GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blame
| Commit | Line | Data |
|---|---|---|
| 51ff3226 | 1 | <?php |
| 2 | function login() { | |
| 51ff3226 | 3 | |
| 4 | global $db,$error,$node_id; | |
| 5 | $login = mysql_real_escape_string($_POST['login']); | |
| 46c0767c | 6 | $password = $_POST['password']; // Not SQLi but be carefull |
| 51ff3226 | 7 | $hash = md5($password); |
| 8 | $login_type = $_POST['login_type']; | |
| 9 | $referer = $_SERVER['HTTP_REFERER']; | |
| 10 | ||
| 11 | if (!session_id()) { | |
| 12 | $error='asi nemas zapnute cookies alebo co'; | |
| 13 | return false; | |
| 14 | } | |
| 15 | ||
| 16 | switch ($login_type) { | |
| 17 | case "name": | |
| 41bddecc | 18 | $q = "select * from users where login='$login' and password='$hash'"; |
| 51ff3226 | 19 | $set = $db->query($q); |
| 20 | $set->next(); | |
| 21 | $user_id = $set->getString('user_id'); | |
| 22 | $user_name = $set->getString('login'); | |
| 23 | break; | |
| 117ec8d8 H |
24 | case "base36id": |
| 25 | $login = base_convert($login, 36, 10); | |
| 51ff3226 | 26 | case "id": |
| 46c0767c | 27 | // HA! if it is number, escape_string is not enough |
| 28 | $login=intval($login); | |
| 29 | ||
| 41bddecc | 30 | $q="select * from users where user_id='$login' and password='$hash'"; |
| 51ff3226 | 31 | $set=$db->query($q); |
| 32 | $set->next(); | |
| 33 | $user_id=$set->getString('user_id'); | |
| 34 | $user_name=$set->getString('login'); | |
| 35 | break; | |
| 36 | } | |
| 37 | ||
| 41bddecc | 38 | if (!$set) { //XXX test |
| 51ff3226 | 39 | $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco"; |
| 40 | return false; | |
| 41 | } | |
| 42 | elseif ($set->getString('header_id') == 2091520) { | |
| 43 | $error='Tvoja registracia este nebola schvalena.'; | |
| 44 | return false; | |
| 45 | } | |
| 46 | else { | |
| 47 | $now=date("Y-m-d H:i:s"); | |
| 48 | $lockout=$set->getString('acc_lockout'); | |
| 49 | if ($lockout >= $now ) { | |
| 50 | global $error; | |
| 51 | $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout. | |
| 52 | Prajem prijemnu odvykacku:-)"; | |
| 53 | return false; | |
| 54 | } | |
| 55 | ||
| 1e66e7ac | 56 | // Login sucessfull |
| 51ff3226 | 57 | |
| 1e66e7ac | 58 | // prevent session fixation |
| 59 | session_regenerate_id(); | |
| 51ff3226 | 60 | |
| 51ff3226 | 61 | $cube_vector=$set->getString('cube_vector'); |
| 62 | ||
| 63 | // saves friends list as an array into user session | |
| 64 | $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and | |
| 65 | external_link='session://friend' order by node_parent"; | |
| 66 | $friendset=$db->query($q); | |
| 67 | while ($friendset->next()){ | |
| 68 | $_SESSION['friends'][$friendset->getString('node_parent')]=true; | |
| 69 | } | |
| 70 | ||
| 71 | // saves bookmarks as an array into user session | |
| 72 | $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id | |
| 73 | where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"; | |
| 74 | $bookmarkset=$db->query($q); | |
| 75 | while ($bookmarkset->next()){ | |
| 76 | $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name'); | |
| 77 | } | |
| 78 | ||
| 79 | //saves ignored users as an array into user session | |
| 80 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'"; | |
| 81 | $ignoreset=$db->query($q); | |
| 82 | while ($ignoreset->next()){ | |
| 83 | $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true; | |
| 84 | } | |
| 85 | ||
| 86 | //saves fooked forums as an array into user session | |
| 87 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'"; | |
| 88 | $fookset=$db->query($q); | |
| 89 | while ($fookset->next()){ | |
| 90 | $_SESSION['fook'][$fookset->getString('node_parent')]=true; | |
| 91 | } | |
| 92 | ||
| 51ff3226 | 93 | |
| 94 | //save bookstyle into user session | |
| 95 | $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'"; | |
| 96 | $bookstylset=$db->query($q); | |
| 97 | $bookstylset->next(); | |
| 98 | $_SESSION['bookstyl'] = $bookstylset->getString('node_content'); | |
| 99 | ||
| 100 | // mood | |
| 101 | $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id)); | |
| 102 | $mset->next(); | |
| 103 | $moods_expl = explode(";",$set->getString('moods')); | |
| 104 | if (!empty($moods_expl[count($moods_expl)-1])) { | |
| 105 | $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1]; | |
| 106 | $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1])); | |
| 107 | $mset->next(); | |
| 108 | $_SESSION['mood_name'] = $mset->getString('node_name'); | |
| 109 | $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223)); | |
| 110 | } | |
| 51ff3226 | 111 | // last login |
| fe69da5f | 112 | |
| 113 | $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id)); | |
| 51ff3226 | 114 | |
| 115 | $_SESSION['user_id']=$user_id; | |
| 116 | $_SESSION['user_name']=addslashes($user_name); | |
| 117 | if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; | |
| 118 | if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); | |
| 119 | if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; | |
| 120 | if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; | |
| 121 | $_SESSION['listing_amount']=$set->getString('listing_amount'); | |
| 122 | $_SESSION['listing_order']=$set->getString('listing_order'); | |
| 123 | $_SESSION['header_id']=$set->getString('header_id'); | |
| 124 | } | |
| 125 | // header("Location: $referer"); | |
| 126 | return true; | |
| 127 | } | |
| e909f81b | 128 | ?> |