51ff3226 |
1 | <?php |
2 | function login() { |
51ff3226 |
3 | |
4 | global $db,$error,$node_id; |
5 | $login = mysql_real_escape_string($_POST['login']); |
46c0767c |
6 | $password = $_POST['password']; // Not SQLi but be carefull |
51ff3226 |
7 | $hash = md5($password); |
8 | $login_type = $_POST['login_type']; |
9 | $referer = $_SERVER['HTTP_REFERER']; |
10 | |
11 | if (!session_id()) { |
12 | $error='asi nemas zapnute cookies alebo co'; |
13 | return false; |
14 | } |
15 | |
16 | switch ($login_type) { |
17 | case "name": |
41bddecc |
18 | $q = "select * from users where login='$login' and password='$hash'"; |
51ff3226 |
19 | $set = $db->query($q); |
20 | $set->next(); |
21 | $user_id = $set->getString('user_id'); |
22 | $user_name = $set->getString('login'); |
23 | break; |
24 | case "id": |
46c0767c |
25 | // HA! if it is number, escape_string is not enough |
26 | $login=intval($login); |
27 | |
41bddecc |
28 | $q="select * from users where user_id='$login' and password='$hash'"; |
51ff3226 |
29 | $set=$db->query($q); |
30 | $set->next(); |
31 | $user_id=$set->getString('user_id'); |
32 | $user_name=$set->getString('login'); |
33 | break; |
34 | } |
35 | |
41bddecc |
36 | if (!$set) { //XXX test |
51ff3226 |
37 | $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco"; |
38 | return false; |
39 | } |
40 | elseif ($set->getString('header_id') == 2091520) { |
41 | $error='Tvoja registracia este nebola schvalena.'; |
42 | return false; |
43 | } |
44 | else { |
45 | $now=date("Y-m-d H:i:s"); |
46 | $lockout=$set->getString('acc_lockout'); |
47 | if ($lockout >= $now ) { |
48 | global $error; |
49 | $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout. |
50 | Prajem prijemnu odvykacku:-)"; |
51 | return false; |
52 | } |
53 | |
1e66e7ac |
54 | // Login sucessfull |
51ff3226 |
55 | |
1e66e7ac |
56 | // prevent session fixation |
57 | session_regenerate_id(); |
51ff3226 |
58 | |
51ff3226 |
59 | $cube_vector=$set->getString('cube_vector'); |
60 | |
61 | // saves friends list as an array into user session |
62 | $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and |
63 | external_link='session://friend' order by node_parent"; |
64 | $friendset=$db->query($q); |
65 | while ($friendset->next()){ |
66 | $_SESSION['friends'][$friendset->getString('node_parent')]=true; |
67 | } |
68 | |
69 | // saves bookmarks as an array into user session |
70 | $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id |
71 | where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"; |
72 | $bookmarkset=$db->query($q); |
73 | while ($bookmarkset->next()){ |
74 | $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name'); |
75 | } |
76 | |
77 | //saves ignored users as an array into user session |
78 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'"; |
79 | $ignoreset=$db->query($q); |
80 | while ($ignoreset->next()){ |
81 | $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true; |
82 | } |
83 | |
84 | //saves fooked forums as an array into user session |
85 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'"; |
86 | $fookset=$db->query($q); |
87 | while ($fookset->next()){ |
88 | $_SESSION['fook'][$fookset->getString('node_parent')]=true; |
89 | } |
90 | |
51ff3226 |
91 | |
92 | //save bookstyle into user session |
93 | $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'"; |
94 | $bookstylset=$db->query($q); |
95 | $bookstylset->next(); |
96 | $_SESSION['bookstyl'] = $bookstylset->getString('node_content'); |
97 | |
98 | // mood |
99 | $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id)); |
100 | $mset->next(); |
101 | $moods_expl = explode(";",$set->getString('moods')); |
102 | if (!empty($moods_expl[count($moods_expl)-1])) { |
103 | $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1]; |
104 | $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1])); |
105 | $mset->next(); |
106 | $_SESSION['mood_name'] = $mset->getString('node_name'); |
107 | $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223)); |
108 | } |
51ff3226 |
109 | // last login |
fe69da5f |
110 | |
111 | $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id)); |
51ff3226 |
112 | |
113 | $_SESSION['user_id']=$user_id; |
114 | $_SESSION['user_name']=addslashes($user_name); |
115 | if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; |
116 | if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); |
117 | if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; |
118 | if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; |
119 | $_SESSION['listing_amount']=$set->getString('listing_amount'); |
120 | $_SESSION['listing_order']=$set->getString('listing_order'); |
121 | $_SESSION['header_id']=$set->getString('header_id'); |
122 | } |
123 | // header("Location: $referer"); |
124 | return true; |
125 | } |
e909f81b |
126 | ?> |