2 function jabberctl($command, $args) { //XXXTODO Move to some .inc file...
3 //gpasswd -a kyberia jabber #Adding user kyberia to group jabber
4 $xmpp_ejabberdctl='sudo /usr/sbin/ejabberdctl'; //XXX TODO Hardcoded
6 $cmd = $xmpp_ejabberdctl;
7 foreach($args as $arg) {
8 $cmd.=' '.escapeshellarg($arg);
13 function login_check($login, $password, $login_type='id') {
15 global $db,$error,$node_id;
16 $login = db_escape_string($login); //Not SQLi in $password but be carefull
17 $password_hash_algos=array('sha256','sha1','md5'); //List of supported algos can be obtained using: php -r 'print_r(hash_algos());'
20 foreach($password_hash_algos as $algo) {
21 $hash_query.="password='".hash($algo, $password)."' OR ";
23 $hash_query.='false )';
25 $referer = $_SERVER['HTTP_REFERER'];
28 $error='asi nemas zapnute cookies alebo co';
32 switch ($login_type) {
34 $q = "select * from users where login='$login' and $hash_query";
37 $login = base_convert($login, 36, 10);
39 $login=intval($login); //HA! if it is number, escape_string is not enough
40 $q="select * from users where user_id='$login' and $hash_query";
44 $set = $db->query($q);
46 $user_id = $set->getString('user_id');
47 $user_name = $set->getString('login');
48 $xmpp = strtolower($set->getString('xmpp'));
50 if (!$set) { //XXX test
51 $error="Zadal si nespravne uzivatelske meno [alebo id] alebo heslo. Rob so sebou nieco";
54 elseif ($set->getString('hash')) {
55 $error='Tvoja registracia este nebola schvalena.';
59 $now=date("Y-m-d H:i:s");
60 $lockout=$set->getString('acc_lockout');
61 if ($lockout >= $now ) {
63 $error="Account lockout mas aktivny. Sorry ale neprihlasis sa minimalne do $lockout.
64 Prajem prijemnu odvykacku:-)";
70 // prevent session fixation
71 session_regenerate_id();
73 $cube_vector=$set->getString('cube_vector');
75 // saves friends list as an array into user session
76 $q="select distinct node_parent,node_name from nodes where node_creator='$user_id' and
77 external_link='session://friend' order by node_parent";
78 $friendset=$db->query($q);
79 while ($friendset->next()){
80 $_SESSION['friends'][$friendset->getString('node_parent')]=true;
83 // saves bookmarks as an array into user session
84 $q="select nodes.node_name,nodes.node_id from node_access left join nodes on node_access.node_id=nodes.node_id
85 where node_access.user_id='$user_id' and node_bookmark='yes' order by node_name";
86 $bookmarkset=$db->query($q);
87 while ($bookmarkset->next()){
88 $_SESSION['bookmarks'][$bookmarkset->getString('node_id')]=$bookmarkset->getString('node_name');
91 //saves ignored users as an array into user session
92 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://ignore'";
93 $ignoreset=$db->query($q);
94 while ($ignoreset->next()){
95 $_SESSION['ignore'][$ignoreset->getString('node_parent')]=true;
98 //saves fooked forums as an array into user session
99 $q="select node_parent from nodes where node_creator='$user_id' and external_link='session://fook'";
100 $fookset=$db->query($q);
101 while ($fookset->next()){
102 $_SESSION['fook'][$fookset->getString('node_parent')]=true;
106 //save bookstyle into user session
107 $q="select node_content from nodes where node_parent=19 and external_link='session://bookstyl' and node_creator='$user_id'";
108 $bookstylset=$db->query($q);
109 $bookstylset->next();
110 $_SESSION['bookstyl'] = $bookstylset->getString('node_content');
113 $mset = $db->query(sprintf('select moods from users where user_id = %d', $user_id));
115 $moods_expl = explode(";",$set->getString('moods'));
116 if (!empty($moods_expl[count($moods_expl)-1])) {
117 $_SESSION['mood_id'] = $moods_expl[count($moods_expl)-1];
118 $mset = $db->query(sprintf('select node_name, node_content from nodes where node_id = %d', $moods_expl[count($moods_expl)-1]));
120 $_SESSION['mood_name'] = $mset->getString('node_name');
121 $_SESSION['mood_content'] = addslashes(substr(strip_tags($mset->getString('node_content')),0,223));
125 $db->query(sprintf('update users set date_last_login = NOW() where user_id = %d', $user_id));
127 $_SESSION['user_id']=$user_id;
128 $_SESSION['user_name']=addslashes($user_name);
129 setcookie('jabber_login', $xmpp, time()+60*60*24*10, '/'); //10days on whole domain - should have persistent username in future...
130 $xmpp_pass=hash('md5', 'jabber:'.$_POST['password']);
131 setcookie('jabber_password', $xmpp_pass, time()+60*60*24*10, '/'); //10days on whole domain
132 $xmpp_domain='kyberia.cz'; //XXX TODO Hardcoded kyberia.cz jabber domain (NOT dev.kyberia.cz!!!!!)
133 jabberctl('register', array($xmpp, $xmpp_domain, $xmpp_pass));
134 jabberctl('change_password', array($xmpp, $xmpp_domain, $xmpp_pass));
135 jabberctl('push_alltoall', array($xmpp_domain, $xmpp_domain));
136 if (!empty($cube_vector)) $_SESSION['cube_vector']=$cube_vector;
137 if (empty($_SESSION['template_set'])) $_SESSION['template_set']=$set->getString('template_set');
138 if (is_numeric($_POST['screen_width'])) $_SESSION['browser']['screen_width']=$_POST['screen_width'];
139 if (is_numeric($_POST['screen_height'])) $_SESSION['browser']['screen_height']=$_POST['screen_height'];
140 $_SESSION['listing_amount']=$set->getString('listing_amount');
141 $_SESSION['listing_order']=$set->getString('listing_order');
142 $_SESSION['header_id']=$set->getString('header_id');
144 // header("Location: $referer");
149 $login = $_POST['login'];
150 $password = $_POST['password'];
151 $login_type = $_POST['login_type'];
152 return login_check($login, $password, $login_type);
GIT.Harvie.CZ / mirrors / Kyberia-bloodline.git / blob