protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); $remember = type::post('remember', 'int'); if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('fill_out_both')); return; } $sql = new sql(); $sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); if (!$sql->num()) { echo message::danger(sprintf(lang::get('email_not_found'), htmlspecialchars($email)), true); $shake = 1; return; } $sql->result(); if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) { echo message::danger(lang::get('wrong_pw')); $shake = 1; return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id'); if ($remember) { setcookie("remember", $sql->get('id'), time() + 3600 * 24 * 7); } }
protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); // Formular ganz abgesendet? if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('login_form_notfull'), true); return; } $sql = sql::factory(); $sql->query('SELECT password, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); // Username mit E-Mail vorhanden? if (!$sql->num()) { echo message::danger(sprintf(lang::get('login_no_user'), $email), true); return; } $sql->result(); // Password nicht gleich? if (!self::checkPassword($password, $sql->get('password'))) { echo message::danger(lang::get('login_pwd_false'), true); return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id') . '||' . self::hash($password); }
protected static function loginPost() { $email = type::post('email', 'string'); $password = type::post('password', 'string'); // Formular ganz abgesendet? if (is_null($email) || is_null($password) || $email == '' || $password == '') { echo message::info(lang::get('login_form_notfull'), true); return; } $sql = sql::factory(); $sql->query('SELECT password, salt, id FROM ' . sql::table('user') . ' WHERE `email` = "' . $sql->escape($email) . '"'); // Username mit E-Mail vorhanden? if (!$sql->num()) { echo message::danger(sprintf(lang::get('login_no_user'), htmlspecialchars($email)), true); return; } $sql->result(); // Password nicht gleich? if (!self::checkPassword($password, $sql->get('salt'), $sql->get('password'))) { echo message::danger(lang::get('login_pwd_false'), true); return; } self::loginSession(); self::$userID = $sql->get('id'); $_SESSION['login'] = $sql->get('id'); // Falls alte Methode (sha1) neuen Salt generieren und salt updaten // sha1 deprecated 0.2 Beta $salt = $sql->get('salt'); if (empty($salt)) { $salt = self::generateSalt(); $sql->setTable('user'); $sql->setWhere('`email` = "' . $email . '"'); $sql->addPost('salt', $salt); $sql->addPost('password', self::hash($password, $salt)); $sql->update(); } }