/[libdata]/trunk/admin/include/validate_mysql.php
This is repository of my old source code which isn't updated any more. Go to git.rot13.org for current projects!
ViewVC logotype

Contents of /trunk/admin/include/validate_mysql.php

Parent Directory Parent Directory | Revision Log Revision Log


Revision 42 - (show annotations)
Thu Mar 4 22:43:50 2004 UTC (20 years ago) by dpavlin
File size: 2888 byte(s)
rename all mysql_ functions to xx_ so that wrapper can be used

1 <?php
2 /**********************************************************
3 Function Library: validate_mysql.php
4 Original Author: Paul Bramscher <brams006@tc.umn.edu>
5 Last Modified: 09.30.2003 by Paul Bramscher
6 ***********************************************************
7 Comments:
8 This library handles initial login of the user to LibData.
9 Because it's especially sensitive from a security standpoint
10 it's been pulled out of other libraries.
11 ***********************************************************
12 Table of Contents:
13
14 validateUser
15
16 **********************************************************/
17
18
19
20 /**********************************************************
21 Function: validateUser($con, $pass, $user)
22 Author: Paul Bramscher
23 Last Modified: 09.30.2003
24 ***********************************************************
25 Incoming:
26 $password Password, 6 char. minimum
27 $user Staff acount name
28 ***********************************************************
29 Outgoing:
30 $validated 1 = validated, 0 = not
31 ***********************************************************
32 Purpose:
33 Validates against the staff table, using a locally encrypted
34 mySQL stored password.
35
36 The password must be at least 6 characters in length or it
37 will always fail, regardless of what has been set in the
38 staff table for staff.password. This also serves as
39 protection against accounts which have no password. They
40 can't be used.
41 **********************************************************/
42
43 function validateUser($con, $pass, $user){
44
45 // Assume the user is not valid
46 $validated = 0;
47
48 // Check length
49 if (strlen($pass) > 5) {
50
51 // Generate the SQL
52 $sql = "SELECT * FROM
53 staff s,
54 access a
55 WHERE
56 s.access_id = a.access_id AND
57 s.staff_account = '"
58 . $user
59 . "' AND s.password = password('"
60 . $pass
61 . "')";
62
63 // Fetch the results
64 $rs = xx_query($sql, $con);
65 $row = xx_fetch_array ($rs);
66 $last_login = Trim($row["last_login"]);
67 $last_ip = Trim($row["last_ip"]);
68 $access_id = (int) $row["access_id"];
69 $first_name = Trim($row["first_name"]);
70 $access = Trim($row["access"]);
71
72 // If a 1+ rows are returned, user is validated
73 if (xx_num_rows($rs) >= 1) {
74 $validated = $access_id;
75 $current_ip = $GLOBALS["REMOTE_ADDR"];
76
77 // Debugging output. Surpressed here.
78 // printf ("Welcome, %s.<br>", $first_name);
79 // printf ("Logged in as %s<br>", $access);
80 // printf ("Last logged in on: %s<BR>", $last_login);
81 // printf ("From IP: %s<BR>", $last_ip);
82 // printf ("Current IP: %s<BR>", $current_ip);
83
84 $sql = "UPDATE staff SET staff.last_login = now(), last_ip ='"
85 . $current_ip
86 . "' WHERE staff.staff_account = '"
87 . $user
88 . "'";
89 if (!xx_query ($sql, $con)){
90 sql_err($sql);
91 xx_query ("UNLOCK TABLES", $con);
92 bailout();
93 }
94 else {
95 xx_query ("UNLOCK TABLES", $con);
96 }
97 }
98
99 } // password > 5 characters in length
100
101 return $validated;
102 }
103 ?>

  ViewVC Help
Powered by ViewVC 1.1.26