<?php
-function login() {
-
- global $db,$error,$node_id;
- $login = mysql_real_escape_string($_POST['login']);
- $password = $_POST['password']; // Not SQLi but be carefull
- $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
-
- $hash_query='(';
- foreach($password_hash_algos as $algo) {
- $hash_query.="password='".hash($algo, $password)."' OR ";
- }
- $hash_query.='false )';
-
- $login_type = $_POST['login_type'];
- $referer = $_SERVER['HTTP_REFERER'];
-
- if (!session_id()) {
- $error='asi nemas zapnute cookies alebo co';
- return false;
- }
+function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
+ //gpasswd -a kyberia jabber #Adding user kyberia to group jabber
+ $xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded
+
+ $cmd = $xmpp_ejabberdctl;
+ foreach($args as $arg) {
+ $cmd.=' '.escapeshellarg($arg);
+ }
+ system($cmd);
+}
- switch ($login_type) {
- case "name":
- $q = "select * from users where login='$login' and $hash_query";
- $set = $db->query($q);
- $set->next();
- $user_id = $set->getString('user_id');
- $user_name = $set->getString('login');
- break;
- case "base36id":
- $login = base_convert($login, 36, 10);
- case "id":
- // HA! if it is number, escape_string is not enough
- $login=intval($login);
-
- $q="select * from users where user_id='$login' and $hash_query";
- $set=$db->query($q);
- $set->next();
- $user_id=$set->getString('user_id');
- $user_name=$set->getString('login');
- break;
- }
+function login_check($login, $password, $login_type='id') {
+
+ global $db,$error,$node_id;
+ $login = db_escape_string($login);
+ //Not SQLi in $password but be carefull
+ $password_hash_algos=array('sha256','sha1','md5');
+ //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
+
+ $hash_query='(';
+ foreach($password_hash_algos as $algo) {
+ $hash_query.="password='".hash($algo, $password)."' OR ";
+ }
+ $hash_query.='false )';
+
+ $referer = $_SERVER['HTTP_REFERER'];
+
+ if (!session_id()) {
+ $error='asi nemas zapnute cookies alebo co';
+ return false;
+ }
+
+ switch ($login_type) {
+ case "name":
+ $q = "select * from users where login='$login' and $hash_query";
+ break;
+ case "base36id":
+ $login = base_convert($login, 36, 10);
+ case "id":
+ $login=intval($login); //HA! if it is number, escape_string is not enough
+ $q="select * from users where user_id='$login' and $hash_query";
+ break;
+ }
+
+ $set = $db->query($q);
+ $set->next();
+ $user_id = $set->getString('user_id');
+ $user_name = $set->getString('login');
+ $xmpp = strtolower($set->getString('xmpp'));
if (!$set) { //XXX test
$error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
return false;
}
- elseif ($set->getString('header_id') == 2091520) {
+ elseif ($set->getString('hash')) {
$error='Tvoja registracia este nebola schvalena.';
return false;
}
$_SESSION['user_id']=$user_id;
$_SESSION['user_name']=addslashes($user_name);
- setcookie('jabber_login', strtolower($user_name), time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
- setcookie('jabber_password', hash('md5', 'jabber:'.$_POST['password']), time()+60*60*24*10, '/'); //10days on whole domain
+ setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/');
+ //10days on whole domain - should have persistent username in future...
+ $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
+ setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
+ $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
+
+ # XXX dissabled, was causing 20+ sec. delay while logging in
+# jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass));
+# jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass));
+# jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain));
+
if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
- if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
- if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
+ if (!empty($_POST['screen_width']) && is_numeric($_POST['screen_width']))
+ { $_SESSION['browser']['screen_width']=$_POST['screen_width']; }
+ if (!empty($_POST['screen_height']) && is_numeric($_POST['screen_height']))
+ { $_SESSION['browser']['screen_height']=$_POST['screen_height']; }
$_SESSION['listing_amount']=$set->getString('listing_amount');
$_SESSION['listing_order']=$set->getString('listing_order');
$_SESSION['header_id']=$set->getString('header_id');
// header("Location: $referer");
return true;
}
-?>
+
+function login() {
+ $login = $_POST['login'];
+ $password = $_POST['password'];
+ $login_type = $_POST['login_type'];
+ return login_check($login, $password, $login_type);
+}