Пример #1
0
// 	echo $key;
// 	echo ": " . $value;
// 	echo "<br/>";
// 	}
if ($_SERVER['REQUEST_METHOD'] == "POST" && isset($_POST['bf_login'])) {
    if (strlen($_POST['log']) < 1) {
        $logerr = "fielderror";
    }
    if (strlen($_POST['pwd']) < 1) {
        $pwderr = "fielderror";
    }
}
if (isset($_POST['log']) && isset($_POST['pwd'])) {
    //posted data : yes
    $dblogin = sql_escape_string(strtolower($_POST['log']), 1);
    $dbpassword = sql_escape_string(hash('sha256', doubleSalt($_POST['pwd'], $dblogin)), 1);
    //Validate the user
    $sql = "CALL ValidateUser(" . $dblogin . ", " . $dbpassword . ", '" . getRealIpAddr() . "');";
    //echo $sql.'<br/>';
    $Result = execute_query($mysqli, $sql);
    if ($Result) {
        while ($row = $Result[0]->fetch_assoc()) {
            $validemail = 1;
        }
        while ($row[1] = $Result[1]->fetch_assoc()) {
            $_SESSION['user_id'] = $row[1]['user_id'];
            $_SESSION['user_key'] = $row[1]['user_key'];
            $_SESSION['company_id'] = $row[1]['company_id'];
            $_SESSION['organization_id'] = $row[1]['organization_id'];
            $_SESSION['organization_name'] = $row[1]['organization_name'];
            $_SESSION['user_email_address'] = $row[1]['user_email_address'];
Пример #2
0
 case 1:
     //password reset
     //if the passwords are long enough and they match
     $pass1 = isset($_REQUEST["password1"]) ? $_REQUEST["password1"] : '';
     // Pass1
     $pass2 = isset($_REQUEST["password2"]) ? $_REQUEST["password2"] : '';
     // Pass2
     $dblogin = isset($_REQUEST["action_user_email_address"]) ? $_REQUEST["action_user_email_address"] : '';
     // login
     $action_code = isset($_REQUEST["action_code"]) ? $_REQUEST["action_code"] : '';
     // Action code
     $action_user_key = isset($_REQUEST["action_user_key"]) ? $_REQUEST["action_user_key"] : '';
     // Action user
     $dblogin = sql_escape_string(strtolower($dblogin), 1);
     $pass1 = sql_escape_string(hash(sha256, doubleSalt($pass1, $dblogin)), 1);
     $pass2 = sql_escape_string(hash(sha256, doubleSalt($pass2, $dblogin)), 1);
     if (strlen($action_code) == 36 && strlen($pass1) > 0 && strlen($pass2) > 0 && $pass1 == $pass2) {
         $sql = "CALL PasswordResetAction(" . $action_type_id . ", '" . $action_user_key . "', '" . $action_code . "', " . $pass1 . ", " . $pass2 . "  );";
         //echo $sql;
         $Result = execute_query($mysqli, $sql);
         if ($Result) {
             while ($row = $Result[0]->fetch_assoc()) {
                 $_SESSION['user_email_address'] = $row['user_email_address'];
                 $_SESSION['user_first_name'] = $row['user_first_name'];
                 $_SESSION['user_last_name'] = $row['user_last_name'];
                 $_SESSION['user_id'] = $row['user_id'];
                 $_SESSION['user_key'] = $row['user_key'];
                 $_SESSION['user_role_id'] = $row['user_role_id'];
                 $validated = 1;
             }
         } else {