1 rizwank 1.1 <?php
2
3 function authenticateUser($connection, $username, $password, $utbl){
4 // Test the username and password parameters
5 if (!isset($username) || !isset($password))
6 return false;
7
8 // Create a digest of the password collected from
9 // the challenge
10 // $password_digest = md5(trim($password));
11
12 // Formulate the SQL find the user
13 $query = "SELECT ID FROM $utbl WHERE usr = '{$username}'
14 AND pwd = '{$password}'";
15
16 // Execute the query
17 if (!$result = @ mysql_query ($query, $connection))
18 showerror();
19
20 $row = mysql_fetch_array($result);
21 // exactly one row? then we have found the user
22 rizwank 1.1 if (mysql_num_rows($result) != 1)
23 return false;
24 else
25 return true;
26 }
27
28 // Connects to a session and checks that the user has
29 // authenticated and that the remote IP address matches
30 // the address used to create the session.
31 function sessionAuthenticate(){
32
33 // Check if the user hasn't logged in
34 if (!isset($_SESSION["login"]))
35 {
36 // The request does not identify a session
37 $_SESSION["message"] = "You are not authorized to access the URL
38 {$_SERVER["REQUEST_URI"]}";
39
40 header("Location: login-screen.php?m=2");
41 exit;
42 }
43 rizwank 1.1
44 // Check if the request is from a different IP address to previously
45 if (!isset($_SESSION["loginIP"]) ||
46 ($_SESSION["loginIP"] != $_SERVER["REMOTE_ADDR"]))
47 {
48 // The request did not originate from the machine
49 // that was used to create the session.
50 // THIS IS POSSIBLY A SESSION HIJACK ATTEMPT
51
52 $_SESSION["message"] = "You are not authorized to access the URL
53 {$_SERVER["REQUEST_URI"]} from the address
54 {$_SERVER["REMOTE_ADDR"]}";
55
56 header("Location: login-screen.php?m=3");
57 exit;
58 }
59 }
60
61 ?>
|
Return to
authentication.php
CVS log
Up to [RizwankCVS] / geekymedia_web / photo / sspadmin / inc