admin/include/validate_mysql.php

<?php
/**********************************************************
Function Library: validate_mysql.php
Original Author: Paul Bramscher <brams006@umn.edu>
Last Modified: 03.11.2004 by Paul Bramscher
***********************************************************
Comments:
This library handles initial login of the user to LibData.
Because it's especially sensitive from a security standpoint
it's been pulled out of other libraries.
***********************************************************
Table of Contents:
validateUser
**********************************************************/


/**********************************************************
Function: validateUser($pass, $user)
Author: Paul Bramscher
Last Modified: 03.01.2004
***********************************************************
Incoming:
$password                       Password, 6 char. minimum
$user                           Staff acount name
***********************************************************
Outgoing:
$validated                      1 = validated, 0 = not
***********************************************************
Purpose:
Validates against the staff table, using a locally encrypted
mySQL stored password.

The password must be at least 6 characters in length or it
will always fail, regardless of what has been set in the
staff table for staff.password.  This also serves as
protection against accounts which have no password.  They
can't be used.
**********************************************************/

function validateUser($pass, $user){

        // Assume the user is not valid 
        $validated = 0;

        // Check length
        if (strlen($pass) > 5) {

                // Generate the SQL
                $sql = "SELECT * FROM
                        staff s,
                        access a
                        WHERE
                        s.access_id = a.access_id AND 
                        s.staff_account = '"
                        . $user
                        . "' AND s.password = password('"
                        . $pass
                        . "')";

                // Fetch the results
                $rs = xx_tryquery($sql);
                
                $row = xx_fetch_array ($rs, xx_ASSOC);
                $last_login = Trim($row["last_login"]);
                $last_ip = Trim($row["last_ip"]);
                $access_id = (int) $row["access_id"];
                $first_name = Trim($row["first_name"]);
                $access = Trim($row["access"]);

                // If a 1+ rows are returned, user is validated
                if (xx_num_rows($rs) >= 1) {
                        $validated = $access_id;
                        $current_ip = $GLOBALS["REMOTE_ADDR"];

                        // Debugging output.  Surpressed here.
                        // printf ("Welcome, %s.<br>", $first_name);
                        // printf ("Logged in as %s<br>", $access);
                        // printf ("Last logged in on: %s<BR>", $last_login);
                        // printf ("From IP: %s<BR>", $last_ip);
                        // printf ("Current IP: %s<BR>", $current_ip);

                        $sql = "UPDATE staff SET staff.last_login = now(), last_ip ='"
                                . $current_ip
                                . "' WHERE staff.staff_account = '"
                                . $user
                                . "'";
                        xx_tryquery($sql);
                }       

        } // password > 5 characters in length

        return $validated;
}
?>
1	dpavlin	1	<?php
2			/**********************************************************
3			Function Library: validate_mysql.php
4	dpavlin	72	Original Author: Paul Bramscher <brams006@umn.edu>
5			Last Modified: 03.11.2004 by Paul Bramscher
6	dpavlin	1	***********************************************************
7			Comments:
8			This library handles initial login of the user to LibData.
9			Because it's especially sensitive from a security standpoint
10			it's been pulled out of other libraries.
11			***********************************************************
12			Table of Contents:
13			validateUser
14			**********************************************************/
15
16
17
18			/**********************************************************
19	dpavlin	72	Function: validateUser($pass, $user)
20	dpavlin	1	Author: Paul Bramscher
21	dpavlin	72	Last Modified: 03.01.2004
22	dpavlin	1	***********************************************************
23			Incoming:
24			$password Password, 6 char. minimum
25			$user Staff acount name
26			***********************************************************
27			Outgoing:
28			$validated 1 = validated, 0 = not
29			***********************************************************
30			Purpose:
31			Validates against the staff table, using a locally encrypted
32			mySQL stored password.
33
34			The password must be at least 6 characters in length or it
35			will always fail, regardless of what has been set in the
36			staff table for staff.password. This also serves as
37			protection against accounts which have no password. They
38			can't be used.
39			**********************************************************/
40
41	dpavlin	72	function validateUser($pass, $user){
42	dpavlin	1
43			// Assume the user is not valid
44			$validated = 0;
45
46			// Check length
47			if (strlen($pass) > 5) {
48
49			// Generate the SQL
50			$sql = "SELECT * FROM
51			staff s,
52			access a
53			WHERE
54			s.access_id = a.access_id AND
55			s.staff_account = '"
56			. $user
57			. "' AND s.password = password('"
58			. $pass
59			. "')";
60
61			// Fetch the results
62	dpavlin	72	$rs = xx_tryquery($sql);
63
64			$row = xx_fetch_array ($rs, xx_ASSOC);
65	dpavlin	1	$last_login = Trim($row["last_login"]);
66			$last_ip = Trim($row["last_ip"]);
67			$access_id = (int) $row["access_id"];
68			$first_name = Trim($row["first_name"]);
69			$access = Trim($row["access"]);
70
71			// If a 1+ rows are returned, user is validated
72	dpavlin	42	if (xx_num_rows($rs) >= 1) {
73	dpavlin	1	$validated = $access_id;
74			$current_ip = $GLOBALS["REMOTE_ADDR"];
75
76			// Debugging output. Surpressed here.
77			// printf ("Welcome, %s.<br>", $first_name);
78			// printf ("Logged in as %s<br>", $access);
79			// printf ("Last logged in on: %s<BR>", $last_login);
80			// printf ("From IP: %s<BR>", $last_ip);
81			// printf ("Current IP: %s<BR>", $current_ip);
82
83			$sql = "UPDATE staff SET staff.last_login = now(), last_ip ='"
84			. $current_ip
85			. "' WHERE staff.staff_account = '"
86			. $user
87			. "'";
88	dpavlin	72	xx_tryquery($sql);
89	dpavlin	1	}
90
91			} // password > 5 characters in length
92
93			return $validated;
94			}
95	dpavlin	72	?>