mt-admin
RSS
Rework login function to use DBAL.
darkmorford -
2fc6ac5be5a5
Not Reviewed
Show More
Add another comment
Collapse all files
TODOs: 0 unresolved 0 Resolved
COMMENTS: 0 General 0 Inline
Show file before | Show file after | Show commentsHide comments
@@ -1,8 +1,8
1 <?php
1 <?php
2
2
3 /* Megatokyo Website Administration */
3 /* Megatokyo Website Administration */
4
5 require_once('../LocalSettings.php');
4 require_once('../LocalSettings.php');
5 require(__DIR__ . '/../vendor/autoload.php');
6
6
7 // Core lib
7 // Core lib
8 require_once('html.php');
8 require_once('html.php');
@@ -29,6 +29,18 require_once('rss.php');
29
29
30 require_once('twitteroauth/twitteroauth.php');
30 require_once('twitteroauth/twitteroauth.php');
31
31
32 // Initialize a connection to the database
33 $dbConfig = new \Doctrine\DBAL\Configuration();
34 $dbParams = array(
35 'dbname' => DB_NAME,
36 'user' => DB_WRITE_USER,
37 'password' => DB_WRITE_PASS,
38 'host' => DB_SERVER,
39 'driver' => 'mysqli',
40 'charset' => 'utf8mb4'
41 );
42 $dbConnection = \Doctrine\DBAL\DriverManager::getConnection($dbParams, $dbConfig);
43
32 $mtdb = new MysqlStore();
44 $mtdb = new MysqlStore();
33 $mtdb->connect( DB_SERVER, DB_WRITE_USER, DB_WRITE_PASS, DB_NAME );
45 $mtdb->connect( DB_SERVER, DB_WRITE_USER, DB_WRITE_PASS, DB_NAME );
34
46
@@ -46,15 +58,16 function mt_hash_password($password) {
46 return sha1($password);
58 return sha1($password);
47 }
59 }
48
60
49 // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen
61 // Remove invalid characters from username. Permit only alpha, underscore, period, at, hyphen
50 function sanitize_username( $username ) {
62 function sanitize_username( $username ) {
51 return preg_replace('|[^a-z_.@-]|i', '', $username);
63 return preg_replace('|[^a-z_.@-]|i', '', $username);
52 }
64 }
53
65
54 // Attempt to login with a username and password. If from cookies, set already_hashed = true.
66 // Attempt to login with a username and password. If from cookies, set already_hashed = true.
55 function mt_login($username, $password, $already_hashed = false) {
67 function mt_login($username, $password, $already_hashed = false) {
56 global $error,$mtdb;
68 global $error,$mtdb,$dbConnection;
57
69
70 // Fail login if either user or pass is blank
58 if ( '' == $username )
71 if ( '' == $username )
59 return false;
72 return false;
60
73
@@ -64,8 +77,12 function mt_login($username, $password, $already_hashed = false) {
64 }
77 }
65
78
66 $username = sanitize_username( $username );
79 $username = sanitize_username( $username );
80
81 // Get user info from the database
82 $sql = 'SELECT * FROM contributor WHERE name LIKE ?';
83 $stmt = $dbConnection->executeQuery($sql, array($username));
84 $login = $stmt->fetch(PDO::FETCH_OBJ);
67
85
68 $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"');
69 if (!$login) {
86 if (!$login) {
70 $error = ('<strong>ERROR</strong>: Invalid username or password.');
87 $error = ('<strong>ERROR</strong>: Invalid username or password.');
71 adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE);
88 adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE);
@@ -142,5 +159,4 function nocache_headers() {
142 @ header('Pragma: no-cache');
159 @ header('Pragma: no-cache');
143 }
160 }
144
161
145
146 ?>
162 ?>
Comments 0
You need to be logged in to leave comments. Login now