Revision 1474
Added by DarkViper almost 13 years ago
| class.login.php | ||
|---|---|---|
| 32 | 32 |
global $MESSAGE, $database; |
| 33 | 33 |
parent::__construct(); |
| 34 | 34 |
// Get configuration values |
| 35 |
$this->USERS_TABLE = $config_array['USERS_TABLE']; |
|
| 36 |
$this->GROUPS_TABLE = $config_array['GROUPS_TABLE']; |
|
| 37 |
$this->username_fieldname = $config_array['USERNAME_FIELDNAME']; |
|
| 38 |
$this->password_fieldname = $config_array['PASSWORD_FIELDNAME']; |
|
| 39 |
$this->remember_me_option = $config_array['REMEMBER_ME_OPTION']; |
|
| 40 |
$this->max_attemps = $config_array['MAX_ATTEMPS']; |
|
| 41 |
$this->warning_url = $config_array['WARNING_URL']; |
|
| 42 |
$this->login_url = $config_array['LOGIN_URL']; |
|
| 43 |
$this->template_dir = $config_array['TEMPLATE_DIR']; |
|
| 44 |
$this->template_file = $config_array['TEMPLATE_FILE']; |
|
| 45 |
$this->frontend = $config_array['FRONTEND']; |
|
| 46 |
$this->forgotten_details_app = $config_array['FORGOTTEN_DETAILS_APP']; |
|
| 47 |
$this->max_username_len = $config_array['MAX_USERNAME_LEN']; |
|
| 48 |
$this->max_password_len = $config_array['MAX_PASSWORD_LEN']; |
|
| 49 |
if (array_key_exists('REDIRECT_URL',$config_array))
|
|
| 50 |
$this->redirect_url = $config_array['REDIRECT_URL']; |
|
| 51 |
else |
|
| 52 |
$this->redirect_url = ''; |
|
| 35 |
while(list($key, $value) = each($config_array)) {
|
|
| 36 |
$this->{(strtolower($key))} = $value;
|
|
| 37 |
} |
|
| 38 |
if(!isset($this->redirect_url)) { $this->redirect_url = ''; }
|
|
| 53 | 39 |
// Get the supplied username and password |
| 54 | 40 |
if ($this->get_post('username_fieldname') != ''){
|
| 55 | 41 |
$username_fieldname = $this->get_post('username_fieldname');
|
| ... | ... | |
| 88 | 74 |
// User has been "remembered" |
| 89 | 75 |
// Get the users password |
| 90 | 76 |
// $database = new database(); |
| 91 |
$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
|
|
| 77 |
$query_details = $database->query("SELECT * FROM ".$this->users_table." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
|
|
| 92 | 78 |
$fetch_details = $query_details->fetchRow(); |
| 93 | 79 |
$this->username = $fetch_details['username']; |
| 94 | 80 |
$this->password = $fetch_details['password']; |
| ... | ... | |
| 142 | 128 |
global $database; |
| 143 | 129 |
// Get user information |
| 144 | 130 |
// $database = new database(); |
| 145 |
// $query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
|
|
| 131 |
// $query = 'SELECT * FROM `'.$this->users_table.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
|
|
| 146 | 132 |
$loginname = ( preg_match('/[\;\=\&\|\<\> ]/',$this->username) ? '' : $this->username );
|
| 147 |
$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1';
|
|
| 133 |
$query = 'SELECT * FROM `'.$this->users_table.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1';
|
|
| 148 | 134 |
$results = $database->query($query); |
| 149 | 135 |
$results_array = $results->fetchRow(); |
| 150 | 136 |
$num_rows = $results->numRows(); |
| ... | ... | |
| 197 | 183 |
$first_group = true; |
| 198 | 184 |
foreach (explode(",", $this->get_session('GROUPS_ID')) as $cur_group_id)
|
| 199 | 185 |
{
|
| 200 |
$query = "SELECT * FROM ".$this->GROUPS_TABLE." WHERE group_id = '".$cur_group_id."'";
|
|
| 186 |
$query = "SELECT * FROM ".$this->groups_table." WHERE group_id = '".$cur_group_id."'";
|
|
| 201 | 187 |
$results = $database->query($query); |
| 202 | 188 |
$results_array = $results->fetchRow(); |
| 203 | 189 |
$_SESSION['GROUP_NAME'][$cur_group_id] = $results_array['name']; |
| ... | ... | |
| 227 | 213 |
// Update the users table with current ip and timestamp |
| 228 | 214 |
$get_ts = time(); |
| 229 | 215 |
$get_ip = $_SERVER['REMOTE_ADDR']; |
| 230 |
$query = "UPDATE ".$this->USERS_TABLE." SET login_when = '$get_ts', login_ip = '$get_ip' WHERE user_id = '$user_id'";
|
|
| 216 |
$query = "UPDATE ".$this->users_table." SET login_when = '$get_ts', login_ip = '$get_ip' WHERE user_id = '$user_id'";
|
|
| 231 | 217 |
$database->query($query); |
| 232 | 218 |
}else {
|
| 233 | 219 |
$num_rows = 0; |
| ... | ... | |
| 248 | 234 |
|
| 249 | 235 |
// Function to set a "remembering" cookie for the user |
| 250 | 236 |
function remember($user_id) {
|
| 251 |
global $database; |
|
| 252 |
$remember_key = ''; |
|
| 253 |
// Generate user id to append to the remember key |
|
| 254 |
$length = 11-strlen($user_id); |
|
| 255 |
if($length > 0) {
|
|
| 256 |
for($i = 1; $i <= $length; $i++) {
|
|
| 257 |
$remember_key .= '0'; |
|
| 258 |
} |
|
| 259 |
} |
|
| 260 |
// Generate remember key |
|
| 261 |
$remember_key .= $user_id.'_'; |
|
| 262 |
$salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 263 |
srand((double)microtime()*1000000); |
|
| 264 |
$i = 0; |
|
| 265 |
while ($i <= 10) {
|
|
| 266 |
$num = rand() % 33; |
|
| 267 |
$tmp = substr($salt, $num, 1); |
|
| 268 |
$remember_key = $remember_key . $tmp; |
|
| 269 |
$i++; |
|
| 270 |
} |
|
| 271 |
$remember_key = $remember_key; |
|
| 272 |
// Update the remember key in the db |
|
| 273 |
// $database = new database(); |
|
| 274 |
$database->query("UPDATE ".$this->USERS_TABLE." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
|
|
| 275 |
if($database->is_error()) {
|
|
| 276 |
return false; |
|
| 277 |
} else {
|
|
| 278 |
// Workout options for the cookie |
|
| 279 |
$cookie_name = 'REMEMBER_KEY'; |
|
| 280 |
$cookie_value = $remember_key; |
|
| 281 |
$cookie_expire = time()+60*60*24*30; |
|
| 282 |
// Set the cookie |
|
| 283 |
if(setcookie($cookie_name, $cookie_value, $cookie_expire, '/')) {
|
|
| 284 |
return true; |
|
| 285 |
} else {
|
|
| 286 |
return false; |
|
| 287 |
} |
|
| 288 |
} |
|
| 237 |
return true; |
|
| 238 |
// global $database; |
|
| 239 |
// $remember_key = ''; |
|
| 240 |
// // Generate user id to append to the remember key |
|
| 241 |
// $length = 11-strlen($user_id); |
|
| 242 |
// if($length > 0) {
|
|
| 243 |
// for($i = 1; $i <= $length; $i++) {
|
|
| 244 |
// $remember_key .= '0'; |
|
| 245 |
// } |
|
| 246 |
// } |
|
| 247 |
// // Generate remember key |
|
| 248 |
// $remember_key .= $user_id.'_'; |
|
| 249 |
// $salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 250 |
// srand((double)microtime()*1000000); |
|
| 251 |
// $i = 0; |
|
| 252 |
// while ($i <= 10) {
|
|
| 253 |
// $num = rand() % 33; |
|
| 254 |
// $tmp = substr($salt, $num, 1); |
|
| 255 |
// $remember_key = $remember_key . $tmp; |
|
| 256 |
// $i++; |
|
| 257 |
// } |
|
| 258 |
// $remember_key = $remember_key; |
|
| 259 |
// // Update the remember key in the db |
|
| 260 |
// // $database = new database(); |
|
| 261 |
// $database->query("UPDATE ".$this->users_table." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
|
|
| 262 |
// if($database->is_error()) {
|
|
| 263 |
// return false; |
|
| 264 |
// } else {
|
|
| 265 |
// // Workout options for the cookie |
|
| 266 |
// $cookie_name = 'REMEMBER_KEY'; |
|
| 267 |
// $cookie_value = $remember_key; |
|
| 268 |
// $cookie_expire = time()+60*60*24*30; |
|
| 269 |
// // Set the cookie |
|
| 270 |
// if(setcookie($cookie_name, $cookie_value, $cookie_expire, '/')) {
|
|
| 271 |
// return true; |
|
| 272 |
// } else {
|
|
| 273 |
// return false; |
|
| 274 |
// } |
|
| 275 |
// } |
|
| 289 | 276 |
} |
| 290 | 277 |
|
| 291 | 278 |
// Function to check if a user has been remembered |
| 292 | 279 |
function is_remembered() |
| 293 | 280 |
{
|
| 294 |
global $database; |
|
| 295 |
// add if get_safe_remember_key not empty |
|
| 296 |
if(isset($_COOKIE['REMEMBER_KEY']) && ($_COOKIE['REMEMBER_KEY'] != '') && ($this->get_safe_remember_key() <> '' ) ) |
|
| 297 |
{
|
|
| 298 |
// Check if the remember key is correct |
|
| 299 |
// $database = new database(); |
|
| 300 |
$sql = "SELECT `user_id` FROM `" . $this->USERS_TABLE . "` WHERE `remember_key` = '"; |
|
| 301 |
$sql .= $this->get_safe_remember_key() . "' LIMIT 1"; |
|
| 302 |
$check_query = $database->query($sql); |
|
| 303 |
|
|
| 304 |
if($check_query->numRows() > 0) |
|
| 305 |
{
|
|
| 306 |
$check_fetch = $check_query->fetchRow(); |
|
| 307 |
$user_id = $check_fetch['user_id']; |
|
| 308 |
// Check the remember key prefix |
|
| 309 |
$remember_key_prefix = ''; |
|
| 310 |
$length = 11-strlen($user_id); |
|
| 311 |
if($length > 0) |
|
| 312 |
{
|
|
| 313 |
for($i = 1; $i <= $length; $i++) |
|
| 314 |
{
|
|
| 315 |
$remember_key_prefix .= '0'; |
|
| 316 |
} |
|
| 317 |
} |
|
| 318 |
$remember_key_prefix .= $user_id.'_'; |
|
| 319 |
$length = strlen($remember_key_prefix); |
|
| 320 |
if(substr($_COOKIE['REMEMBER_KEY'], 0, $length) == $remember_key_prefix) |
|
| 321 |
{
|
|
| 322 |
return true; |
|
| 323 |
} else {
|
|
| 324 |
return false; |
|
| 325 |
} |
|
| 326 |
} else {
|
|
| 327 |
return false; |
|
| 328 |
} |
|
| 329 |
} else {
|
|
| 330 |
return false; |
|
| 331 |
} |
|
| 281 |
return false; |
|
| 282 |
// global $database; |
|
| 283 |
// // add if get_safe_remember_key not empty |
|
| 284 |
// if(isset($_COOKIE['REMEMBER_KEY']) && ($_COOKIE['REMEMBER_KEY'] != '') && ($this->get_safe_remember_key() <> '' ) ) |
|
| 285 |
// {
|
|
| 286 |
// // Check if the remember key is correct |
|
| 287 |
// // $database = new database(); |
|
| 288 |
// $sql = "SELECT `user_id` FROM `" . $this->users_table . "` WHERE `remember_key` = '"; |
|
| 289 |
// $sql .= $this->get_safe_remember_key() . "' LIMIT 1"; |
|
| 290 |
// $check_query = $database->query($sql); |
|
| 291 |
// |
|
| 292 |
// if($check_query->numRows() > 0) |
|
| 293 |
// {
|
|
| 294 |
// $check_fetch = $check_query->fetchRow(); |
|
| 295 |
// $user_id = $check_fetch['user_id']; |
|
| 296 |
// // Check the remember key prefix |
|
| 297 |
// $remember_key_prefix = ''; |
|
| 298 |
// $length = 11-strlen($user_id); |
|
| 299 |
// if($length > 0) |
|
| 300 |
// {
|
|
| 301 |
// for($i = 1; $i <= $length; $i++) |
|
| 302 |
// {
|
|
| 303 |
// $remember_key_prefix .= '0'; |
|
| 304 |
// } |
|
| 305 |
// } |
|
| 306 |
// $remember_key_prefix .= $user_id.'_'; |
|
| 307 |
// $length = strlen($remember_key_prefix); |
|
| 308 |
// if(substr($_COOKIE['REMEMBER_KEY'], 0, $length) == $remember_key_prefix) |
|
| 309 |
// {
|
|
| 310 |
// return true; |
|
| 311 |
// } else {
|
|
| 312 |
// return false; |
|
| 313 |
// } |
|
| 314 |
// } else {
|
|
| 315 |
// return false; |
|
| 316 |
// } |
|
| 317 |
// } else {
|
|
| 318 |
// return false; |
|
| 319 |
// } |
|
| 332 | 320 |
} |
| 333 | 321 |
|
| 334 | 322 |
// Display the login screen |
| ... | ... | |
| 353 | 341 |
$template->set_var('DISPLAY_REMEMBER_ME', '');
|
| 354 | 342 |
} |
| 355 | 343 |
$template->set_var(array( |
| 356 |
'ACTION_URL' => $this->login_url,
|
|
| 357 |
'ATTEMPS' => $this->get_session('ATTEMPS'),
|
|
| 358 |
'USERNAME' => $this->username,
|
|
| 359 |
'USERNAME_FIELDNAME' => $this->username_fieldname,
|
|
| 360 |
'PASSWORD_FIELDNAME' => $this->password_fieldname,
|
|
| 361 |
'MESSAGE' => $this->message,
|
|
| 362 |
'INTERFACE_DIR_URL' => ADMIN_URL.'/interface',
|
|
| 363 |
'MAX_USERNAME_LEN' => $this->max_username_len,
|
|
| 364 |
'MAX_PASSWORD_LEN' => $this->max_password_len,
|
|
| 365 |
'WB_URL' => WB_URL,
|
|
| 366 |
'THEME_URL' => THEME_URL,
|
|
| 367 |
'VERSION' => VERSION,
|
|
| 368 |
'REVISION' => REVISION,
|
|
| 369 |
'LANGUAGE' => strtolower(LANGUAGE),
|
|
| 370 |
'FORGOTTEN_DETAILS_APP' => $this->forgotten_details_app,
|
|
| 371 |
'TEXT_FORGOTTEN_DETAILS' => $TEXT['FORGOTTEN_DETAILS'],
|
|
| 372 |
'TEXT_USERNAME' => $TEXT['USERNAME'],
|
|
| 373 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'],
|
|
| 374 |
'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'],
|
|
| 375 |
'TEXT_LOGIN' => $TEXT['LOGIN'],
|
|
| 376 |
'TEXT_HOME' => $TEXT['HOME'],
|
|
| 377 |
'PAGES_DIRECTORY' => PAGES_DIRECTORY,
|
|
| 378 |
'SECTION_LOGIN' => $MENU['LOGIN']
|
|
| 379 |
)
|
|
| 380 |
);
|
|
| 344 |
'ACTION_URL' => $this->login_url, |
|
| 345 |
'ATTEMPS' => $this->get_session('ATTEMPS'),
|
|
| 346 |
'USERNAME' => $this->username, |
|
| 347 |
'USERNAME_FIELDNAME' => $this->username_fieldname, |
|
| 348 |
'PASSWORD_FIELDNAME' => $this->password_fieldname, |
|
| 349 |
'MESSAGE' => $this->message, |
|
| 350 |
'INTERFACE_DIR_URL' => ADMIN_URL.'/interface', |
|
| 351 |
'MAX_USERNAME_LEN' => $this->max_username_len, |
|
| 352 |
'MAX_PASSWORD_LEN' => $this->max_password_len, |
|
| 353 |
'WB_URL' => WB_URL, |
|
| 354 |
'THEME_URL' => THEME_URL, |
|
| 355 |
'VERSION' => VERSION,
|
|
| 356 |
'REVISION' => REVISION,
|
|
| 357 |
'LANGUAGE' => strtolower(LANGUAGE), |
|
| 358 |
'FORGOTTEN_DETAILS_APP' => $this->forgotten_details_app, |
|
| 359 |
'TEXT_FORGOTTEN_DETAILS' => $TEXT['FORGOTTEN_DETAILS'], |
|
| 360 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
| 361 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
| 362 |
'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'], |
|
| 363 |
'TEXT_LOGIN' => $TEXT['LOGIN'], |
|
| 364 |
'TEXT_HOME' => $TEXT['HOME'], |
|
| 365 |
'PAGES_DIRECTORY' => PAGES_DIRECTORY, |
|
| 366 |
'SECTION_LOGIN' => $MENU['LOGIN'] |
|
| 367 |
) |
|
| 368 |
); |
|
| 381 | 369 |
if(defined('DEFAULT_CHARSET')) {
|
| 382 | 370 |
$charset=DEFAULT_CHARSET; |
| 383 | 371 |
} else {
|
Also available in: Unified diff
for security reasons the 'remember me' functionality is deaktivated in class login
'Get configuration values' is optimized