Пример #1
0
 function try_login($user, $password, $remember)
 {
     $this->pClear();
     db_connect();
     $query = "select user_id,username from user where username = '******';";
     $wynik = db_query($query);
     $wiersz = mysql_fetch_assoc($wynik);
     $user_id = $wiersz['user_id'];
     if ($user_id) {
         /* User exists. Is the password correct? */
         $pm = new PasswordManager($user_id);
         if (!$pm->verify($password)) {
             $user_id = null;
         }
     }
     if (!empty($user_id)) {
         $_SESSION['username'] = $wiersz['username'];
         $_SESSION['user_id'] = $user_id;
         $query = "SELECT now() as now, uuid() as uuid";
         $wynik = db_query($query);
         $rekord = mysql_fetch_assoc($wynik);
         $dzis = $rekord['now'];
         $uuid = $rekord['uuid'];
         $query = "update user set last_login_mobile = '" . $dzis . "' where user_id='" . $user_id . "';";
         db_query($query);
         $this->userid = $user_id;
         $this->username = $user;
         $this->lastlogin = $dzis;
         $this->sessionid = $uuid;
         $this->verified = true;
         if ($remember == 1) {
             $this->pStoreCookie();
         }
         $query = "update user set uuid_mobile ='" . $uuid . "', last_login_mobile='" . $dzis . "' where user_id='" . $user_id . "';";
         db_query($query);
     }
     return;
 }
Пример #2
0
 function try_login($user, $password, $permanent)
 {
     $this->pClear();
     // check the number of logins in the last hour ...
     sql("DELETE FROM `sys_logins` WHERE `timestamp`<'&1'", date('Y-m-d H:i:s', time() - 3600));
     $logins_count = sqlValue("SELECT COUNT(*) `count` FROM `sys_logins` WHERE `remote_addr`='" . sql_escape($_SERVER['REMOTE_ADDR']) . "'", 0);
     if ($logins_count > 24) {
         return LOGIN_TOOMUCHLOGINS;
     }
     // delete old sessions
     $min_lastlogin_permanent = date('Y-m-d H:i:s', time() - LOGIN_TIME_PERMANENT);
     sql("DELETE FROM `sys_sessions` WHERE `last_login`<'&1'", $min_lastlogin_permanent);
     // compare $user with email and username, if both match, use email
     $rsUser = sql("\n            SELECT\n                `user_id`, `username`, 2 AS `prio`, `is_active_flag`,\n                `permanent_login_flag`, `admin`\n            FROM `user`\n            WHERE `username` LIKE '&1'\n\n            UNION\n\n            SELECT\n                `user_id`, `username`, 1 AS `prio`, `is_active_flag`,\n                `permanent_login_flag`, `admin`\n            FROM `user`\n            WHERE\n                `email` LIKE '&1'\n\n            ORDER BY `prio` ASC\n            LIMIT 1\n        ", mb_strtolower($user));
     $rUser = sql_fetch_assoc($rsUser);
     sql_free_result($rsUser);
     if ($rUser) {
         /* User exists. Is the password correct? */
         $pm = new PasswordManager($rUser['user_id']);
         if (!$pm->verify($password)) {
             $rUser = null;
         }
     }
     if ($rUser) {
         if ($permanent == null) {
             $permanent = $rUser['permanent_login_flag'] == 1;
         }
         // ok, there is a valid login
         if ($rUser['is_active_flag'] != 0) {
             // begin session
             $uuid = sqlValue('SELECT UUID()', '');
             sql("INSERT INTO `sys_sessions` (`uuid`, `user_id`, `permanent`, `last_login`) VALUES ('&1', '&2', '&3', NOW())", $uuid, $rUser['user_id'], $permanent != false ? 1 : 0);
             sql("UPDATE `user` SET `last_login`=NOW() WHERE `user_id`='&1'", $rUser['user_id']);
             $this->userid = $rUser['user_id'];
             $this->username = $rUser['username'];
             $this->permanent = $permanent;
             $this->lastlogin = date('Y-m-d H:i:s');
             $this->sessionid = $uuid;
             $this->admin = $rUser['admin'] == 1;
             $this->verified = true;
             $retval = LOGIN_OK;
         } else {
             $retval = LOGIN_USERNOTACTIVE;
         }
     } else {
         // sorry, bad login
         $retval = LOGIN_BADUSERPW;
     }
     sql("INSERT INTO `sys_logins` (`remote_addr`, `success`, `timestamp`) VALUES ('&1', '&2', NOW())", $_SERVER['REMOTE_ADDR'], $rUser === false ? 0 : 1);
     // store to cookie
     $this->pStoreCookie();
     return $retval;
 }
Пример #3
0
require 'settings.inc.php';
$userid = isset($_REQUEST['userid']) ? $_REQUEST['userid'] : '';
$loginid = isset($_REQUEST['sessionid']) ? $_REQUEST['sessionid'] : '';
// MD5 encoded
db_connect();
if ($dblink === false) {
    echo 'DB error';
    exit;
}
$rs = mysql_query('SELECT user_id, username, login_id FROM `user` WHERE user_id=\'' . addslashes($userid) . '\'', $dblink);
if (mysql_num_rows($rs) == 0) {
    echo $loginbox_form;
} else {
    $r = mysql_fetch_array($rs);
    $pm = new PasswordManager($userid);
    if ($pm->verify($loginid)) {
        echo str_replace('{username}', htmlspecialchars($r['username']), $loginbox_loggedin);
    } else {
        echo $loginbox_form;
    }
}
mysql_free_result($rs);
function db_connect()
{
    global $dblink, $dbpconnect, $dbusername, $dbname, $dbserver, $dbpasswd, $dbpconnect;
    //connect to the database by the given method - no php error reporting!
    if ($dbpconnect == true) {
        $dblink = @mysql_pconnect($dbserver, $dbusername, $dbpasswd);
    } else {
        $dblink = @mysql_connect($dbserver, $dbusername, $dbpasswd);
    }