Пример #1
0
 /**
  * Performs user sign-in by user name and password hash.
  *
  * @access	public
  * @param	string $un The user name
  * @param	string $pw_hash The password hash
  * @since	3.0
  *
  */
 function login($un, $pw_hash)
 {
     global $_SESSION, $_POST, $SANITIZER, $SecureSession, $CONFIG;
     $PL_PW = $CONFIG->secure_login_password;
     $str_error = '';
     // init
     $_POST["remember_me"] = 1;
     $remember_me = true;
     $sql = "\n\t\t\t\t\t\tSELECT u.id, u.un, u.firstname, u.lastname, u.email, u.web, u.bio\n\t\t\t\t\t\t, GROUP_CONCAT(un.notice_fid ORDER BY un.notice_fid ASC SEPARATOR '|') AS u_notices\n\t\t\t\t\t\tFROM users AS u\n\t\t\t\t\t\tLEFT OUTER JOIN user_notices AS un ON un.user_fid = u.id\n\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\tAND u.deleted IS NULL\n\t\t\t\t\t\tGROUP BY un.user_fid\n\t\t\t\t\t\tLIMIT 0, 1\n\t\t\t\t\t ";
     if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
         // echo $sql;
     }
     $result = mysql_query($sql);
     $record_count = 0;
     if ($result) {
         $record_count = MySQL_NUM_ROWS($result);
     }
     if ($record_count == 1) {
         $u_id = mysql_result($result, 0, "u.id");
         //ZUser::get($u_id);
         $ss = new SecureSession();
         $ss->check_browser = true;
         $ss->check_ip_blocks = 2;
         $ss->secure_word = 'SALT_';
         $ss->regenerate_id = true;
         $ss->Open();
         $_SESSION['logged_in'] = true;
         /** Generate a secure user id **/
         $_SESSION['u'] = md5($_SESSION['ss_fprint'] . $u_id);
         $_SESSION['u_temp'] = $u_id;
         $u_un = mysql_result($result, 0, "u.un");
         $u_email = mysql_result($result, 0, "u.email");
         $u_firstname = mysql_result($result, 0, "u.firstname");
         $u_lastname = mysql_result($result, 0, "u.lastname");
         $u_web = mysql_result($result, 0, "u.web");
         $u_bio = mysql_result($result, 0, "u.bio");
         $_SESSION['u_un'] = $u_un;
         $_SESSION['u_email'] = $u_email;
         if (trim($u_lastname) != "") {
             $_SESSION['u_name'] = trim($u_firstname . " " . $u_lastname);
         } else {
             $_SESSION['u_name'] = trim($u_firstname);
         }
         $_SESSION['u_web'] = trim($u_web);
         $_SESSION['u_bio'] = trim($u_bio);
         $u_notices = mysql_result($result, 0, "u_notices");
         $u_notices = explode("|", $u_notices);
         if (array_search("1", $u_notices) !== false) {
             $_SESSION["u_notice_1"] = "checked";
         } else {
             $_SESSION["u_notice_1"] = "";
         }
         if (array_search("2", $u_notices) !== false) {
             $_SESSION["u_notice_2"] = "checked";
         } else {
             $_SESSION["u_notice_2"] = "";
         }
         /** Get user data **/
         ZUser::query_user("", $_SESSION['u_temp']);
         ZUser::set();
         /** Save Session ID if 'Remember Me' activated **/
         if (isset($_POST["remember_me"])) {
             $pl = MD5($u_id . $PL_PW);
             $pl_ssid = md5(uniqid(rand(), true));
             @setcookie("pl", $pl, time() + 3600 * 24 * 14, "/");
             /* expire in 2 weeks */
             @setcookie("pl_ssid", $pl_ssid, time() + 3600 * 24 * 14, "/");
             /* expire in 2 weeks */
         } else {
             $this_session_id = "";
             @setcookie("pl", "", time() - 3600);
             /* delete cookie */
             @setcookie("pl_ssid", "", time() - 3600);
             /* delete cookie */
         }
         /** Save new Persistent Login Session ID **/
         $sql = "\n\t\t\t\t\t\t\tUPDATE users AS u\n\t\t\t\t\t\t\tSET u.session_id = '{$pl_ssid}'\n\t\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\t ";
         if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
             //echo $sql;
         }
         $result2 = mysql_query($sql);
         //@header('Location: index.php');
         //die();
     } else {
         @session_destroy();
         $str_error .= JText::_('Username and password do not match.') . '<br />';
     }
     return $str_error;
 }