include/auth.php

   1 <?php
   2
   3 // login/logout
   4
   5 if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
   6
   7         if($_POST['auth-params'] === 'logout' || $a->module === 'logout') {
   8
   9                 // process logout request
  10
  11                 unset($_SESSION['authenticated']);
  12                 unset($_SESSION['uid']);
  13                 unset($_SESSION['visitor_id']);
  14                 unset($_SESSION['administrator']);
  15                 unset($_SESSION['cid']);
  16                 unset($_SESSION['theme']);
  17                 notice( t('Logged out.') . EOL);
  18                 goaway($a->get_baseurl());
  19         }
  20
  21         if(x($_SESSION,'uid')) {
  22
  23                 // already logged in user returning
  24
  25                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  26                         intval($_SESSION['uid'])
  27                 );
  28
  29                 if(! count($r)) {
  30                         goaway($a->get_baseurl());
  31                 }
  32
  33                 // initialise user environment
  34
  35                 $a->user = $r[0];
  36                 $_SESSION['theme'] = $a->user['theme'];
  37                 if(strlen($a->user['timezone']))
  38                         date_default_timezone_set($a->user['timezone']);
  39
  40                 $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
  41
  42                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  43                         intval($_SESSION['uid']));
  44                 if(count($r)) {
  45                         $a->contact = $r[0];
  46                         $a->cid = $r[0]['id'];
  47                         $_SESSION['cid'] = $a->cid;
  48
  49                 }
  50         }
  51 }
  52 else {
  53
  54         unset($_SESSION['authenticated']);
  55         unset($_SESSION['uid']);
  56         unset($_SESSION['visitor_id']);
  57         unset($_SESSION['administrator']);
  58         unset($_SESSION['cid']);
  59         unset($_SESSION['theme']);
  60         unset($_SESSION['my_url']);
  61
  62         $encrypted = hash('whirlpool',trim($_POST['password']));
  63
  64         if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
  65
  66                 // process login request
  67
  68                 $r = q("SELECT * FROM `user`
  69                         WHERE `email` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
  70                         dbesc(trim($_POST['login-name'])),
  71                         dbesc($encrypted));
  72                 if(($r === false) || (! count($r))) {
  73                         notice( t('Login failed.') . EOL );
  74                         goaway($a->get_baseurl());
  75                 }
  76                 $_SESSION['uid'] = $r[0]['uid'];
  77                 $_SESSION['theme'] = $r[0]['theme'];
  78                 $_SESSION['authenticated'] = 1;
  79                 $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
  80
  81                 notice( t("Welcome back ") . $r[0]['username'] . EOL);
  82                 $a->user = $r[0];
  83                 if(strlen($a->user['timezone']))
  84                         date_default_timezone_set($a->user['timezone']);
  85
  86                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  87                         intval($_SESSION['uid']));
  88                 if(count($r)) {
  89                         $a->cid = $r[0]['id'];
  90                         $_SESSION['cid'] = $a->cid;
  91                 }
  92                 if(($a->module !== 'home') && isset($_SESSION['return_url']))
  93                         goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
  94         }
  95 }
  96
  97 // Returns an array of group id's this contact is a member of.
  98 // This array will only contain group id's related to the uid of this
  99 // DFRN contact. They are *not* neccessarily unique across the entire site.
 100
 101
 102 if(! function_exists('init_groups_visitor')) {
 103 function init_groups_visitor($contact_id) {
 104         $groups = array();
 105         $r = q("SELECT `gid` FROM `group_member`
 106                 WHERE `contact-id` = %d ",
 107                 intval($contact_id)
 108         );
 109         if(count($r)) {
 110                 foreach($r as $rr)
 111                         $groups[] = $rr['gid'];
 112         }
 113         return $groups;
 114 }}
 115
 116