Jump to content

Login Function: Just some needed input on complete function


radar
 Share

Recommended Posts

I have this function completely written in my class file that I am working on.  The point to this function is to be able to check the login of a user or administrator for either of the control panels associated with my site.

 

It will check the session intime as well as the page / module referenced.  Once it passes all those checks, it will check and ensure the emailaddress/password stored in the current session still holds true and the account is still active...  if the account is still active it will update the lastActivity as well as update all of the session variables with what is currently in the database.

 

What I am looking for is basically a look at the function, see if it looks good..  If there is any part to it that could create security holes for the site just off the login function itself...

 

Usage: $q->validUser($_SESSION['user'], $_mod);

 

<?php
function validUser($sess, $p) {

	if ($sess['inTime'] == '' && $p != 'login' && $p != 'logout') {
		session_destroy();
		$login = '0';
		$_int = '';
		return $login;
	} else if ($sess['inTime'] < time()-3600 && $p != 'login') {
		$sess['inTime'] = '';
		session_destroy();
		$this->check_login($sess, $p);
	} else {
		$this->user = $sess['emailAddress'];
		$this->pass = $sess['password'];

		$login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' 
								   AND status = '1' LIMIT '1'");
		if ($login = $this->sql_numrows($login) < 1) {
			$sess['inTime'] == '';
			session_destroy();
			$login = '0';
		} else {
			// logged in, lets update the database for last_activity AND the session.

			$this->sql_query("UDATE users SET lastActivity = '".now()."' WHERE
							  emailAddress = '".$this->user."'");
			$login = $this->sql_query("SELECT * FROM users WHERE emailAddress = '".$this->user."' AND password = '".$this->pass."' 
								       AND status = '1' LIMIT '1'");
			$login = mysql_fetch_assoc($login);
			foreach ($login as $key => $value)
			{ 
				$sess[$key] = $value;
			}
			$sess['inTime'] = time();
			$login = '1';
		}
		return $login;
	}
}

?>

 

That is the main function, sql_query and sql_numrows is:

 

<?php
function sql_query($query = "", $transaction = FALSE) {
	unset($this->query_result);

	if ($query != "") {
		$this->num_queries++;
		if ($transation == BEGIN_TRANSACTION && !$this->in_transation) {
			$result = mysql_query("BEGIN", $this->db_connect_id);
			if (!$result) {
				return false;
			}
			$this->in_transaction = TRUE;
		}

		$this->query_result = mysql_query($query, $this->db_connect_id);
	} else {
		if ($transaction == END_TRANSACTION && $this->in_transaction ) {
			$result = mysql_query("COMMIT", $this->db_connect_id);
		}
	}
	if ($this->query_result) {
		unset($this->row[$this->query_result]);
		unset($this->rowset[$this->query_result]);

		if ($transaction == END_TRANSACTION && $this->in_transaction ) {
			$this->in_transaction = FALSE;
			if (!mysql_query("COMMIT", $this->db_connect_id)) {
				mysql_query("ROLLBACK", $this->db_connect_id);
				return false;
			}
		}
		return $this->query_result;
	} else {
		if ($this->in_transaction ) {
			mysql_query("ROLLBACK", $this->db_connect_id);
			$this->in_transaction = FALSE;
		}
		return false;
	}
}

function sql_numrows($query_id = 0) {
	if(!$query_id) {
		$query_id = $this->query_result;
	}
	return ($query_id) ? mysql_num_rows($query_id) : false;
} ?>

 

Any insight that can help to benefit these functions would be appreciated.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.