Not Reviewed
Show More
Add another comment
| @@ -1,8 +1,8 | |||
|
|
1 | 1 | <?php |
|
|
2 | 2 | |
|
|
3 | 3 | /* Megatokyo Website Administration */ |
|
|
4 | ||
|
|
5 | 4 | require_once('../LocalSettings.php'); |
|
|
5 | require(__DIR__ . '/../vendor/autoload.php'); | |
|
|
6 | 6 | |
|
|
7 | 7 | // Core lib |
|
|
8 | 8 | require_once('html.php'); |
| @@ -29,6 +29,18 require_once('rss.php'); | |||
|
|
29 | 29 | |
|
|
30 | 30 | require_once('twitteroauth/twitteroauth.php'); |
|
|
31 | 31 | |
|
|
32 | // Initialize a connection to the database | |
|
|
33 | $dbConfig = new \Doctrine\DBAL\Configuration(); | |
|
|
34 | $dbParams = array( | |
|
|
35 | 'dbname' => DB_NAME, | |
|
|
36 | 'user' => DB_WRITE_USER, | |
|
|
37 | 'password' => DB_WRITE_PASS, | |
|
|
38 | 'host' => DB_SERVER, | |
|
|
39 | 'driver' => 'mysqli', | |
|
|
40 | 'charset' => 'utf8mb4' | |
|
|
41 | ); | |
|
|
42 | $dbConnection = \Doctrine\DBAL\DriverManager::getConnection($dbParams, $dbConfig); | |
|
|
43 | ||
|
|
32 | 44 | $mtdb = new MysqlStore(); |
|
|
33 | 45 | $mtdb->connect( DB_SERVER, DB_WRITE_USER, DB_WRITE_PASS, DB_NAME ); |
|
|
34 | 46 | |
| @@ -46,15 +58,16 function mt_hash_password($password) { | |||
|
|
46 | 58 | return sha1($password); |
|
|
47 | 59 | } |
|
|
48 | 60 | |
|
|
49 | // Remove invalid characters from username. Permit only alpha, underscore, period, at, hypen | |
|
|
61 | // Remove invalid characters from username. Permit only alpha, underscore, period, at, hyphen | |
|
|
50 | 62 | function sanitize_username( $username ) { |
|
|
51 | 63 | return preg_replace('|[^a-z_.@-]|i', '', $username); |
|
|
52 | 64 | } |
|
|
53 | 65 | |
|
|
54 | 66 | // Attempt to login with a username and password. If from cookies, set already_hashed = true. |
|
|
55 | 67 | function mt_login($username, $password, $already_hashed = false) { |
|
|
56 | global $error,$mtdb; | |
|
|
68 | global $error,$mtdb,$dbConnection; | |
|
|
57 | 69 | |
|
|
70 | // Fail login if either user or pass is blank | |
|
|
58 | 71 | if ( '' == $username ) |
|
|
59 | 72 | return false; |
|
|
60 | 73 | |
| @@ -64,8 +77,12 function mt_login($username, $password, $already_hashed = false) { | |||
|
|
64 | 77 | } |
|
|
65 | 78 | |
|
|
66 | 79 | $username = sanitize_username( $username ); |
|
|
80 | ||
|
|
81 | // Get user info from the database | |
|
|
82 | $sql = 'SELECT * FROM contributor WHERE name LIKE ?'; | |
|
|
83 | $stmt = $dbConnection->executeQuery($sql, array($username)); | |
|
|
84 | $login = $stmt->fetch(PDO::FETCH_OBJ); | |
|
|
67 | 85 | |
|
|
68 | $login = $mtdb->getRow( 'SELECT id,name,email,nameplate,default_image,default_link,password FROM contributor WHERE name = "' . mysqli_real_escape_string($mtdb->link, $username) . '"'); | |
|
|
69 | 86 | if (!$login) { |
|
|
70 | 87 | $error = ('<strong>ERROR</strong>: Invalid username or password.'); |
|
|
71 | 88 | adminlog("Failed login attempt from ".$_SERVER['REMOTE_ADDR']." for $username.", MTS_LOGIN, MTA_CHANGE); |
| @@ -142,5 +159,4 function nocache_headers() { | |||
|
|
142 | 159 | @ header('Pragma: no-cache'); |
|
|
143 | 160 | } |
|
|
144 | 161 | |
|
|
145 | ||
|
|
146 | 162 | ?> |
Comments 0
You need to be logged in to leave comments.
Login now