wwwroot/inc/eventz/login.inc

   1 <?php
   2 function login() {
   3 // lockout capatibility
   4 // with ldap sync
   5 // <h1> This is da default one</h1>
   6 //    require(INCLUDE_DIR.'ldap.inc');
   7
   8     global $db,$error,$node_id;
   9     $login = mysql_real_escape_string($_POST['login']);
  10     $password = $_POST['password']; // Not SQLi but be carefull
  11     $hash = md5($password);
  12     $login_type = $_POST['login_type'];
  13     $referer = $_SERVER['HTTP_REFERER'];
  14
  15     if (!session_id()) {
  16         $error='asi nemas zapnute cookies alebo co';
  17         return false;
  18     }
  19
  20     switch ($login_type) {
  21         case "name":
  22             $q = "select * from users where login='$login' and password='$hash'";
  23             $set = $db->query($q);
  24             $set->next();
  25             $user_id = $set->getString('user_id');
  26             $user_name = $set->getString('login');
  27         break;
  28         case "id":
  29             // HA! if it is number, escape_string is not enough
  30             $login=intval($login);
  31
  32             $q="select * from users where user_id='$login' and password='$hash'";
  33             $set=$db->query($q);
  34             $set->next();
  35             $user_id=$set->getString('user_id');
  36             $user_name=$set->getString('login');
  37         break;
  38     }
  39
  40 //    $ldap_response=LDAPuser::auth($user_id,$password);
  41
  42     if (!$set) { //XXX test
  43         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
  44         return false;
  45     }
  46     elseif ($set->getString('header_id') == 2091520) {
  47         $error='Tvoja registracia este nebola schvalena.';
  48         return false;
  49     }
  50     else {
  51         $now=date("Y-m-d H:i:s");
  52         $lockout=$set->getString('acc_lockout');
  53         if ($lockout >= $now ) {
  54             global $error;
  55             $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
  56 Prajem prijemnu odvykacku:-)";
  57             return false;
  58         }
  59
  60 //ldap replicate
  61 // LDAPuser::ldap_mysql_sync($user_name,$user_id,$password);
  62
  63
  64 //
  65         $cube_vector=$set->getString('cube_vector');
  66
  67         // saves friends list as an array into user session
  68         $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
  69 external_link='session://friend' order by node_parent";
  70         $friendset=$db->query($q);
  71         while ($friendset->next()){
  72             $_SESSION['friends'][$friendset->getString('node_parent')]=true;
  73         }
  74
  75         // saves bookmarks as an array into user session
  76         $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
  77 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
  78         $bookmarkset=$db->query($q);
  79         while ($bookmarkset->next()){
  80             $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
  81         }
  82
  83         //saves ignored users as an array into user session
  84         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
  85         $ignoreset=$db->query($q);
  86         while ($ignoreset->next()){
  87             $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
  88         }
  89
  90         //saves fooked forums as an array into user session
  91         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
  92         $fookset=$db->query($q);
  93         while ($fookset->next()){
  94             $_SESSION['fook'][$fookset->getString('node_parent')]=true;
  95         }
  96
  97 //        LDAPuser::replicate($user_name,$user_id,$password);
  98
  99         //save bookstyle into user session
 100         $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
 101         $bookstylset=$db->query($q);
 102         $bookstylset->next();
 103         $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
 104
 105         // mood
 106         $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
 107         $mset->next();
 108         $moods_expl = explode(";",$set->getString('moods'));
 109         if (!empty($moods_expl[count($moods_expl)-1])) {
 110             $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
 111             $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
 112             $mset->next();
 113             $_SESSION['mood_name'] = $mset->getString('node_name');
 114             $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
 115         }
 116         // last login
 117
 118         $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
 119
 120         $_SESSION['user_id']=$user_id;
 121         $_SESSION['user_name']=addslashes($user_name);
 122         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
 123         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
 124         if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
 125         if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
 126         $_SESSION['listing_amount']=$set->getString('listing_amount');
 127         $_SESSION['listing_order']=$set->getString('listing_order');
 128         $_SESSION['header_id']=$set->getString('header_id');
 129     }
 130 //    header("Location: $referer");
 131     return true;
 132 }
 133 ?>