Optimized user lookup, cleanups
[squasher.git] / squasher.class.php
index c845f062a920071a50e622ddb35df775d9d3380c..3879f1ce5550c0adf41be5930fe67370a007c111 100644 (file)
@@ -19,28 +19,24 @@ function named_records_sort($named_recs, $order_by, $reverse=false, $flags=0)
        return $sorted_records;
 }
 
-function validate_user($vars,$salt){
-       $creds[validated] = false;
-       $query="SELECT * FROM users";
+function validate_user($username, $password, $salt){
+       $creds['validated'] = false;
+       $query="SELECT * FROM users WHERE user_name = '".mysql_escape_string($username)."'";
        $q_result = mysql_query($query);
        while ($fetched_object = mysql_fetch_object($q_result)){
-               if ($fetched_object->user_name == $vars[user]){
-                       if (md5($fetched_object->user_pass.$salt) == $vars[pass]){
-                               //validated
-                               $creds[user_id] = $fetched_object->user_id;
-                               $creds[user_name] = $fetched_object->user_name;
-                               $creds[user_level] = $fetched_object->user_level;
-                               $creds[validated] = true;
-                               $log_hash=NULL;
-                               $log_hash=(isset($vars['f'])) ? $vars['f'] : $vars['h'] ;
-                               if ($log_hash==NULL)$log_hash=str_repeat("0",32);
-                               $q="insert into log (hash,action,user_id,user_name,ip,date) values ('{$log_hash}','login','".$creds['user_id']."','".$creds['user_name']."','".$_SERVER[REMOTE_ADDR]."',NOW())";
-                               mysql_query($q);
-                       }
+               if (md5($fetched_object->user_pass.$salt) == $password){
+                       //validated
+                       $creds['user_id'] = $fetched_object->user_id;
+                       $creds['user_name'] = $fetched_object->user_name;
+                       $creds['user_level'] = $fetched_object->user_level;
+                       $creds['validated'] = true;
+                       $log_hash=str_repeat("0",32); // File ID is always empty on login
+                       $q="insert into log (hash,action,user_id,user_name,ip,date) values ('{".mysql_escape_string($log_hash)."}','login','".mysql_escape_string($creds['user_id'])."','".mysql_escape_string($creds['user_name'])."','".mysql_escape_string($_SERVER['REMOTE_ADDR'])."',NOW())";
+                       mysql_query($q);
                }
        }
-       $_SESSION[creds] = $creds;
-       return $creds[validated];
+       $_SESSION['creds'] = $creds;
+       return $creds['validated'];
 }
 
 class squashweb {