X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;ds=inline;f=wwwroot%2Finc%2Feventz%2Flogin.inc;h=ef4800af8bcb58f5b927488cc9f581f43a0d15a3;hb=2fb33507204ed8c25b7fb90238c9cc5b7af60fa2;hp=c19f4e7f29c6923b34cb1d6b79db0bc99874ad80;hpb=51ff32267c4949bad6a8dddc502cbc01ed56edc8;p=mirrors%2FKyberia-bloodline.git
diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index c19f4e7..ef4800a 100644
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -3,11 +3,11 @@ function login() {
// lockout capatibility
// with ldap sync
//
This is da default one
- require(SYSTEM_ROOT.'/inc/ldap.inc');
+// require(INCLUDE_DIR.'ldap.inc');
global $db,$error,$node_id;
$login = mysql_real_escape_string($_POST['login']);
- $password = $_POST['password'];
+ $password = $_POST['password']; //XXX nice SQLi
$hash = md5($password);
$login_type = $_POST['login_type'];
$referer = $_SERVER['HTTP_REFERER'];
@@ -19,14 +19,14 @@ function login() {
switch ($login_type) {
case "name":
- $q = "select * from users where login='$login'";
+ $q = "select * from users where login='$login' and password='$hash'";
$set = $db->query($q);
$set->next();
$user_id = $set->getString('user_id');
$user_name = $set->getString('login');
break;
case "id":
- $q="select * from users where user_id='$login'";
+ $q="select * from users where user_id='$login' and password='$hash'";
$set=$db->query($q);
$set->next();
$user_id=$set->getString('user_id');
@@ -34,8 +34,9 @@ function login() {
break;
}
- $ldap_response=LDAPuser::auth($user_id,$password);
- if ($set->getString('password') != $hash and !$ldap_response) {
+// $ldap_response=LDAPuser::auth($user_id,$password);
+
+ if (!$set) { //XXX test
$error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
return false;
}
@@ -90,7 +91,7 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
$_SESSION['fook'][$fookset->getString('node_parent')]=true;
}
- LDAPuser::replicate($user_name,$user_id,$password);
+// LDAPuser::replicate($user_name,$user_id,$password);
//save bookstyle into user session
$q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
@@ -109,9 +110,9 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
$_SESSION['mood_name'] = $mset->getString('node_name');
$_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
}
-
// last login
- $db->query(sprintf('update users set last_login = NOW() where user_id = %d', $user_id));
+
+ $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
$_SESSION['user_id']=$user_id;
$_SESSION['user_name']=addslashes($user_name);
@@ -126,4 +127,4 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
// header("Location: $referer");
return true;
}
-?>
\ No newline at end of file
+?>