sendTo($controller, $action, $module, $_POST);
} else {
$flash->addError('Your account is disabled');
if (!$authentication->interactive()) {
$this->view->display($this->getTemplateName('logout'));
exit;
}
}
} else {
if (!$authentication->interactive()) {
$flash->addError('System company access disabled');
$this->view->display($this->getTemplateName('logout'));
exit;
}
$flash->addError('Incorrect username/password combination, please try again');
}
$this->index();
$this->_templateName = $this->getTemplateName('index');
}
<?php
require_once 'bootstrap.php';
# Get values of variables
$username = $_POST['username'];
$password = $_POST['password'];
if ($username == '' || $password == '') {
addFlashMessage('All fields must be filled in <br/>');
redirect("login.php");
}
try {
$get_user_password = "******";
$prepare_get_user_password_querry = $database->prepare($get_user_password);
$prepare_get_user_password_querry->execute(array(':username' => $username, ':password' => md5($password)));
$user = $prepare_get_user_password_querry->fetchObject();
if (null == $user) {
addFlashMessage("Wrong username or password");
redirect("login.php");
}
$activated = $user->Activated;
if (null == $activated) {
addFlashMessage("Your account wasn't activated yet.");
redirect("login.php");
} else {
setLoggedIn(true);
redirect("logged.php");
}
} catch (PDOException $exception) {
echo $exception->getMessage();
}
echo render('templates/', array('users' => $users));
