- switch ($login_type) {
- case "name":
- $q = "select * from users where login='$login' and $hash_query";
- $set = $db->query($q);
- $set->next();
- $user_id = $set->getString('user_id');
- $user_name = $set->getString('login');
- break;
- case "base36id":
- $login = base_convert($login, 36, 10);
- case "id":
- // HA! if it is number, escape_string is not enough
- $login=intval($login);
-
- $q="select * from users where user_id='$login' and $hash_query";
- $set=$db->query($q);
- $set->next();
- $user_id=$set->getString('user_id');
- $user_name=$set->getString('login');
- break;
- }
+function login_check($login, $password, $login_type='id') {
+
+ global $db,$error,$node_id;
+ $login = db_escape_string($login);
+ //Not SQLi in $password but be carefull
+ $password_hash_algos=array('sha256','sha1','md5');
+ //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
+
+ $hash_query='(';
+ foreach($password_hash_algos as $algo) {
+ $hash_query.="password='".hash($algo, $password)."' OR ";
+ }
+ $hash_query.='false )';
+
+ $referer = $_SERVER['HTTP_REFERER'];
+
+ if (!session_id()) {
+ $error='asi nemas zapnute cookies alebo co';
+ return false;
+ }
+
+ switch ($login_type) {
+ case "name":
+ $q = "select * from users where login='$login' and $hash_query";
+ break;
+ case "base36id":
+ $login = base_convert($login, 36, 10);
+ case "id":
+ $login=intval($login); //HA! if it is number, escape_string is not enough
+ $q="select * from users where user_id='$login' and $hash_query";
+ break;
+ }
+
+ $set = $db->query($q);
+ $set->next();
+ $user_id = $set->getString('user_id');
+ $user_name = $set->getString('login');
+ $xmpp = strtolower($set->getString('xmpp'));