Location: PHPKode > projects > ProNuke. Postnuke To Oracle > postnuke/html/modules/NS-User/user/access.php
<?php // File: $Id: access.php,v 1.15 2001/12/04 23:52:31 jgm Exp $ $Name:  $
// ----------------------------------------------------------------------
// POST-NUKE Content Management System
// Copyright (C) 2001 by the Post-Nuke Development Team.
// http://www.postnuke.com/
// ----------------------------------------------------------------------
// Based on:
// PHP-NUKE Web Portal System - http://phpnuke.org/
// Thatware - http://thatware.org/
// ----------------------------------------------------------------------
// LICENSE
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License (GPL)
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// To read the license please visit http://www.gnu.org/copyleft/gpl.html
// ----------------------------------------------------------------------
// Original Author of file: 
// Purpose of file: verify username/password against form input, upgrade
//               user passwords to md5 if not already done.
// ----------------------------------------------------------------------

$compare2crypt = true;
$compare2text = true;

function comparePasswords($givenpass, $realpass, $username, $cryptSalt='')
{
    global $compare2crypt, $compare2text, $system;

    $md5pass = md5($givenpass);

    if (strcmp($md5pass, $realpass) == 0)
        return $md5pass;
    elseif ($compare2crypt && $system != "1" ){
        $crypted = false;
        if ($cryptSalt != ''){
            if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0)
                $crypted = true;
        }else{
            if (strcmp(crypt($givenpass, $cryptSalt), $realpass) == 0)
                $crypted = true;
        }
        if ($crypted){
            updateUserPass($username, $md5pass);
            return $md5pass;
        }
    }elseif ($compare2text && strcmp($givenpass, $realpass) == 0) {
            updateUserPass($username, $md5pass);
            return $md5pass;
    }


    return false;
}

function updateUserPass($username, $md5pass)
{
    global $dbconn, $pntable;
    $column = &$pntable['users_column'];
    $result = $dbconn->Execute("UPDATE $pntable[users]
                              SET $column[pass] = '".$md5pass."'
                              WHERE $column[uname]='".$username."'");
}

function access_user_login($uname, $pass, $url)
{

     // Patched by FTO because Oracle doesn't support Recordcount().
     // Return always -1)

    global $setinfo, $system, $pntable, $dbconn;
    $column = &$pntable['users_column'];
    $myquery = buildSimpleQuery ('users', array ('pass', 'uid', 'storynum', 'umode', 'uorder', 'thold', 'noscore', 'ublockon', 'theme', 'commentmax'), "$column[uname]='$uname'");

    $result = $dbconn->Execute($myquery);

    //  if($result->PO_RecordCount()==1) {

    // Only one line in the result

    if (!$result->EOF ) // A user is found.
        {
         $setinfo = $result->GetRowAssoc(false);
         $result->MoveNext();

         // If more than one line, reject
        
         if (!$result->EOF)
            {
                pnRedirect('user.php?stop=1');
                die("Database corrupted. More than one user with that name.");
                return;
            }

         //
         $dbpass=$setinfo['pass'];
         $pass = comparePasswords($pass, $dbpass, $uname, substr($dbpass,0,2));


         // The paswword does not match
         if (!$pass)
                {
                pnRedirect('user.php?stop=1');
                die("Passwords do not match");
                return;
                }
        
         // Right ! Set user session and privileges
         
         docookie($setinfo['uid'], $uname, $pass, $setinfo['storynum'], $setinfo['umode'], $setinfo['uorder'], $setinfo['thold'], $setinfo['noscore'], $setinfo['ublockon'], $setinfo['theme'], $setinfo['commentmax']);
         $ctime = time();

         if(getenv("HTTP_X_FORWARDED_FOR"))
               {
               $ip = getenv("HTTP_X_FORWARDED_FOR");
               }
         else
               {
               $ip = getenv("REMOTE_ADDR");
               };

         $column = &$pntables['session_column'];

             // Remove guest from sessions table
		
         $dbconn->Execute("DELETE FROM $pntable[session]
                        WHERE username = \"$ip\"");
						
             // Insert user into sessions table

         $dbconn->Execute("INSERT INTO $pntable[session] (
                        .$column[username],
                         $column[time],
                         $column[host_addr],
                         $column[guest])
                        VALUES (
                         '$uname',
                         $ctime',
                         $ip,
                         0)");

         redirect_index(_LOGGINGYOU, $url);

     }
    else
     {
         pnRedirect('user.php?stop=1');
     }
}

?>
Return current item: ProNuke. Postnuke To Oracle