1 |
dpavlin |
1 |
<?php |
2 |
|
|
/********************************************************** |
3 |
|
|
Function Library: validate_mysql.php |
4 |
dpavlin |
72 |
Original Author: Paul Bramscher <brams006@umn.edu> |
5 |
|
|
Last Modified: 03.11.2004 by Paul Bramscher |
6 |
dpavlin |
1 |
*********************************************************** |
7 |
|
|
Comments: |
8 |
|
|
This library handles initial login of the user to LibData. |
9 |
|
|
Because it's especially sensitive from a security standpoint |
10 |
|
|
it's been pulled out of other libraries. |
11 |
|
|
*********************************************************** |
12 |
|
|
Table of Contents: |
13 |
|
|
validateUser |
14 |
|
|
**********************************************************/ |
15 |
|
|
|
16 |
|
|
|
17 |
|
|
|
18 |
|
|
/********************************************************** |
19 |
dpavlin |
72 |
Function: validateUser($pass, $user) |
20 |
dpavlin |
1 |
Author: Paul Bramscher |
21 |
dpavlin |
72 |
Last Modified: 03.01.2004 |
22 |
dpavlin |
1 |
*********************************************************** |
23 |
|
|
Incoming: |
24 |
|
|
$password Password, 6 char. minimum |
25 |
|
|
$user Staff acount name |
26 |
|
|
*********************************************************** |
27 |
|
|
Outgoing: |
28 |
|
|
$validated 1 = validated, 0 = not |
29 |
|
|
*********************************************************** |
30 |
|
|
Purpose: |
31 |
|
|
Validates against the staff table, using a locally encrypted |
32 |
|
|
mySQL stored password. |
33 |
|
|
|
34 |
|
|
The password must be at least 6 characters in length or it |
35 |
|
|
will always fail, regardless of what has been set in the |
36 |
|
|
staff table for staff.password. This also serves as |
37 |
|
|
protection against accounts which have no password. They |
38 |
|
|
can't be used. |
39 |
|
|
**********************************************************/ |
40 |
|
|
|
41 |
dpavlin |
72 |
function validateUser($pass, $user){ |
42 |
dpavlin |
1 |
|
43 |
|
|
// Assume the user is not valid |
44 |
|
|
$validated = 0; |
45 |
|
|
|
46 |
|
|
// Check length |
47 |
|
|
if (strlen($pass) > 5) { |
48 |
|
|
|
49 |
|
|
// Generate the SQL |
50 |
|
|
$sql = "SELECT * FROM |
51 |
|
|
staff s, |
52 |
|
|
access a |
53 |
|
|
WHERE |
54 |
|
|
s.access_id = a.access_id AND |
55 |
|
|
s.staff_account = '" |
56 |
|
|
. $user |
57 |
|
|
. "' AND s.password = password('" |
58 |
|
|
. $pass |
59 |
|
|
. "')"; |
60 |
|
|
|
61 |
|
|
// Fetch the results |
62 |
dpavlin |
72 |
$rs = xx_tryquery($sql); |
63 |
|
|
|
64 |
|
|
$row = xx_fetch_array ($rs, xx_ASSOC); |
65 |
dpavlin |
1 |
$last_login = Trim($row["last_login"]); |
66 |
|
|
$last_ip = Trim($row["last_ip"]); |
67 |
|
|
$access_id = (int) $row["access_id"]; |
68 |
|
|
$first_name = Trim($row["first_name"]); |
69 |
|
|
$access = Trim($row["access"]); |
70 |
|
|
|
71 |
|
|
// If a 1+ rows are returned, user is validated |
72 |
dpavlin |
42 |
if (xx_num_rows($rs) >= 1) { |
73 |
dpavlin |
1 |
$validated = $access_id; |
74 |
|
|
$current_ip = $GLOBALS["REMOTE_ADDR"]; |
75 |
|
|
|
76 |
|
|
// Debugging output. Surpressed here. |
77 |
|
|
// printf ("Welcome, %s.<br>", $first_name); |
78 |
|
|
// printf ("Logged in as %s<br>", $access); |
79 |
|
|
// printf ("Last logged in on: %s<BR>", $last_login); |
80 |
|
|
// printf ("From IP: %s<BR>", $last_ip); |
81 |
|
|
// printf ("Current IP: %s<BR>", $current_ip); |
82 |
|
|
|
83 |
|
|
$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='" |
84 |
|
|
. $current_ip |
85 |
|
|
. "' WHERE staff.staff_account = '" |
86 |
|
|
. $user |
87 |
|
|
. "'"; |
88 |
dpavlin |
72 |
xx_tryquery($sql); |
89 |
dpavlin |
1 |
} |
90 |
|
|
|
91 |
|
|
} // password > 5 characters in length |
92 |
|
|
|
93 |
|
|
return $validated; |
94 |
|
|
} |
95 |
dpavlin |
72 |
?> |