Project

General

Profile

« Previous | Next » 

Revision 1323

Added by Dietmar over 14 years ago

Ticket #985 With #1318 no login in backend possible
Ticket #986 Typo inside the german language file
Ticket #982 Unnessesary heredoc causes on errors while installation!
Ticket #926/Ticket #928 Mail Notification on new user registration

View differences:

class.login.php
32 32
class login extends admin {
33 33
	function login($config_array) {
34 34
		// Get language vars
35
		global $MESSAGE;
35
		global $MESSAGE, $database;
36 36
		$this->wb();
37 37
		// Get configuration values
38 38
		$this->USERS_TABLE = $config_array['USERS_TABLE'];
......
61 61
			$username_fieldname = 'username';
62 62
			$password_fieldname = 'password';
63 63
		}
64
		$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES);
64 65

  
65
		$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES);
66 66
		$this->password = $this->get_post($password_fieldname);
67 67
		// Figure out if the "remember me" option has been checked
68 68
		if($this->get_post('remember') == 'true') {
......
90 90
		} elseif($this->is_remembered() == true) {
91 91
			// User has been "remembered"
92 92
			// Get the users password
93
			$database = new database();
93
			// $database = new database();
94 94
			$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
95 95
			$fetch_details = $query_details->fetchRow();
96 96
			$this->username = $fetch_details['username'];
......
142 142
	
143 143
	// Authenticate the user (check if they exist in the database)
144 144
	function authenticate() {
145
		global $database;
145 146
		// Get user information
146
		$database = new database();
147
		$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
147
		// $database = new database();
148
		// $query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
149
 		$loginname = ( preg_match('/[\;\=\&\|\<\> ]/',$this->username) ? '' : $this->username );
150
		$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1';
148 151
		$results = $database->query($query);
149 152
		$results_array = $results->fetchRow();
150 153
		$num_rows = $results->numRows();
......
246 249
	
247 250
	// Function to set a "remembering" cookie for the user
248 251
	function remember($user_id) {
252
		global $database;
249 253
		$remember_key = '';
250 254
		// Generate user id to append to the remember key
251 255
		$length = 11-strlen($user_id);
......
267 271
		}
268 272
		$remember_key = $remember_key;
269 273
		// Update the remember key in the db
270
		$database = new database();
274
		// $database = new database();
271 275
		$database->query("UPDATE ".$this->USERS_TABLE." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
272 276
		if($database->is_error()) {
273 277
			return false;
......
287 291
	
288 292
	// Function to check if a user has been remembered
289 293
	function is_remembered() {
294
		global $database;
290 295
		if(isset($_COOKIE['REMEMBER_KEY']) AND $_COOKIE['REMEMBER_KEY'] != '') {
291 296
			// Check if the remember key is correct
292
			$database = new database();
297
			// $database = new database();
293 298
			$sql = "SELECT `user_id` FROM `" . $this->USERS_TABLE . "` WHERE `remember_key` = '";
294 299
			$sql .= $this->get_safe_remember_key() . "' LIMIT 1";
295 300
			$check_query = $database->query($sql);

Also available in: Unified diff