示例#1
0
function _setSession($uid, $username, $cookie, $remember, $init = true)
{
    $_SESSION['uid'] = $uid;
    $_SESSION['username'] = $username;
    $_SESSION['cookie'] = $cookie;
    $_SESSION['logged'] = true;
    if ($remember == 'yes') {
        updateCookie($cookie, true);
    }
    if ($init) {
        $session = mysql_escape_string(session_id());
        $ip = mysql_escape_string($_SERVER['REMOTE_ADDR']);
        $sql = "UPDATE member SET session = '{$session}', ip = '{$ip}' WHERE " . "id = '{$uid}'";
        if ($query_result = mysql_query($sql)) {
        } else {
            echo 'Db error: ' . mysql_error();
            mysql_close($dbh);
            exit;
        }
    }
}
function checkLogin($user, $pass, $cookie = "N")
{
    //get global var
    global $sqlConn;
    //query DB for access info related to passed vars
    $sql = "SELECT u.id AS user_id, u.email, u.fname, u.lname, u.datetime_last_login, u.is_admin ";
    $sql .= "FROM admin_users u ";
    $sql .= "WHERE u.active = 'Y' AND u.email = '" . $user . "' AND u.password = '******' ";
    //$sql .= "WHERE u.active = 'Y' AND u.email = '".$user."' AND u.password = ENCODE('".$pass."', '".ENCODE_KEY."') ";
    $sqlConn->Execute($sql);
    if ($sqlConn->NumRows() > 0) {
        //found user, now create all sessions for the user
        $user = $sqlConn->GetRecord();
        // init sessions
        createSessions($user["user_id"], $user["email"], $user["datetime_last_login"], $user["is_admin"], trim($user["fname"] . " " . $user["lname"]));
        //update user's last login time
        $sql = "UPDATE admin_users SET datetime_last_login = NOW() WHERE id = '" . $user["user_id"] . "' ";
        $sqlConn->Execute($sql);
        //check if user wants to have a cookie
        if ($cookie == "Y") {
            updateCookie($user["user_id"], $user, $pass);
        }
        // login was successful
        return TRUE;
    } else {
        //login failed
        return FALSE;
    }
}