X-Git-Url: http://git.harvie.cz/?a=blobdiff_plain;f=wwwroot%2Finc%2Feventz%2Flogin.inc;h=94c6b9b96702ebc3615830a0b838d5731e596397;hb=0fd4a30fa839ce315009ad2c9ddae09198e40967;hp=3849129186b43d2b6983a0aeb2d32d4471de8d6f;hpb=1e66e7ace822bce360c88bd3a082fc5cccfadfe0;p=mirrors%2FKyberia-bloodline.git

diff --git a/wwwroot/inc/eventz/login.inc b/wwwroot/inc/eventz/login.inc
index 3849129..94c6b9b 100644
--- a/wwwroot/inc/eventz/login.inc
+++ b/wwwroot/inc/eventz/login.inc
@@ -1,10 +1,28 @@
 <?php
+function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
+	//gpasswd -a kyberia jabber #Adding user kyberia to group jabber
+	$xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded
+
+	$cmd = $xmpp_ejabberdctl;
+	foreach($args as $arg) {
+		$cmd.=' '.escapeshellarg($arg);
+	}
+	system($cmd);
+}
+
 function login() {
 
     global $db,$error,$node_id;
     $login = mysql_real_escape_string($_POST['login']);
     $password = $_POST['password']; // Not SQLi but be carefull
-    $hash = md5($password);
+    $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
+
+    $hash_query='(';
+    foreach($password_hash_algos as $algo) {
+      $hash_query.="password='".hash($algo, $password)."' OR ";
+    }
+    $hash_query.='false )';
+
     $login_type = $_POST['login_type'];
     $referer = $_SERVER['HTTP_REFERER'];
 
@@ -13,25 +31,23 @@ function login() {
         return false;
     }
 
-    switch ($login_type) {
-        case "name":
-            $q = "select * from users where login='$login' and password='$hash'";
-            $set = $db->query($q);
-            $set->next();
-            $user_id = $set->getString('user_id');
-            $user_name = $set->getString('login');
-        break;
-        case "id":
-            // HA! if it is number, escape_string is not enough
-	    $login=intval($login);
-
-            $q="select * from users where user_id='$login' and password='$hash'";
-            $set=$db->query($q);
-            $set->next();
-            $user_id=$set->getString('user_id');
-            $user_name=$set->getString('login');
-        break;
-    }
+	switch ($login_type) {
+		case "name":
+			$q = "select * from users where login='$login' and $hash_query";
+			break;
+		case "base36id":
+			$login = base_convert($login, 36, 10);
+		case "id":
+			$login=intval($login); //HA! if it is number, escape_string is not enough
+			$q="select * from users where user_id='$login' and $hash_query";
+			break;
+	}
+
+	$set = $db->query($q);
+	$set->next();
+	$user_id = $set->getString('user_id');
+	$user_name = $set->getString('login');
+	$xmpp = strtolower($set->getString('xmpp'));
 
     if (!$set) { //XXX test
         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
@@ -112,6 +128,13 @@ where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"
 
         $_SESSION['user_id']=$user_id;
         $_SESSION['user_name']=addslashes($user_name);
+	setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
+	$xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
+	setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
+	$xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
+	jabberctl('register',		array($xmpp, $xmpp_domain, $xmpp_pass));
+	jabberctl('change_password',	array($xmpp, $xmpp_domain, $xmpp_pass));
+	jabberctl('push_alltoall',	array($xmpp_domain, $xmpp_domain));
         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
         if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];