1 |
dpavlin |
1 |
<?php |
2 |
|
|
/********************************************************** |
3 |
|
|
Function Library: validate_mysql.php |
4 |
|
|
Original Author: Paul Bramscher <brams006@tc.umn.edu> |
5 |
|
|
Last Modified: 09.30.2003 by Paul Bramscher |
6 |
|
|
*********************************************************** |
7 |
|
|
Comments: |
8 |
|
|
This library handles initial login of the user to LibData. |
9 |
|
|
Because it's especially sensitive from a security standpoint |
10 |
|
|
it's been pulled out of other libraries. |
11 |
|
|
*********************************************************** |
12 |
|
|
Table of Contents: |
13 |
|
|
|
14 |
|
|
validateUser |
15 |
|
|
|
16 |
|
|
**********************************************************/ |
17 |
|
|
|
18 |
|
|
|
19 |
|
|
|
20 |
|
|
/********************************************************** |
21 |
|
|
Function: validateUser($con, $pass, $user) |
22 |
|
|
Author: Paul Bramscher |
23 |
|
|
Last Modified: 09.30.2003 |
24 |
|
|
*********************************************************** |
25 |
|
|
Incoming: |
26 |
|
|
$password Password, 6 char. minimum |
27 |
|
|
$user Staff acount name |
28 |
|
|
*********************************************************** |
29 |
|
|
Outgoing: |
30 |
|
|
$validated 1 = validated, 0 = not |
31 |
|
|
*********************************************************** |
32 |
|
|
Purpose: |
33 |
|
|
Validates against the staff table, using a locally encrypted |
34 |
|
|
mySQL stored password. |
35 |
|
|
|
36 |
|
|
The password must be at least 6 characters in length or it |
37 |
|
|
will always fail, regardless of what has been set in the |
38 |
|
|
staff table for staff.password. This also serves as |
39 |
|
|
protection against accounts which have no password. They |
40 |
|
|
can't be used. |
41 |
|
|
**********************************************************/ |
42 |
|
|
|
43 |
|
|
function validateUser($con, $pass, $user){ |
44 |
|
|
|
45 |
|
|
// Assume the user is not valid |
46 |
|
|
$validated = 0; |
47 |
|
|
|
48 |
|
|
// Check length |
49 |
|
|
if (strlen($pass) > 5) { |
50 |
|
|
|
51 |
|
|
// Generate the SQL |
52 |
|
|
$sql = "SELECT * FROM |
53 |
|
|
staff s, |
54 |
|
|
access a |
55 |
|
|
WHERE |
56 |
|
|
s.access_id = a.access_id AND |
57 |
|
|
s.staff_account = '" |
58 |
|
|
. $user |
59 |
|
|
. "' AND s.password = password('" |
60 |
|
|
. $pass |
61 |
|
|
. "')"; |
62 |
|
|
|
63 |
|
|
// Fetch the results |
64 |
dpavlin |
42 |
$rs = xx_query($sql, $con); |
65 |
|
|
$row = xx_fetch_array ($rs); |
66 |
dpavlin |
1 |
$last_login = Trim($row["last_login"]); |
67 |
|
|
$last_ip = Trim($row["last_ip"]); |
68 |
|
|
$access_id = (int) $row["access_id"]; |
69 |
|
|
$first_name = Trim($row["first_name"]); |
70 |
|
|
$access = Trim($row["access"]); |
71 |
|
|
|
72 |
|
|
// If a 1+ rows are returned, user is validated |
73 |
dpavlin |
42 |
if (xx_num_rows($rs) >= 1) { |
74 |
dpavlin |
1 |
$validated = $access_id; |
75 |
|
|
$current_ip = $GLOBALS["REMOTE_ADDR"]; |
76 |
|
|
|
77 |
|
|
// Debugging output. Surpressed here. |
78 |
|
|
// printf ("Welcome, %s.<br>", $first_name); |
79 |
|
|
// printf ("Logged in as %s<br>", $access); |
80 |
|
|
// printf ("Last logged in on: %s<BR>", $last_login); |
81 |
|
|
// printf ("From IP: %s<BR>", $last_ip); |
82 |
|
|
// printf ("Current IP: %s<BR>", $current_ip); |
83 |
|
|
|
84 |
|
|
$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='" |
85 |
|
|
. $current_ip |
86 |
|
|
. "' WHERE staff.staff_account = '" |
87 |
|
|
. $user |
88 |
|
|
. "'"; |
89 |
dpavlin |
42 |
if (!xx_query ($sql, $con)){ |
90 |
dpavlin |
1 |
sql_err($sql); |
91 |
dpavlin |
42 |
xx_query ("UNLOCK TABLES", $con); |
92 |
dpavlin |
1 |
bailout(); |
93 |
|
|
} |
94 |
|
|
else { |
95 |
dpavlin |
42 |
xx_query ("UNLOCK TABLES", $con); |
96 |
dpavlin |
1 |
} |
97 |
|
|
} |
98 |
|
|
|
99 |
|
|
} // password > 5 characters in length |
100 |
|
|
|
101 |
|
|
return $validated; |
102 |
|
|
} |
103 |
|
|
?> |