Revision 1323
Added by Dietmar over 14 years ago
class.login.php | ||
---|---|---|
32 | 32 |
class login extends admin { |
33 | 33 |
function login($config_array) { |
34 | 34 |
// Get language vars |
35 |
global $MESSAGE; |
|
35 |
global $MESSAGE, $database;
|
|
36 | 36 |
$this->wb(); |
37 | 37 |
// Get configuration values |
38 | 38 |
$this->USERS_TABLE = $config_array['USERS_TABLE']; |
... | ... | |
61 | 61 |
$username_fieldname = 'username'; |
62 | 62 |
$password_fieldname = 'password'; |
63 | 63 |
} |
64 |
$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES); |
|
64 | 65 |
|
65 |
$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES); |
|
66 | 66 |
$this->password = $this->get_post($password_fieldname); |
67 | 67 |
// Figure out if the "remember me" option has been checked |
68 | 68 |
if($this->get_post('remember') == 'true') { |
... | ... | |
90 | 90 |
} elseif($this->is_remembered() == true) { |
91 | 91 |
// User has been "remembered" |
92 | 92 |
// Get the users password |
93 |
$database = new database(); |
|
93 |
// $database = new database();
|
|
94 | 94 |
$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1"); |
95 | 95 |
$fetch_details = $query_details->fetchRow(); |
96 | 96 |
$this->username = $fetch_details['username']; |
... | ... | |
142 | 142 |
|
143 | 143 |
// Authenticate the user (check if they exist in the database) |
144 | 144 |
function authenticate() { |
145 |
global $database; |
|
145 | 146 |
// Get user information |
146 |
$database = new database(); |
|
147 |
$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1'; |
|
147 |
// $database = new database(); |
|
148 |
// $query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1'; |
|
149 |
$loginname = ( preg_match('/[\;\=\&\|\<\> ]/',$this->username) ? '' : $this->username ); |
|
150 |
$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1'; |
|
148 | 151 |
$results = $database->query($query); |
149 | 152 |
$results_array = $results->fetchRow(); |
150 | 153 |
$num_rows = $results->numRows(); |
... | ... | |
246 | 249 |
|
247 | 250 |
// Function to set a "remembering" cookie for the user |
248 | 251 |
function remember($user_id) { |
252 |
global $database; |
|
249 | 253 |
$remember_key = ''; |
250 | 254 |
// Generate user id to append to the remember key |
251 | 255 |
$length = 11-strlen($user_id); |
... | ... | |
267 | 271 |
} |
268 | 272 |
$remember_key = $remember_key; |
269 | 273 |
// Update the remember key in the db |
270 |
$database = new database(); |
|
274 |
// $database = new database();
|
|
271 | 275 |
$database->query("UPDATE ".$this->USERS_TABLE." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1"); |
272 | 276 |
if($database->is_error()) { |
273 | 277 |
return false; |
... | ... | |
287 | 291 |
|
288 | 292 |
// Function to check if a user has been remembered |
289 | 293 |
function is_remembered() { |
294 |
global $database; |
|
290 | 295 |
if(isset($_COOKIE['REMEMBER_KEY']) AND $_COOKIE['REMEMBER_KEY'] != '') { |
291 | 296 |
// Check if the remember key is correct |
292 |
$database = new database(); |
|
297 |
// $database = new database();
|
|
293 | 298 |
$sql = "SELECT `user_id` FROM `" . $this->USERS_TABLE . "` WHERE `remember_key` = '"; |
294 | 299 |
$sql .= $this->get_safe_remember_key() . "' LIMIT 1"; |
295 | 300 |
$check_query = $database->query($sql); |
Also available in: Unified diff
Ticket #985 With #1318 no login in backend possible
Ticket #986 Typo inside the german language file
Ticket #982 Unnessesary heredoc causes on errors while installation!
Ticket #926/Ticket #928 Mail Notification on new user registration