Changeset 1744 for trunk/include/functions_user.inc.php
- Timestamp:
- Jan 23, 2007, 2:22:52 AM (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/include/functions_user.inc.php
r1699 r1744 859 859 * returns the auto login key or false on error 860 860 * @param int user_id 861 * @param string [out] username 861 862 */ 862 function calculate_auto_login_key($user_id )863 function calculate_auto_login_key($user_id, &$username) 863 864 { 864 865 global $conf; … … 872 873 { 873 874 $row = mysql_fetch_assoc($result); 874 $key = sha1( $row['username'].$row['password'] ); 875 $username = $row['username']; 876 $data = $row['username'].$row['password']; 877 $key = base64_encode( 878 pack('H*', sha1($data)) 879 .hash_hmac('md5', $data, $conf['secret_key'],true) 880 ); 875 881 return $key; 876 882 } … … 890 896 if ($remember_me and $conf['authorize_remembering']) 891 897 { 892 $key = calculate_auto_login_key($user_id );898 $key = calculate_auto_login_key($user_id, $username); 893 899 if ($key!==false) 894 900 { … … 929 935 { 930 936 $cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']])); 931 if ($cookie!==false )932 { 933 $key = calculate_auto_login_key( $cookie['id']);937 if ($cookie!==false and is_numeric(@$cookie['id']) ) 938 { 939 $key = calculate_auto_login_key( $cookie['id'], $username ); 934 940 if ($key!==false and $key===$cookie['key']) 935 941 { 936 942 log_user($cookie['id'], true); 943 trigger_action('login_success', $username); 937 944 return true; 938 945 } … … 940 947 setcookie($conf['remember_me_name'], '', 0, cookie_path()); 941 948 } 949 return false; 950 } 951 952 /** 953 * Tries to login a user given username and password (must be MySql escaped) 954 * return true on success 955 */ 956 function try_log_user($username, $password, $remember_me) 957 { 958 global $conf; 959 // retrieving the encrypted password of the login submitted 960 $query = ' 961 SELECT '.$conf['user_fields']['id'].' AS id, 962 '.$conf['user_fields']['password'].' AS password 963 FROM '.USERS_TABLE.' 964 WHERE '.$conf['user_fields']['username'].' = \''.$username.'\' 965 ;'; 966 $row = mysql_fetch_assoc(pwg_query($query)); 967 if ($row['password'] == $conf['pass_convert']($password)) 968 { 969 log_user($row['id'], $remember_me); 970 trigger_action('login_success', $username); 971 return true; 972 } 973 trigger_action('login_failure', $username); 942 974 return false; 943 975 }
Note: See TracChangeset
for help on using the changeset viewer.