GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Added ejabberd automatic registration
[mirrors/Kyberia-bloodline.git] / wwwroot / inc / eventz / login.inc
1 <?php
2 function login() {
3
4 global $db,$error,$node_id;
5 $login = mysql_real_escape_string($_POST['login']);
6 $password = $_POST['password']; // Not SQLi but be carefull
7 $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
8
9 $hash_query='(';
10 foreach($password_hash_algos as $algo) {
11 $hash_query.="password='".hash($algo, $password)."' OR ";
12 }
13 $hash_query.='false )';
14
15 $login_type = $_POST['login_type'];
16 $referer = $_SERVER['HTTP_REFERER'];
17
18 if (!session_id()) {
19 $error='asi nemas zapnute cookies alebo co';
20 return false;
21 }
22
23 switch ($login_type) {
24 case "name":
25 $q = "select * from users where login='$login' and $hash_query";
26 break;
27 case "base36id":
28 $login = base_convert($login, 36, 10);
29 case "id":
30 $login=intval($login); //HA! if it is number, escape_string is not enough
31 $q="select * from users where user_id='$login' and $hash_query";
32 break;
33 }
34
35 $set = $db->query($q);
36 $set->next();
37 $user_id = $set->getString('user_id');
38 $user_name = $set->getString('login');
39 $xmpp = strtolower($set->getString('xmpp'));
40
41 if (!$set) { //XXX test
42 $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
43 return false;
44 }
45 elseif ($set->getString('header_id') == 2091520) {
46 $error='Tvoja registracia este nebola schvalena.';
47 return false;
48 }
49 else {
50 $now=date("Y-m-d H:i:s");
51 $lockout=$set->getString('acc_lockout');
52 if ($lockout >= $now ) {
53 global $error;
54 $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
55 Prajem prijemnu odvykacku:-)";
56 return false;
57 }
58
59 // Login sucessfull
60
61 // prevent session fixation
62 session_regenerate_id();
63
64 $cube_vector=$set->getString('cube_vector');
65
66 // saves friends list as an array into user session
67 $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
68 external_link='session://friend' order by node_parent";
69 $friendset=$db->query($q);
70 while ($friendset->next()){
71 $_SESSION['friends'][$friendset->getString('node_parent')]=true;
72 }
73
74 // saves bookmarks as an array into user session
75 $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
76 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
77 $bookmarkset=$db->query($q);
78 while ($bookmarkset->next()){
79 $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
80 }
81
82 //saves ignored users as an array into user session
83 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
84 $ignoreset=$db->query($q);
85 while ($ignoreset->next()){
86 $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
87 }
88
89 //saves fooked forums as an array into user session
90 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
91 $fookset=$db->query($q);
92 while ($fookset->next()){
93 $_SESSION['fook'][$fookset->getString('node_parent')]=true;
94 }
95
96
97 //save bookstyle into user session
98 $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
99 $bookstylset=$db->query($q);
100 $bookstylset->next();
101 $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
102
103 // mood
104 $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
105 $mset->next();
106 $moods_expl = explode(";",$set->getString('moods'));
107 if (!empty($moods_expl[count($moods_expl)-1])) {
108 $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
109 $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
110 $mset->next();
111 $_SESSION['mood_name'] = $mset->getString('node_name');
112 $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
113 }
114 // last login
115
116 $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
117
118 $_SESSION['user_id']=$user_id;
119 $_SESSION['user_name']=addslashes($user_name);
120 setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
121 $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
122 setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
123 system('sudo /usr/sbin/ejabberdctl register '.escapeshellarg($xmpp).' '.escapeshellarg('kyberia.cz').' '.escapeshellarg($xmpp_pass)); //gpasswd -a kyberia jabber #Adding user kyberia to group jabber //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
124 if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
125 if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
126 if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
127 if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
128 $_SESSION['listing_amount']=$set->getString('listing_amount');
129 $_SESSION['listing_order']=$set->getString('listing_order');
130 $_SESSION['header_id']=$set->getString('header_id');
131 }
132 // header("Location: $referer");
133 return true;
134 }
135 ?>
https://github.com/Kyberia/Kyberia-bloodline.git (mirrored @ Wed, 29 May 2024 07:00:09 +0200)
This page took 0.426049 seconds and 4 git commands to generate.