GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added mechanism to pass jabber credentials to AJAX client
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / login.inc
1 <?php
2 function login() {
3
4 global $db,$error,$node_id;
5 $login = mysql_real_escape_string($_POST['login']);
6 $password = $_POST['password']; // Not SQLi but be carefull
7 $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
8
9 $hash_query='(';
10 foreach($password_hash_algos as $algo) {
11 $hash_query.="password='".hash($algo, $password)."' OR ";
12 }
13 $hash_query.='false )';
14
15 $login_type = $_POST['login_type'];
16 $referer = $_SERVER['HTTP_REFERER'];
17
18 if (!session_id()) {
19 $error='asi nemas zapnute cookies alebo co';
20 return false;
21 }
22
23 switch ($login_type) {
24 case "name":
25 $q = "select * from users where login='$login' and $hash_query";
26 $set = $db->query($q);
27 $set->next();
28 $user_id = $set->getString('user_id');
29 $user_name = $set->getString('login');
30 break;
31 case "base36id":
32 $login = base_convert($login, 36, 10);
33 case "id":
34 // HA! if it is number, escape_string is not enough
35 $login=intval($login);
36
37 $q="select * from users where user_id='$login' and $hash_query";
38 $set=$db->query($q);
39 $set->next();
40 $user_id=$set->getString('user_id');
41 $user_name=$set->getString('login');
42 break;
43 }
44
45 if (!$set) { //XXX test
46 $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
47 return false;
48 }
49 elseif ($set->getString('header_id') == 2091520) {
50 $error='Tvoja registracia este nebola schvalena.';
51 return false;
52 }
53 else {
54 $now=date("Y-m-d H:i:s");
55 $lockout=$set->getString('acc_lockout');
56 if ($lockout >= $now ) {
57 global $error;
58 $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
59 Prajem prijemnu odvykacku:-)";
60 return false;
61 }
62
63 // Login sucessfull
64
65 // prevent session fixation
66 session_regenerate_id();
67
68 $cube_vector=$set->getString('cube_vector');
69
70 // saves friends list as an array into user session
71 $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
72 external_link='session://friend' order by node_parent";
73 $friendset=$db->query($q);
74 while ($friendset->next()){
75 $_SESSION['friends'][$friendset->getString('node_parent')]=true;
76 }
77
78 // saves bookmarks as an array into user session
79 $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
80 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
81 $bookmarkset=$db->query($q);
82 while ($bookmarkset->next()){
83 $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
84 }
85
86 //saves ignored users as an array into user session
87 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
88 $ignoreset=$db->query($q);
89 while ($ignoreset->next()){
90 $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
91 }
92
93 //saves fooked forums as an array into user session
94 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
95 $fookset=$db->query($q);
96 while ($fookset->next()){
97 $_SESSION['fook'][$fookset->getString('node_parent')]=true;
98 }
99
100
101 //save bookstyle into user session
102 $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
103 $bookstylset=$db->query($q);
104 $bookstylset->next();
105 $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
106
107 // mood
108 $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
109 $mset->next();
110 $moods_expl = explode(";",$set->getString('moods'));
111 if (!empty($moods_expl[count($moods_expl)-1])) {
112 $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
113 $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
114 $mset->next();
115 $_SESSION['mood_name'] = $mset->getString('node_name');
116 $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
117 }
118 // last login
119
120 $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
121
122 $_SESSION['user_id']=$user_id;
123 $_SESSION['user_name']=addslashes($user_name);
124 setcookie('jabber_login', strtolower($user_name), time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
125 setcookie('jabber_password', hash('md5', 'jabber:'.$_POST['password']), time()+60*60*24*10, '/'); //10days on whole domain
126 if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
127 if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
128 if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
129 if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
130 $_SESSION['listing_amount']=$set->getString('listing_amount');
131 $_SESSION['listing_order']=$set->getString('listing_order');
132 $_SESSION['header_id']=$set->getString('header_id');
133 }
134 // header("Location: $referer");
135 return true;
136 }
137 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Wed, 29 May 2024 07:20:08 +0200)
This page took 0.391474 seconds and 4 git commands to generate.