[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / login.inc

<?php
function login() {
// lockout capatibility
// with ldap sync
// <h1> This is da default one</h1>
//    require(INCLUDE_DIR.'ldap.inc');

    global $db,$error,$node_id;
    $login = mysql_real_escape_string($_POST['login']);
    $password = $_POST['password']; // Not SQLi but be carefull
    $hash = md5($password);
    $login_type = $_POST['login_type'];
    $referer = $_SERVER['HTTP_REFERER'];

    if (!session_id()) {
        $error='asi nemas zapnute cookies alebo co';
        return false;
    }

    switch ($login_type) {
        case "name":
            $q = "select * from users where login='$login' and password='$hash'";
            $set = $db->query($q);
            $set->next();
            $user_id = $set->getString('user_id');
            $user_name = $set->getString('login');
        break;
        case "id":
            // HA! if it is number, escape_string is not enough
	    $login=intval($login);

            $q="select * from users where user_id='$login' and password='$hash'";
            $set=$db->query($q);
            $set->next();
            $user_id=$set->getString('user_id');
            $user_name=$set->getString('login');
        break;
    }

//    $ldap_response=LDAPuser::auth($user_id,$password);

    if (!$set) { //XXX test
        $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
        return false;
    }
    elseif ($set->getString('header_id') == 2091520) {
        $error='Tvoja registracia este nebola schvalena.';
        return false;
    }
    else {
        $now=date("Y-m-d H:i:s");
        $lockout=$set->getString('acc_lockout');
        if ($lockout >= $now ) {
            global $error;
            $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
Prajem prijemnu odvykacku:-)";
            return false;
        }

//ldap replicate
// LDAPuser::ldap_mysql_sync($user_name,$user_id,$password);


//
        $cube_vector=$set->getString('cube_vector');

        // saves friends list as an array into user session
        $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
external_link='session://friend' order by node_parent";
        $friendset=$db->query($q);
        while ($friendset->next()){
            $_SESSION['friends'][$friendset->getString('node_parent')]=true;
        }

        // saves bookmarks as an array into user session
        $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
        $bookmarkset=$db->query($q);
        while ($bookmarkset->next()){
            $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
        }

        //saves ignored users as an array into user session
        $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
        $ignoreset=$db->query($q);
        while ($ignoreset->next()){
            $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
        }

        //saves fooked forums as an array into user session
        $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
        $fookset=$db->query($q);
        while ($fookset->next()){
            $_SESSION['fook'][$fookset->getString('node_parent')]=true;
        }

//        LDAPuser::replicate($user_name,$user_id,$password);

        //save bookstyle into user session
        $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
        $bookstylset=$db->query($q);
        $bookstylset->next();
        $_SESSION['bookstyl'] = $bookstylset->getString('node_content');

        // mood
        $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
        $mset->next();
        $moods_expl = explode(";",$set->getString('moods'));
        if (!empty($moods_expl[count($moods_expl)-1])) {
            $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
            $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
            $mset->next();
            $_SESSION['mood_name'] = $mset->getString('node_name');
            $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
        }
        // last login

	$db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));

        $_SESSION['user_id']=$user_id;
        $_SESSION['user_name']=addslashes($user_name);
        if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
        if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
        if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
        if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
        $_SESSION['listing_amount']=$set->getString('listing_amount');
        $_SESSION['listing_order']=$set->getString('listing_order');
        $_SESSION['header_id']=$set->getString('header_id');
    }
//    header("Location: $referer");
    return true;
}
?>
Commit	Line	Data
51ff3226	1	<?php
	2	function login() {
	3	// lockout capatibility
	4	// with ldap sync
	5	// <h1> This is da default one</h1>
41bddecc	6	// require(INCLUDE_DIR.'ldap.inc');
51ff3226	7
	8	global $db,$error,$node_id;
	9	$login = mysql_real_escape_string($_POST['login']);
46c0767c	10	$password = $_POST['password']; // Not SQLi but be carefull
51ff3226	11	$hash = md5($password);
	12	$login_type = $_POST['login_type'];
	13	$referer = $_SERVER['HTTP_REFERER'];
	14
	15	if (!session_id()) {
	16	$error='asi nemas zapnute cookies alebo co';
	17	return false;
	18	}
	19
	20	switch ($login_type) {
	21	case "name":
41bddecc	22	$q = "select * from users where login='$login' and password='$hash'";
51ff3226	23	$set = $db->query($q);
	24	$set->next();
	25	$user_id = $set->getString('user_id');
	26	$user_name = $set->getString('login');
	27	break;
	28	case "id":
46c0767c	29	// HA! if it is number, escape_string is not enough
	30	$login=intval($login);
	31
41bddecc	32	$q="select * from users where user_id='$login' and password='$hash'";
51ff3226	33	$set=$db->query($q);
	34	$set->next();
	35	$user_id=$set->getString('user_id');
	36	$user_name=$set->getString('login');
	37	break;
	38	}
	39
41bddecc	40	// $ldap_response=LDAPuser::auth($user_id,$password);
	41
	42	if (!$set) { //XXX test
51ff3226	43	$error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
	44	return false;
	45	}
	46	elseif ($set->getString('header_id') == 2091520) {
	47	$error='Tvoja registracia este nebola schvalena.';
	48	return false;
	49	}
	50	else {
	51	$now=date("Y-m-d H:i:s");
	52	$lockout=$set->getString('acc_lockout');
	53	if ($lockout >= $now ) {
	54	global $error;
	55	$error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
	56	Prajem prijemnu odvykacku:-)";
	57	return false;
	58	}
	59
	60	//ldap replicate
	61	// LDAPuser::ldap_mysql_sync($user_name,$user_id,$password);
	62
	63
	64	//
	65	$cube_vector=$set->getString('cube_vector');
	66
	67	// saves friends list as an array into user session
	68	$q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
	69	external_link='session://friend' order by node_parent";
	70	$friendset=$db->query($q);
	71	while ($friendset->next()){
	72	$_SESSION['friends'][$friendset->getString('node_parent')]=true;
	73	}
	74
	75	// saves bookmarks as an array into user session
	76	$q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
	77	where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
	78	$bookmarkset=$db->query($q);
	79	while ($bookmarkset->next()){
	80	$_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
	81	}
	82
	83	//saves ignored users as an array into user session
	84	$q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
	85	$ignoreset=$db->query($q);
	86	while ($ignoreset->next()){
	87	$_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
	88	}
	89
	90	//saves fooked forums as an array into user session
	91	$q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
	92	$fookset=$db->query($q);
	93	while ($fookset->next()){
	94	$_SESSION['fook'][$fookset->getString('node_parent')]=true;
	95	}
	96
41bddecc	97	// LDAPuser::replicate($user_name,$user_id,$password);
51ff3226	98
	99	//save bookstyle into user session
	100	$q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
	101	$bookstylset=$db->query($q);
	102	$bookstylset->next();
	103	$_SESSION['bookstyl'] = $bookstylset->getString('node_content');
	104
	105	// mood
	106	$mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
	107	$mset->next();
	108	$moods_expl = explode(";",$set->getString('moods'));
	109	if (!empty($moods_expl[count($moods_expl)-1])) {
	110	$_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
	111	$mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
	112	$mset->next();
	113	$_SESSION['mood_name'] = $mset->getString('node_name');
	114	$_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
	115	}
51ff3226	116	// last login
fe69da5f	117
fe69da5f	118	$db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
51ff3226	119
	120	$_SESSION['user_id']=$user_id;
	121	$_SESSION['user_name']=addslashes($user_name);
	122	if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
	123	if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
	124	if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
	125	if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
	126	$_SESSION['listing_amount']=$set->getString('listing_amount');
	127	$_SESSION['listing_order']=$set->getString('listing_order');
	128	$_SESSION['header_id']=$set->getString('header_id');
	129	}
	130	// header("Location: $referer");
	131	return true;
	132	}
e909f81b	133	?>