X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Flogin.inc;h=30d43780610658d8b8fe7b980148591395bd8aa1;hb=d2cf0fe02b06534a460bd8f9dc814007dc66ac41;hp=8f33e55e684b539d3cdcd0eb708b82577cd1eeb3;hpb=78f1a5f44941de2459b71c375e36cf88227c689c;p=mirrors%2FKyberia-bloodline.git diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc index 8f33e55..30d4378 100644 --- a/wwwroot/inc/eventz/login.inc +++ b/wwwroot/inc/eventz/login.inc @@ -12,22 +12,24 @@ function jabberctl($command, $args) { //XXXTODO Move to some .inc file... function login_check($login, $password, $login_type='id') { - global $db,$error,$node_id; - $login = db_escape_string($login); //Not SQLi in $password but be carefull - $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' - - $hash_query='('; - foreach($password_hash_algos as $algo) { - $hash_query.="password='".hash($algo, $password)."' OR "; - } - $hash_query.='false )'; + global $db,$error,$node_id; + $login = db_escape_string($login); + //Not SQLi in $password but be carefull + $password_hash_algos=array('sha256','sha1','md5'); + //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' + + $hash_query='('; + foreach($password_hash_algos as $algo) { + $hash_query.="password='".hash($algo, $password)."' OR "; + } + $hash_query.='false )'; - $referer = $_SERVER['HTTP_REFERER']; + $referer = $_SERVER['HTTP_REFERER']; - if (!session_id()) { - $error='asi nemas zapnute cookies alebo co'; - return false; - } + if (!session_id()) { + $error='asi nemas zapnute cookies alebo co'; + return false; + } switch ($login_type) { case "name": @@ -126,17 +128,23 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name" $_SESSION['user_id']=$user_id; $_SESSION['user_name']=addslashes($user_name); - setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future... + setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); + //10days on whole domain - should have persistent username in future... $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']); setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!) - jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); - jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); - jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); + + # XXX dissabled, was causing 20+ sec. delay while logging in +# jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); +# jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); +# jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); + if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); - if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; - if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; + if (!empty($_POST['screen_width']) && is_numeric($_POST['screen_width'])) + { $_SESSION['browser']['screen_width']=$_POST['screen_width']; } + if (!empty($_POST['screen_height']) && is_numeric($_POST['screen_height'])) + { $_SESSION['browser']['screen_height']=$_POST['screen_height']; } $_SESSION['listing_amount']=$set->getString('listing_amount'); $_SESSION['listing_order']=$set->getString('listing_order'); $_SESSION['header_id']=$set->getString('header_id');