session = new Session(); } /** */ function login($username, $hash) { global $db; $username = $db->EscapeString($username); $hash = $db->EscapeString($hash); $db->ExecSqlUniqueRes("SELECT * FROM users WHERE (user_id='$username' OR email='$username') AND pass='$hash'", $user_info, false); if (empty($user_info)) { echo '

'._("Your username and password do not match")."

\n"; exit; } else { /* Access granted */ $this->session->set(SESS_USERNAME_VAR, $username); $this->session->set(SESS_PASSWORD_HASH_VAR, $hash); } } function requireAdmin() { global $db; //$this->session->dump(); $user = $this->session->get(SESS_USERNAME_VAR); $password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR); $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN administrators WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash'", $user_info, false); if (empty($user_info)) { echo '

'._("You do not have administrator privileges")."

\n"; exit; } else { /* Access granted */ //echo '

'._("Access granted")."

\n"; } } function requireOwner($node_id) { global $db; //$this->session->dump(); $user = $this->session->get(SESS_USERNAME_VAR); $password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR); $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_owners WHERE (users.user_id='$user' OR email='$user') AND pass='$password_hash' AND node_owners.node_id='$node_id'", $user_info, false); if(empty($user_info)) { echo '

'._("You do not have owner privileges")."

\n"; exit; } else { /* Access granted */ //echo '

'._("Access granted")."

\n"; } } } /* end class Security */ ?>