function authUploaderToken()
{
global $dbr, $cfg_expire_uploader;
$user = authCheck();
if ($user === false) {
return false;
}
$stm = $dbr->prepare('SELECT * FROM uploader WHERE charId = :charId;');
$stm->bindValue(':charId', $user[0]);
if (!$stm->execute()) {
die('sql error');
}
$row = $stm->fetch();
if ($row) {
return $row['sessionId'];
}
require 'PassHash.class.php';
$ph = new PassHash();
$token = $ph->gen_salt(32);
$stm = $dbr->prepare('INSERT INTO uploader (charId, charName, sessionId, createdAt) VALUES (:charId, :charName, :sessionId, :createdAt);');
$stm->bindValue(':charId', $user[0]);
$stm->bindValue(':charName', $user[1]);
$stm->bindValue(':sessionId', $token);
$stm->bindValue(':createdAt', time());
if (!$stm->execute()) {
die('sql error');
}
return $token;
}
/**
* Check user+password
*
* @param string $user the user name
* @param string $pass the clear text password
* @return bool
*/
public function checkPass($user, $pass)
{
$data = $this->_selectUser($user);
if ($data == false) {
return false;
}
if (isset($data['hash'])) {
// hashed password
$passhash = new PassHash();
return $passhash->verify_hash($pass, $data['hash']);
} else {
// clear text password in the database O_o
return $pass == $data['clear'];
}
}
protected function renderContent()
{
$user_id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
if ($user_id !== 0) {
$model = User::model()->findbyPk($user_id);
$old_pass = (string) $model->password;
// if it is ajax validation request
if (isset($_POST['ajax']) && $_POST['ajax'] === 'userupdate-form') {
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if (isset($_POST['User'])) {
$model->attributes = $_POST['User'];
if ($model->password != $old_pass) {
$model->password = PassHash::hash($model->password);
}
$model->scenario = 'update';
if ($model->save()) {
user()->setFlash('success', t('cms', 'Updated Successfully!'));
}
}
$this->render('cmswidgets.views.user.user_update_widget', array('model' => $model));
} else {
throw new CHttpException(404, t('cms', 'The requested page does not exist.'));
}
}
/**
* Creating new user
* @param String $name User full name
* @param String $email User login email id
* @param String $password User login password
*/
public function createUser($name, $email, $password, $first_name, $last_name, $date_of_birth, $role, $gender, $city)
{
require_once 'PassHash.php';
$response = array();
// First check if user already existed in db
if (!$this->isUserExists($email)) {
// Generating password hash
$password_hash = PassHash::hash($password);
// Generating API key
$api_key = $this->generateApiKey();
// insert query
$stmt = $this->conn->prepare("INSERT INTO users(username, email, password,first_name,last_name,Date_of_birth,role,gender,city) values(?, ?, ?, ?, ?,?,?,?,?)");
$stmt->bind_param("sssssssss", $name, $email, $password_hash, $first_name, $last_name, $date_of_birth, $role, $gender, $city);
$result = $stmt->execute();
$stmt->close();
// Check for successful insertion
if ($result) {
// User successfully inserted
return USER_CREATED_SUCCESSFULLY;
} else {
// Failed to create user
return USER_CREATE_FAILED;
}
} else {
// User with same email already existed in the db
return USER_ALREADY_EXISTED;
}
return $response;
}
/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public function checkLogin($email, $password)
{
// fetching user by email
$stmt = $this->conn->prepare("SELECT password_hash FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($password_hash);
$stmt->store_result();
if ($stmt->num_rows > 0) {
// Found user with the email
// Now verify the password
$stmt->fetch();
$stmt->close();
if (PassHash::check_password($password_hash, $password)) {
// User password is correct
return TRUE;
} else {
// user password is incorrect
return FALSE;
}
} else {
$stmt->close();
// user not existed with the email
return FALSE;
}
}
/**
* Creating new user via Email
* @param String $name User full name
* @param String $password User login password
*/
public function createUserByUsernameAndPassword($name, $password)
{
require_once 'PassHash.php';
$response = array();
// First check if user already existed in db
if (!$this->userExistsByEmail($email)) {
// Generating password hash
$password_hash = PassHash::hash($password);
// here you would generate other user's properties, like alias
// default avatar, api_key for authentication, and insert it in the DB.
$usercreationsucceed = true;
// Check for successful insertion
if ($usercreationsucceed) {
// User successfully inserted
// here you should return USER_CREATED_SUCCESSFULLY;
return "user created with name: " . $name . ", password: " . $password;
} else {
// Failed to create user
return USER_CREATION_FAILED;
}
} else {
// User with same email already existed in the db
return USER_ALREADY_EXISTED;
}
return $response;
}
protected function renderContent()
{
if (!user()->isGuest) {
$model = new UserChangePassForm();
// if it is ajax validation request
if (isset($_POST['ajax']) && $_POST['ajax'] === 'userchangepass-form') {
echo CActiveForm::validate($model);
Yii::app()->end();
}
// collect user input data
if (isset($_POST['UserChangePassForm'])) {
$model->attributes = $_POST['UserChangePassForm'];
// validate user input password
if ($model->validate()) {
$u = User::model()->findbyPk(user()->id);
if ($u !== null) {
$u->password = PassHash::hash($model->new_password_1);
if ($u->save()) {
user()->setFlash('success', t('cms', 'Changed Password Successfully!'));
}
}
$model = new UserChangePassForm();
}
}
$this->render('cmswidgets.views.user.user_change_pass_widget', array('model' => $model));
} else {
Yii::app()->request->redirect(user()->returnUrl);
}
}
function test_hmac()
{
// known hashes taken from https://code.google.com/p/yii/issues/detail?id=1942
$this->assertEquals('df08aef118f36b32e29d2f47cda649b6', PassHash::hmac('md5', 'data', 'secret'));
$this->assertEquals('9818e3306ba5ac267b5f2679fe4abd37e6cd7b54', PassHash::hmac('sha1', 'data', 'secret'));
// known hashes from https://en.wikipedia.org/wiki/Hash-based_message_authentication_code
$this->assertEquals('74e6f7298a9c2d168935f58c001bad88', PassHash::hmac('md5', '', ''));
$this->assertEquals('fbdb1d1b18aa6c08324b7d64b71fb76370690e1d', PassHash::hmac('sha1', '', ''));
$this->assertEquals('80070713463e7749b90c2dc24911e275', PassHash::hmac('md5', 'The quick brown fox jumps over the lazy dog', 'key'));
$this->assertEquals('de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9', PassHash::hmac('sha1', 'The quick brown fox jumps over the lazy dog', 'key'));
}
/**
* Check the old pass is Ok or not
*
* @param array $attribute
* @param array $params
* @return boolean
*/
public function checkOldPass($attribute, $params)
{
$u = User::model()->findbyPk(user()->id);
if ($u != null) {
if (!PassHash::authenticate($this->old_password, $u->password)) {
$this->addError($attribute, t('cms', 'Old password is not correct!'));
return false;
}
} else {
$this->addError($attribute, t('cms', 'No User Found!'));
return false;
}
}
/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public function checkLogin($email, $password)
{
// fetching user by email
$stmt = $this->conn->prepare("SELECT `password_hash` FROM `users` WHERE `email` = :email");
$stmt->execute(array('email' => $email));
if ($stmt->rowCount() > 0) {
$password_hash = $stmt->fetchColumn();
if (PassHash::check_password($password_hash, $password)) {
// User password is correct
return TRUE;
}
}
return FALSE;
}
/**
* This function check the user Authentication
*
* @return int
*/
public function authenticate()
{
// Check username based on email or username
$username = strtolower($this->username);
if (strpos($username, '@') !== false) {
$user = User::model()->find('LOWER(email)=?', array($username));
} else {
$user = User::model()->find('LOWER(username)=?', array($username));
}
if ($user === null) {
$this->errorCode = self::ERROR_USERNAME_INVALID;
} else {
if (!PassHash::authenticate($this->password, $user->password)) {
$this->errorCode = self::ERROR_PASSWORD_INVALID;
} else {
if ($user->status == ConstantDefine::USER_STATUS_ACTIVE) {
$this->_id = $user->user_id;
$this->username = $user->username;
//If the site allow auto Login, create token to recheck for Cookies
if (Yii::app()->user->allowAutoLogin) {
$autoLoginToken = sha1(uniqid(mt_rand(), true));
$this->setState('autoLoginToken', $autoLoginToken);
$connection = Yii::app()->db;
//delete old keys
$command = $connection->createCommand('DELETE FROM {{autologin_tokens}} WHERE user_id=:user_id');
$command->bindValue(':user_id', $user->user_id, PDO::PARAM_STR);
$command->execute();
//set new
$command = $connection->createCommand('INSERT INTO {{autologin_tokens}}(user_id,token) VALUES(:user_id,:token)');
$command->bindValue(':user_id', $user->user_id, PDO::PARAM_STR);
$command->bindValue(':token', $autoLoginToken, PDO::PARAM_STR);
$command->execute();
}
//Start to set the recent_login time for this user
$user->recent_login = time();
$user->save();
//Set additional User Information
//Set the Error Code to None for Success
$this->errorCode = self::ERROR_NONE;
} else {
$this->errorCode = ConstantDefine::USER_ERROR_NOT_ACTIVE;
}
}
}
unset($user);
return $this->errorCode;
}
/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public static function checkLogin($email, $password)
{
// fetching user by email
$user = User::where('email', $email)->get();
if ($user->count() > 0) {
$password_hash = $user[0]->password;
if (PassHash::check_password($password_hash, $password)) {
//Generate new API everytime log in so old API become invalid
$user[0]->apiKey = Utils::generateApiKey();
$user[0]->save();
return $user[0];
} else {
return NULL;
}
} else {
return NULL;
}
}
public function checkLogin($email, $password)
{
$stmt = $this->conn->prepare("SELECT password_hash FROM users WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($password_hash);
$stmt->store_result();
if ($stmt->num_rows > 0) {
$stmt->fetch();
$stmt->close();
if (PassHash::check_password($password_hash, $password)) {
return TRUE;
} else {
return FALSE;
}
} else {
$stmt->close();
return FALSE;
}
}
/**
* Update the specified resource in storage.
*
* @param Request $request
* @param int $id
* @return Response
*/
public function update(Request $request, $id)
{
//
$user = User::find($id);
if ($user) {
if ($request->get('password')) {
$user->pass_hash = PassHash::hash($request->get('password'));
}
if ($request->get('email')) {
$user->email = $request->get('email');
}
if ($request->get('sdt')) {
$user->sdt = $request->get('sdt');
}
$user->save();
return response()->json(array('error' => false, 'message' => 'User Updated'));
} else {
return response()->json(array('error' => true, 'message' => 'User Not Found'));
}
}
/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public function checkLogin($email, $password)
{
// fetching user by email
$stmt = $this->db->prepare("SELECT password_hash FROM users WHERE email = :email");
$stmt->execute(array(":email" => $email));
if ($stmt->rowCount() > 0) {
// Found user with the email
// Now verify the password
$res = $stmt->fetch();
if (PassHash::check_password($res->password_hash, $password)) {
// User password is correct
return TRUE;
} else {
// user password is incorrect
return FALSE;
}
} else {
// user not existed with the email
return FALSE;
}
}
public function createUser($user)
{
require_once 'PassHash.php';
$username = $user['username'];
$email = $user['email'];
$password = $user['password'];
// Generating password hash
$password_hash = PassHash::hash($password);
// insert query
$stmt = $this->conn->prepare("INSERT INTO users(username, email, password_hash) values(?, ?, ?)");
$stmt->bind_param("sss", $username, $email, $password_hash);
$result = $stmt->execute();
$stmt->close();
// Check for successful insertion
if ($result) {
// User successfully inserted
return USER_CREATED_SUCCESSFULLY;
} else {
// Failed to create user
return USER_CREATE_FAILED;
}
}
public function checkLogin($username, $password)
{
require_once dirname(__FILE__) . '/' . '../utils/PassHash.php';
$stmt = $this->conn->prepare("SELECT password FROM USERS WHERE username = ?");
$stmt->bind_param("s", $username);
$stmt->execute();
$stmt->bind_result($password_hash);
$stmt->store_result();
if ($stmt->num_rows > 0) {
// Found user with the email
// Now verify the password
$stmt->fetch();
$stmt->close();
if (PassHash::check_password($password_hash, $password)) {
return TRUE;
} else {
return FALSE;
}
} else {
$stmt->close();
return FALSE;
}
}
/**
* Checking user login
* @param String $email User login email id
* @param String $password User login password
* @return boolean User login status success/fail
*/
public function checkLogin($email, $password)
{
// fetching user by email
$stmt = $this->conn->prepare("SELECT PasswordHash, UserID FROM User WHERE Email = ?");
$stmt->bind_param("s", $email);
if ($stmt->execute()) {
$result = $stmt->get_result()->fetch_assoc();
$stmt->close();
}
if ($result) {
// Found user with the email
// Now verify the password
if (PassHash::check_password($result["PasswordHash"], $password)) {
// User password is correct
return $result["UserID"];
} else {
// user password is incorrect
return null;
}
} else {
// user not existed with the email
return null;
}
}
<?php
require 'PassHash.php';
$pass_hash = PassHash::hash('mypassworddddwerewfew');
echo $pass_hash;
/**
* Verifies a cleartext password against a crypted hash
*
* @author Andreas Gohr <*****@*****.**>
* @param string $clear The clear text password
* @param string $crypt The hash to compare with
* @return bool true if both match
*/
function auth_verifyPassword($clear, $crypt)
{
$pass = new PassHash();
return $pass->verify_hash($clear, $crypt);
}
/**
* Writes the data to the config files
*
* @author Chris Smith <*****@*****.**>
*/
function store_data($d)
{
global $LC;
$ok = true;
$d['policy'] = (int) $d['policy'];
// create local.php
$now = gmdate('r');
$output = <<<EOT
<?php
/**
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by install script
* Date: {$now}
*/
EOT;
$output .= '$conf[\'title\'] = \'' . addslashes($d['title']) . "';\n";
$output .= '$conf[\'lang\'] = \'' . addslashes($LC) . "';\n";
$output .= '$conf[\'license\'] = \'' . addslashes($d['license']) . "';\n";
if ($d['acl']) {
$output .= '$conf[\'useacl\'] = 1' . ";\n";
$output .= "\$conf['superuser'] = '******';\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'local.php', $output);
if ($d['acl']) {
// hash the password
$phash = new PassHash();
$pass = $phash->hash_smd5($d['password']);
// create users.auth.php
// --- user:SMD5password:Real Name:email:groups,comma,seperated
$output = join(":", array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
$output = @file_get_contents(DOKU_CONF . 'users.auth.php.dist') . "\n{$output}\n";
$ok = $ok && fileWrite(DOKU_LOCAL . 'users.auth.php', $output);
// create acl.auth.php
$output = <<<EOT
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: {$now}
EOT;
if ($d['policy'] == 2) {
$output .= "* @ALL 0\n";
$output .= "* @user 8\n";
} elseif ($d['policy'] == 1) {
$output .= "* @ALL 1\n";
$output .= "* @user 8\n";
} else {
$output .= "* @ALL 8\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'acl.auth.php', $output);
}
return $ok;
}
function test_ml_imgresize_array_external()
{
global $conf;
$conf['useslash'] = 0;
$conf['userewrite'] = 0;
$ids = array('https://example.com/lib/tpl/dokuwiki/images/logo.png', 'http://example.com/lib/tpl/dokuwiki/images/logo.png', 'ftp://example.com/lib/tpl/dokuwiki/images/logo.png');
$w = 80;
$args = array('w' => $w);
foreach ($ids as $id) {
$tok = media_get_token($id, $w, 0);
$hash = substr(PassHash::hmac('md5', $id, auth_cookiesalt()), 0, 6);
$expect = DOKU_BASE . $this->script . '?w=' . $w . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
}
$h = 50;
$args = array('h' => $h);
$tok = media_get_token($id, $h, 0);
$expect = DOKU_BASE . $this->script . '?h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
$w = 80;
$h = 50;
$args = array('w' => $w, 'h' => $h);
$tok = media_get_token($id, $w, $h);
$expect = DOKU_BASE . $this->script . '?w=' . $w . '&h=' . $h . '&tok=' . $tok . '&media=' . rawurlencode($id);
$this->assertEquals($expect, ml($id, $args));
}
/**
* Definition of the function modifyUser in order to modify the password
*
* @param string $user nick of the user to be changed
* @param array $changes array of field/value pairs to be changed (password will be clear text)
* @return bool true on success, false on error
*/
function modifyUser($user, $changes)
{
// open the connection to the ldap
if (!$this->_openLDAP()) {
$this->_debug('LDAP cannot connect: ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
// find the information about the user, in particular the "dn"
$info = $this->getUserData($user, true);
if (empty($info['dn'])) {
$this->_debug('LDAP cannot find your user dn', 0, __LINE__, __FILE__);
return false;
}
$dn = $info['dn'];
// find the old password of the user
list($loginuser, $loginsticky, $loginpass) = auth_getCookie();
if ($loginuser !== null) {
// the user is currently logged in
$secret = auth_cookiesalt(!$loginsticky, true);
$pass = auth_decrypt($loginpass, $secret);
// bind with the ldap
if (!@ldap_bind($this->con, $dn, $pass)) {
$this->_debug('LDAP user bind failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
} elseif ($this->getConf('binddn') && $this->getConf('bindpw')) {
// we are changing the password on behalf of the user (eg: forgotten password)
// bind with the superuser ldap
if (!@ldap_bind($this->con, $this->getConf('binddn'), conf_decodeString($this->getConf('bindpw')))) {
$this->_debug('LDAP bind as superuser: '******'pass']);
// change the password
if (!@ldap_mod_replace($this->con, $dn, array('userpassword' => $hash))) {
$this->_debug('LDAP mod replace failed: ' . htmlspecialchars($dn) . ': ' . htmlspecialchars(ldap_error($this->con)), 0, __LINE__, __FILE__);
return false;
}
return true;
}
/**
* Return a secret token to be used for CSRF attack prevention
*
* @author Andreas Gohr <*****@*****.**>
* @link http://en.wikipedia.org/wiki/Cross-site_request_forgery
* @link http://christ1an.blogspot.com/2007/04/preventing-csrf-efficiently.html
*
* @return string
*/
function getSecurityToken()
{
/** @var Input $INPUT */
global $INPUT;
return PassHash::hmac('md5', session_id() . $INPUT->server->str('REMOTE_USER'), auth_cookiesalt());
}
session_unset();
}
if (isset($_SESSION['user'])) {
$smarty->assign('loggedIn', true);
} else {
if (isset($_POST['user']) and isset($_POST['password'])) {
$handle = fopen("DokuWiki/users.auth.php", "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
if (startsWith($line, $_POST['user'])) {
// do the auth
$lineExplode = explode(":", $line);
if ($lineExplode[0] != $_POST['user']) {
continue;
}
$cHash = new PassHash();
if ($cHash->verify_hash($_POST['password'], $lineExplode[1])) {
$_SESSION['user'] = $_POST['user'];
$_SESSION['groups'] = array_map('trim', explode(",", $lineExplode[4]));
$smarty->assign('loggedIn', true);
header("Location: index.php");
exit;
} else {
error_log("Login attempt with wrong credentials for user: " . $_POST['user']);
}
}
}
fclose($handle);
} else {
// error opening the file.
}
/**
* Writes the data to the config files
*
* @author Chris Smith <*****@*****.**>
*
* @param array $d
* @return bool
*/
function store_data($d)
{
global $LC;
$ok = true;
$d['policy'] = (int) $d['policy'];
// create local.php
$now = gmdate('r');
$output = <<<EOT
<?php
/**
* Dokuwiki's Main Configuration File - Local Settings
* Auto-generated by install script
* Date: {$now}
*/
EOT;
// add any config options set by a previous installer
$preset = __DIR__ . '/install.conf';
if (file_exists($preset)) {
$output .= "# preset config options\n";
$output .= file_get_contents($preset);
$output .= "\n\n";
$output .= "# options selected in installer\n";
@unlink($preset);
}
$output .= '$conf[\'title\'] = \'' . addslashes($d['title']) . "';\n";
$output .= '$conf[\'lang\'] = \'' . addslashes($LC) . "';\n";
$output .= '$conf[\'license\'] = \'' . addslashes($d['license']) . "';\n";
if ($d['acl']) {
$output .= '$conf[\'useacl\'] = 1' . ";\n";
$output .= "\$conf['superuser'] = '******';\n";
}
if (!$d['allowreg']) {
$output .= '$conf[\'disableactions\'] = \'register\'' . ";\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'local.php', $output);
if ($d['acl']) {
// hash the password
$phash = new PassHash();
$pass = $phash->hash_smd5($d['password']);
// create users.auth.php
// --- user:SMD5password:Real Name:email:groups,comma,seperated
$output = join(":", array($d['superuser'], $pass, $d['fullname'], $d['email'], 'admin,user'));
$output = @file_get_contents(DOKU_CONF . 'users.auth.php.dist') . "\n{$output}\n";
$ok = $ok && fileWrite(DOKU_LOCAL . 'users.auth.php', $output);
// create acl.auth.php
$output = <<<EOT
# acl.auth.php
# <?php exit()?>
# Don't modify the lines above
#
# Access Control Lists
#
# Auto-generated by install script
# Date: {$now}
EOT;
if ($d['policy'] == 2) {
$output .= "* @ALL 0\n";
$output .= "* @user 8\n";
} elseif ($d['policy'] == 1) {
$output .= "* @ALL 1\n";
$output .= "* @user 8\n";
} else {
$output .= "* @ALL 8\n";
}
$ok = $ok && fileWrite(DOKU_LOCAL . 'acl.auth.php', $output);
}
// enable popularity submission
if ($d['pop']) {
@touch(DOKU_INC . 'data/cache/autosubmit.txt');
}
// disable auth plugins til needed
$output = <<<EOT
<?php
/*
* Local plugin enable/disable settings
*
* Auto-generated by install script
* Date: {$now}
*/
\$plugins['authad'] = 0;
\$plugins['authldap'] = 0;
\$plugins['authmysql'] = 0;
\$plugins['authpgsql'] = 0;
EOT;
$ok = $ok && fileWrite(DOKU_LOCAL . 'plugins.local.php', $output);
return $ok;
}
<?php
include 'inc/class.PassHash.inc.php';
include 'inc/class.db_connect.inc.php';
$checkedFormsFields = checkFormField::cleanFormField($_POST);
DB_Connect::test();
if (isset($checkedFormsFields['save'])) {
$today = date("Ymd");
$query = 'insert into users (username, pass, name, firstName, lastName, regDate) values ("' . $checkedFormsFields['username'] . '", "' . PassHash::hash($checkedFormsFields['password']) . '", "' . $checkedFormsFields['name'] . '", "' . $checkedFormsFields['firstName'] . '", "' . $checkedFormsFields['lastName'] . '", "' . $today . '")';
$result = DB_Connect::query($query);
if ($result == 1) {
header('Location: index.php');
}
} else {
$query = 'select * from users where username = "******"';
$result = DB_Connect::query($query);
$fila = mysql_fetch_assoc($result);
if ($checkedFormsFields['validateUsername']) {
echo json_encode($fila);
} else {
if (PassHash::check_password($fila["pass"], $checkedFormsFields['password'])) {
header('Location: success.php');
}
}
}
/**
* Comprobar Login de Usuario
* @param String $correo correo del usuario
* @param String $password contraseña de usuario
* @return boolean login fallido/correcto
*/
public function checkLogin($correo, $password)
{
// Obtenemos usuario por correo
$stmt = $this->conn->prepare("SELECT Password FROM Usuario WHERE Correo = ?");
$stmt->bind_param("s", $correo);
$stmt->execute();
$stmt->bind_result($password_hash);
$stmt->store_result();
if ($stmt->num_rows > 0) {
// Si encontro usuario
// Comprobamos ahora la contraseña
$stmt->fetch();
$stmt->close();
if (PassHash::check_password($password_hash, $password)) {
// Es Correcta
return TRUE;
} else {
// Es Incorrecta
return FALSE;
}
} else {
$stmt->close();
// Usuario no registrado con ese email
return FALSE;
}
}
/**
* Descrição
* @param type $login
* @param type $senha
* @return type
*/
public function checkLogin($login, $senhaPlana)
{
$autorizado = FALSE;
$sql = "SELECT usuario.nm_login, usuario.nm_senha" . " FROM tb_usuario AS usuario" . " WHERE" . " usuario.nm_login = ?" . " AND usuario.fl_ativo = " . USUARIO_ATIVO;
$stmt = $this->conn->prepare($sql);
// Parâmetros: tipos das entradas, entradas.
$stmt->bind_param("s", $login);
$resultStmt = $stmt->execute();
$stmt->store_result();
if ($resultStmt && $stmt->num_rows > 0) {
$stmt->bind_result($login, $senhaHash);
$stmt->fetch();
if (PassHash::check_password($senhaHash, $senhaPlana)) {
$autorizado = TRUE;
}
}
$stmt->close();
return $autorizado;
}
}
if ($query->count("*") > 0) {
echo json_encode($result);
} else {
echo json_encode(array("status" => false, "message" => "cannot find your keyword {$key}"));
}
});
/* registation (admin restoran)*/
$app->post('/admin_restoran', function () use($app, $db) {
require_once 'libs/PassHash.php';
verifyRequiredParams(array('restoran_id', 'admin_username', 'admin_email', 'admin_password'));
$restoran_id = $app->request->post('restoran_id');
$admin_username = $app->request->post('admin_username');
$admin_email = $app->request->post('admin_email');
$admin_password = $app->request->post('admin_password');
$password_hash = PassHash::hash($admin_password);
$admin_api = generateApiKey();
validateEmail($admin_email);
$query = $db->admin_restoran->where("admin_username LIKE ?", $admin_email);
if ($query->count("*") < 1) {
$add = $db->admin_restoran->insert(array("restoran_id" => $restoran_id, "admin_username" => $admin_username, "admin_email" => $admin_email, "admin_password" => $password_hash, "admin_api" => $admin_api));
if ($add != null) {
echo json_encode(array("status" => true, "message" => "success add new admin"));
} else {
echo json_encode(array("status" => false, "message" => "failed to add new admin"));
}
} else {
echo json_encode(array("status" => false, "message" => "email is already exist"));
}
});
/* login (admin restoran)*/