|
@@ 294-298 (lines=5) @@
|
| 291 |
|
$aPin = explode('$', $strPinHash); |
| 292 |
|
count($aPin) == 1 ? $pin_hash = $this->getHash($pin, 0) : $pin_hash = $this->getHash($pin, $aPin[1], $aPin[2]); |
| 293 |
|
$stmt = $this->mysqli->prepare("SELECT pin FROM $this->table WHERE id = ? AND pin = ? LIMIT 1"); |
| 294 |
|
if ($stmt->bind_param('is', $userId, $pin_hash) && $stmt->execute() && $stmt->bind_result($row_pin) && $stmt->fetch()) { |
| 295 |
|
$stmt->close(); |
| 296 |
|
$this->setUserPinFailed($userId, 0); |
| 297 |
|
return ($pin_hash === $row_pin); |
| 298 |
|
} |
| 299 |
|
$this->log->log('info', $this->getUserName($userId).' incorrect pin'); |
| 300 |
|
$this->incUserPinFailed($userId); |
| 301 |
|
// Check if this account should be locked |
|
@@ 591-594 (lines=4) @@
|
| 588 |
|
$this->debug->append("STA " . __METHOD__, 4); |
| 589 |
|
if (!is_string($key)) return false; |
| 590 |
|
$stmt = $this->mysqli->prepare("SELECT api_key, id FROM $this->table WHERE api_key = ? LIMIT 1"); |
| 591 |
|
if ($this->checkStmt($stmt) && $stmt->bind_param("s", $key) && $stmt->execute() && $stmt->bind_result($api_key, $id) && $stmt->fetch()) { |
| 592 |
|
if ($api_key === $key) |
| 593 |
|
return $id; |
| 594 |
|
} |
| 595 |
|
header("HTTP/1.1 401 Unauthorized"); |
| 596 |
|
die('Access denied'); |
| 597 |
|
} |
MPOS /
php-mpos
