| 1 | <?php |
| 2 | function jabberctl($command, $args) { //XXXTODO Move to some .inc file... |
| 3 | //gpasswd -a kyberia jabber #Adding user kyberia to group jabber |
| 4 | $xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded |
| 5 | |
| 6 | $cmd = $xmpp_ejabberdctl; |
| 7 | foreach($args as $arg) { |
| 8 | $cmd.=' '.escapeshellarg($arg); |
| 9 | } |
| 10 | system($cmd); |
| 11 | } |
| 12 | |
| 13 | function login() { |
| 14 | |
| 15 | global $db,$error,$node_id; |
| 16 | $login = mysql_real_escape_string($_POST['login']); |
| 17 | $password = $_POST['password']; // Not SQLi but be carefull |
| 18 | $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());' |
| 19 | |
| 20 | $hash_query='('; |
| 21 | foreach($password_hash_algos as $algo) { |
| 22 | $hash_query.="password='".hash($algo, $password)."' OR "; |
| 23 | } |
| 24 | $hash_query.='false )'; |
| 25 | |
| 26 | $login_type = $_POST['login_type']; |
| 27 | $referer = $_SERVER['HTTP_REFERER']; |
| 28 | |
| 29 | if (!session_id()) { |
| 30 | $error='asi nemas zapnute cookies alebo co'; |
| 31 | return false; |
| 32 | } |
| 33 | |
| 34 | switch ($login_type) { |
| 35 | case "name": |
| 36 | $q = "select * from users where login='$login' and $hash_query"; |
| 37 | break; |
| 38 | case "base36id": |
| 39 | $login = base_convert($login, 36, 10); |
| 40 | case "id": |
| 41 | $login=intval($login); //HA! if it is number, escape_string is not enough |
| 42 | $q="select * from users where user_id='$login' and $hash_query"; |
| 43 | break; |
| 44 | } |
| 45 | |
| 46 | $set = $db->query($q); |
| 47 | $set->next(); |
| 48 | $user_id = $set->getString('user_id'); |
| 49 | $user_name = $set->getString('login'); |
| 50 | $xmpp = strtolower($set->getString('xmpp')); |
| 51 | |
| 52 | if (!$set) { //XXX test |
| 53 | $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco"; |
| 54 | return false; |
| 55 | } |
| 56 | elseif ($set->getString('hash')) { |
| 57 | $error='Tvoja registracia este nebola schvalena.'; |
| 58 | return false; |
| 59 | } |
| 60 | else { |
| 61 | $now=date("Y-m-d H:i:s"); |
| 62 | $lockout=$set->getString('acc_lockout'); |
| 63 | if ($lockout >= $now ) { |
| 64 | global $error; |
| 65 | $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout. |
| 66 | Prajem prijemnu odvykacku:-)"; |
| 67 | return false; |
| 68 | } |
| 69 | |
| 70 | // Login sucessfull |
| 71 | |
| 72 | // prevent session fixation |
| 73 | session_regenerate_id(); |
| 74 | |
| 75 | $cube_vector=$set->getString('cube_vector'); |
| 76 | |
| 77 | // saves friends list as an array into user session |
| 78 | $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and |
| 79 | external_link='session://friend' order by node_parent"; |
| 80 | $friendset=$db->query($q); |
| 81 | while ($friendset->next()){ |
| 82 | $_SESSION['friends'][$friendset->getString('node_parent')]=true; |
| 83 | } |
| 84 | |
| 85 | // saves bookmarks as an array into user session |
| 86 | $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id |
| 87 | where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name"; |
| 88 | $bookmarkset=$db->query($q); |
| 89 | while ($bookmarkset->next()){ |
| 90 | $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name'); |
| 91 | } |
| 92 | |
| 93 | //saves ignored users as an array into user session |
| 94 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'"; |
| 95 | $ignoreset=$db->query($q); |
| 96 | while ($ignoreset->next()){ |
| 97 | $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true; |
| 98 | } |
| 99 | |
| 100 | //saves fooked forums as an array into user session |
| 101 | $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'"; |
| 102 | $fookset=$db->query($q); |
| 103 | while ($fookset->next()){ |
| 104 | $_SESSION['fook'][$fookset->getString('node_parent')]=true; |
| 105 | } |
| 106 | |
| 107 | |
| 108 | //save bookstyle into user session |
| 109 | $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'"; |
| 110 | $bookstylset=$db->query($q); |
| 111 | $bookstylset->next(); |
| 112 | $_SESSION['bookstyl'] = $bookstylset->getString('node_content'); |
| 113 | |
| 114 | // mood |
| 115 | $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id)); |
| 116 | $mset->next(); |
| 117 | $moods_expl = explode(";",$set->getString('moods')); |
| 118 | if (!empty($moods_expl[count($moods_expl)-1])) { |
| 119 | $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1]; |
| 120 | $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1])); |
| 121 | $mset->next(); |
| 122 | $_SESSION['mood_name'] = $mset->getString('node_name'); |
| 123 | $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223)); |
| 124 | } |
| 125 | // last login |
| 126 | |
| 127 | $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id)); |
| 128 | |
| 129 | $_SESSION['user_id']=$user_id; |
| 130 | $_SESSION['user_name']=addslashes($user_name); |
| 131 | setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future... |
| 132 | $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']); |
| 133 | setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain |
| 134 | $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!) |
| 135 | jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass)); |
| 136 | jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass)); |
| 137 | jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain)); |
| 138 | if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector; |
| 139 | if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set'); |
| 140 | if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width']; |
| 141 | if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height']; |
| 142 | $_SESSION['listing_amount']=$set->getString('listing_amount'); |
| 143 | $_SESSION['listing_order']=$set->getString('listing_order'); |
| 144 | $_SESSION['header_id']=$set->getString('header_id'); |
| 145 | } |
| 146 | // header("Location: $referer"); |
| 147 | return true; |
| 148 | } |
| 149 | ?> |