include/auth.php

   1 <?php
   2
   3 // login/logout
   4
   5 if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
   6
   7         if($_POST['auth-params'] === 'logout' || $a->module === 'logout') {
   8
   9                 // process logout request
  10
  11                 unset($_SESSION['authenticated']);
  12                 unset($_SESSION['uid']);
  13                 unset($_SESSION['visitor_id']);
  14                 unset($_SESSION['administrator']);
  15                 unset($_SESSION['cid']);
  16                 unset($_SESSION['theme']);
  17                 notice( t('Logged out.') . EOL);
  18                 goaway($a->get_baseurl());
  19         }
  20
  21         if(x($_SESSION,'uid')) {
  22
  23                 // already logged in user returning
  24
  25                 $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  26                         intval($_SESSION['uid'])
  27                 );
  28
  29                 if(! count($r)) {
  30                         goaway($a->get_baseurl());
  31                 }
  32
  33                 // initialise user environment
  34
  35                 $a->user = $r[0];
  36                 $_SESSION['theme'] = $a->user['theme'];
  37                 if(strlen($a->user['timezone']))
  38                         date_default_timezone_set($a->user['timezone']);
  39
  40                 $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
  41
  42                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  43                         intval($_SESSION['uid']));
  44                 if(count($r)) {
  45                         $a->contact = $r[0];
  46                         $a->cid = $r[0]['id'];
  47                         $_SESSION['cid'] = $a->cid;
  48
  49                 }
  50         }
  51 }
  52 else {
  53
  54         unset($_SESSION['authenticated']);
  55         unset($_SESSION['uid']);
  56         unset($_SESSION['visitor_id']);
  57         unset($_SESSION['administrator']);
  58         unset($_SESSION['cid']);
  59         unset($_SESSION['theme']);
  60         unset($_SESSION['my_url']);
  61
  62         $encrypted = hash('whirlpool',trim($_POST['password']));
  63
  64         if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
  65
  66                 // process login request
  67
  68                 $r = q("SELECT * FROM `user`
  69                         WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
  70                         dbesc(trim($_POST['login-name'])),
  71                         dbesc(trim($_POST['login-name'])),
  72                         dbesc($encrypted));
  73                 if(($r === false) || (! count($r))) {
  74                         notice( t('Login failed.') . EOL );
  75                         goaway($a->get_baseurl());
  76                 }
  77                 $_SESSION['uid'] = $r[0]['uid'];
  78                 $_SESSION['theme'] = $r[0]['theme'];
  79                 $_SESSION['authenticated'] = 1;
  80                 $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
  81
  82                 notice( t("Welcome back ") . $r[0]['username'] . EOL);
  83                 $a->user = $r[0];
  84                 if(strlen($a->user['timezone']))
  85                         date_default_timezone_set($a->user['timezone']);
  86
  87                 $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  88                         intval($_SESSION['uid']));
  89                 if(count($r)) {
  90                         $a->cid = $r[0]['id'];
  91                         $_SESSION['cid'] = $a->cid;
  92                 }
  93                 if(($a->module !== 'home') && isset($_SESSION['return_url']))
  94                         goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
  95         }
  96 }
  97
  98 // Returns an array of group id's this contact is a member of.
  99 // This array will only contain group id's related to the uid of this
 100 // DFRN contact. They are *not* neccessarily unique across the entire site.
 101
 102
 103 if(! function_exists('init_groups_visitor')) {
 104 function init_groups_visitor($contact_id) {
 105         $groups = array();
 106         $r = q("SELECT `gid` FROM `group_member`
 107                 WHERE `contact-id` = %d ",
 108                 intval($contact_id)
 109         );
 110         if(count($r)) {
 111                 foreach($r as $rr)
 112                         $groups[] = $rr['gid'];
 113         }
 114         return $groups;
 115 }}
 116
 117