1 |
<?php |
2 |
/********************************************************** |
3 |
Function Library: validate_mysql.php |
4 |
Original Author: Paul Bramscher <brams006@tc.umn.edu> |
5 |
Last Modified: 09.30.2003 by Paul Bramscher |
6 |
*********************************************************** |
7 |
Comments: |
8 |
This library handles initial login of the user to LibData. |
9 |
Because it's especially sensitive from a security standpoint |
10 |
it's been pulled out of other libraries. |
11 |
*********************************************************** |
12 |
Table of Contents: |
13 |
|
14 |
validateUser |
15 |
|
16 |
**********************************************************/ |
17 |
|
18 |
|
19 |
|
20 |
/********************************************************** |
21 |
Function: validateUser($con, $pass, $user) |
22 |
Author: Paul Bramscher |
23 |
Last Modified: 09.30.2003 |
24 |
*********************************************************** |
25 |
Incoming: |
26 |
$password Password, 6 char. minimum |
27 |
$user Staff acount name |
28 |
*********************************************************** |
29 |
Outgoing: |
30 |
$validated 1 = validated, 0 = not |
31 |
*********************************************************** |
32 |
Purpose: |
33 |
Validates against the staff table, using a locally encrypted |
34 |
mySQL stored password. |
35 |
|
36 |
The password must be at least 6 characters in length or it |
37 |
will always fail, regardless of what has been set in the |
38 |
staff table for staff.password. This also serves as |
39 |
protection against accounts which have no password. They |
40 |
can't be used. |
41 |
**********************************************************/ |
42 |
|
43 |
function validateUser($con, $pass, $user){ |
44 |
|
45 |
// Assume the user is not valid |
46 |
$validated = 0; |
47 |
|
48 |
// Check length |
49 |
if (strlen($pass) > 5) { |
50 |
|
51 |
// Generate the SQL |
52 |
$sql = "SELECT * FROM |
53 |
staff s, |
54 |
access a |
55 |
WHERE |
56 |
s.access_id = a.access_id AND |
57 |
s.staff_account = '" |
58 |
. $user |
59 |
. "' AND s.password = password('" |
60 |
. $pass |
61 |
. "')"; |
62 |
|
63 |
// Fetch the results |
64 |
$rs = xx_query($sql, $con); |
65 |
$row = xx_fetch_array ($rs); |
66 |
$last_login = Trim($row["last_login"]); |
67 |
$last_ip = Trim($row["last_ip"]); |
68 |
$access_id = (int) $row["access_id"]; |
69 |
$first_name = Trim($row["first_name"]); |
70 |
$access = Trim($row["access"]); |
71 |
|
72 |
// If a 1+ rows are returned, user is validated |
73 |
if (xx_num_rows($rs) >= 1) { |
74 |
$validated = $access_id; |
75 |
$current_ip = $GLOBALS["REMOTE_ADDR"]; |
76 |
|
77 |
// Debugging output. Surpressed here. |
78 |
// printf ("Welcome, %s.<br>", $first_name); |
79 |
// printf ("Logged in as %s<br>", $access); |
80 |
// printf ("Last logged in on: %s<BR>", $last_login); |
81 |
// printf ("From IP: %s<BR>", $last_ip); |
82 |
// printf ("Current IP: %s<BR>", $current_ip); |
83 |
|
84 |
$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='" |
85 |
. $current_ip |
86 |
. "' WHERE staff.staff_account = '" |
87 |
. $user |
88 |
. "'"; |
89 |
if (!xx_query ($sql, $con)){ |
90 |
sql_err($sql); |
91 |
xx_query ("UNLOCK TABLES", $con); |
92 |
bailout(); |
93 |
} |
94 |
else { |
95 |
xx_query ("UNLOCK TABLES", $con); |
96 |
} |
97 |
} |
98 |
|
99 |
} // password > 5 characters in length |
100 |
|
101 |
return $validated; |
102 |
} |
103 |
?> |