Commit | Line | Data |
---|---|---|
51ff3226 | 1 | <?php |
ffdc8dd8 H |
2 | function jabberctl($command, $args) { //XXXTODO Move to some .inc file... |
3 | //gpasswd -a kyberia jabber #Adding user kyberia to group jabber | |
4 | $xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded | |
5 | ||
6 | $cmd = $xmpp_ejabberdctl; | |
7 | foreach($args as $arg) { | |
8 | $cmd.=' '.escapeshellarg($arg); | |
9 | } | |
10 | system($cmd); | |
11 | } | |
12 | ||
e0946a04 | 13 | function login_check($login, $password, $login_type='id') { |
51ff3226 | 14 | |
15 | global $db,$error,$node_id; | |
e0946a04 | 16 | $login = mysql_real_escape_string($login); //Not SQLi in $password but be carefull |
1ca26066 H |
17 | $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' |
18 | ||
19 | $hash_query='('; | |
20 | foreach($password_hash_algos as $algo) { | |
21 | $hash_query.="password='".hash($algo, $password)."' OR "; | |
22 | } | |
23 | $hash_query.='false )'; | |
24 | ||
51ff3226 | 25 | $referer = $_SERVER['HTTP_REFERER']; |
26 | ||
27 | if (!session_id()) { | |
28 | $error='asi nemas zapnute cookies alebo co'; | |
29 | return false; | |
30 | } | |
31 | ||
95712c2e H |
32 | switch ($login_type) { |
33 | case "name": | |
34 | $q = "select * from users where login='$login' and $hash_query"; | |
35 | break; | |
36 | case "base36id": | |
37 | $login = base_convert($login, 36, 10); | |
38 | case "id": | |
39 | $login=intval($login); //HA! if it is number, escape_string is not enough | |
40 | $q="select * from users where user_id='$login' and $hash_query"; | |
41 | break; | |
42 | } | |
46c0767c | 43 | |
95712c2e H |
44 | $set = $db->query($q); |
45 | $set->next(); | |
46 | $user_id = $set->getString('user_id'); | |
47 | $user_name = $set->getString('login'); | |
330d1bd0 | 48 | $xmpp = strtolower($set->getString('xmpp')); |
51ff3226 | 49 | |
41bddecc | 50 | if (!$set) { //XXX test |
51ff3226 | 51 | $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco"; |
52 | return false; | |
53 | } | |
676b01e6 | 54 | elseif ($set->getString('hash')) { |
51ff3226 | 55 | $error='Tvoja registracia este nebola schvalena.'; |
56 | return false; | |
57 | } | |
58 | else { | |
59 | $now=date("Y-m-d H:i:s"); | |
60 | $lockout=$set->getString('acc_lockout'); | |
61 | if ($lockout >= $now ) { | |
62 | global $error; | |
63 | $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout. | |
64 | Prajem prijemnu odvykacku:-)"; | |
65 | return false; | |
66 | } | |
67 | ||
1e66e7ac | 68 | // Login sucessfull |
51ff3226 | 69 | |
1e66e7ac | 70 | // prevent session fixation |
71 | session_regenerate_id(); | |
51ff3226 | 72 | |
51ff3226 | 73 | $cube_vector=$set->getString('cube_vector'); |
74 | ||
75 | // saves friends list as an array into user session | |
76 | $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and | |
77 | external_link='session://friend' order by node_parent"; | |
78 | $friendset=$db->query($q); | |
79 | while ($friendset->next()){ | |
80 | $_SESSION['friends'][$friendset->getString('node_parent')]=true; | |
81 | } | |
82 | ||
83 | // saves bookmarks as an array into user session | |
84 | $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id | |
85 | where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"; | |
86 | $bookmarkset=$db->query($q); | |
87 | while ($bookmarkset->next()){ | |
88 | $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name'); | |
89 | } | |
90 | ||
91 | //saves ignored users as an array into user session | |
92 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'"; | |
93 | $ignoreset=$db->query($q); | |
94 | while ($ignoreset->next()){ | |
95 | $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true; | |
96 | } | |
97 | ||
98 | //saves fooked forums as an array into user session | |
99 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'"; | |
100 | $fookset=$db->query($q); | |
101 | while ($fookset->next()){ | |
102 | $_SESSION['fook'][$fookset->getString('node_parent')]=true; | |
103 | } | |
104 | ||
51ff3226 | 105 | |
106 | //save bookstyle into user session | |
107 | $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'"; | |
108 | $bookstylset=$db->query($q); | |
109 | $bookstylset->next(); | |
110 | $_SESSION['bookstyl'] = $bookstylset->getString('node_content'); | |
111 | ||
112 | // mood | |
113 | $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id)); | |
114 | $mset->next(); | |
115 | $moods_expl = explode(";",$set->getString('moods')); | |
116 | if (!empty($moods_expl[count($moods_expl)-1])) { | |
117 | $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1]; | |
118 | $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1])); | |
119 | $mset->next(); | |
120 | $_SESSION['mood_name'] = $mset->getString('node_name'); | |
121 | $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223)); | |
122 | } | |
51ff3226 | 123 | // last login |
fe69da5f | 124 | |
125 | $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id)); | |
51ff3226 | 126 | |
127 | $_SESSION['user_id']=$user_id; | |
128 | $_SESSION['user_name']=addslashes($user_name); | |
330d1bd0 H |
129 | setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future... |
130 | $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']); | |
131 | setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain | |
ffdc8dd8 H |
132 | $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!) |
133 | jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); | |
134 | jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); | |
135 | jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); | |
51ff3226 | 136 | if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; |
137 | if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); | |
138 | if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; | |
139 | if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; | |
140 | $_SESSION['listing_amount']=$set->getString('listing_amount'); | |
141 | $_SESSION['listing_order']=$set->getString('listing_order'); | |
142 | $_SESSION['header_id']=$set->getString('header_id'); | |
143 | } | |
144 | // header("Location: $referer"); | |
145 | return true; | |
146 | } | |
e0946a04 H |
147 | |
148 | function login() { | |
149 | $login = $_POST['login']; | |
150 | $password = $_POST['password']; | |
151 | $login_type = $_POST['login_type']; | |
152 | return login_check($login, $password, $login_type); | |
153 | } |