checking username and password for scalarity on login
This commit is contained in:
Frank Schubert
@@ -20,78 +20,6 @@
|
||||
<i class="fe-bell noti-icon"></i>
|
||||
<!--<span class="badge badge-danger rounded-circle noti-icon-badge">2</span>-->
|
||||
</a>
|
||||
<div class="dropdown-menu dropdown-menu-right dropdown-lg">
|
||||
|
||||
<!-- item-->
|
||||
<div class="dropdown-item noti-title">
|
||||
<h5 class="m-0">
|
||||
<span class="float-right">
|
||||
<a href="" class="text-dark">
|
||||
<small>Clear All</small>
|
||||
</a>
|
||||
</span>Notification
|
||||
</h5>
|
||||
</div>
|
||||
|
||||
<div class="aslimscroll noti-scroll">
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item">
|
||||
<div class="notify-icon">
|
||||
<img src="<?=self::getResourcePath()?>assets/images/users/avatar-2.jpg" class="img-fluid rounded-circle" alt="" /> </div>
|
||||
<p class="notify-details">Cristina Pride</p>
|
||||
<p class="text-muted mb-0 user-msg">
|
||||
<small>Hi, How are you? What about our next meeting</small>
|
||||
</p>
|
||||
</a>
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item active">
|
||||
<div class="notify-icon bg-warning"><i class="mdi mdi-comment-account-outline"></i> </div>
|
||||
<p class="notify-details">Caleb Flakelar commented on Admin<small class="text-muted">1 min ago</small></p>
|
||||
</a>
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item">
|
||||
<div class="notify-icon bg-info"><i class="mdi mdi-account-plus"></i></div>
|
||||
<p class="notify-details">New user registered.<small class="text-muted">5 hours ago</small></p>
|
||||
</a>
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item">
|
||||
<div class="notify-icon">
|
||||
<img src="<?=self::getResourcePath()?>assets/images/users/avatar-4.jpg" class="img-fluid rounded-circle" alt="" /> </div>
|
||||
<p class="notify-details">Karen Robinson</p>
|
||||
<p class="text-muted mb-0 user-msg">
|
||||
<small>Wow ! this admin looks good and awesome design</small>
|
||||
</p>
|
||||
</a>
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item">
|
||||
<div class="notify-icon bg-danger"><i class="mdi mdi-comment-account-outline"></i></div>
|
||||
<p class="notify-details">Caleb Flakelar commented on Admin<small class="text-muted">4 days ago</small></p>
|
||||
</a>
|
||||
|
||||
<!-- item-->
|
||||
<a href="javascript:void(0);" class="dropdown-item notify-item">
|
||||
<div class="notify-icon bg-primary">
|
||||
<i class="mdi mdi-heart"></i>
|
||||
</div>
|
||||
<p class="notify-details">Carlos Crouch liked
|
||||
<b>Admin</b>
|
||||
<small class="text-muted">13 days ago</small>
|
||||
</p>
|
||||
</a>
|
||||
</div>
|
||||
|
||||
<!-- All-->
|
||||
<a href="javascript:void(0);" class="dropdown-item text-center text-primary notify-item notify-all">
|
||||
View all
|
||||
<i class="fi-arrow-right"></i>
|
||||
</a>
|
||||
|
||||
</div>
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
@@ -157,7 +157,7 @@ class mfBaseController {
|
||||
|
||||
|
||||
protected function logout() {
|
||||
mfLoginController::logout();
|
||||
mfLoginController::staticLogout();
|
||||
$this->redirect(DEFAULT_ROUTE);
|
||||
}
|
||||
|
||||
|
||||
@@ -62,6 +62,15 @@ class mfLoginController extends mfBaseController {
|
||||
unset($_SESSION[MFAPPNAME.'_username']);
|
||||
unset($_SESSION[MFAPPNAME.'_ip']);
|
||||
}
|
||||
|
||||
public static function staticLogout() {
|
||||
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
|
||||
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
unset($_SESSION[MFAPPNAME.'_username']);
|
||||
unset($_SESSION[MFAPPNAME.'_ip']);
|
||||
}
|
||||
|
||||
public static function isLoggedIn() {
|
||||
$db=new FronkDB();
|
||||
@@ -109,20 +118,25 @@ class mfLoginController extends mfBaseController {
|
||||
//session_set_cookie_params(0);
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
$username=$this->db()->escape($username);
|
||||
|
||||
if(!is_scalar($username) || !is_scalar($password)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$username = $this->db()->escape($username);
|
||||
|
||||
$res=$this->db()->select(MFUSERTABLE,"*","username='$username'");
|
||||
$res = $this->db()->select(MFUSERTABLE,"*","username='$username'");
|
||||
if(!$this->db()->num_rows($res)) {
|
||||
sleep(1);
|
||||
return false;
|
||||
}
|
||||
$user=$this->db()->fetch_object($res);
|
||||
$hash=$user->password;
|
||||
$user = $this->db()->fetch_object($res);
|
||||
$hash = $user->password;
|
||||
|
||||
$salt=substr($hash,0,16);
|
||||
$passhash=$this->generatePasswordHash($password,$salt);
|
||||
$salt = substr($hash,0,16);
|
||||
$passhash = $this->generatePasswordHash($password,$salt);
|
||||
|
||||
if($passhash==$hash) {
|
||||
if($passhash === $hash) {
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
$this->db()->update(MFUSERTABLE,array('ip' => $_SERVER['REMOTE_ADDR'],'sessionid' => session_id()),"username='$username'");
|
||||
@@ -130,6 +144,8 @@ class mfLoginController extends mfBaseController {
|
||||
self::initSession($user);
|
||||
return true;
|
||||
}
|
||||
|
||||
sleep(1);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user