function cookie_auth($user_id, $user_hash) { global $REMOTE_ADDR; global $UUID; global $ACCESS; global $ACCT; global $MASTER; try { $db = db_career(); $user = new User($db, $user_id); $expdate = $user->exp_date; $today = date('Y-m-d'); if (!$expdate) { $expdate = $today; } // null exp date - ok if ($user && md5($user->password . $REMOTE_ADDR . $user->email . $user->uid) === $user_hash && $expdate >= $today && $user->status && $user->is_oper()) { // success, let's accept credentials. if (!EMERGENCY || $user->access == 500) { $UUID = $user->uid; $_SESSION['user_id'] = $UUID; $ACCESS = $user->access; $_SESSION['access'] = $ACCESS; $ACCT = $user->acct; $_SESSION['acct'] = $ACCT; $MASTER = $user->master_acct; $_SESSION['master_acct'] = $MASTER; //$user->setlastlogin($db); $_SESSION['userobj'] = clone $user; $db->close(); return $user; } } $db->close(); unset($user_id, $user, $db); } catch (Exception $e) { // if( DEBUG ) echo "<!-- " . $e->getMessage() . " ( " . $e->getCode() . ") -->"; // echo will break cookie set and header set. unset($user_id, $user, $db); } return false; }
$result = false; $mesg = 'Request failed: ' . $e->getMessage() . ' (' . $e->getCode() . ')'; } } elseif (isset($_POST['username'], $_POST['password']) && $_POST['username'] && $_POST['password'] != '') { // login requested try { $db = db_clients(); $user = new User($db, 0, $_POST['username']); $olduser = $UUID; $expdate = $user->exp_date; $today = date('Y-m-d'); if (!$expdate) { $expdate = $today; } // null exp date - ok if ($user && $user->status && $user->is_oper() && $expdate >= $today && $user->password == sha1(stripslashes($_POST['password'])) && (!EMERGENCY || $_SESSION['access'] == 500)) { // success if ($olduser) { logout(0, !$_POST['remember']); } $UUID = $user->uid; $_SESSION['user_id'] = $UUID; $ACCESS = $user->access; $_SESSION['access'] = $ACCESS; $ACCT = $user->acct; $_SESSION['acct'] = $ACCT; $MASTER = $user->master_acct; $_SESSION['master_acct'] = $MASTER; $user->setlastlogin($db); $_SESSION['userobj'] = clone $user; if (isset($_POST['remember']) && $_POST['remember']) {