wwwroot/inc/eventz/login.inc

   1 <?php
   2 function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
   3         //gpasswd -a kyberia jabber #Adding user kyberia to group jabber
   4         $xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded
   5
   6         $cmd = $xmpp_ejabberdctl;
   7         foreach($args as $arg) {
   8                 $cmd.=' '.escapeshellarg($arg);
   9         }
  10         system($cmd);
  11 }
  12
  13 function login_check($login, $password, $login_type='id') {
  14
  15         global $db,$error,$node_id;
  16         $login = db_escape_string($login);
  17         //Not SQLi in $password but be carefull
  18         $password_hash_algos=array('sha256','sha1','md5');
  19         //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
  20
  21         $hash_query='(';
  22         foreach($password_hash_algos as $algo) {
  23                 $hash_query.="password='".hash($algo, $password)."' OR ";
  24         }
  25         $hash_query.='false )';
  26
  27         $referer = $_SERVER['HTTP_REFERER'];
  28
  29         if (!session_id()) {
  30                 $error='asi nemas zapnute cookies alebo co';
  31                 return false;
  32         }
  33
  34         switch ($login_type) {
  35                 case "name":
  36                         $q = "select * from users where login='$login' and $hash_query";
  37                         break;
  38                 case "base36id":
  39                         $login = base_convert($login, 36, 10);
  40                 case "id":
  41                         $login=intval($login); //HA! if it is number, escape_string is not enough
  42                         $q="select * from users where user_id='$login' and $hash_query";
  43                         break;
  44         }
  45
  46         $set = $db->query($q);
  47         $set->next();
  48         $user_id = $set->getString('user_id');
  49         $user_name = $set->getString('login');
  50         $xmpp = strtolower($set->getString('xmpp'));
  51
  52     if (!$set) { //XXX test
  53         $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
  54         return false;
  55     }
  56     elseif ($set->getString('hash')) {
  57         $error='Tvoja registracia este nebola schvalena.';
  58         return false;
  59     }
  60     else {
  61         $now=date("Y-m-d H:i:s");
  62         $lockout=$set->getString('acc_lockout');
  63         if ($lockout >= $now ) {
  64             global $error;
  65             $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
  66 Prajem prijemnu odvykacku:-)";
  67             return false;
  68         }
  69
  70 //      Login sucessfull
  71
  72         // prevent session fixation
  73         session_regenerate_id();
  74
  75         $cube_vector=$set->getString('cube_vector');
  76
  77         // saves friends list as an array into user session
  78         $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
  79 external_link='session://friend' order by node_parent";
  80         $friendset=$db->query($q);
  81         while ($friendset->next()){
  82             $_SESSION['friends'][$friendset->getString('node_parent')]=true;
  83         }
  84
  85         // saves bookmarks as an array into user session
  86         $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
  87 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
  88         $bookmarkset=$db->query($q);
  89         while ($bookmarkset->next()){
  90             $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
  91         }
  92
  93         //saves ignored users as an array into user session
  94         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
  95         $ignoreset=$db->query($q);
  96         while ($ignoreset->next()){
  97             $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
  98         }
  99
 100         //saves fooked forums as an array into user session
 101         $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
 102         $fookset=$db->query($q);
 103         while ($fookset->next()){
 104             $_SESSION['fook'][$fookset->getString('node_parent')]=true;
 105         }
 106
 107
 108         //save bookstyle into user session
 109         $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
 110         $bookstylset=$db->query($q);
 111         $bookstylset->next();
 112         $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
 113
 114         // mood
 115         $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
 116         $mset->next();
 117         $moods_expl = explode(";",$set->getString('moods'));
 118         if (!empty($moods_expl[count($moods_expl)-1])) {
 119             $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
 120             $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
 121             $mset->next();
 122             $_SESSION['mood_name'] = $mset->getString('node_name');
 123             $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
 124         }
 125         // last login
 126
 127         $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
 128
 129         $_SESSION['user_id']=$user_id;
 130         $_SESSION['user_name']=addslashes($user_name);
 131         setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
 132         $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
 133         setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
 134         $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
 135
 136         # XXX dissabled, was causing 20+ sec. delay while logging in
 137 #       jabberctl('register',           array($xmpp, $xmpp_domain, $xmpp_pass));
 138 #       jabberctl('change_password',    array($xmpp, $xmpp_domain, $xmpp_pass));
 139 #       jabberctl('push_alltoall',      array($xmpp_domain, $xmpp_domain));
 140
 141         if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
 142         if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
 143         if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
 144         if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
 145         $_SESSION['listing_amount']=$set->getString('listing_amount');
 146         $_SESSION['listing_order']=$set->getString('listing_order');
 147         $_SESSION['header_id']=$set->getString('header_id');
 148     }
 149 //    header("Location: $referer");
 150     return true;
 151 }
 152
 153 function login() {
 154         $login = $_POST['login'];
 155         $password = $_POST['password'];
 156         $login_type = $_POST['login_type'];
 157         return login_check($login, $password, $login_type);
 158 }