Commit ab7cf740 authored by Gabriel Moreau's avatar Gabriel Moreau
Browse files

Replace SQL by clean function get_user_all_by_login

parent 8b7d4503
......@@ -16,26 +16,23 @@ function auth($reqlevel, $logged_user='', $password='') {
if ($check) {
$pdo = connect_db();
$sql = 'SELECT password, id, level, valid FROM users WHERE loggin = ?;';
$stmt = $pdo->prepare($sql);
$stmt->execute(array($logged_user));
$user = $stmt->fetchAll(PDO::FETCH_ASSOC);
$user = get_user_all_by_login($pdo, $logged_user);
// is the password correct
if ($user[0]['password'] != md5($password)) {
if ($user['password'] != md5($password)) {
// pas le bon ppasswd
return 0; // false;
} else if ($reqlevel > $user[0]['level']){
} else if ($reqlevel > $user['level']){
// pas le niveau d'autorisation requis
return 0;//false;
} else { // tout ok
// down the level for disable user
$level = $user[0]['level'];
if ($user[0]['valid'] == 0 && $level > 1)
$level = $user['level'];
if ($user['valid'] == 0 && $level > 1)
$level = 1;
// set session variables
$_SESSION['logged_id'] = $user[0]['id'];
$_SESSION['logged_user'] = $logged_user;
$_SESSION['logged_id'] = $user['id'];
$_SESSION['logged_user'] = $logged_user;
$_SESSION['logged_level'] = $level;
return 1;
}
......
......@@ -242,6 +242,18 @@ function get_user_all_by_id($pdo, $id) {
// -------------------------------------------------------------
function get_user_all_by_login($pdo, $login) {
$sql = 'SELECT * FROM users WHERE loggin = ?;';
$stmt = $pdo->prepare($sql);
$stmt->execute(array($login));
$result_fetch = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($result_fetch) > 0)
return $result_fetch[0];
return false;
}
// -------------------------------------------------------------
function get_version_by_name($pdo, $name) {
$sql = 'SELECT version FROM version WHERE name = ?;';
$stmt = $pdo->prepare($sql);
......
......@@ -33,12 +33,9 @@ function en_tete($titre, $find=false) {
if (!empty($_SESSION)) {
$pdo = connect_db();
$logged_user = $_SESSION['logged_user'];
$sql = 'SELECT nom, prenom, theme FROM users WHERE loggin = ?;';
$stmt = $pdo->prepare($sql);
$stmt->execute(array($logged_user));
$user = $stmt->fetchAll(PDO::FETCH_ASSOC);
$user = get_user_all_by_login($pdo, $logged_user);
$css = 'pool_project_'.$user[0]['theme'].'.css';
$css = 'pool_project_'.$user['theme'].'.css';
} else {
$css = 'pool_project_clair.css';
}
......@@ -66,7 +63,7 @@ function en_tete($titre, $find=false) {
<?php
if (!empty($_SESSION)) {
nav_bar($user[0]['prenom'], $user[0]['nom'], $_SESSION['logged_level'], $_SESSION['logged_id'], $find);
nav_bar($user['prenom'], $user['nom'], $_SESSION['logged_level'], $_SESSION['logged_id'], $find);
} else {
nav_bar('', '', 0, 0, $find);
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment