private function getUser() { $_query = "SELECT * FROM users WHERE email = '" . $this->get('login_form_username') . "' AND application='" . $this->applicationName() . "' LIMIT 1"; $_obj = new \PAJ\Library\DB\MYSQL\Query($_query, false, $this->get('dbname')); if ($_obj->get('queryresult')) { $this->set('db_userdata', $_obj->get('queryresult')); unset($_obj); return true; } else { unset($_obj); return false; } }
protected function setLastActive() { // init $this->set('success', false); $this->set('errormessage', 'Invalid session.'); $_userID = false; if (isset($_SESSION['userid'])) { $_userID = $_SESSION['userid']; } if ($_userID) { // query VARS $_numRows = 0; $_queryResult = false; $_insert = true; $_cacheNameSpace = false; $_incrementCacheNameSpace = false; $_dbnames = $this->get('dbnames'); $_dbtables = $this->get('dbtables'); $_dbcolumns = $this->get('dbcolumns'); $_dbnames = explode(',', $_dbnames); $_dbtables = explode(',', $_dbtables); $_dbcolumns = explode(',', $_dbcolumns); foreach ($_dbnames as $_key => $_dbname) { $_query = 'UPDATE ' . $_dbtables[$_key] . ' SET timeStamp=NOW() WHERE ' . $_dbcolumns[$_key] . '="' . $_userID . '"'; $_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_dbname, $_cacheNameSpace, $_incrementCacheNameSpace); $_queryResult = $_obj->get('queryresult'); unset($_obj); } if ($_queryResult) { $this->set('success', true); $this->set('output', array('setLastActive' => true, 'output' => 'Session lastactive timestamp updated.')); } else { $this->set('errormessage', 'Error updating database with last active timestamp.'); } } }
/** * DBValidateUserEmail function. * @what - validate an email address with the DB * @access private * @param mixed $_userEmail * @return void */ protected function DBValidateUserEmail($_userEmail) { $_query = "SELECT * FROM users WHERE email = '" . $_userEmail . "' LIMIT 1"; $_obj = new \PAJ\Library\DB\MYSQL\Query($_query, false, $this->get('dbname')); $_DBData = $_obj->get('queryresult'); unset($_obj); if ($_DBData) { // check if account is activated // $_accountActivated = $_DBData['activated']; $_accountType = $_DBData['accounttype']; if ($_accountActivated and $_accountType === 'local') { $this->set('userid', $_DBData['userid']); return true; // account validated with user email } return false; } else { // no records found return false; } }
/** * DBPasswordResetTokenDelete function. * @what - delete the reset token from the database after it has been used * @access public * @param mixed $_token * @param mixed $_userID * @return void */ public function DBPasswordResetTokenDelete($_token, $_userID) { $_queryResult = false; $_numRows = 0; $_queryResult = false; $_insert = true; $_cacheNameSpace = false; $_DBName = $this->get('dbname'); $_incrementCacheNameSpace = false; // delete just the current request and token OR -->> //$_query="DELETE FROM passwordresetrequests WHERE (userid='".$_userID."' AND token='". $_token. "')"; // delete all requests from this user after a succesful change - more secure??? $_query = "DELETE FROM passwordresetrequests WHERE (userid='" . $_userID . "')"; $_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_DBName, $_cacheNameSpace, $_incrementCacheNameSpace); $_queryResult = $_obj->get('queryresult'); unset($_obj); return $_queryResult; }
/** * DBPasswordResetRequestsInsert function. * @what - insert a password reset request entry in the database * @access private * @param mixed $_userID * @param mixed $_userEmail * @param mixed $_token * @return void */ private function DBPasswordResetRequestsInsert($_userID, $_userEmail, $_token) { $_numRows = 0; // init numrows $_queryResult = false; // init queryresult $_insert = true; // insert query true/false $_cacheNameSpace = false; // namespace true, use app namespace false $_dbName = $this->get('dbname'); // database name $_incrementCacheNameSpace = false; // cache increment BOO $_query = "INSERT INTO passwordresetrequests (userid, email, token, ip) VALUES ('" . $_userID . "', '" . $_userEmail . "', '" . $_token . "', '" . $_SERVER['REMOTE_ADDR'] . "')"; $_obj = new \PAJ\Library\DB\MYSQL\Query($_query, $_insert, $_dbName, $_cacheNameSpace, $_incrementCacheNameSpace); if (!$_obj->get('queryresult')) { throw new \Exception('Query failed: ' . $_query); } unset($_obj); }