wwwroot/inc/eventz/login.inc

   1 <?php
   2 function login() {
   3
   4     global $db,$error,$node_id;
   5     $login = mysql_real_escape_string($_POST['login']);
   6     $password = $_POST['password']; // Not SQLi but be carefull
   7     $hash = md5($password);
   8     $login_type = $_POST['login_type'];
   9     $referer = $_SERVER['HTTP_REFERER'];
  10
  11     if (!session_id()) {
  12         $error='asi nemas zapnute cookies alebo co';
  13         return false;
  14     }
  15
  16     switch ($login_type) {
  17         case "name":
  18             $q = "select * from users where login='$login' and password='$hash'";
  19             $set = $db->query($q);
  20             $set->next();
  21             $user_id = $set->getString('user_id');
  22             $user_name = $set->getString('login');
  23         break;
  24         case "id":
  25             // HA! if it is number, escape_string is not enough
  26             $login=intval($login);
  27
  28             $q="select * from users where user_id='$login' and password='$hash'";
  29             $set=$db->query($q);
  30             $set->next();
  31             $user_id=$set->getString('user_id');
  32             $user_name=$set->getString('login');
  33         break;
  34     }
  35
  36     if (!$set) { //XXX test
  37         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
  38         return false;
  39     }
  40     elseif ($set->getString('header_id') == 2091520) {
  41         $error='Tvoja registracia este nebola schvalena.';
  42         return false;
  43     }
  44     else {
  45         $now=date("Y-m-d H:i:s");
  46         $lockout=$set->getString('acc_lockout');
  47         if ($lockout >= $now ) {
  48             global $error;
  49             $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
  50 Prajem prijemnu odvykacku:-)";
  51             return false;
  52         }
  53
  54 //      Login sucessfull
  55
  56         // prevent session fixation
  57         session_regenerate_id();
  58
  59         $cube_vector=$set->getString('cube_vector');
  60
  61         // saves friends list as an array into user session
  62         $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
  63 external_link='session://friend' order by node_parent";
  64         $friendset=$db->query($q);
  65         while ($friendset->next()){
  66             $_SESSION['friends'][$friendset->getString('node_parent')]=true;
  67         }
  68
  69         // saves bookmarks as an array into user session
  70         $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
  71 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
  72         $bookmarkset=$db->query($q);
  73         while ($bookmarkset->next()){
  74             $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
  75         }
  76
  77         //saves ignored users as an array into user session
  78         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
  79         $ignoreset=$db->query($q);
  80         while ($ignoreset->next()){
  81             $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
  82         }
  83
  84         //saves fooked forums as an array into user session
  85         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
  86         $fookset=$db->query($q);
  87         while ($fookset->next()){
  88             $_SESSION['fook'][$fookset->getString('node_parent')]=true;
  89         }
  90
  91
  92         //save bookstyle into user session
  93         $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
  94         $bookstylset=$db->query($q);
  95         $bookstylset->next();
  96         $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
  97
  98         // mood
  99         $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
 100         $mset->next();
 101         $moods_expl = explode(";",$set->getString('moods'));
 102         if (!empty($moods_expl[count($moods_expl)-1])) {
 103             $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
 104             $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
 105             $mset->next();
 106             $_SESSION['mood_name'] = $mset->getString('node_name');
 107             $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
 108         }
 109         // last login
 110
 111         $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
 112
 113         $_SESSION['user_id']=$user_id;
 114         $_SESSION['user_name']=addslashes($user_name);
 115         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
 116         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
 117         if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
 118         if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
 119         $_SESSION['listing_amount']=$set->getString('listing_amount');
 120         $_SESSION['listing_order']=$set->getString('listing_order');
 121         $_SESSION['header_id']=$set->getString('header_id');
 122     }
 123 //    header("Location: $referer");
 124     return true;
 125 }
 126 ?>