示例#1
0
function check_post_values($db, $data)
{
    // Is there username and password given in POST-data?
    if (isset($data['username']) && isset($data['password'])) {
        // No SQL-injections!
        $username = mysql_real_escape_string($data['username']);
        $password = mysql_real_escape_string($data['password']);
        // Get user information by username
        $q = 'SELECT id, username, password FROM rs_users WHERE ' . 'username="******"';
        try {
            $ret = $db->query($q);
        } catch (Exception $e) {
            echo 'Virhe tietokantakyselyssä!';
            die;
        }
        // If we found in database user, then check password
        if ($db->numRows($ret) > 0) {
            $row = $db->fetchAssoc($ret);
            // Is password correct? If it is, then set
            // session variables.
            if ($row[0]['password'] == sha1($password)) {
                $_SESSION['id'] = $row[0]['id'];
                $_SESSION['username'] = $row[0]['username'];
                // Icon to show
                $_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_clean.png';
                $_SESSION['message'] = 'Olet kirjautunut sisään ' . 'käyttäjätunnuksella "' . $username . '"';
                $cUsers = new CUsers($db, $_SESSION);
                $_SESSION['unseen_comments'] = $cUsers->countUnseenComments($_SESSION['id']);
            } else {
                // Icon to show
                $_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_logout.png';
                // Someting went wrong! Show error.
                $_SESSION['message'] = 'Virheellinen salasana!';
            }
        } else {
            // Icon to show
            $_SESSION['message_icon'] = 'graphics/32px-Crystal_Clear_app_logout.png';
            // Someting went wrong! Show error.
            $_SESSION['message'] = 'Käyttäjätunnusta ei löytynyt!';
        }
    }
}