checking username and password for scalarity on login
This commit is contained in:
Frank Schubert
@@ -157,7 +157,7 @@ class mfBaseController {
|
||||
|
||||
|
||||
protected function logout() {
|
||||
mfLoginController::logout();
|
||||
mfLoginController::staticLogout();
|
||||
$this->redirect(DEFAULT_ROUTE);
|
||||
}
|
||||
|
||||
|
||||
@@ -62,6 +62,15 @@ class mfLoginController extends mfBaseController {
|
||||
unset($_SESSION[MFAPPNAME.'_username']);
|
||||
unset($_SESSION[MFAPPNAME.'_ip']);
|
||||
}
|
||||
|
||||
public static function staticLogout() {
|
||||
if(!defined("MFAPPNAME")) define("MFAPPNAME","mvcfronk");
|
||||
if(!defined("MFUSERTABLE")) define("MFUSERTABLE","mfWorker");
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
unset($_SESSION[MFAPPNAME.'_username']);
|
||||
unset($_SESSION[MFAPPNAME.'_ip']);
|
||||
}
|
||||
|
||||
public static function isLoggedIn() {
|
||||
$db=new FronkDB();
|
||||
@@ -109,20 +118,25 @@ class mfLoginController extends mfBaseController {
|
||||
//session_set_cookie_params(0);
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
$username=$this->db()->escape($username);
|
||||
|
||||
if(!is_scalar($username) || !is_scalar($password)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$username = $this->db()->escape($username);
|
||||
|
||||
$res=$this->db()->select(MFUSERTABLE,"*","username='$username'");
|
||||
$res = $this->db()->select(MFUSERTABLE,"*","username='$username'");
|
||||
if(!$this->db()->num_rows($res)) {
|
||||
sleep(1);
|
||||
return false;
|
||||
}
|
||||
$user=$this->db()->fetch_object($res);
|
||||
$hash=$user->password;
|
||||
$user = $this->db()->fetch_object($res);
|
||||
$hash = $user->password;
|
||||
|
||||
$salt=substr($hash,0,16);
|
||||
$passhash=$this->generatePasswordHash($password,$salt);
|
||||
$salt = substr($hash,0,16);
|
||||
$passhash = $this->generatePasswordHash($password,$salt);
|
||||
|
||||
if($passhash==$hash) {
|
||||
if($passhash === $hash) {
|
||||
//session_name(MFAPPNAME."_session");
|
||||
//session_start();
|
||||
$this->db()->update(MFUSERTABLE,array('ip' => $_SERVER['REMOTE_ADDR'],'sessionid' => session_id()),"username='$username'");
|
||||
@@ -130,6 +144,8 @@ class mfLoginController extends mfBaseController {
|
||||
self::initSession($user);
|
||||
return true;
|
||||
}
|
||||
|
||||
sleep(1);
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user