public function login(array $data) { $db = DB::Instance(); $query = 'SELECT id FROM customers WHERE username='******'username']) . ' AND password=md5(' . $db->qstr($data['password']) . ') AND website_id=' . WEBSITE_ID; $id = $db->GetOne($query); if ($id !== false) { setLoggedIn(); $_SESSION['cms_username'] = $data['username']; $_SESSION['customer_id'] = $id; $query = 'SELECT firstname || \' \' || surname FROM person p JOIN customers c ON (p.id=c.person_id) WHERE c.id=' . $db->qstr($id); $_SESSION['cms_fullname'] = $db->GetOne($query); } else { sendTo(); } sendTo('loggedin'); }
public function login(array $data) { $db =& DB::Instance(); $query = 'SELECT c.id FROM customers c JOIN person_contact_methods pcm ON (c.person_id=pcm.person_id AND pcm.type=\'E\') WHERE pcm.contact=' . $db->qstr($data['username']) . ' AND c.password=md5(' . $db->qstr($data['password']) . ') AND c.website_id=' . WEBSITE_ID; $id = $db->GetOne($query); if ($id !== false) { setLoggedIn(); $_SESSION['cms_username'] = $data['username']; $_SESSION['customer_id'] = $id; $query = 'SELECT firstname || \' \' || surname FROM person p JOIN customers c ON (p.id=c.person_id) WHERE c.id=' . $db->qstr($id); $_SESSION['cms_fullname'] = $db->GetOne($query); } else { sendTo(); } }
public function login() { $injector = $this->_injector; $authentication = $injector->Instantiate('LoginHandler'); $flash = Flash::Instance(); if ($authentication->interactive()) { if (!isset($this->username) || !isset($_POST['password'])) { $flash->addError("Please enter a username and password"); sendTo(); } } if (isset($_POST['rememberUser']) && $_POST['rememberUser'] == 'true') { setcookie("username", $this->username, time() + 3600); } $available = SystemCompanySettings::Get('access_enabled'); if ($available == 'NONE') { $flash->addError('The system is unavailable at present'); } elseif ($authentication->doLogin() !== FALSE) { $user = DataObjectFactory::Factory('User'); $user->load($this->username); if ($user->access_enabled == 't') { setLoggedIn(); $_SESSION['username'] = $this->username; $user->update($_SESSION['username'], 'last_login', date('Y-m-d H:i:s')); if (isset($_POST['ajax'])) { // If login due to timeout prior to ajax request // need to override ajax request to display full unset($_POST['ajax']); if (isset($_SERVER['HTTP_REFERER'])) { // If browser agent supports http_referer // use this address instead of ajax request $url = parse_url($_SERVER['HTTP_REFERER']); unset($_POST); $components = explode('&', $url['query']); foreach ($components as $component) { list($key, $value) = explode('=', $component); $_POST[$key] = $value; } } } $controller = !empty($_POST['controller']) ? $_POST['controller'] : ''; $module = !empty($_POST['module']) ? $_POST['module'] : ''; if (!empty($_POST['submodule'])) { $module = array($module, $_POST['submodule']); } $action = !empty($_POST['action']) && $_POST['action'] != 'login' ? $_POST['action'] : ''; unset($_POST['controller']); unset($_POST['module']); unset($_POST['action']); unset($_POST['username']); unset($_POST['password']); unset($_POST['rememberUser']); unset($_POST['csrf_token']); // before we send away, lets cleanup the users tmp directory // deletes any file older than 'yesturday', just to keep the file size down clean_tmp_directory(DATA_USERS_ROOT . $_SESSION['username'] . '/TMP/'); if (AUDIT || get_config('AUDIT_LOGIN')) { $audit = Audit::Instance(); $audit->write('login', TRUE, microtime(TRUE) - START_TIME); $audit->update(); } sendTo($controller, $action, $module, $_POST); } else { $flash->addError('Your account is disabled'); if (!$authentication->interactive()) { $this->view->display($this->getTemplateName('logout')); exit; } } } else { if (!$authentication->interactive()) { $flash->addError('System company access disabled'); $this->view->display($this->getTemplateName('logout')); exit; } $flash->addError('Incorrect username/password combination, please try again'); } $this->index(); $this->_templateName = $this->getTemplateName('index'); }
<?php require_once 'bootstrap.php'; # Get values of variables $username = $_POST['username']; $password = $_POST['password']; if ($username == '' || $password == '') { addFlashMessage('All fields must be filled in <br/>'); redirect("login.php"); } try { $get_user_password = "******"; $prepare_get_user_password_querry = $database->prepare($get_user_password); $prepare_get_user_password_querry->execute(array(':username' => $username, ':password' => md5($password))); $user = $prepare_get_user_password_querry->fetchObject(); if (null == $user) { addFlashMessage("Wrong username or password"); redirect("login.php"); } $activated = $user->Activated; if (null == $activated) { addFlashMessage("Your account wasn't activated yet."); redirect("login.php"); } else { setLoggedIn(true); redirect("logged.php"); } } catch (PDOException $exception) { echo $exception->getMessage(); } echo render('templates/', array('users' => $users));