Codice PHP:
class UserLogin
{
function LoginUser($username , $password , $remember=false)
{
global $dbcore , $smarty, $cookie;
$password = $password;
$passwordmd5 = md5($password);
$result = $dbcore->getquery("SELECT user.*, usergroup.* FROM `user` AS user LEFT JOIN `usergroup` AS usergroup ON(user.usergroupid = usergroup.groupid) WHERE user.username = '" . $dbcore->escape($username) . "' AND user.password = '" . $dbcore->escape($passwordmd5) . "';");
if($result){
if($result['leveluser'] == '3' and $result['isadmin'] == '1' and $result['levelgroup'] == '3'){
$type = 'admin';
$this->UpdateTimeLogged( $result['userid']);
}else if($result['leveluser'] == '3' and $result['isadmin'] !='1' and $result['status'] !='1'){
echo'User suspes';
return false;
}else if($result['leveluser'] == '3' and $result['isadmin'] !='1'){
echo 'User does not have admin privileges';
return false;
}else if ($result['leveluser'] == '2' and $result['isadmin'] != '1'){
echo 'User does not have admin privileges';
return false;
}else if ($result['leveluser'] == '2' and $result['status'] != '1'){
echo'User suspes';
return false;
}else if ($result['leveluser'] == '2'){
$this->UpdateTimeLogged($result['userid']);
$type = 'staff';
}else if ($result['leveluser'] == '1' and $result['status'] != '1'){
echo'User suspes';
}else if ($result['leveluser'] == '1' and $result['status'] == '1' and $result['activation'] != '1'){
echo'User activation not';
}
else if ($result['leveluser'] == '1'){
$this->UpdateTimeLogged($result['userid']);
$type = 'user';
}else{
return false;
}
if(session_id()== "")
session_start();
$_SESSION['sessionid'] = session_id() ;
$_SESSION['userid'] = $result['userid'] ;
$_SESSION['username'] = $result['username'] ;
$cookie->SetCookie('userautenticate', '1', $remember);
$cookie->SetCookie('userid', $result['userid'], $remember);
$cookie->SetCookie('username', $result['username'], $remember);
return true;
}
return false;
}
function LoadUser(){
global $dbcore , $smarty , $RCW , $cookie;
$useraut = $cookie->GetCookie('userautenticate')?$cookie->GetCookie('userautenticate'):'';
if($useraut == 1){
$userid = $cookie->GetCookie('userid')?$cookie->GetCookie('userid'):'';
$email = $cookie->GetCookie('username')?$cookie->GetCookie('username'):'';
$result = $dbcore->query("SELECT user.*, usergroup.* FROM `user` AS user LEFT JOIN `usergroup` AS usergroup ON(user.usergroupid = usergroup.groupid) WHERE user.userid = ". intval($userid). "");
$row = $dbcore->fetch_array($result);
$RCW['user'] = $row;
if(!is_array($RCW['user'])) {return false; }else{$smarty->assign("username" , $RCW['user']['username']);
if(!empty($RCW['user']['timezone']) && $RCW['user']['timezone'] !='99'){$RCW['timezone'] = $RCW['user']['timezone'];}
return $RCW['user']['userid'];
}
}
}
function UpdateLastActivity($userid){
global $dbcore;
return $dbcore->query("UPDATE LOW_PRIORITY `user`
SET `lastactivity` = '".$dbcore->escape(NEWTIME)."'
WHERE `userid` = ".intval($userid)."");
}
function UpdateTimeLogged($userid){
global $dbcore ;
return $dbcore->query("UPDATE LOW_PRIORITY `user`
SET `lastvisit` ='".$dbcore->escape(NEWTIME)."'
WHERE `userid` = ".intval($userid)."");
}
function UpdateTimeChanged($userid){
global $dbcore ;
return $dbcore->query("UPDATE LOW_PRIORITY `user`
SET `lastchange` ='".$dbcore->escape(NEWTIME)."'
WHERE `userid` = '".intval($userid)."'");
}
function SendPass($email)
{
global $RCW , $dbcore , $settings;
if(!formatoemail($email)){
echo " L'email <b>".$email."</b> e formata da caratteri non ammessi"; ;
return false;
}
$sendpass = $dbcore->query("SELECT * FROM `user` WHERE `email` = '". $dbcore->escape($email) ."' LIMIT 1");
$rowsp = $dbcore->fetch_array($sendpass);
if($rowsp){
$array = array_merge(range(0,9),range('A','Z'),range('a','z'));
shuffle($array);
$password = substr(implode('',$array),0,8);
$password = $password ;
$passwordmd5 = md5($password);
$updpass = $dbcore->query("UPDATE user SET password ='".$dbcore->escape($passwordmd5)."' WHERE email='$email' ");
/*
if($updpass){
require_once ("./includes/functions_mail.php");
$mailObj = new HtmlMail();
$mailObj->setSubject('Lost Password for '. $settings['company']);
$mailObj->setData("","fffff");
$mailObj->sendMail($email , $settings['emailreplay'] , $settings['company'] );
$this->UpdateTimeChanged($rowsp['staffid']);
$RCW['errorstring'] = "La pass e stata inviata al seguente indirizzo email <b>".$email."</b>";
return true;
}
*/
}else{
/* echo " L'email <b>".$email."</b> non e presente"; */
return false;
}
}