1 |
<?php |
2 |
/********************************************************** |
3 |
Function Library: validate_mysql.php |
4 |
Original Author: Paul Bramscher <brams006@umn.edu> |
5 |
Last Modified: 03.11.2004 by Paul Bramscher |
6 |
*********************************************************** |
7 |
Comments: |
8 |
This library handles initial login of the user to LibData. |
9 |
Because it's especially sensitive from a security standpoint |
10 |
it's been pulled out of other libraries. |
11 |
*********************************************************** |
12 |
Table of Contents: |
13 |
validateUser |
14 |
**********************************************************/ |
15 |
|
16 |
|
17 |
|
18 |
/********************************************************** |
19 |
Function: validateUser($pass, $user) |
20 |
Author: Paul Bramscher |
21 |
Last Modified: 03.01.2004 |
22 |
*********************************************************** |
23 |
Incoming: |
24 |
$password Password, 6 char. minimum |
25 |
$user Staff acount name |
26 |
*********************************************************** |
27 |
Outgoing: |
28 |
$validated 1 = validated, 0 = not |
29 |
*********************************************************** |
30 |
Purpose: |
31 |
Validates against the staff table, using a locally encrypted |
32 |
mySQL stored password. |
33 |
|
34 |
The password must be at least 6 characters in length or it |
35 |
will always fail, regardless of what has been set in the |
36 |
staff table for staff.password. This also serves as |
37 |
protection against accounts which have no password. They |
38 |
can't be used. |
39 |
**********************************************************/ |
40 |
|
41 |
function validateUser($pass, $user){ |
42 |
|
43 |
// Assume the user is not valid |
44 |
$validated = 0; |
45 |
|
46 |
// Check length |
47 |
if (strlen($pass) > 5) { |
48 |
|
49 |
// Generate the SQL |
50 |
$sql = "SELECT * FROM |
51 |
staff s, |
52 |
access a |
53 |
WHERE |
54 |
s.access_id = a.access_id AND |
55 |
s.staff_account = '" |
56 |
. $user |
57 |
. "' AND s.password = password('" |
58 |
. $pass |
59 |
. "')"; |
60 |
|
61 |
// Fetch the results |
62 |
$rs = xx_tryquery($sql); |
63 |
|
64 |
$row = xx_fetch_array ($rs, xx_ASSOC); |
65 |
$last_login = Trim($row["last_login"]); |
66 |
$last_ip = Trim($row["last_ip"]); |
67 |
$access_id = (int) $row["access_id"]; |
68 |
$first_name = Trim($row["first_name"]); |
69 |
$access = Trim($row["access"]); |
70 |
|
71 |
// If a 1+ rows are returned, user is validated |
72 |
if (xx_num_rows($rs) >= 1) { |
73 |
$validated = $access_id; |
74 |
$current_ip = $GLOBALS["REMOTE_ADDR"]; |
75 |
|
76 |
// Debugging output. Surpressed here. |
77 |
// printf ("Welcome, %s.<br>", $first_name); |
78 |
// printf ("Logged in as %s<br>", $access); |
79 |
// printf ("Last logged in on: %s<BR>", $last_login); |
80 |
// printf ("From IP: %s<BR>", $last_ip); |
81 |
// printf ("Current IP: %s<BR>", $current_ip); |
82 |
|
83 |
$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='" |
84 |
. $current_ip |
85 |
. "' WHERE staff.staff_account = '" |
86 |
. $user |
87 |
. "'"; |
88 |
xx_tryquery($sql); |
89 |
} |
90 |
|
91 |
} // password > 5 characters in length |
92 |
|
93 |
return $validated; |
94 |
} |
95 |
?> |