| 1 |
<?php |
| 2 |
/********************************************************** |
| 3 |
Function Library: validate_mysql.php |
| 4 |
Original Author: Paul Bramscher <brams006@umn.edu> |
| 5 |
Last Modified: 03.11.2004 by Paul Bramscher |
| 6 |
*********************************************************** |
| 7 |
Comments: |
| 8 |
This library handles initial login of the user to LibData. |
| 9 |
Because it's especially sensitive from a security standpoint |
| 10 |
it's been pulled out of other libraries. |
| 11 |
*********************************************************** |
| 12 |
Table of Contents: |
| 13 |
validateUser |
| 14 |
**********************************************************/ |
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
/********************************************************** |
| 19 |
Function: validateUser($pass, $user) |
| 20 |
Author: Paul Bramscher |
| 21 |
Last Modified: 03.01.2004 |
| 22 |
*********************************************************** |
| 23 |
Incoming: |
| 24 |
$password Password, 6 char. minimum |
| 25 |
$user Staff acount name |
| 26 |
*********************************************************** |
| 27 |
Outgoing: |
| 28 |
$validated 1 = validated, 0 = not |
| 29 |
*********************************************************** |
| 30 |
Purpose: |
| 31 |
Validates against the staff table, using a locally encrypted |
| 32 |
mySQL stored password. |
| 33 |
|
| 34 |
The password must be at least 6 characters in length or it |
| 35 |
will always fail, regardless of what has been set in the |
| 36 |
staff table for staff.password. This also serves as |
| 37 |
protection against accounts which have no password. They |
| 38 |
can't be used. |
| 39 |
**********************************************************/ |
| 40 |
|
| 41 |
function validateUser($pass, $user){ |
| 42 |
|
| 43 |
// Assume the user is not valid |
| 44 |
$validated = 0; |
| 45 |
|
| 46 |
// Check length |
| 47 |
if (strlen($pass) > 5) { |
| 48 |
|
| 49 |
// Generate the SQL |
| 50 |
$sql = "SELECT * FROM |
| 51 |
staff s, |
| 52 |
access a |
| 53 |
WHERE |
| 54 |
s.access_id = a.access_id AND |
| 55 |
s.staff_account = '" |
| 56 |
. $user |
| 57 |
. "' AND s.password = password('" |
| 58 |
. $pass |
| 59 |
. "')"; |
| 60 |
|
| 61 |
// Fetch the results |
| 62 |
$rs = xx_tryquery($sql); |
| 63 |
|
| 64 |
$row = xx_fetch_array ($rs, xx_ASSOC); |
| 65 |
$last_login = Trim($row["last_login"]); |
| 66 |
$last_ip = Trim($row["last_ip"]); |
| 67 |
$access_id = (int) $row["access_id"]; |
| 68 |
$first_name = Trim($row["first_name"]); |
| 69 |
$access = Trim($row["access"]); |
| 70 |
|
| 71 |
// If a 1+ rows are returned, user is validated |
| 72 |
if (xx_num_rows($rs) >= 1) { |
| 73 |
$validated = $access_id; |
| 74 |
$current_ip = $GLOBALS["REMOTE_ADDR"]; |
| 75 |
|
| 76 |
// Debugging output. Surpressed here. |
| 77 |
// printf ("Welcome, %s.<br>", $first_name); |
| 78 |
// printf ("Logged in as %s<br>", $access); |
| 79 |
// printf ("Last logged in on: %s<BR>", $last_login); |
| 80 |
// printf ("From IP: %s<BR>", $last_ip); |
| 81 |
// printf ("Current IP: %s<BR>", $current_ip); |
| 82 |
|
| 83 |
$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='" |
| 84 |
. $current_ip |
| 85 |
. "' WHERE staff.staff_account = '" |
| 86 |
. $user |
| 87 |
. "'"; |
| 88 |
xx_tryquery($sql); |
| 89 |
} |
| 90 |
|
| 91 |
} // password > 5 characters in length |
| 92 |
|
| 93 |
return $validated; |
| 94 |
} |
| 95 |
?> |
Parent Directory
| 
Revision Log