/branches/2.8.x/wb/framework/class.login.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 1323

Added by Dietmar over 14 years ago

Ticket #985 With #1318 no login in backend possible
Ticket #986 Typo inside the german language file
Ticket #982 Unnessesary heredoc causes on errors while installation!
Ticket #926/Ticket #928 Mail Notification on new user registration

     class login extends admin {
     	function login($config_array) {
     		// Get language vars
     		global $MESSAGE;
     		global $MESSAGE, $database;
     		$this->wb();
     		// Get configuration values
     		$this->USERS_TABLE = $config_array['USERS_TABLE'];
-...
     			$username_fieldname = 'username';
     			$password_fieldname = 'password';
+    		}
     		$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES);
     		$this->username = htmlspecialchars (strtolower($this->get_post($username_fieldname)), ENT_QUOTES);
     		$this->password = $this->get_post($password_fieldname);
     		// Figure out if the "remember me" option has been checked
     		if($this->get_post('remember') == 'true') {
-...
     		} elseif($this->is_remembered() == true) {
     			// User has been "remembered"
     			// Get the users password
     			$database = new database();
     			// $database = new database();
     			$query_details = $database->query("SELECT * FROM ".$this->USERS_TABLE." WHERE user_id = '".$this->get_safe_remember_key()."' LIMIT 1");
     			$fetch_details = $query_details->fetchRow();
     			$this->username = $fetch_details['username'];
-...
     	// Authenticate the user (check if they exist in the database)
     	function authenticate() {
     		global $database;
     		// Get user information
     		$database = new database();
     		$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
     		// $database = new database();
     		// $query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE MD5(`username`) = "'.md5($this->username).'" AND `password` = "'.$this->password.'" AND `active` = 1';
      		$loginname = ( preg_match('/[\;\=\&\|\<\> ]/',$this->username) ? '' : $this->username );
     		$query = 'SELECT * FROM `'.$this->USERS_TABLE.'` WHERE `username` = "'.$loginname.'" AND `password` = "'.$this->password.'" AND `active` = 1';
     		$results = $database->query($query);
     		$results_array = $results->fetchRow();
     		$num_rows = $results->numRows();
-...
     	// Function to set a "remembering" cookie for the user
     	function remember($user_id) {
     		global $database;
     		$remember_key = '';
     		// Generate user id to append to the remember key
     		$length = 11-strlen($user_id);
-...
+    		}
     		$remember_key = $remember_key;
     		// Update the remember key in the db
     		$database = new database();
     		// $database = new database();
     		$database->query("UPDATE ".$this->USERS_TABLE." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
     		if($database->is_error()) {
     			return false;
-...
     	// Function to check if a user has been remembered
     	function is_remembered() {
     		global $database;
     		if(isset($_COOKIE['REMEMBER_KEY']) AND $_COOKIE['REMEMBER_KEY'] != '') {
     			// Check if the remember key is correct
     			$database = new database();
     			// $database = new database();
     			$sql = "SELECT `user_id` FROM `" . $this->USERS_TABLE . "` WHERE `remember_key` = '";
     			$sql .= $this->get_safe_remember_key() . "' LIMIT 1";
     			$check_query = $database->query($sql);

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 1323

Added by Dietmar over 14 years ago