19 * along with this program. If not, see <http://www.gnu.org/licenses/>. |
19 * along with this program. If not, see <http://www.gnu.org/licenses/>. |
20 */ |
20 */ |
21 |
21 |
22 //session_start(); |
22 //session_start(); |
23 |
23 |
24 if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") |
24 function doAuthenticate() { |
25 { |
25 global $db; |
26 logout(); |
26 global $EXPIRE; |
27 } |
27 if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") { |
|
28 logout(); |
|
29 } |
28 |
30 |
29 // If a user had just entered his/her login && password, store them in our session. |
31 // If a user had just entered his/her login && password, store them in our session. |
30 if(isset($_POST["authenticate"])) |
32 if(isset($_POST["authenticate"])) |
31 { |
33 { |
32 $_SESSION["userpwd"] = $_POST["password"]; |
34 $_SESSION["userpwd"] = $_POST["password"]; |
33 $_SESSION["userlogin"] = $_POST["username"]; |
35 $_SESSION["userlogin"] = $_POST["username"]; |
34 } |
36 } |
35 |
37 |
36 // Check if the session hasnt expired yet. |
38 // Check if the session hasnt expired yet. |
37 if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) |
39 if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE)) |
38 { |
40 { |
39 logout( _('Session expired, please login again.'),"error"); |
41 logout( _('Session expired, please login again.'),"error"); |
40 } |
42 } |
41 |
43 |
42 // If the session hasn't expired yet, give our session a fresh new timestamp. |
44 // If the session hasn't expired yet, give our session a fresh new timestamp. |
43 $_SESSION["lastmod"] = time(); |
45 $_SESSION["lastmod"] = time(); |
44 |
46 |
45 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
47 if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"])) |
46 { |
|
47 //Username and password are set, lets try to authenticate. |
|
48 $result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); |
|
49 if($result->numRows() == 1) |
|
50 { |
48 { |
51 $rowObj = $result->fetchRow(); |
49 //Username and password are set, lets try to authenticate. |
52 $_SESSION["userid"] = $rowObj["id"]; |
50 $result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1"); |
53 $_SESSION["name"] = $rowObj["fullname"]; |
51 if($result->numRows() == 1) |
54 $_SESSION["level"] = $rowObj["level"]; |
52 { |
55 if(isset($_POST["authenticate"])) |
53 $rowObj = $result->fetchRow(); |
56 { |
54 $_SESSION["userid"] = $rowObj["id"]; |
57 //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. |
55 $_SESSION["name"] = $rowObj["fullname"]; |
58 session_write_close(); |
56 if($_POST["authenticate"]) |
59 clean_page("index.php"); |
57 { |
60 exit; |
58 //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost. |
61 } |
59 session_write_close(); |
62 } |
60 clean_page("index.php"); |
63 else |
61 exit; |
64 { |
62 } |
65 //Authentication failed, retry. |
63 } |
66 auth( _('Authentication failed!'),"error"); |
64 else |
|
65 { |
|
66 //Authentication failed, retry. |
|
67 auth( _('Authentication failed!'),"error"); |
|
68 } |
67 } |
69 } |
68 } |
70 else |
69 else |
71 { |
70 { |
72 //No username and password set, show auth form (again). |
71 //No username and password set, show auth form (again). |
73 auth(); |
72 auth(); |
74 } |
73 } |
75 } |
74 |
76 |
75 /* |
77 /* |
76 * Print the login form. |
78 * Print the login form. |
77 */ |
79 */ |