HEX
Server: Microsoft-IIS/8.5
System: Windows NT YDAWBH120 6.3 build 9600 (Windows Server 2012 R2 Standard Edition) AMD64
User: tentjecom_web (0)
PHP: 7.4.14
Disabled: NONE
$ pwd: D:/HostingSpaces/SBogers10/spire.komma-mediadesign.nl/wwwroot/kms/app/models/login/
Upload Files
File: D:/HostingSpaces/SBogers10/spire.komma-mediadesign.nl/wwwroot/kms/app/models/login/m_login.php
<?php

/* 
	Login // model
	
	Handles all tasks regarding the user login

*/

class Login
{
	private $_pdo, $_template, $_lang;
	
	public function __construct()
	{
		global $pdo, $template, $lang;
		$this->_pdo = $pdo;
		$this->_template = $template;
	}

	/**
	* Checks whether a user is logged in using a session string.
	*
	* @access public
	* @param 
	* @return boolean
	*/
	public function checkLogin()
	{
		$valid = FALSE;
		if(isset($_SESSION['admin_string']))
		{
			if(time() < ($_SESSION['login_time'] + 3600))
            {
                $_SESSION['login_time'] = time();
                if($st = $this->_pdo->query('SELECT id, hash FROM kms_admin'))
				{
					while($result = $st->fetch(PDO::FETCH_OBJ))
					{
						$string = $result->id.'_'.md5($result->hash);
						if($string == $_SESSION['admin_string'])
						{
							$valid = TRUE;
						}
					}			
				}	
			}
			else
			{
				unset($_SESSION['admin_string']);
				$this->_template->setAlert($this->_template->lang['login_expired'],'warning');
			}		
		}
		return $valid;
	}
	
	/**
	* Returns a TRUE/FALSE depending on whether a user enters the right username and password.
	*
	* @access public 
	* @param string, string
	* @return boolean
	*/
	public function validateLogin($user, $pass)
	{
		$valid = FALSE;
		if( ! empty($user) && ! empty($pass))
		{
			if($st = $this->_pdo->prepare('SELECT id, user, hash FROM kms_admin WHERE user = ?'))
			{
				$st->bindParam(1,$user);
				$st->execute();
				
				$result = $st->fetch(PDO::FETCH_OBJ);
				
				if($st->rowCount() > 0)
				{
					$newHash = crypt($pass, $result->hash);
					if($newHash == $result->hash)
					{
						$valid = TRUE;
						$_SESSION['admin_string'] = $result->id.'_'.md5($result->hash);
						$_SESSION['login_time'] = time();
						$_SESSION['admin_name'] = $result->user;
						$this->_template->setAlert($this->_template->lang['login_success']);
					}
					else
					{
						$this->_template->setAlert($this->_template->lang['login_incorrect_user_pass'],'error');
					}
				}
				else 
				{
					$this->_template->setAlert($this->_template->lang['login_incorrect_user_pass'],'error');
				}
			}
			else
			{
				$this->_template->setAlert($this->_template->lang['general_something_went_wrong'],'error');
			}
		}
		else 
		{
			$this->_template->setAlert($this->_template->lang['login_please_fill_both_forms'],'warning');
		}
		return $valid;		
	}

	/**
	* Unset the session and redirect to the login page
	*
	* @access public
	* @param
	* @return null
	*/
	public function logOut()
	{
		unset($_SESSION['admin_string']);
		$this->_template->setAlert($this->_template->lang['logout_success']);
		$this->_template->redirect(SITE_ROOT);
	}
}
@ Telegram