include/auth.php

   1 <?php
   2
   3 // login/logout
   4
   5 if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) {
   6         if($_POST['auth-params'] == 'logout' || $a->module == "logout") {
   7                 unset($_SESSION['authenticated']);
   8                 unset($_SESSION['uid']);
   9                 unset($_SESSION['visitor_id']);
  10                 unset($_SESSION['administrator']);
  11                 unset($_SESSION['cid']);
  12                 $_SESSION['sysmsg'] = "Logged out." . EOL;
  13                 goaway($a->get_baseurl());
  14         }
  15         if(x($_SESSION,'uid')) {
  16                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  17                         intval($_SESSION['uid']));
  18                 if($r === NULL || (! count($r))) {
  19                         goaway($a->get_baseurl());
  20                 }
  21                 $a->user = $r[0];
  22                 if(strlen($a->user['timezone']))
  23                         date_default_timezone_set($a->user['timezone']);
  24
  25                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  26                         intval($_SESSION['uid']));
  27                 if(count($r)) {
  28                         $a->cid = $r[0]['id'];
  29                         $_SESSION['cid'] = $a->cid;
  30                 }
  31         }
  32 }
  33 else {
  34         unset($_SESSION['authenticated']);
  35         unset($_SESSION['uid']);
  36         unset($_SESSION['visitor_id']);
  37         unset($_SESSION['administrator']);
  38         unset($_SESSION['cid']);
  39         $encrypted = hash('whirlpool',trim($_POST['password']));
  40
  41         if((x($_POST,'auth-params')) && $_POST['auth-params'] == 'login') {
  42                 $r = q("SELECT * FROM `user`
  43                         WHERE `email` = '%s' AND `password` = '%s' LIMIT 1",
  44                         dbesc(trim($_POST['login-name'])),
  45                         dbesc($encrypted));
  46                 if(($r === false) || (! count($r))) {
  47                         $_SESSION['sysmsg'] = 'Login failed.' . EOL ;
  48                         goaway($a->get_baseurl());
  49                 }
  50                 $_SESSION['uid'] = $r[0]['uid'];
  51                 $_SESSION['admin'] = $r[0]['admin'];
  52                 $_SESSION['authenticated'] = 1;
  53                 if(x($r[0],'nickname'))
  54                         $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
  55                 else
  56                         $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['uid'];
  57
  58                 $_SESSION['sysmsg'] = "Welcome back " . $r[0]['username'] . EOL;
  59                 $a->user = $r[0];
  60                 if(strlen($a->user['timezone']))
  61                         date_default_timezone_set($a->user['timezone']);
  62
  63                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  64                         intval($_SESSION['uid']));
  65                 if(count($r)) {
  66                         $a->cid = $r[0]['id'];
  67                         $_SESSION['cid'] = $a->cid;
  68                 }
  69
  70
  71         }
  72 }
  73
  74 // Returns an array of group names this contact is a member of.
  75 // Since contact-id's are unique and each "belongs" to a given user uid,
  76 // this array will only contain group names related to the uid of this
  77 // DFRN contact. They are *not* neccessarily unique across the entire site.
  78
  79
  80 if(! function_exists('init_groups_visitor')) {
  81 function init_groups_visitor($contact_id) {
  82         $groups = array();
  83         $r = q("SELECT `group_member`.`gid`, `group`.`name`
  84                 FROM `group_member` LEFT JOIN `group` ON `group_member`.`gid` = `group`.`id`
  85                 WHERE `group_member`.`contact-id` = %d ",
  86                 intval($contact_id)
  87         );
  88         if(count($r)) {
  89                 foreach($r as $rr)
  90                         $groups[] = $rr['name'];
  91         }
  92         return $groups;
  93 }}
  94
  95