function abet_login($user, $passwd) { // place the username in the session so we can remember the login attempt $_SESSION['user'] = $user; // attempt authentication verification if (abet_verify($user, $passwd, $id, $role)) { // authentication was successful: place id and user role into session $_SESSION['id'] = $id; $_SESSION['role'] = $role; return true; } return false; }
<?php // include needed files; update the include path to find the libraries $paths = array(get_include_path(), '/usr/lib/abet1', '/usr/local/lib/abet1'); set_include_path(implode(PATH_SEPARATOR, $paths)); require_once 'abet1-login.php'; require_once 'abet1-query.php'; require_once 'abet1-misc.php'; /* check-passwd.php - JSON transfer specification Supports: POST Fields: (POST) *--------* | passwd | *--------* This script checks password for a currently authenticated user. If the password matches then {"success":true} is returned; otherwise {"success":false} is returned. */ if (!abet_is_authenticated()) { page_fail(UNAUTHORIZED); } if ($_SERVER['REQUEST_METHOD'] != 'POST' || !array_key_exists('passwd', $_POST)) { page_fail(BAD_REQUEST); } if (!abet_verify($_SESSION['user'], $_POST['passwd'], $id, $role)) { page_fail(BAD_REQUEST); } echo "{\"success\":true}";