// Function to check if password is the right one
//
//==============================================================
-function checkpassword($dbsql,$logname,$password)
+function sql_checkpassword($dbsql,$logname,$password)
{
-$OPEP="gessql.php:checkpassword";
+$OPEP="gessql.php:sql_checkpassword";
$isgood=false;
$phase=0;
$proceed=true;
while ($proceed==true) {
- rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+ //rou_alert(0,"$OPEP, JMPDBG phase=$phase");
switch ($phase) {
case 0 : //do we have both logname and password
if ($logname=="" || $password=="") {
case 1 : //extracting crypted password
$stmt=$dbsql->Select("Select * from emails where email='$logname'");
$dbpass=$stmt->fetch(PDO::FETCH_ASSOC)['password'];
- if ($dbpass==null) { //is user known?
+ if ($dbpass==NULL) { //is user known?
rou_alert(0,"$OPEP, logname=<$logname> missing from database");
$phase=999; //user unknown, trouble trouble
}
return $isgood;
}
+//==============================================================
+//
+// Function to get a log name if a cookie is available
+//
+//==============================================================
+function sql_getlogname($dbsql)
+
+{
+$OPEP="gessql.php:sql_getlogname";
+
+$logname=NULL;
+$cookie=$_COOKIE['mailleur'];
+$phase=0;
+$proceed=true;
+while ($proceed==true) {
+ rou_alert(0,"$OPEP, JMPDBG phase=$phase");
+ switch ($phase) {
+ case 0 : //do we have a cookie
+ if ($cookie==NULL)
+ $phase=999;
+ break;
+ case 1 : //is the cookie within database
+ $cookie=htmlspecialchars($cookie);
+ $stmt=$dbsql->Select("Select * from cookies where cookuuid='$cookie'");
+ $expire=$stmt->fetch(PDO::FETCH_ASSOC)['expire'];
+ rou_alert(0,"$OPEP, cookie expire=<$expire>");
+ break;
+ case 2 : //extracting logname
+ $stmt=$dbsql->Select("Select * from cookies where cookuuid='$cookie'");
+ $logname=$stmt->fetch(PDO::FETCH_ASSOC)['email'];
+ rou_alert(0,"$OPEP, cookie logname=<$logname>");
+ if ($logname==NULL) { //is user known?
+ rou_alert(0,"$OPEP, cookie <$cookie> not found in DB");
+ $phase=999;
+ }
+ break;
+ default : //SAFE Guard
+ $proceed=false;
+ break;
+ }
+ $phase++;
+ }
+rou_alert(0,"$OPEP, now logname=<$logname>");
+return $logname;
+}
?>
// Main screen management
//
//==============================================================
-
-define('JMPDBG','1');
+include_once "subrou.php";
+include_once "unienv.php";
+include_once "scrfun.php";
+include_once "gessql.php";
//section to generate the main screen body
-function body($action,$logname,$pass)
+function body($logname)
{
-include_once "subrou.php";
-include_once "unienv.php";
-include_once "scrfun.php";
-include_once "devsql.php";
-$footer=footer("mailleur");
+$footer=footer(getenv("APPNAME"));
$cook=$_COOKIE[getenv("APPNAME")];
-rou_closelog();
-
$STR = <<<EOT
<!DOCTYPE html>
<CENTER><STRONG><FONT SIZE=+2 color=red>
Within mailleur
<BR>
-action=$action
-<BR>
-Login=$logname
-<BR>
-Password=$pass
+LOGNAME=$logname
<BR>
The cookies=$cook
<BR>
return $STR;
}
-$epost="_POST";
-$action=${$epost}["action"];
-$logname=${$epost}["email"];
-$pass=${$epost}["passwd"];
-//display main screen
-echo body($action,$logname,$pass);
+$dbsql=sql_connect();
+$logname=sql_getlogname($dbsql);
+sql_close($dbsql);
+rou_closelog();
+
+if ($logname!=NULL) {
+ echo body($logname);
+ }
+else {
+ header('Location: home.php');
+ }
?>
vps2: / jmp / mailleur / commitdiff