[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / login.inc

<?php
function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
	//gpasswd -a kyberia jabber #Adding user kyberia to group jabber
	$xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded

	$cmd = $xmpp_ejabberdctl;
	foreach($args as $arg) {
		$cmd.=' '.escapeshellarg($arg);
	}
	system($cmd);
}

function login() {

    global $db,$error,$node_id;
    $login = mysql_real_escape_string($_POST['login']);
    $password = $_POST['password']; // Not SQLi but be carefull
    $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'

    $hash_query='(';
    foreach($password_hash_algos as $algo) {
      $hash_query.="password='".hash($algo, $password)."' OR ";
    }
    $hash_query.='false )';

    $login_type = $_POST['login_type'];
    $referer = $_SERVER['HTTP_REFERER'];

    if (!session_id()) {
        $error='asi nemas zapnute cookies alebo co';
        return false;
    }

	switch ($login_type) {
		case "name":
			$q = "select * from users where login='$login' and $hash_query";
			break;
		case "base36id":
			$login = base_convert($login, 36, 10);
		case "id":
			$login=intval($login); //HA! if it is number, escape_string is not enough
			$q="select * from users where user_id='$login' and $hash_query";
			break;
	}

	$set = $db->query($q);
	$set->next();
	$user_id = $set->getString('user_id');
	$user_name = $set->getString('login');
	$xmpp = strtolower($set->getString('xmpp'));

    if (!$set) { //XXX test
        $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
        return false;
    }
    elseif ($set->getString('hash')) {
        $error='Tvoja registracia este nebola schvalena.';
        return false;
    }
    else {
        $now=date("Y-m-d H:i:s");
        $lockout=$set->getString('acc_lockout');
        if ($lockout >= $now ) {
            global $error;
            $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
Prajem prijemnu odvykacku:-)";
            return false;
        }

//	Login sucessfull

	// prevent session fixation
	session_regenerate_id(); 

        $cube_vector=$set->getString('cube_vector');

        // saves friends list as an array into user session
        $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
external_link='session://friend' order by node_parent";
        $friendset=$db->query($q);
        while ($friendset->next()){
            $_SESSION['friends'][$friendset->getString('node_parent')]=true;
        }

        // saves bookmarks as an array into user session
        $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
        $bookmarkset=$db->query($q);
        while ($bookmarkset->next()){
            $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
        }

        //saves ignored users as an array into user session
        $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
        $ignoreset=$db->query($q);
        while ($ignoreset->next()){
            $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
        }

        //saves fooked forums as an array into user session
        $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
        $fookset=$db->query($q);
        while ($fookset->next()){
            $_SESSION['fook'][$fookset->getString('node_parent')]=true;
        }


        //save bookstyle into user session
        $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
        $bookstylset=$db->query($q);
        $bookstylset->next();
        $_SESSION['bookstyl'] = $bookstylset->getString('node_content');

        // mood
        $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
        $mset->next();
        $moods_expl = explode(";",$set->getString('moods'));
        if (!empty($moods_expl[count($moods_expl)-1])) {
            $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
            $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
            $mset->next();
            $_SESSION['mood_name'] = $mset->getString('node_name');
            $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
        }
        // last login

	$db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));

        $_SESSION['user_id']=$user_id;
        $_SESSION['user_name']=addslashes($user_name);
	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
	$xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
	setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
	$xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
	jabberctl('register',		array($xmpp, $xmpp_domain, $xmpp_pass));
	jabberctl('change_password',	array($xmpp, $xmpp_domain, $xmpp_pass));
	jabberctl('push_alltoall',	array($xmpp_domain, $xmpp_domain));
        if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
        if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
        if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
        if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
        $_SESSION['listing_amount']=$set->getString('listing_amount');
        $_SESSION['listing_order']=$set->getString('listing_order');
        $_SESSION['header_id']=$set->getString('header_id');
    }
//    header("Location: $referer");
    return true;
}
?>
Commit	Line	Data
51ff3226	1	<?php
ffdc8dd8 H	2	function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
	3	//gpasswd -a kyberia jabber #Adding user kyberia to group jabber
	4	$xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded
	5
	6	$cmd = $xmpp_ejabberdctl;
	7	foreach($args as $arg) {
	8	$cmd.=' '.escapeshellarg($arg);
	9	}
	10	system($cmd);
	11	}
	12
51ff3226	13	function login() {
51ff3226	14
	15	global $db,$error,$node_id;
	16	$login = mysql_real_escape_string($_POST['login']);
46c0767c	17	$password = $_POST['password']; // Not SQLi but be carefull
1ca26066 H	18	$password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
	19
	20	$hash_query='(';
	21	foreach($password_hash_algos as $algo) {
	22	$hash_query.="password='".hash($algo, $password)."' OR ";
	23	}
	24	$hash_query.='false )';
	25
51ff3226	26	$login_type = $_POST['login_type'];
	27	$referer = $_SERVER['HTTP_REFERER'];
	28
	29	if (!session_id()) {
	30	$error='asi nemas zapnute cookies alebo co';
	31	return false;
	32	}
	33
95712c2e H	34	switch ($login_type) {
	35	case "name":
	36	$q = "select * from users where login='$login' and $hash_query";
	37	break;
	38	case "base36id":
	39	$login = base_convert($login, 36, 10);
	40	case "id":
	41	$login=intval($login); //HA! if it is number, escape_string is not enough
	42	$q="select * from users where user_id='$login' and $hash_query";
	43	break;
	44	}
46c0767c	45
95712c2e H	46	$set = $db->query($q);
	47	$set->next();
	48	$user_id = $set->getString('user_id');
	49	$user_name = $set->getString('login');
330d1bd0	50	$xmpp = strtolower($set->getString('xmpp'));
51ff3226	51
41bddecc	52	if (!$set) { //XXX test
51ff3226	53	$error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
	54	return false;
	55	}
676b01e6	56	elseif ($set->getString('hash')) {
51ff3226	57	$error='Tvoja registracia este nebola schvalena.';
	58	return false;
	59	}
	60	else {
	61	$now=date("Y-m-d H:i:s");
	62	$lockout=$set->getString('acc_lockout');
	63	if ($lockout >= $now ) {
	64	global $error;
	65	$error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
	66	Prajem prijemnu odvykacku:-)";
	67	return false;
	68	}
	69
1e66e7ac	70	// Login sucessfull
51ff3226	71
1e66e7ac	72	// prevent session fixation
1e66e7ac	73	session_regenerate_id();
51ff3226	74
51ff3226	75	$cube_vector=$set->getString('cube_vector');
	76
	77	// saves friends list as an array into user session
	78	$q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
	79	external_link='session://friend' order by node_parent";
	80	$friendset=$db->query($q);
	81	while ($friendset->next()){
	82	$_SESSION['friends'][$friendset->getString('node_parent')]=true;
	83	}
	84
	85	// saves bookmarks as an array into user session
	86	$q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
	87	where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
	88	$bookmarkset=$db->query($q);
	89	while ($bookmarkset->next()){
	90	$_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
	91	}
	92
	93	//saves ignored users as an array into user session
	94	$q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
	95	$ignoreset=$db->query($q);
	96	while ($ignoreset->next()){
	97	$_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
	98	}
	99
	100	//saves fooked forums as an array into user session
	101	$q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
	102	$fookset=$db->query($q);
	103	while ($fookset->next()){
	104	$_SESSION['fook'][$fookset->getString('node_parent')]=true;
	105	}
	106
51ff3226	107
	108	//save bookstyle into user session
	109	$q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
	110	$bookstylset=$db->query($q);
	111	$bookstylset->next();
	112	$_SESSION['bookstyl'] = $bookstylset->getString('node_content');
	113
	114	// mood
	115	$mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
	116	$mset->next();
	117	$moods_expl = explode(";",$set->getString('moods'));
	118	if (!empty($moods_expl[count($moods_expl)-1])) {
	119	$_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
	120	$mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
	121	$mset->next();
	122	$_SESSION['mood_name'] = $mset->getString('node_name');
	123	$_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
	124	}
51ff3226	125	// last login
fe69da5f	126
fe69da5f	127	$db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
51ff3226	128
	129	$_SESSION['user_id']=$user_id;
	130	$_SESSION['user_name']=addslashes($user_name);
330d1bd0 H	131	setcookie('jabber_login', $xmpp, time()+606024*10, '/'); //10days on whole domain - should have persistent username in future...
	132	$xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
	133	setcookie('jabber_password', $xmpp_pass, time()+606024*10, '/'); //10days on whole domain
ffdc8dd8 H	134	$xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
	135	jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass));
	136	jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass));
	137	jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain));
51ff3226	138	if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
	139	if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
	140	if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
	141	if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
	142	$_SESSION['listing_amount']=$set->getString('listing_amount');
	143	$_SESSION['listing_order']=$set->getString('listing_order');
	144	$_SESSION['header_id']=$set->getString('header_id');
	145	}
	146	// header("Location: $referer");
	147	return true;
	148	}
e909f81b	149	?>