public function user_login($p_username, $p_password) { $json_result = array("success" => true, "iduser" => -1, "username" => "N/A", "fullname" => "", "error_msg" => ""); if (empty($p_username) || empty($p_password)) { $json_result["error_msg"] .= "Error, please fill username and password."; $json_result["success"] = false; } if ($json_result["success"]) { $qry_count_str = "SELECT COUNT(`iduser`)\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD)); $qry_sel_str = "SELECT *\n\t\tFROM `" . DB_PX . "user`\n\t\tWHERE (`username` = " . $this->db_link->quote($p_username) . " OR `email`=" . $this->db_link->quote($p_username) . ")\n\t\t AND `password`=" . $this->db_link->quote(get_enc_password($p_password, ENC_PASSWORD)); $res_count = $this->db_link->query($qry_count_str); if ($res_count != false) { $fa_count = $res_count->fetch(PDO::FETCH_NUM); if ($fa_count[0] == 1) { $res_sel = $this->db_link->query($qry_sel_str); if ($res_sel != false) { $fa_sel = $res_sel->fetch(PDO::FETCH_ASSOC); $json_result["success"] = true; $json_result["iduser"] = $fa_sel["iduser"]; $json_result["username"] = $fa_sel["username"]; $json_result["fullname"] = $fa_sel["fullname"]; bsession_life(SESSION_PATH); $_SESSION[SESSION_NAME]["iduser"] = $fa_sel["iduser"]; $_SESSION[SESSION_NAME]["username"] = $fa_sel["username"]; $_SESSION[SESSION_NAME]["fullname"] = $fa_sel["fullname"]; } else { $json_result["success"] = false; $tmp_error = $res_sel->errorInfo(); $json_result["error_msg"] = "Error:" . $tmp_error[2]; } } else { $json_result["success"] = false; $json_result["error_msg"] = "Username/password is invalid. Please try again."; } } else { $json_result["success"] = false; $tmp_error = $res_count->errorInfo(); $json_result["error_msg"] = "Error:" . $tmp_error[2]; } } return json_encode($json_result); }
$username = $bfurn_db->quote(strtolower($_REQUEST["username"])); $password = $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD)); $iduser_group = $_REQUEST["iduser_group"]; $fullname = $bfurn_db->quote($_REQUEST["fullname"]); $email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]); $qry_ins = "INSERT INTO `user`(`username`,`password`,iduser_group,email,fullname)\n\t\t\tVALUES({$username},{$password},{$iduser_group},{$email},{$fullname})"; echo json_encode($OBCrud->create($qry_ins)); break; case "read": $qry_sel = "SELECT u.iduser,u.username, ug.`name` AS groupname, u.iduser_group, u.fullname, u.email\n\t\t\tFROM `user` u\n\t\t\tLEFT JOIN `user_group` ug\n\t\t\t\tON(u.iduser_group = ug.iduser_group)"; echo json_encode($OBCrud->read($qry_sel)); break; case "update": $iduser = $_REQUEST["iduser"]; $username = $bfurn_db->quote(strtolower($_REQUEST["username"])); $password = empty($_REQUEST["password"]) ? '' : $bfurn_db->quote(get_enc_password($_REQUEST["password"], ENC_PASSWORD)); $iduser_group_old = $_REQUEST["iduser_group_old"]; $iduser_group = $_REQUEST["iduser_group"]; $fullname = $bfurn_db->quote($_REQUEST["fullname"]); $email = $bfurn_db->quote(!empty($_REQUEST["email"]) ? $_REQUEST["email"] : strtolower($_REQUEST["username"]) . '@' . $_SERVER["HTTP_HOST"]); //BEGIN DELETE privilege_user_revoke FIRST=================================== if ($iduser_group_old != $iduser_group) { $qry_del = "DELETE FROM privilege_user_revoke WHERE iduser={$iduser}"; $ret_del = $OBCrud->destroy($qry_del); if (!$ret_del["success"]) { echo json_encode($ret_del); break; } } //END DELETE privilege_user_revoke FIRST***************************** $set_qry = "SET `username`={$username}, `iduser_group`={$iduser_group}, `fullname`={$fullname}, email={$email}";