admin/include/validate_mysql.php

<?php
/**********************************************************
Function Library: validate_mysql.php
Original Author: Paul Bramscher <brams006@tc.umn.edu>
Last Modified: 09.30.2003 by Paul Bramscher
***********************************************************
Comments:
This library handles initial login of the user to LibData.
Because it's especially sensitive from a security standpoint
it's been pulled out of other libraries.
***********************************************************
Table of Contents:

validateUser

**********************************************************/


/**********************************************************
Function: validateUser($con, $pass, $user)
Author: Paul Bramscher
Last Modified: 09.30.2003
***********************************************************
Incoming:
$password                       Password, 6 char. minimum
$user                           Staff acount name
***********************************************************
Outgoing:
$validated                      1 = validated, 0 = not
***********************************************************
Purpose:
Validates against the staff table, using a locally encrypted
mySQL stored password.

The password must be at least 6 characters in length or it
will always fail, regardless of what has been set in the
staff table for staff.password.  This also serves as
protection against accounts which have no password.  They
can't be used.
**********************************************************/

function validateUser($con, $pass, $user){

        // Assume the user is not valid 
        $validated = 0;

        // Check length
        if (strlen($pass) > 5) {

                // Generate the SQL
                $sql = "SELECT * FROM
                        staff s,
                        access a
                        WHERE
                        s.access_id = a.access_id AND 
                        s.staff_account = '"
                        . $user
                        . "' AND s.password = password('"
                        . $pass
                        . "')";

                // Fetch the results
                $rs = xx_query($sql, $con);
                $row = xx_fetch_array ($rs);
                $last_login = Trim($row["last_login"]);
                $last_ip = Trim($row["last_ip"]);
                $access_id = (int) $row["access_id"];
                $first_name = Trim($row["first_name"]);
                $access = Trim($row["access"]);

                // If a 1+ rows are returned, user is validated
                if (xx_num_rows($rs) >= 1) {
                        $validated = $access_id;
                        $current_ip = $GLOBALS["REMOTE_ADDR"];

                        // Debugging output.  Surpressed here.
                        // printf ("Welcome, %s.<br>", $first_name);
                        // printf ("Logged in as %s<br>", $access);
                        // printf ("Last logged in on: %s<BR>", $last_login);
                        // printf ("From IP: %s<BR>", $last_ip);
                        // printf ("Current IP: %s<BR>", $current_ip);

                        $sql = "UPDATE staff SET staff.last_login = now(), last_ip ='"
                                . $current_ip
                                . "' WHERE staff.staff_account = '"
                                . $user
                                . "'";
                        if (!xx_query ($sql, $con)){
                                sql_err($sql);
                                xx_query ("UNLOCK TABLES", $con);
                                bailout();
                        }
                        else {
                                xx_query ("UNLOCK TABLES", $con);
                        }
                }       

        } // password > 5 characters in length

        return $validated;
}
?>
1	dpavlin	1	<?php
2			/**********************************************************
3			Function Library: validate_mysql.php
4			Original Author: Paul Bramscher <brams006@tc.umn.edu>
5			Last Modified: 09.30.2003 by Paul Bramscher
6			***********************************************************
7			Comments:
8			This library handles initial login of the user to LibData.
9			Because it's especially sensitive from a security standpoint
10			it's been pulled out of other libraries.
11			***********************************************************
12			Table of Contents:
13
14			validateUser
15
16			**********************************************************/
17
18
19
20			/**********************************************************
21			Function: validateUser($con, $pass, $user)
22			Author: Paul Bramscher
23			Last Modified: 09.30.2003
24			***********************************************************
25			Incoming:
26			$password Password, 6 char. minimum
27			$user Staff acount name
28			***********************************************************
29			Outgoing:
30			$validated 1 = validated, 0 = not
31			***********************************************************
32			Purpose:
33			Validates against the staff table, using a locally encrypted
34			mySQL stored password.
35
36			The password must be at least 6 characters in length or it
37			will always fail, regardless of what has been set in the
38			staff table for staff.password. This also serves as
39			protection against accounts which have no password. They
40			can't be used.
41			**********************************************************/
42
43			function validateUser($con, $pass, $user){
44
45			// Assume the user is not valid
46			$validated = 0;
47
48			// Check length
49			if (strlen($pass) > 5) {
50
51			// Generate the SQL
52			$sql = "SELECT * FROM
53			staff s,
54			access a
55			WHERE
56			s.access_id = a.access_id AND
57			s.staff_account = '"
58			. $user
59			. "' AND s.password = password('"
60			. $pass
61			. "')";
62
63			// Fetch the results
64	dpavlin	42	$rs = xx_query($sql, $con);
65			$row = xx_fetch_array ($rs);
66	dpavlin	1	$last_login = Trim($row["last_login"]);
67			$last_ip = Trim($row["last_ip"]);
68			$access_id = (int) $row["access_id"];
69			$first_name = Trim($row["first_name"]);
70			$access = Trim($row["access"]);
71
72			// If a 1+ rows are returned, user is validated
73	dpavlin	42	if (xx_num_rows($rs) >= 1) {
74	dpavlin	1	$validated = $access_id;
75			$current_ip = $GLOBALS["REMOTE_ADDR"];
76
77			// Debugging output. Surpressed here.
78			// printf ("Welcome, %s.<br>", $first_name);
79			// printf ("Logged in as %s<br>", $access);
80			// printf ("Last logged in on: %s<BR>", $last_login);
81			// printf ("From IP: %s<BR>", $last_ip);
82			// printf ("Current IP: %s<BR>", $current_ip);
83
84			$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='"
85			. $current_ip
86			. "' WHERE staff.staff_account = '"
87			. $user
88			. "'";
89	dpavlin	42	if (!xx_query ($sql, $con)){
90	dpavlin	1	sql_err($sql);
91	dpavlin	42	xx_query ("UNLOCK TABLES", $con);
92	dpavlin	1	bailout();
93			}
94			else {
95	dpavlin	42	xx_query ("UNLOCK TABLES", $con);
96	dpavlin	1	}
97			}
98
99			} // password > 5 characters in length
100
101			return $validated;
102			}
103			?>