Code: Select all
$con = mysql_connect('*****', '***', '***');
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
@mysql_select_db("****", $con);
// username and password sent from a form in another page
$myusername=$_POST['myusername'];
$mypassword=$_POST['mypassword'];
$myusername = stripslashes($myusername);
$mypassword = stripslashes($mypassword);
$myusername = mysql_real_escape_string($myusername);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT `password` FROM `jos_users` WHERE username= '$myusername' ";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$joom_pass =$row['password'];
//explode pass on colon
$parts = explode( ':', $joom_pass );
$pass =$parts[0];
$salt = $parts[1];
//make up the new md5 password using the user submitted password and salt from above
$genpassword = md5($mypassword . $salt) . ":" . $salt;
//if passwords match set session vars and redirect to new page
if ($genpassword == $joom_pass)
{
echo "OK";
}
Code: Select all
<?php
if(!defined('VALID_ACL_')) exit('direct access is not allowed.');
class Authorization
{
public function check_status()
{
if(empty($_SESSION['exp_user']) || @$_SESSION['exp_user']['expires'] < time())
{
return false;
}
else
{
return true;
}
}
public function form()
{
global $ACL_LANG;
$htmlForm = '<form id="frmlogin">'.'<img src="images/logo.png" class="img1"/>'.
'<label>';
switch(LOGIN_METHOD)
{
case 'both':
$htmlForm .= $ACL_LANG['USERNAME'].'/'.$ACL_LANG['EMAIL'];
break;
case 'email':
$htmlForm .= $ACL_LANG['EMAIL'];
break;
default:
$htmlForm .= $ACL_LANG['USERNAME'];
break;
}
$htmlForm .=
':</label>'.
'<input type="text" name="u" id="u" class="textfield" />'.
'<label>'.$ACL_LANG['PASSWORD'].'</label>'.
'<input type="password" name="p" id="p" class="textfield" />'.
'<input type="submit" name="btn" id="btn" class="buttonfield" value="'.$ACL_LANG['LOGIN'].'" />'.
'<input type="reset" name="rst" id="rst" class="buttonfield1" value="Reset" />'.
'</form>';
return $htmlForm;
}
public function signin($u,$p)
{
global $db_config,$user_config;
$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
if(!$this->db) return false;
$opendb = @mysql_select_db($db_config['name'], $this->db);
if(!$opendb) return false;
$sql = "SELECT `password` FROM `jos_users` WHERE `username`= '$myusername' ";
$result = @mysql_query($sql,$this->db);
$row = mysql_fetch_array($result);
$joom_pass =$row['password'];
//explode pass on colon
$parts = explode( ':', $joom_pass );
$pass =$parts[0];
$salt = $parts[1];
//make up the new md5 password using the user submitted password and salt from above
$genpassword = md5($mypassword . $salt) . ":" . $salt;
$return = false;
if ($genpassword != $joom_pass)
{
if (USEDB)
{
if($u&&$p)
{
$this->db = @mysql_connect($db_config['server'],$db_config['user'],$db_config['pass']);
if(!$this->db) return false;
$opendb = @mysql_select_db($db_config['name'], $this->db);
if(!$opendb) return false;
$sql = "SELECT * FROM `jos_users` WHERE `username`= '$myusername' "; $rs = @mysql_query($sql,$this->db);
if(!$rs) return false;
if(mysql_num_rows($rs))
{
$this->set_session(array_merge(mysql_fetch_assoc($result),array('expires'=>time()+(120*60))));
$return = true;
}
mysql_free_result($rs);
mysql_close($this->db);
unset($rs,$sql);
}
}
return $return;
}
}
private function set_session($a=false)
{
if(!empty($a))
{
$_SESSION['exp_user'] = $a;
}
}
}
?>