Jaja, es verdad, q coordinación
No usa sesiones, yo estaba confiado de q si :S
Este es el archivo auth:
Código PHP:
<?php
class auth{
// CHANGE THESE VALUES TO REFLECT YOUR SERVER'S SETTINGS
var $HOST = "****"; // Change this to the proper DB HOST
var $USERNAME = "*****"; // Change this to the proper DB USERNAME
var $PASSWORD = "*****"; // Change this to the proper DB USER PASSWORD
var $DBNAME = "******"; // Change this to the proper DB NAME
// AUTHENTICATE
function authenticate($username, $password) {
// Let's comment this out and use the preg_match method
// to restrict username and password characters and disallow
// the semicolon (;) and apostrophe (') characters
// Anti-SQL Injection..
// if (!get_magic_quotes_gpc())
// {
// $username = addslashes($username);
// $password = addslashes($password);
// }
// Check for apostrophe in $username to avoid SQL injection
if (ereg("'", $username))
{
return "invalid username";
}
// Check for apostrophe in $password to avoid SQL injection
if (ereg("'", $password))
{
return "invalid password";
}
$query = "SELECT * FROM authuser WHERE uname='$username' AND passwd=MD5('$password') AND status <> 'inactive'";
$UpdateRecords = "UPDATE authuser SET lastlogin = NOW(), logincount = logincount + 1 WHERE uname='$username'";
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
// CHECK IF THERE ARE RESULTS
// Logic: If the number of rows of the resulting recordset is 0, that means that no
// match was found. Meaning, wrong username-password combination.
if ($numrows == 0) {
return 0;
}
/*
elseif ($row["level"]==1) { // ADMIN LOGIN
$Update = mysql_query($UpdateRecords);
return 1;
}
*/
else {
$Update = mysql_query($UpdateRecords);
return $row;
}
} // End: function authenticate
// PAGE CHECK
// This function is the one used for every page that is to be secured. This is not the same one
// used in the initial login screen
function page_check($username, $password) {
// Let's comment this out and use the preg_match method
// to restrict username and password characters and disallow
// the semicolon (;) and apostrophe (') characters
// Anti-SQL Injection..
// if (!get_magic_quotes_gpc())
// {
// $username = addslashes($username);
// $password = addslashes($password);
// }
// Check for apostrophe in $username to avoid SQL injection
if (ereg("'", $username))
{
return "invalid username";
}
// Check for apostrophe in $password to avoid SQL injection
if (ereg("'", $password))
{
return "invalid password";
}
$query = "SELECT * FROM authuser WHERE uname='$username' AND passwd=MD5('$password') AND status <> 'inactive'";
$connection = mysql_connect($this->HOST, $this->USERNAME, $this->PASSWORD);
$SelectedDB = mysql_select_db($this->DBNAME);
$result = mysql_query($query);
$numrows = mysql_num_rows($result);
$row = mysql_fetch_array($result);
// CHECK IF THERE ARE RESULTS
// Logic: If the number of rows of the resulting recordset is 0, that means that no
// match was found. Meaning, wrong username-password combination.
if ($numrows == 0) {
return false;
}
else {
return $row;
}
} // End: function page_check
?>
Cómo lo utilizaría para la condición?