public function checkCredentials($username, $password) { // A UserID of 0 from the database indicates that the username/password pair // could not be found in the database $userID = 0; $digest = ''; try { $dbh = DatabaseHelpers::getDatabaseConnection(); // Build a prepared statement that looks for a row containing the given // username/password pair $stmt = $dbh->prepare('SELECT UserID, Password FROM Users WHERE ' . 'Username=:username ' . 'LIMIT 1'); $stmt->bindParam(':username', $username, PDO::PARAM_STR); $success = $stmt->execute(); // If results were returned from executing the MySQL command, we // have found the user if ($success) { // Ensure provided password matches stored hash $userData = $stmt->fetch(); $digest = $userData['Password']; if (crypt($password, $digest) == $digest) { $userID = $userData['UserID']; } } $dbh = null; } catch (PDOException $e) { $userID = 0; $digest = ''; } return array($userID, $username, $digest); }
function checkLoggedIn($page) { $loginDiv = ''; $action = ''; if (isset($_POST['action'])) { $action = stripslashes($_POST['action']); } session_start(); // Check if we're already logged in, and check session information against cookies // credentials to protect against session hijacking if (isset($_COOKIE['project-name']['userID']) && crypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], $_COOKIE['project-name']['secondDigest']) == $_COOKIE['project-name']['secondDigest'] && (!isset($_COOKIE['project-name']['username']) || isset($_COOKIE['project-name']['username']) && Users::checkCredentials($_COOKIE['project-name']['username'], $_COOKIE['project-name']['digest']))) { // Regenerate the ID to prevent session fixation session_regenerate_id(); // Restore the session variables, if they don't exist if (!isset($_SESSION['project-name']['userID'])) { $_SESSION['project-name']['userID'] = $_COOKIE['project-name']['userID']; } // Only redirect us if we're not already on a secured page and are not // receiving a logout request if (!isSecuredPage($page) && $action != 'logout') { header('Location: ./'); exit; } } else { // If we're not already the login page, redirect us to the login page if ($page != Page::LOGIN) { header('Location: login.php'); exit; } } // If we're not already logged in, check if we're trying to login or logout if ($page == Page::LOGIN && $action != '') { switch ($action) { case 'login': $userData = Users::checkCredentials(stripslashes($_POST['login-username']), stripslashes($_POST['password'])); if ($userData[0] != 0) { $_SESSION['project-name']['userID'] = $userData[0]; $_SESSION['project-name']['ip'] = $_SERVER['REMOTE_ADDR']; $_SESSION['project-name']['userAgent'] = $_SERVER['HTTP_USER_AGENT']; if (isset($_POST['remember'])) { // We set a cookie if the user wants to remain logged in after the // browser is closed // This will leave the user logged in for 168 hours, or one week setcookie('project-name[userID]', $userData[0], time() + 3600 * 168); setcookie('project-name[username]', $userData[1], time() + 3600 * 168); setcookie('project-name[digest]', $userData[2], time() + 3600 * 168); setcookie('project-name[secondDigest]', DatabaseHelpers::blowfishCrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], 10), time() + 3600 * 168); } else { setcookie('project-name[userID]', $userData[0], false); setcookie('project-name[username]', '', false); setcookie('project-name[digest]', '', false); setcookie('project-name[secondDigest]', DatabaseHelpers::blowfishCrypt($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'], 10), time() + 3600 * 168); } header('Location: ./'); exit; } else { $loginDiv = '<div id="login-box" class="error">The username or password ' . 'you entered is incorrect.</div>'; } break; // Destroy the session if we received a logout or don't know the action received // Destroy the session if we received a logout or don't know the action received case 'logout': default: // Destroy all session and cookie variables $_SESSION = array(); setcookie('project-name[userID]', '', time() - 3600 * 168); setcookie('project-name[username]', '', time() - 3600 * 168); setcookie('project-name[digest]', '', time() - 3600 * 168); setcookie('project-name[secondDigest]', '', time() - 3600 * 168); // Destory the session session_destroy(); $loginDiv = '<div id="login-box" class="info">Thank you. Come again!</div>'; break; } } return $loginDiv; }
public function getPanel() { $this->disabled = TRUE; $s = ''; $h = 'htmlSpecialChars'; foreach ($this->queries as $i => $query) { list($sql, $params, $time, $rows, $connection, $source) = $query; $explain = NULL; // EXPLAIN is called here to work SELECT FOUND_ROWS() if ($this->explain && preg_match('#\\s*\\(?\\s*SELECT\\s#iA', $sql)) { try { $cmd = is_string($this->explain) ? $this->explain : 'EXPLAIN'; $explain = $connection->queryArgs("{$cmd} {$sql}", $params)->fetchAll(); } catch (PDOException $e) { } } $s .= '<tr><td>' . sprintf('%0.3f', $time * 1000); if ($explain) { static $counter; $counter++; $s .= "<br /><a href='#' class='nette-toggler' rel='#nette-DbConnectionPanel-row-{$counter}'>explain ►</a>"; } $s .= '</td><td class="nette-DbConnectionPanel-sql">' . DatabaseHelpers::dumpSql(self::$maxLength ? Strings::truncate($sql, self::$maxLength) : $sql); if ($explain) { $s .= "<table id='nette-DbConnectionPanel-row-{$counter}' class='nette-collapsed'><tr>"; foreach ($explain[0] as $col => $foo) { $s .= "<th>{$h($col)}</th>"; } $s .= "</tr>"; foreach ($explain as $row) { $s .= "<tr>"; foreach ($row as $col) { $s .= "<td>{$h($col)}</td>"; } $s .= "</tr>"; } $s .= "</table>"; } if ($source) { $s .= DebugHelpers::editorLink($source[0], $source[1])->class('nette-DbConnectionPanel-source'); } $s .= '</td><td>'; foreach ($params as $param) { $s .= Debugger::dump($param, TRUE); } $s .= '</td><td>' . $rows . '</td></tr>'; } return empty($this->queries) ? '' : '<style> #nette-debug td.nette-DbConnectionPanel-sql { background: white !important } #nette-debug .nette-DbConnectionPanel-source { color: #BBB !important } </style> <h1>Queries: ' . count($this->queries) . ($this->totalTime ? ', time: ' . sprintf('%0.3f', $this->totalTime * 1000) . ' ms' : '') . '</h1> <div class="nette-inner nette-DbConnectionPanel"> <table> <tr><th>Time ms</th><th>SQL Statement</th><th>Params</th><th>Rows</th></tr>' . $s . ' </table> </div>'; }
/** * Displays complete result set as HTML table for debug purposes. * @return void */ public function dump() { DatabaseHelpers::dumpResult($this); }