Changeset 485 for trunk/phpbms/include/login_include.php
- Timestamp:
- 04/07/09 11:44:18 (3 years ago)
- Files:
-
- 1 modified
-
trunk/phpbms/include/login_include.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/include/login_include.php
r311 r485 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 function verifyLogin($username,$password,$db){ 40 $thereturn = "Login Failed"; 41 42 $querystatement = "SELECT id, firstname, lastname, email, phone, department, employeenumber, admin 43 FROM users 44 WHERE login=\"".mysql_real_escape_string($username)."\" 45 AND password=ENCODE(\"".mysql_real_escape_string($password)."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\") 46 AND revoked=0 AND portalaccess=0"; 47 48 $queryresult = $db->query($querystatement); 49 50 if($db->numRows($queryresult)){ 51 39 class login{ 40 41 var $db; 42 43 function login($db){ 44 45 $this->db = $db; 46 47 }//end function init 48 49 50 function verify($username, $password){ 51 52 $querystatement = " 53 SELECT 54 id, 55 firstname, 56 lastname, 57 email, 58 phone, 59 department, 60 employeenumber, 61 admin 62 FROM 63 users 64 WHERE 65 login = '".mysql_real_escape_string($username)."' 66 AND password = ENCODE('".mysql_real_escape_string($password)."','".mysql_real_escape_string(ENCRYPTION_SEED)."') 67 AND revoked = 0 68 AND portalaccess = 0"; 69 70 $queryresult = $this->db->query($querystatement); 71 72 if($this->db->numRows($queryresult)){ 73 52 74 //We found a record that matches in the database 53 75 // populate the session and go in 54 $_SESSION["userinfo"] =$db->fetchArray($queryresult);55 76 $_SESSION["userinfo"] = $this->db->fetchArray($queryresult); 77 56 78 // Next get the users roles, and populate the session with them 57 $_SESSION["userinfo"]["roles"][]=0; 58 $querystatement = "SELECT roleid FROM rolestousers WHERE userid=".$_SESSION["userinfo"]["id"]; 59 $rolesqueryresult = $db->query($querystatement); 60 61 while($rolerecord=$db->fetchArray($rolesqueryresult)) 79 $_SESSION["userinfo"]["roles"][] = 0; 80 $querystatement = " 81 SELECT 82 roleid 83 FROM 84 rolestousers 85 WHERE userid=".$_SESSION["userinfo"]["id"]; 86 87 $rolesqueryresult = $this->db->query($querystatement); 88 89 while($rolerecord = $this->db->fetchArray($rolesqueryresult)) 62 90 $_SESSION["userinfo"]["roles"][]=$rolerecord["roleid"]; 63 64 65 $querystatement = "UPDATE users SET modifieddate=modifieddate, lastlogin=Now() WHERE id = ".$_SESSION["userinfo"]["id"];66 $updateresult = $db->query($querystatement);67 91 68 $_SESSION["tableparams"]=array(); 92 //update lastlogin 93 $ip = $_SERVER["REMOTE_ADDR"]; 94 95 $updatestatement = " 96 UPDATE 97 users 98 SET 99 modifieddate = modifieddate, 100 lastlogin = Now(), 101 `lastip` = '".$ip."' 102 WHERE 103 id = ".$_SESSION["userinfo"]["id"]; 104 105 $this->db->query($updatestatement); 106 107 $_SESSION["tableparams"] = array(); 69 108 70 109 goURL(DEFAULT_LOAD_PAGE); 71 } else 72 return "Login Failed"; 73 } 110 111 } else { 112 113 //log login attempt 114 $log = new phpbmsLog("Login attempt failed for user '".$username."'", "SECURITY"); 115 116 return "Login Failed"; 117 118 }//endif numrows 74 119 75 120 76 // Start Code 77 //================================================================================================================= 78 79 $failed=""; 80 if (isset($_POST["name"])) { 81 $variables=addSlashesToArray($_POST); 82 $failed=verifyLogin($variables["name"],$variables["password"],$db); 83 } else 84 $_POST["name"]=""; 85 ?> 121 }//end function verify 122 123 }//end class
