X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;ds=sidebyside;f=wwwroot%2Finc%2Feventz%2Flogin.inc;h=30d43780610658d8b8fe7b980148591395bd8aa1;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=94c6b9b96702ebc3615830a0b838d5731e596397;hpb=ffdc8dd8e7b7b1fd3bafde1ac156f62ba226b13b;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index 94c6b9b..30d4378 100644
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -10,26 +10,26 @@ function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
 	system($cmd);
 }
 
-function login() {
+function login_check($login, $password, $login_type='id') {
 
-    global $db,$error,$node_id;
-    $login = mysql_real_escape_string($_POST['login']);
-    $password = $_POST['password']; // Not SQLi but be carefull
-    $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
+	global $db,$error,$node_id;
+	$login = db_escape_string($login); 
+	//Not SQLi in $password but be carefull
+	$password_hash_algos=array('sha256','sha1','md5'); 
+	//List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
 
-    $hash_query='(';
-    foreach($password_hash_algos as $algo) {
-      $hash_query.="password='".hash($algo, $password)."' OR ";
-    }
-    $hash_query.='false )';
+	$hash_query='(';
+	foreach($password_hash_algos as $algo) {
+		$hash_query.="password='".hash($algo, $password)."' OR ";
+	}
+	$hash_query.='false )';
 
-    $login_type = $_POST['login_type'];
-    $referer = $_SERVER['HTTP_REFERER'];
+	$referer = $_SERVER['HTTP_REFERER'];
 
-    if (!session_id()) {
-        $error='asi nemas zapnute cookies alebo co';
-        return false;
-    }
+	if (!session_id()) {
+		$error='asi nemas zapnute cookies alebo co';
+		return false;
+	}
 
 	switch ($login_type) {
 		case "name":
@@ -53,7 +53,7 @@ function login() {
         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
         return false;
     }
-    elseif ($set->getString('header_id') == 2091520) {
+    elseif ($set->getString('hash')) {
         $error='Tvoja registracia este nebola schvalena.';
         return false;
     }
@@ -128,17 +128,23 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
 
         $_SESSION['user_id']=$user_id;
         $_SESSION['user_name']=addslashes($user_name);
-	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
+	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); 
+	//10days on whole domain - should have persistent username in future...
 	$xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
 	setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
 	$xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
-	jabberctl('register',		array($xmpp, $xmpp_domain, $xmpp_pass));
-	jabberctl('change_password',	array($xmpp, $xmpp_domain, $xmpp_pass));
-	jabberctl('push_alltoall',	array($xmpp_domain, $xmpp_domain));
+
+	# XXX dissabled, was causing 20+ sec. delay while logging in
+#	jabberctl('register',		array($xmpp, $xmpp_domain, $xmpp_pass));
+#	jabberctl('change_password',	array($xmpp, $xmpp_domain, $xmpp_pass));
+#	jabberctl('push_alltoall',	array($xmpp_domain, $xmpp_domain));
+
         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
-        if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
-        if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
+        if (!empty($_POST['screen_width']) && is_numeric($_POST['screen_width'])) 
+		{ $_SESSION['browser']['screen_width']=$_POST['screen_width']; }
+        if (!empty($_POST['screen_height']) && is_numeric($_POST['screen_height'])) 
+		{ $_SESSION['browser']['screen_height']=$_POST['screen_height']; }
         $_SESSION['listing_amount']=$set->getString('listing_amount');
         $_SESSION['listing_order']=$set->getString('listing_order');
         $_SESSION['header_id']=$set->getString('header_id');
@@ -146,4 +152,10 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
 //    header("Location: $referer");
     return true;
 }
-?>
+
+function login() {
+	$login = $_POST['login'];
+	$password = $_POST['password'];
+	$login_type = $_POST['login_type'];
+	return login_check($login, $password, $login_type);
+}