--- a/inc/auth.inc.php Wed Mar 12 20:45:56 2008 +0000
+++ b/inc/auth.inc.php Tue Mar 25 22:45:31 2008 +0000
@@ -21,55 +21,57 @@
//session_start();
-if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
-{
- logout();
-}
+function doAuthenticate() {
+ global $db;
+ global $EXPIRE;
+ if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {
+ logout();
+ }
-// If a user had just entered his/her login && password, store them in our session.
-if(isset($_POST["authenticate"]))
-{
- $_SESSION["userpwd"] = $_POST["password"];
- $_SESSION["userlogin"] = $_POST["username"];
-}
+ // If a user had just entered his/her login && password, store them in our session.
+ if(isset($_POST["authenticate"]))
+ {
+ $_SESSION["userpwd"] = $_POST["password"];
+ $_SESSION["userlogin"] = $_POST["username"];
+ }
-// Check if the session hasnt expired yet.
-if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
-{
- logout( _('Session expired, please login again.'),"error");
-}
+ // Check if the session hasnt expired yet.
+ if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
+ {
+ logout( _('Session expired, please login again.'),"error");
+ }
-// If the session hasn't expired yet, give our session a fresh new timestamp.
-$_SESSION["lastmod"] = time();
+ // If the session hasn't expired yet, give our session a fresh new timestamp.
+ $_SESSION["lastmod"] = time();
-if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
-{
- //Username and password are set, lets try to authenticate.
- $result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1");
- if($result->numRows() == 1)
+ if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
{
- $rowObj = $result->fetchRow();
- $_SESSION["userid"] = $rowObj["id"];
- $_SESSION["name"] = $rowObj["fullname"];
- $_SESSION["level"] = $rowObj["level"];
- if(isset($_POST["authenticate"]))
- {
- //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
- session_write_close();
- clean_page("index.php");
- exit;
- }
- }
- else
- {
- //Authentication failed, retry.
- auth( _('Authentication failed!'),"error");
+ //Username and password are set, lets try to authenticate.
+ $result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"]) ." AND password=". $db->quote(md5($_SESSION["userpwd"])) ." AND active=1");
+ if($result->numRows() == 1)
+ {
+ $rowObj = $result->fetchRow();
+ $_SESSION["userid"] = $rowObj["id"];
+ $_SESSION["name"] = $rowObj["fullname"];
+ if($_POST["authenticate"])
+ {
+ //If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+ session_write_close();
+ clean_page("index.php");
+ exit;
+ }
+ }
+ else
+ {
+ //Authentication failed, retry.
+ auth( _('Authentication failed!'),"error");
+ }
}
-}
-else
-{
- //No username and password set, show auth form (again).
- auth();
+ else
+ {
+ //No username and password set, show auth form (again).
+ auth();
+ }
}
/*
@@ -105,6 +107,11 @@
</tr>
</table>
</form>
+ <script type="text/javascript">
+ <!--
+ document.login.username.focus();
+ //-->
+ </script>
<?php
include_once('inc/footer.inc.php');
exit;
@@ -124,7 +131,6 @@
};
unset($_SESSION["userid"]);
unset($_SESSION["name"]);
- unset($_SESSION["level"]);;
session_destroy();
session_write_close();
auth($msg, $type);