aliroAdminAuthenticator Class Reference
Inheritance diagram for aliroAdminAuthenticator:
Public Member Functions | |
| login () | |
| logout () | |
Static Public Member Functions | |
| static | getInstance () |
Protected Attributes | |
| $prefix = 'admin' | |
Static Private Attributes | |
| static | $instance = __CLASS__ |
Detailed Description
Definition at line 252 of file aliroAuthenticator.php.
Member Function Documentation
| static aliroAdminAuthenticator::getInstance | ( | ) | [static] |
Definition at line 256 of file aliroAuthenticator.php.
Referenced by aliroAdminRequest::doControl(), and mosUser::userStore().
00256 { 00257 return is_object(self::$instance) ? self::$instance : (self::$instance = new self::$instance()); 00258 }
| aliroAdminAuthenticator::login | ( | ) |
escape and trim to minimise injection of malicious sql
Definition at line 260 of file aliroAuthenticator.php.
References aliroCoreDatabase::getInstance(), aliroRequest::getInstance(), aliroDatabase::getInstance(), aliroSessionFactory::getSession(), and T_().
00260 { 00261 $session = aliroSessionFactory::getSession(); 00262 if (!($session->cookiesAccepted())) return null; 00263 00264 $database = aliroDatabase::getInstance(); 00266 $request = aliroRequest::getInstance(); 00267 00268 $usrname = $database->getEscaped($request->getParam($_POST, 'usrname')); 00269 $pass = $database->getEscaped($request->getParam($_POST, 'pass')); 00270 00271 $my = null; 00272 if (!$pass) { 00273 $request->setErrorMessage(T_('Please enter a password'), _ALIRO_ERROR_WARN); 00274 return $my; 00275 } 00276 00277 $users = $database->doSQLget("SELECT * FROM #__users WHERE usertype IN ('Administrator', 'Super Administrator') OR (username='$usrname' AND block<=10)"); 00278 $admins = count($users); 00279 $database = aliroCoreDatabase::getInstance(); 00280 foreach ($users as $key=>$oneuser) { 00281 if ($oneuser->username == $usrname) { 00282 $database->setQuery("SELECT COUNT(*) FROM #__core_users WHERE id=$oneuser->id AND password=MD5(CONCAT(salt,'$pass'))"); 00283 if ($database->loadResult()) { 00284 $my =& $users[$key]; 00285 if (!in_array($my->usertype, array('Administrator', 'Super Administrator'))) $admins--; 00286 } 00287 } 00288 } 00289 if ($admins == 0) { 00290 $request->setErrorMessage(T_('You cannot login. There are no administrators set up.'), _ALIRO_ERROR_FATAL); 00291 return null; 00292 } 00293 if (isset($my)) { 00294 $session->setNewUserData ($my); 00295 $currentDate = date("Y-m-d/TH:i:s"); 00296 $query = "UPDATE #__users SET lastvisitDate='$currentDate', block=0 where id='$my->id'"; 00297 } 00298 else { 00299 $request->setErrorMessage(T_('Incorrect Username, Password, or Access Level. Please try again'), _ALIRO_ERROR_WARN); 00300 $query = "UPDATE #__users SET block=block+1 where username='$usrname'"; 00301 sleep(2); 00302 } 00303 $database->doSQL("OPTIMIZE TABLE #__error_log, #__session, #__session_data"); 00304 $database = aliroDatabase::getInstance(); 00305 $database->doSQL($query); 00306 return $my; 00307 }
| aliroAdminAuthenticator::logout | ( | ) |
Reimplemented from aliroAuthenticator.
Definition at line 309 of file aliroAuthenticator.php.
References aliroRequest::getInstance().
00309 { 00310 parent::logout(); 00311 $request = aliroRequest::getInstance(); 00312 $request->redirect($request->getCfg('live_site')); 00313 }
Member Data Documentation
aliroAdminAuthenticator::$instance = __CLASS__ [static, private] |
Definition at line 253 of file aliroAuthenticator.php.
aliroAdminAuthenticator::$prefix = 'admin' [protected] |
Definition at line 254 of file aliroAuthenticator.php.
The documentation for this class was generated from the following file:
