/** * Attempt to login, and set the session */ public function login($username = '', $password = '') { // convert the plaintext password to a SHA1 encoded string $password = hash('sha1', $password); $username = Pixelpost_DB::escape($username); $old_sess_id = session_id(); // First check if there is a session available with a login_hash. if ($this->session->get('login_vars')) { // There is login data present in the session so compare the username and password // with data stored in session $sess_loginarr = $this->session->get('login_vars'); if ($sess_loginarr['login'] == $username && $sess_loginarr['password'] == $password) { // The given data corresponds with the data stored in the session // Next step is to establish if the hash can be confirmed session_regenerate_id(); $this->session->db_destroy($old_sess_id); unset($old_sess_id); return $this->confirmAuth(); } else { // The given data is not the data in the session, do not login the user. // destroy the current session $this->logout(); return false; } } else { // If there isn't any session we need to check the given credentials against the database // In order to do so we select the status of a user. If that status == 1 then the user can login $status = (int) Pixelpost_DB::get_var("SELECT `status` FROM users WHERE username = '******' AND password = '******' LIMIT 1"); if ($status == 1) { // We're good to go! // Store the username, password and hash into the session session_regenerate_id(); $this->session->db_destroy($old_sess_id); unset($old_sess_id); $this->storeAuth($username, $password); return true; } else { // Login invalid, or the user is banned return false; } } }
/** * Delete the session data row in the database * Return true or false. * * @param $sess_id * @access public * @return bool */ public function db_destroy($sess_id) { $sess_id = Pixelpost_DB::escape($sess_id); $sql = "DELETE FROM sessions WHERE sess_id = '{$sess_id}'"; $result = Pixelpost_DB::query($sql); //Pixelpost_DB::debug(); return $result; }
/** * @Delete a node and all its children * @access public * @param string $node_name */ public function deleteNodeRecursive($node_permalink) { try { $sql = "SELECT left_node, right_node FROM " . $this->tablename . " \n\t\t\t\tWHERE permalink = '" . Pixelpost_DB::escape($node_permalink) . "'"; $result = (array) Pixelpost_DB::get_results($sql); $result[0]->width_node = $result[0]->right_node - $result[0]->left_node + 1; Pixelpost_DB::query("DELETE FROM " . $this->tablename . " \n\t\t\t\tWHERE left_node BETWEEN " . $result[0]->left_node . " \n\t\t\t\tAND " . $result[0]->right_node); Pixelpost_DB::query("UPDATE " . $this->tablename . " \n\t\t\t\tSET right_node = right_node - " . $result[0]->width_node . " \n\t\t\t\tWHERE right_node > " . $result[0]->right_node); Pixelpost_DB::query("UPDATE " . $this->tablename . " \n\t\t\t \tSET left_node = left_node - " . $result[0]->width_node . " \n\t\t\t\t WHERE left_node > " . $result[0]->right_node); } catch (exception $e) { throw new Exception($e); } }