function doLogin($username, $password) { $correctLogin = false; $errMsgId = 1; //Look for username row $result = preparedStmt("SELECT id, username, level, enabled, failed_logins, password, salt FROM users WHERE username=?", array("s", "{$username}")); $userData = $result ? $result[0] : 0; //If username exists if ($userData) { $userId = $userData['id']; $pwHash = hash('sha256', $password . "{" . $userData['salt'] . "}"); //If account is disabled - send error if (!$userData['enabled']) { $errMsgId = 2; } else { if ($userData['password'] == $pwHash) { $correctLogin = true; $level = $userData['level']; //'Remember me' checkbox - http://tycoontalk.freelancer.com/php-forum/47470-tip-passwords-security-remember-me.html if ($_POST['rememberme']) { $cookieHash = hash('sha256', $userData['password'] . "{" . $userData['salt'] . "}"); //Hash of pw hash+salt $expire = time() + 7776000; //90 days setcookie('sg_timesheetUN', $userData['username'], $expire, "/"); //Make available from root setcookie('sg_timesheetPW', $cookieHash, $expire, "/"); } } } //Log failed attempts & disable account after 10 wrong tries if (!$correctLogin && $userData['enabled']) { $failedLogins = $userData['failed_logins'] + 1; if ($failedLogins > 9) { $result = preparedStmt("UPDATE users SET enabled=0 WHERE id=?", array("i", $userId)); } $result = preparedStmt("UPDATE users SET failed_logins={$failedLogins} WHERE id=?", array("i", $userId)); } } // Successful - Flatten incorrect logins and start session if ($correctLogin) { $result = preparedStmt("UPDATE users SET failed_logins=0 WHERE id=?", array("s", $userId)); createUserSession($userData['username'], $level); } return array("success" => $correctLogin, "msgId" => $errMsgId); }
<?php session_start(); if (!isset($_SESSION["username"])) { $isRememberedLogin = ""; //Test for remember me cookie if (isset($_COOKIE['sg_timesheetUN'], $_COOKIE['sg_timesheetPW'])) { $username = $_COOKIE['sg_timesheetUN']; //Look for username row $result = preparedStmt("SELECT username, password, level, enabled, salt FROM users WHERE username=?", array("s", $username)); $userData = $result ? $result[0] : 0; if ($userData) { if ($userData['enabled']) { $cookieHash = hash('sha256', $userData['password'] . "{" . $userData['salt'] . "}"); //Hash of pw hash+salt if ($cookieHash == $_COOKIE['sg_timesheetPW']) { $isRememberedLogin = true; createUserSession($username, $userData['level']); } } } } if (!$isRememberedLogin) { $_SESSION["deniedURL"] = getPageURL(); header("Location:login_page.php"); exit; } }
$description = isset($data->description) ? $data->description : ""; $jobnum = isset($data->jobnum) ? $data->jobnum : ""; $client = isset($data->client) ? $data->client : ""; $contact = isset($data->contact) ? $data->contact : ""; $total_mins = isset($data->total_mins) ? $data->total_mins : ""; $complete = isset($data->complete) ? $data->complete : ""; $status = isset($data->status) ? $data->status : ""; if ($action == "edit") { if (intval($id) < 100) { //If id < 100, it's a temp id so a new row //Row is new $result = preparedStmt("INSERT INTO timesheet (who,date_timestamp,time_start,time_end,description,jobnum,client,contact,total_mins,complete,last_change,status) VALUES (?,?,?,?,?,?,?,?,?,?,NOW(),1)", array("sisssissii", $who, $date_timestamp, $time_start, $time_end, $description, $jobnum, $client, $contact, $total_mins, $complete)); $newId = mysqli_insert_id($mysqli); //Get last index created $newIds[$id] = $newId; //Save for updating front end } else { //Row already exists $result = preparedStmt("UPDATE timesheet SET who=?,date_timestamp=?,time_start=?,time_end=?,description=?,jobnum=?,client=?,contact=?,total_mins=?,complete=?,last_change=NOW(),status=? WHERE id=?", array("sisssissiiii", $who, $date_timestamp, $time_start, $time_end, $description, $jobnum, $client, $contact, $total_mins, $complete, $status, $id)); } } if ($action == "remove") { //Soft delete only - sets status to 0 if (intval($id) > 99) { //Less than 100 is temp ids for new rows $result = preparedStmt("UPDATE timesheet SET status=0 WHERE id=?", array("i", $id)); } } } $retArray = array("status" => $result ? 1 : 0, "newIds" => $newIds); echo json_encode($retArray);
include "../config/settings.php"; include "db_connect.php"; include "utils.php"; include "test_login_user.php"; $loggedInUser = $_SESSION["username"]; $numRows = $_GET['numrows']; $showDeleted = $_GET['showdeleted']; $selectStmt = "SELECT id,who,date_timestamp,time_start,time_end,description,jobnum,client,contact,total_mins,complete,status FROM timesheet "; if ($_SESSION["level"] == "administrator") { //Admins get everyone's entries if ($showDeleted) { $entries = preparedStmt($selectStmt . "ORDER BY date_timestamp DESC LIMIT ?", array("i", $numRows)); } else { $entries = preparedStmt($selectStmt . "WHERE status=1 ORDER BY date_timestamp DESC LIMIT ?", array("i", $numRows)); } } else { if ($showDeleted) { $entries = preparedStmt($selectStmt . "WHERE who=? ORDER BY date_timestamp DESC LIMIT ?", array("si", $loggedInUser, $numRows)); } else { $entries = preparedStmt($selectStmt . "WHERE who=? AND status=1 ORDER BY date_timestamp DESC LIMIT ?", array("si", $loggedInUser, $numRows)); } } $sep = ""; $returnStr = "["; foreach ($entries as $i => $row) { $returnStr .= $sep . json_encode($row); $sep = ","; } $returnStr .= "]"; echo $returnStr;