<?php
class ServerLoginData {
private $user;
private $pw;
private $account;
private $ipaddress;
private $auth;
private $dbconn;
public function __construct() {
// set database connection
$dbconn = new ServerDBConn();
$this->db = $dbconn->connectDB();
}
// return false on error
public function get_error() {
return false;
}
// get login data document from database
public function validUserLogin($user,$pw,$account,$ipaddress) {
$this->user = $user;
$this->pw = $pw;
$this->account = $account;
$this->ipaddress = $ipaddress;
$this->user = htmlentities(trim($this->user));
$this->pw = htmlentities(trim($this->pw));
$this->account = htmlentities(trim($this->account));
$this->ipaddress = htmlentities(trim($this->ipaddress));
return $this->validAccess($this->user,$this->pw,$this->account,$this->ipaddress);
}
public function validAccess($user,$pw,$account,$ipaddress) {
$this->user = $user;
$this->pw = SHA1($pw);
$this->account = SHA1($account);
$this->ipaddress = $ipaddress;
$col1 = '';
$datum = date('Y-m-d H:i:s');
$this->datum = $datum;
if ($stmt = $this->db->prepare("SELECT login_id
FROM tb_restlogin
WHERE user = ?
AND pw = ?
AND account_id = ?
AND ipaddress = ?")) {
$stmt->bind_param('ssss', $this->user,
$this->pw,
$this->account,
$this->validRemoteAddress());
// execute prepared statement
$stmt->execute();
// bind results to output
$stmt->bind_result($col1);
// loop result set
while ($stmt->fetch()) {
$this->id = $col1;
}
if($this->id > 0) {
$stmt = $this->db->prepare("UPDATE tb_restlogin
SET last_visit = ?
WHERE login_id = ? ");
$stmt->bind_param('si', $this->datum,$this->id);
$stmt->execute();
$stmt->close();
// user is valid
return $this->id;
}
else {
return false;
}
}
}
public function validRemoteAddress() {
$regex = "/^[0-9\.]+[0-9\.]+[0-9\.]+[0-9]/";
if(preg_match($regex, $this->ipaddress)) {
return $this->ipaddress;
}
}
}
?>