inc/auth.inc.php
changeset 82 c255196bc447
parent 79 0c0aa144356a
child 119 f74e4f88b680
--- a/inc/auth.inc.php	Wed Mar 12 20:45:56 2008 +0000
+++ b/inc/auth.inc.php	Tue Mar 25 22:45:31 2008 +0000
@@ -21,55 +21,57 @@
 
 //session_start();
 
-if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout")
-{
-	logout();
-}
+function doAuthenticate() {
+	global $db;
+	global $EXPIRE;
+	if (isset($_SERVER["QUERY_STRING"]) && $_SERVER["QUERY_STRING"] == "logout") {
+		logout();
+	}
 
-// If a user had just entered his/her login && password, store them in our session.
-if(isset($_POST["authenticate"]))
-{
-    	$_SESSION["userpwd"] = $_POST["password"];
-    	$_SESSION["userlogin"] = $_POST["username"];
-}
+	// If a user had just entered his/her login && password, store them in our session.
+	if(isset($_POST["authenticate"]))
+	{
+			$_SESSION["userpwd"] = $_POST["password"];
+			$_SESSION["userlogin"] = $_POST["username"];
+	}
 
-// Check if the session hasnt expired yet.
-if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
-{
-	logout( _('Session expired, please login again.'),"error");
-}
+	// Check if the session hasnt expired yet.
+	if ((isset($_SESSION["userid"])) && ($_SESSION["lastmod"] != "") && ((time() - $_SESSION["lastmod"]) > $EXPIRE))
+	{
+		logout( _('Session expired, please login again.'),"error");
+	}
 
-// If the session hasn't expired yet, give our session a fresh new timestamp.
-$_SESSION["lastmod"] = time();
+	// If the session hasn't expired yet, give our session a fresh new timestamp.
+	$_SESSION["lastmod"] = time();
 
-if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
-{
-    //Username and password are set, lets try to authenticate.
-	$result = $db->query("SELECT id, fullname, level FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
-	if($result->numRows() == 1)
+	if(isset($_SESSION["userlogin"]) && isset($_SESSION["userpwd"]))
 	{
-        	$rowObj = $result->fetchRow();
-		$_SESSION["userid"] = $rowObj["id"];
-		$_SESSION["name"] = $rowObj["fullname"];
-		$_SESSION["level"] = $rowObj["level"];
-        	if(isset($_POST["authenticate"]))
-        	{
-            		//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
-            		session_write_close();
-            		clean_page("index.php");
-            		exit;
-        	}
-    	}
-    	else
-    	{
-        	//Authentication failed, retry.
-	        auth( _('Authentication failed!'),"error");
+		//Username and password are set, lets try to authenticate.
+		$result = $db->query("SELECT id, fullname FROM users WHERE username=". $db->quote($_SESSION["userlogin"])  ." AND password=". $db->quote(md5($_SESSION["userpwd"]))  ." AND active=1");
+		if($result->numRows() == 1)
+		{
+			$rowObj = $result->fetchRow();
+			$_SESSION["userid"] = $rowObj["id"];
+			$_SESSION["name"] = $rowObj["fullname"];
+			if($_POST["authenticate"])
+			{
+				//If a user has just authenticated, redirect him to index with timestamp, so post-data gets lost.
+				session_write_close();
+				clean_page("index.php");
+				exit;
+			}
+		}
+		else
+		{
+			//Authentication failed, retry.
+			auth( _('Authentication failed!'),"error");
+		}
 	}
-}
-else
-{
-	//No username and password set, show auth form (again).
-	auth();
+	else
+	{
+		//No username and password set, show auth form (again).
+		auth();
+	}
 }
 
 /*
@@ -105,6 +107,11 @@
 	  </tr>
 	 </table>
 	</form>
+        <script type="text/javascript">
+         <!--
+          document.login.username.focus();
+         //-->
+        </script>
 	<?php
 	include_once('inc/footer.inc.php');
 	exit;
@@ -124,7 +131,6 @@
 	};
 	unset($_SESSION["userid"]);
 	unset($_SESSION["name"]);
-	unset($_SESSION["level"]);;
 	session_destroy();
 	session_write_close();
 	auth($msg, $type);