/**
* This function logs a user in.
*/
public function login($name, $password)
{
if (!isset($name) || $name == "" || !isset($password) || $password == "") {
malformed_request('missing <code>name</code> or <code>password</code>');
}
global $mysqli;
$sql = 'SELECT password, id FROM UserData WHERE name=?';
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $name);
$stmt->execute();
$hashed = '';
$id = 0;
$stmt->bind_result($hashed, $id);
// try to fetch
if (!$stmt->fetch()) {
$stmt->close();
return FAILED;
}
$stmt->close();
// then verify and return result including session_token
$result = password_verify($password, $hashed);
if ($result) {
$_SESSION['session_token'] = uniqid('', true);
$_SESSION['id'] = $id;
$this->_logged_in = true;
$this->_userid = $id;
// login user if ok
$sql = 'UPDATE Users SET session_token=? WHERE Users.id=(SELECT UserData.id FROM UserData WHERE name=?)';
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('ss', $_SESSION['session_token'], $name);
$stmt->execute();
$stmt->close();
$this->set_session_token();
return SUCCESS;
} else {
$this->logout();
}
return FAILED;
}
function updateChannelParent($channel)
{
if (!isset($channel['parent']) || !isset($channel['id'])) {
malformed_request('Missing parent or id');
}
check_channel_privileges($channel['id'], AUTHOR);
check_channel_privileges($channel['parent'], AUTHOR);
global $mysqli;
$query = "UPDATE Channels SET parent=? WHERE id=?";
/* Prepared statement, stage 1: prepare */
if (!($stmt = $mysqli->prepare($query))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
/* Prepared statement, stage 2: bind and execute */
if (!$stmt->bind_param("ii", $channel['parent'], $channel['id'])) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->close();
// invalidate breadcrumbs
$query = "DELETE FROM BreadcrumbCache WHERE breadcrumb LIKE ?";
/* Prepared statement, stage 1: prepare */
if (!($stmt = $mysqli->prepare($query))) {
echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
$search = '%s:2:"id";i:' . intval($channel['id']) . ';%';
/* Prepared statement, stage 2: bind and execute */
if (!$stmt->bind_param("s", $search)) {
echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if (!$stmt->execute()) {
echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
}
$stmt->close();
return $channel;
}
function updateUnitParent($unit)
{
if (!isset($unit['parent']) || !isset($unit['id']) || !isset($unit['oldParent'])) {
malformed_request('Missing parent, oldParent or id');
}
check_channel_privileges($unit['parent'], AUTHOR);
check_channel_privileges($unit['oldParent'], AUTHOR);
deleteUnitFromChannel($unit['id'], $unit['oldParent']);
addUnitToChannel($unit['id'], $unit['parent']);
}
