function login($user, $password) { include "db.php"; $sql = "SELECT id, password, zamgerid,firstname,lastname,nickname,index_number,administartor,sh_box_moderator,sh_box_nickname,secondary_email,fk_supergroup FROM user WHERE username=:username and approved=1"; $sth1 = $db->prepare($sql); $sth1->execute(array(':username' => $user)); $a = $sth1->fetch(PDO::FETCH_ASSOC); $role = 'user'; if ($a['administartor'] == '1') { $role = 'admin'; } if ($a['sh_box_moderator'] == '1') { $role = 'moderator'; } $a['type'] = $role; $nick = $a['sh_box_nickname']; if (getSlak($password) == $a['password'] || $password == $a['password']) { echo '{"success":true, "user" : {' . '"uid":"' . $a['id'] . '", ' . '"role":"' . $role . '", ' . '"nick":"' . $nick . '", ' . '"hlogin":"******", ' . '"token":"' . $a['password'] . '" }' . '}'; registerSession($a, $user, $role); exit; } else { echo '{"success":false}'; exit; } }
<?php session_start(); if (isset($_GET["verbose"])) { $GLOBALS["VERBOSE"] = true; ini_set('display_errors', 1); ini_set('error_reporting', E_ALL); ini_set('error_prepend_string', null); ini_set('error_append_string', null); } if (!isset($_SESSION["uid"])) { error_log("[{$_SESSION["uid"]}]::uid `{$_SESSION["uid"]}` no set -> register:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); registerSession(); } if (!isset($_SESSION["uid"])) { error_log("[{$_SESSION["uid"]}]::uid `{$_SESSION["uid"]}` null :" . __FUNCTION__ . " in " . __FILE__ . " line " . basename(__FILE__)); header('location:squid.users.logon.php'); die; } error_log("[{$_SESSION["uid"]}]::uid `{$_SESSION["uid"]}` ok, registered:" . __FUNCTION__ . " in " . basename(__FILE__) . " line " . __LINE__); include_once 'ressources/class.templates.inc'; include_once 'ressources/class.html.pages.inc'; include_once 'ressources/class.cyrus.inc'; include_once 'ressources/class.main_cf.inc'; include_once 'ressources/charts.php'; include_once 'ressources/class.syslogs.inc'; include_once 'ressources/class.system.network.inc'; include_once 'ressources/class.os.system.inc'; if (isset($_POST["GetMyTitle"])) { GetMyTitle(); exit;