/** * Requests that the web service method requires that the user must be authenticated wth the server. * @author Bobby Allen (ballen@bobbyallen.me) */ public function RequireUserAuth() { $ws_auth = new ctrl_auth(); $user = $ws_auth->Authenticate($this->wsdataarray['authuser'], $this->wsdataarray['authpass']); if ($user) { $this->authuserid = $user; return true; } else { $dataobject = new runtime_dataobject(); $dataobject->addItemValue('response', '1105'); $dataobject->addItemValue('content', 'User authentication failed'); die($this->SendResponse($dataobject->getDataObject())); } }
$sql = $zdbh->prepare("SELECT ac_passsalt_vc FROM x_accounts WHERE ac_user_vc = :username AND ac_deleted_ts IS NULL"); $sql->bindParam(':username', $_POST['inUsername']); $sql->execute(); $result = $sql->fetch(); $crypto = new runtime_hash(); $crypto->SetPassword($_POST['inPassword']); $crypto->SetSalt($result['ac_passsalt_vc']); $secure_password = $crypto->CryptParts($crypto->Crypt())->Hash; if (!ctrl_auth::Authenticate($_POST['inUsername'], $secure_password, $rememberdetails, false, $inSessionSecuirty)) { header("location: ./?invalidlogin"); exit; } } if (isset($_COOKIE['zUser'])) { if (isset($_COOKIE['zSec'])) { if ($_COOKIE['zSec'] == false) { $secure = false; } else { $secure = true; } } else { $secure = true; } ctrl_auth::Authenticate($_COOKIE['zUser'], $_COOKIE['zPass'], false, true, $secure); } if (!isset($_SESSION['zpuid'])) { ctrl_auth::RequireUser(); } runtime_hook::Execute('OnBeforeControllerInit'); $controller->Init(); ui_templateparser::Generate("etc/styles/" . ui_template::GetUserTemplate());