/lenasys/trunk : contents of php/dugga_checklogin.php at revision 137

: (revision 137)

To get this branch, use:

bzr branch
http://gegoxaren.bato24.eu/bzr/lenasys/trunk

<?php
session_start();

function htmlsafe($str){
	return $str=htmlspecialchars($str,ENT_QUOTES,'UTF-8');
}

function logLogin($loginName, $success, $duggaNr, $courseName, $courseOccasion, $pdo){
	$insertString = "INSERT INTO userLoginsLog(loginName, userAgent, userIP, DateTime, success, quizNr, courseName, courseOccasion) VALUES(:LOGIN,:UAGENT,:IP,:DATETIME,:SUCCESS,:QNR,:CNAME,:COCCASION);";
	$insertStmt = $pdo->prepare($insertString);
	$insertStmt->bindParam(':LOGIN', $loginName);
	$insertStmt->bindParam(':UAGENT', $_SERVER['HTTP_USER_AGENT']);
	$now=new DateTime();
	$dateString=$now->format('Y-m-d H:i:s');
	$insertStmt->bindParam(':DATETIME', $dateString); // date and time formated to string e.g. "2012-08-23 08:59:00"
	$insertStmt->bindParam(':IP', $_SERVER['REMOTE_ADDR']);
	$insertStmt->bindParam(':SUCCESS', $success);
	$insertStmt->bindParam(':QNR', $duggaNr);
	$insertStmt->bindParam(':CNAME', $courseName);
	$insertStmt->bindParam(':COCCASION', $courseOccasion);
	$insertStmt->execute();	
}

$errorMsg = "";


//Returns the user login name if login is successfull else false
function checkLogin(&$errorMsg, $courseName, $courseOccasion, $duggaNr) {
    $loginName = "";
    $password = "";
	include "dbconnect.php";
	
    if ((isset($_POST['loginName']) && isset($_POST['password']))) {
        $loginName = trim($_POST['loginName']);
        $password = $_POST['password'];
    } else if (isset($_SESSION['loginName']) && isset($_SESSION['password'])) {
        $loginName = $_SESSION['loginName'];
        $password = $_SESSION['password'];
    }

    if ($loginName != "" && $password != "") {
		
		//Check if the student is a praticipant of the course
		$queryString="SELECT Student.loginName, Student.passw
					   FROM Student, StudentCourseRegistration 
					   WHERE Student.ssn=StudentCourseRegistration.studentSsn
					   AND Student.loginName=:LOGINN
					   AND Student.passw=:PASSW
					   AND courseName=:CNAME 
					   AND courseOccasion=:COCCASION;";
		$stmt = $pdo->prepare($queryString);
		$stmt->bindParam(':LOGINN', $loginName);
		$stmt->bindParam(':PASSW', $password);
		$stmt->bindParam(':CNAME', $courseName);
		$stmt->bindParam(':COCCASION', $courseOccasion);
		$stmt->execute();
		$result=$stmt->fetch();
		if ($stmt->rowCount() == 1) { //Student is a participant of this course and course occasion
			// foreach ($stmt->fetch() as $row) { $courseName, $courseOccasion, $duggaNr
                $_SESSION['loginName'] = $result['loginName'];
                $_SESSION['password'] = $result['passw'];
                $_SESSION['courseName'] = $courseName;
                $_SESSION['courseOccasion'] = $courseOccasion;
                $_SESSION['quizNr'] = $duggaNr;
            // }
            logLogin($loginName, "successful", $duggaNr, $courseName, $courseOccasion, $pdo);
			return $_SESSION['loginName'];
        } else {
			$errorMsg="Incorrect username or password";
			// CREATE TABLE logFailedUserLogins(
			// id INTEGER AUTO_INCREMENT,
			// loginName VARCHAR(30),
			// userAgent VARCHAR(1024), /*$_SERVER['HTTP_USER_AGENT']*/
			// userIP VARCHAR(20), /*$_SERVER['REMOTE_ADDR']*/
			// DateTime TIMESTAMP,
			// courseName VARCHAR(100),
			// courseOccasion VARCHAR(25),
			// quizNr INTEGER,
			// PRIMARY KEY(id)
			// ) ENGINE=INNODB CHARACTER SET utf8 COLLATE utf8_swedish_ci;
			/*$insertString = "INSERT INTO logFailedUserLogins(loginName, userAgent, userIP, courseName, courseOccasion, quizNr) VALUES(:LOGIN,:UAGENT,:UIP,:CNAME,:COCCASION,:QNR);";
			$insertStmt = $pdo->prepare($insertString);
			$insertStmt->bindParam(':LOGIN',  $loginName);
			$insertStmt->bindParam(':UAGENT', $_SERVER['HTTP_USER_AGENT']);
			$insertStmt->bindParam(':UIP', $_SERVER['REMOTE_ADDR']);
			$insertStmt->bindParam(':QNR', $duggaNr);
			$insertStmt->bindParam(':CNAME', $courseName);
			$insertStmt->bindParam(':COCCASION', $courseOccasion);
			$insertStmt->execute();*/
			logLogin($loginName, "failed - Incorrect username and/or password", $duggaNr, $courseName, $courseOccasion, $pdo);
			return false;
		}	
    }
	logLogin($loginName, "failed - No username and/or password given", $duggaNr, $courseName, $courseOccasion, $pdo);
    return false;
}

if (isset($_GET['logout'])) {
	session_destroy();
}



?>

9.5.1 by galaxyAbstractor Moved shared js, css and php, updated all paths in DuggaSys.	1	<?php
	2	session_start();
	3
	4	function htmlsafe($str){
	5	return $str=htmlspecialchars($str,ENT_QUOTES,'UTF-8');
	6	}
	7
	8	function logLogin($loginName, $success, $duggaNr, $courseName, $courseOccasion, $pdo){
	9	$insertString = "INSERT INTO userLoginsLog(loginName, userAgent, userIP, DateTime, success, quizNr, courseName, courseOccasion) VALUES(:LOGIN,:UAGENT,:IP,:DATETIME,:SUCCESS,:QNR,:CNAME,:COCCASION);";
	10	$insertStmt = $pdo->prepare($insertString);
	11	$insertStmt->bindParam(':LOGIN', $loginName);
	12	$insertStmt->bindParam(':UAGENT', $_SERVER['HTTP_USER_AGENT']);
	13	$now=new DateTime();
	14	$dateString=$now->format('Y-m-d H:i:s');
	15	$insertStmt->bindParam(':DATETIME', $dateString); // date and time formated to string e.g. "2012-08-23 08:59:00"
	16	$insertStmt->bindParam(':IP', $_SERVER['REMOTE_ADDR']);
	17	$insertStmt->bindParam(':SUCCESS', $success);
	18	$insertStmt->bindParam(':QNR', $duggaNr);
	19	$insertStmt->bindParam(':CNAME', $courseName);
	20	$insertStmt->bindParam(':COCCASION', $courseOccasion);
	21	$insertStmt->execute();
	22	}
	23
	24	$errorMsg = "";
	25
	26
	27	//Returns the user login name if login is successfull else false
	28	function checkLogin(&$errorMsg, $courseName, $courseOccasion, $duggaNr) {
	29	$loginName = "";
	30	$password = "";
	31	include "dbconnect.php";
	32
	33	if ((isset($_POST['loginName']) && isset($_POST['password']))) {
	34	$loginName = trim($_POST['loginName']);
	35	$password = $_POST['password'];
	36	} else if (isset($_SESSION['loginName']) && isset($_SESSION['password'])) {
	37	$loginName = $_SESSION['loginName'];
	38	$password = $_SESSION['password'];
	39	}
	40
	41	if ($loginName != "" && $password != "") {
	42
	43	//Check if the student is a praticipant of the course
	44	$queryString="SELECT Student.loginName, Student.passw
	45	FROM Student, StudentCourseRegistration
	46	WHERE Student.ssn=StudentCourseRegistration.studentSsn
	47	AND Student.loginName=:LOGINN
	48	AND Student.passw=:PASSW
	49	AND courseName=:CNAME
	50	AND courseOccasion=:COCCASION;";
	51	$stmt = $pdo->prepare($queryString);
	52	$stmt->bindParam(':LOGINN', $loginName);
	53	$stmt->bindParam(':PASSW', $password);
	54	$stmt->bindParam(':CNAME', $courseName);
	55	$stmt->bindParam(':COCCASION', $courseOccasion);
	56	$stmt->execute();
	57	$result=$stmt->fetch();
	58	if ($stmt->rowCount() == 1) { //Student is a participant of this course and course occasion
	59	// foreach ($stmt->fetch() as $row) { $courseName, $courseOccasion, $duggaNr
	60	$_SESSION['loginName'] = $result['loginName'];
	61	$_SESSION['password'] = $result['passw'];
	62	$_SESSION['courseName'] = $courseName;
	63	$_SESSION['courseOccasion'] = $courseOccasion;
	64	$_SESSION['quizNr'] = $duggaNr;
65	// }
66	logLogin($loginName, "successful", $duggaNr, $courseName, $courseOccasion, $pdo);
67	return $_SESSION['loginName'];
68	} else {
69	$errorMsg="Incorrect username or password";
70	// CREATE TABLE logFailedUserLogins(
71	// id INTEGER AUTO_INCREMENT,
72	// loginName VARCHAR(30),
73	// userAgent VARCHAR(1024), /$_SERVER['HTTP_USER_AGENT']/
74	// userIP VARCHAR(20), /$_SERVER['REMOTE_ADDR']/
75	// DateTime TIMESTAMP,
76	// courseName VARCHAR(100),
77	// courseOccasion VARCHAR(25),
78	// quizNr INTEGER,
79	// PRIMARY KEY(id)
80	// ) ENGINE=INNODB CHARACTER SET utf8 COLLATE utf8_swedish_ci;
81	/*$insertString = "INSERT INTO logFailedUserLogins(loginName, userAgent, userIP, courseName, courseOccasion, quizNr) VALUES(:LOGIN,:UAGENT,:UIP,:CNAME,:COCCASION,:QNR);";
82	$insertStmt = $pdo->prepare($insertString);
83	$insertStmt->bindParam(':LOGIN', $loginName);
84	$insertStmt->bindParam(':UAGENT', $_SERVER['HTTP_USER_AGENT']);
85	$insertStmt->bindParam(':UIP', $_SERVER['REMOTE_ADDR']);
86	$insertStmt->bindParam(':QNR', $duggaNr);
87	$insertStmt->bindParam(':CNAME', $courseName);
88	$insertStmt->bindParam(':COCCASION', $courseOccasion);
89	$insertStmt->execute();*/
90	logLogin($loginName, "failed - Incorrect username and/or password", $duggaNr, $courseName, $courseOccasion, $pdo);
91	return false;
92	}
93	}
94	logLogin($loginName, "failed - No username and/or password given", $duggaNr, $courseName, $courseOccasion, $pdo);
95	return false;
96	}
97
98	if (isset($_GET['logout'])) {
99	session_destroy();
100	}
101
102
103
104	?>