Context Navigation

source: trunk/identification.php @ 1493

Last change on this file since 1493 was 1493, checked in by nikrou, 18 years ago

bug 451 fixed: problem with auto login

add an auto_login_key in users_table
$confsession_length is no more useful

and sessions length will be 0 (until browser closed)

add $confremember_me_name for cookie remember name

Property svn:eol-style set to native
Property svn:keywords set to Author Date Id Revision

File size: 5.4 KB

Line
1	<?php
2	// +-----------------------------------------------------------------------+
3	// \| PhpWebGallery - a PHP based picture gallery \|
4	// \| Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net \|
5	// \| Copyright (C) 2003-2005 PhpWebGallery Team - http://phpwebgallery.net \|
6	// +-----------------------------------------------------------------------+
7	// \| branch : BSF (Best So Far)
8	// \| file : $RCSfile$
9	// \| last update : $Date: 2006-07-23 15:25:49 +0000 (Sun, 23 Jul 2006) $
10	// \| last modifier : $Author: nikrou $
11	// \| revision : $Revision: 1493 $
12	// +-----------------------------------------------------------------------+
13	// \| This program is free software; you can redistribute it and/or modify \|
14	// \| it under the terms of the GNU General Public License as published by \|
15	// \| the Free Software Foundation \|
16	// \| \|
17	// \| This program is distributed in the hope that it will be useful, but \|
18	// \| WITHOUT ANY WARRANTY; without even the implied warranty of \|
19	// \| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU \|
20	// \| General Public License for more details. \|
21	// \| \|
22	// \| You should have received a copy of the GNU General Public License \|
23	// \| along with this program; if not, write to the Free Software \|
24	// \| Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, \|
25	// \| USA. \|
26	// +-----------------------------------------------------------------------+
27
28	//--------------------------------------------------------------------- include
29	define('PHPWG_ROOT_PATH','./');
30	include_once( PHPWG_ROOT_PATH.'include/common.inc.php' );
31
32	//-------------------------------------------------------------- identification
33	$errors = array();
34
35	$redirect_to = '';
36	if ( !empty($_GET['redirect']) )
37	{
38	$redirect_to = urldecode($_GET['redirect']);
39	if ( $user['is_the_guest'] )
40	{
41	array_push($errors, $lang['access_forbiden']);
42	}
43	}
44
45	if (isset($_POST['login']))
46	{
47	$redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : '';
48	$username = mysql_escape_string($_POST['username']);
49	// retrieving the encrypted password of the login submitted
50	$query = '
51	SELECT '.$conf['user_fields']['id'].' AS id,
52	'.$conf['user_fields']['password'].' AS password
53	FROM '.USERS_TABLE.'
54	WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
55	;';
56	$row = mysql_fetch_array(pwg_query($query));
57	if ($row['password'] == $conf['pass_convert']($_POST['password']))
58	{
59	$remember_me = false;
60	if ($conf['authorize_remembering']
61	and isset($_POST['remember_me'])
62	and $_POST['remember_me'] == 1)
63	{
64	$remember_me = true;
65	}
66	log_user( $row['id'], $remember_me);
67	redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
68	}
69	else
70	{
71	array_push( $errors, $lang['invalid_pwd'] );
72	}
73	}
74	elseif (!empty($_COOKIE[$conf['remember_me_name']]))
75	{
76	$cookie = unserialize(pwg_stripslashes($_COOKIE[$conf['remember_me_name']]));
77	$query = '
78	SELECT auto_login_key
79	FROM '.USERS_TABLE.'
80	WHERE '.$conf['user_fields']['id'].' = '.$cookie['id'].'
81	;';
82
83	$auto_login_key = current(mysql_fetch_assoc(pwg_query($query)));
84	if ($auto_login_key == $cookie['key'])
85	{
86	log_user($cookie['id'], false);
87	redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
88	}
89	else
90	{
91	// Hacking attempt!
92	$query = '
93	UPDATE '.USERS_TABLE.'
94	SET auto_login_key=\''.$auto_login_key.'\'
95	WHERE '.$conf['user_fields']['id'].' = '.$user_id.'
96	;';
97	pwg_query($query);
98	setcookie($conf['remember_me_name'], '', 0, cookie_path());
99	redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
100	}
101	}
102	//----------------------------------------------------- template initialization
103	//
104	// Start output of page
105	//
106	$title = $lang['identification'];
107	$page['body_id'] = 'theIdentificationPage';
108	include(PHPWG_ROOT_PATH.'include/page_header.php');
109
110	$template->set_filenames( array('identification'=>'identification.tpl') );
111
112	$template->assign_vars(
113	array(
114	'L_TITLE' => $lang['identification'],
115	'L_USERNAME' => $lang['login'],
116	'L_PASSWORD' => $lang['password'],
117	'L_LOGIN' => $lang['submit'],
118	'L_GUEST' => $lang['ident_guest_visit'],
119	'L_REGISTER' => $lang['ident_register'],
120	'L_FORGET' => $lang['ident_forgotten_password'],
121	'L_REMEMBER_ME'=>$lang['remember_me'],
122
123	'U_REGISTER' => PHPWG_ROOT_PATH.'register.php',
124	'U_LOST_PASSWORD' => PHPWG_ROOT_PATH.'password.php',
125	'U_HOME' => make_index_url(),
126	'U_REDIRECT' => $redirect_to,
127
128	'F_LOGIN_ACTION' => PHPWG_ROOT_PATH.'identification.php'
129	));
130
131	if ($conf['authorize_remembering'])
132	{
133	$template->assign_block_vars('remember_me',array());
134	}
135	//-------------------------------------------------------------- errors display
136	if ( sizeof( $errors ) != 0 )
137	{
138	$template->assign_block_vars('errors',array());
139	for ( $i = 0; $i < sizeof( $errors ); $i++ )
140	{
141	$template->assign_block_vars('errors.error',array('ERROR'=>$errors[$i]));
142	}
143	}
144	//-------------------------------------------------------------- visit as guest
145	$template->assign_block_vars('free_access',array());
146	//----------------------------------------------------------- html code display
147	$template->parse('identification');
148	include(PHPWG_ROOT_PATH.'include/page_tail.php');
149	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: