/** * This function logs a user in. */ public function login($name, $password) { if (!isset($name) || $name == "" || !isset($password) || $password == "") { malformed_request('missing <code>name</code> or <code>password</code>'); } global $mysqli; $sql = 'SELECT password, id FROM UserData WHERE name=?'; $stmt = $mysqli->prepare($sql); $stmt->bind_param('s', $name); $stmt->execute(); $hashed = ''; $id = 0; $stmt->bind_result($hashed, $id); // try to fetch if (!$stmt->fetch()) { $stmt->close(); return FAILED; } $stmt->close(); // then verify and return result including session_token $result = password_verify($password, $hashed); if ($result) { $_SESSION['session_token'] = uniqid('', true); $_SESSION['id'] = $id; $this->_logged_in = true; $this->_userid = $id; // login user if ok $sql = 'UPDATE Users SET session_token=? WHERE Users.id=(SELECT UserData.id FROM UserData WHERE name=?)'; $stmt = $mysqli->prepare($sql); $stmt->bind_param('ss', $_SESSION['session_token'], $name); $stmt->execute(); $stmt->close(); $this->set_session_token(); return SUCCESS; } else { $this->logout(); } return FAILED; }
function updateChannelParent($channel) { if (!isset($channel['parent']) || !isset($channel['id'])) { malformed_request('Missing parent or id'); } check_channel_privileges($channel['id'], AUTHOR); check_channel_privileges($channel['parent'], AUTHOR); global $mysqli; $query = "UPDATE Channels SET parent=? WHERE id=?"; /* Prepared statement, stage 1: prepare */ if (!($stmt = $mysqli->prepare($query))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } /* Prepared statement, stage 2: bind and execute */ if (!$stmt->bind_param("ii", $channel['parent'], $channel['id'])) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; } $stmt->close(); // invalidate breadcrumbs $query = "DELETE FROM BreadcrumbCache WHERE breadcrumb LIKE ?"; /* Prepared statement, stage 1: prepare */ if (!($stmt = $mysqli->prepare($query))) { echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error; } $search = '%s:2:"id";i:' . intval($channel['id']) . ';%'; /* Prepared statement, stage 2: bind and execute */ if (!$stmt->bind_param("s", $search)) { echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error; } if (!$stmt->execute()) { echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error; } $stmt->close(); return $channel; }
function updateUnitParent($unit) { if (!isset($unit['parent']) || !isset($unit['id']) || !isset($unit['oldParent'])) { malformed_request('Missing parent, oldParent or id'); } check_channel_privileges($unit['parent'], AUTHOR); check_channel_privileges($unit['oldParent'], AUTHOR); deleteUnitFromChannel($unit['id'], $unit['oldParent']); addUnitToChannel($unit['id'], $unit['parent']); }