svn commit: r377 - trunk/mapbender/http/frames/login.php

uli at osgeo.org uli at osgeo.org
Thu Jun 1 10:06:32 EDT 2006 

Author: uli
Date: 2006-06-01 14:06:32+0000
New Revision: 377

Modified:
   trunk/mapbender/http/frames/login.php

Log:
destroy cookie



Modified: trunk/mapbender/http/frames/login.php
Url: https://mapbender.osgeo.org/source/browse/mapbender/trunk/mapbender/http/frames/login.php?view=diff&rev=377&p1=trunk/mapbender/http/frames/login.php&p2=trunk/mapbender/http/frames/login.php&r1=376&r2=377
==============================================================================
--- trunk/mapbender/http/frames/login.php	(original)
+++ trunk/mapbender/http/frames/login.php	2006-06-01 14:06:32+0000
@@ -1,4 +1,5 @@
 <?php
+# $Id$
 # Copyright (C) 2002 CCGIS 
 #
 # This program is free software; you can redistribute it and/or modify
@@ -17,6 +18,52 @@
 
 ob_start(); 
 include_once("../../conf/mapbender.conf");
+$con = db_connect(DBSERVER,OWNER,PW);
+db_select_db(DB,$con);
+
+function auth_user($name,$pw){
+	$sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = $2";
+	$v = array($name,md5($pw));
+	$t = array('s','s');
+	$res = db_prep_query($sql,$v,$t);
+	if($row = db_fetch_array($res)){
+		return $row;
+	}
+	if(SYS_DBTYPE == 'pgsql'){
+		$v = array($name,$pw);
+		$res = db_prep_query($sql,$v,$t);
+		if($row = db_fetch_array($res)){
+			$sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
+			$vu = array(md5($pw),$row["mb_user_id"]);
+			$tu = array('s','i');
+			$rowu = db_prep_query($sqlu,$vu,$tu);
+			return $row;
+		}
+	}
+	else if(SYS_DBTYPE == 'mysql'){
+		$sql = "SELECT * FROM mb_user WHERE mb_user_name = $1 AND mb_user_password = password($2)";
+		$v = array($name,$pw);
+		$res = db_prep_query($sql,$v,$t);
+		if($row = db_fetch_array($res)){
+			$sqlu = "UPDATE mb_user SET mb_user_password = $1 WHERE mb_user_id = $2";
+			$vu = array(md5($pw),$row["mb_user_id"]);
+			$tu = array('s','i');
+			$rowu = db_prep_query($sqlu,$vu,$tu);
+			return $row;
+		}
+	}
+}
+function setSession(){
+	session_start();
+}
+function killSession(){
+	if (isset($_COOKIE[session_name()])) {
+    	setcookie(session_name(), '', time()-42000, '/');
+	}
+	if(session_id()){
+		session_destroy();
+	}
+}
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
 
@@ -38,13 +85,8 @@
 <?php
 $css_folder = "";
 echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../css/" . $css_folder . "login.css\">";
-
-$con = db_connect(DBSERVER,OWNER,PW);
-db_select_db(DB,$con);
-
-require_once("../php/mb_validateInput.php");
-$name = mb_validateInput($_REQUEST["name"]);
-$password = mb_validateInput($_REQUEST["password"]);
+$name = $_REQUEST["name"];
+$password = $_REQUEST["password"];
 
 $loginMax = MAXLOGIN;
 
@@ -74,17 +116,8 @@
 echo "</head>";
 echo "<body onload='setFocus()'>";
 
-
-session_start();
-if(isset($_REQUEST["password"]) && isset($_REQUEST["name"])){
-	session_unset();
-    session_destroy();
-}
-if(isset($_SESSION["mb_user_password"]) && isset($_SESSION["mb_user_name"])){
-   $name = $_SESSION["mb_user_name"];
-   $password = $_SESSION["mb_user_password"];
-}
 if(!isset($name) || $name == '' || !isset($password) || $password == ''){
+	killSession();
 	echo "<form name='loginForm' action ='" . $PHP_SELF . "' method='POST'>";
 	echo "<table>";
 	echo "<tr><td>Name: </td><td><input type='text' name='name' class='login_text' value='".$name."'></td></tr>";
@@ -93,10 +126,7 @@
 	echo "&nbsp;&nbsp;<a href='../php/mod_forgottenPassword.php' title='Passwort vergessen?' target='_blank'>Forgot your password?</a>";
 	echo "</td></tr></table>";
 	echo "</form>";
-	session_unset();
-	session_destroy();
 }
-session_start();
 if(isset($name) && $name != '' && isset($password) && $password != ''){
 	$sql_count = "SELECT mb_user_login_count FROM mb_user WHERE mb_user_name = $1";
 	$params = array($name);
@@ -109,41 +139,17 @@
 		}
 	}
 	
-	if(SYS_DBTYPE == "mysql") {
-		$passwd_tmp = "password('".$password."')";
-		
-	}
-	else {
-		if(MD5 == 'true'){
-			$passwd_tmp = "md5('".$password."')";
-		}else{
-			$passwd_tmp = $password;
-		}
-	}
-	
-	if(SYS_DBTYPE == "pgsql" && MD5 == 'false')
-		$sql = "SELECT * FROM mb_user WHERE mb_user_name = '".$name."' AND mb_user_password = '".$passwd_tmp."';";
-	else{
-		$sql = "SELECT * FROM mb_user WHERE mb_user_name = '".$name."' AND mb_user_password = ".$passwd_tmp.";";
-	}
-
-
-	$res = db_query($sql);
-	$row = db_fetch_array($res);
+	$row = auth_user($name, $password);
 	
 	// if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
-	if ($row) {
-		include_once("../../conf/session.conf");
-	}
-	
+	if($row){
+		setSession();
+		include("../../conf/session.conf");
+	}	
 	if($_SESSION["mb_user_id"]){
 		if($row["mb_user_login_count"] < $loginMax){
-			$sql_del_cnt =  "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_name = '".$name."'";
+			$sql_del_cnt =  "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = " . $_SESSION['mb_user_id'];
 			db_query($sql_del_cnt);
-			
-			#Session variables, defined in session.conf
-			#include("../../conf/mapbender.conf");
-			#check guis
 			require_once("../php/mb_getGUIs.php");
 			$arrayGUIs = mb_getGUIs($row["mb_user_id"]);
 			$_SESSION["mb_user_guis"] = $arrayGUIs;
@@ -172,8 +178,10 @@
 		}
 	}
 	else{
-		$sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = '".$name."'";
-		db_query($sql_set_cnt);				
+		$sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = $1";
+		$v = array($name);
+		$t = array('s');
+		db_prep_query($sql_set_cnt,$v,$t);				
 		header ("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF'])."/login.php?name=".$name);
 		exit();
 	}

More information about the Mapbender_commits mailing list