function main() { global $redirect_url, $base_url; $uuid = getUUID(); $tip = show_QRImage($uuid); while (($code = wait_for_login($tip, $uuid)) != '200') { if ($code == '201') { $tip = 0; } } echo $redirect_url; if (login()) { printf('login fail'); } $base_url = 'http://wx.qq.com/cgi-bin/mmwebwx-bin'; if (!webwxinit()) { printf('init fail'); } // getcontact(); }
/** Write a concept mapping to db * supply mapping as a valid * array("dataset_prefix"=>defined_meaning_id,...) * @returns: assoc array of uuids used for mapping. (typically you can just * discard this, but it is used in copy.php for objects table support * array values set to -1 were not mapped. */ function createConceptMapping( $concepts, $override_transaction = null ) { $uuid_map = getUUID( $concepts ); foreach ( $concepts as $dc => $dm_id ) { $collid = getCollectionIdForDC( $dc ); if ( $uuid_map[$dc] != - 1 ) { writeDmToCollection( $dc, $collid, $uuid_map[$dc], $dm_id, $override_transaction ); } } return $uuid_map; }
/** * log in with post data */ private function dologinWithPostData() { require_once "config/gv.php"; // check login form contents if (empty($_POST['user_name'])) { $this->errors[] = "Username field was empty."; } elseif (empty($_POST['user_password'])) { $this->errors[] = "Password field was empty."; } elseif (!empty($_POST['user_name']) && !empty($_POST['user_password'])) { // create a database connection, using the constants from config/db.php (which we loaded in index.php) $this->db_connection = new mysqli(DBHOST, DBUSER, DBPASS, DBNAME); // change character set to utf8 and check it if (!$this->db_connection->set_charset("utf8")) { $this->errors[] = $this->db_connection->error; } // if no connection errors (= working database connection) if (!$this->db_connection->connect_errno) { // escape the POST stuff $user_name = $this->db_connection->real_escape_string($_POST['user_name']); $sql = mysqli_prepare($this->db_connection, "SELECT * FROM members WHERE username = ? OR email = ?"); $result_of_login_check = bindFetch($sql, [$user_name, $user_name]); // if this user exists if (count($result_of_login_check) == 1) { // get result row (as an object) $result_row = $result_of_login_check[0]; $loginCount = $result_row['loginCount']; if ($loginCount < MAX_PASS_LOGIN) { $conn = mysqli_connect(DBHOST, DBUSER, DBPASS, DBNAME); // using PHP 5.5's password_verify() function to check if the provided password fits // the hash of that user's password if (password_verify($_POST['user_password'], $result_row['pwHash'])) { $globalVars = new stdClass(); $globalVars->user_name = $result_row['username']; $globalVars->timeStamp = time(); $globalVars->user_email = $result_row['email']; $globalVars->user_login_status = 1; $globalVars->user_id = $result_row['id']; $globalVars->firstName = $result_row['firstName']; $globalVars->lastName = $result_row['lastName']; foreach ($globalVars as $key => $val) { $GLOBALS[$key] = $val; } $cook = getUUID(); setcookie("UUID", $cook, time() + TIMEOUT); $updateLoginQuery = mysqli_prepare($conn, "UPDATE `members` SET `loginCount`=0, `timeStamp`=now(), `gv`=?, `uuid`=? WHERE `username`=?"); $resultUpdate = bindExecute($updateLoginQuery, [json_encode($globalVars), $cook, $user_name]); mysqli_stmt_close($updateLoginQuery); header("Location: index.php"); } else { // Increment the login_count $loginCount++; $updateLoginQuery = mysqli_prepare($conn, "UPDATE `members` SET `loginCount`=? WHERE `username`=?"); $resultUpdate = bindExecute($updateLoginQuery, [$loginCount, $user_name]); mysqli_stmt_close($updateLoginQuery); if ($loginCount == MAX_PASS_LOGIN) { $this->errors[] = "Account locked, too many attempts. Contact support for assitance"; } else { $this->errors[] = "Wrong username or password."; } } } else { // Log the attempt, account is locked out due to many attempts $this->errors[] = "Account locked, too many attempts. Press the help button for assistance"; } } else { $this->errors[] = "Wrong username or password."; } } else { $this->errors[] = "Database connection problem."; } } }