X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fauth.php;h=7e04cb2e70a1280ceae7330cbaee512ba9950af0;hb=1d2fdb259eab5af5f6ba967c61707e3a6dd9a3d0;hp=78e2bb8e042132dc9428eb04aad07fd072500389;hpb=ffb1997902facb36b78a7cfa522f41f2b3d71cda;p=friendica.git

diff --git a/include/auth.php b/include/auth.php
index 78e2bb8e04..7e04cb2e70 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -2,29 +2,44 @@
 
 // login/logout 
 
-if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) {
-	if($_POST['auth-params'] == 'logout' || $a->module == "logout") {
+if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
+
+	if($_POST['auth-params'] === 'logout' || $a->module === 'logout') {
+	
+		// process logout request
+
 		unset($_SESSION['authenticated']);
 		unset($_SESSION['uid']);
 		unset($_SESSION['visitor_id']);
 		unset($_SESSION['administrator']);
 		unset($_SESSION['cid']);
 		unset($_SESSION['theme']);
+		unset($_SESSION['page_flags']);
 		notice( t('Logged out.') . EOL);
 		goaway($a->get_baseurl());
 	}
+
 	if(x($_SESSION,'uid')) {
+
+		// already logged in user returning
+
 		$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-			intval($_SESSION['uid']));
-		if($r === NULL || (! count($r))) {
+			intval($_SESSION['uid'])
+		);
+
+		if(! count($r)) {
 			goaway($a->get_baseurl());
 		}
+
+		// initialise user environment
+
 		$a->user = $r[0];
 		$_SESSION['theme'] = $a->user['theme'];
+		$_SESSION['page_flags'] = $a->user['page-flags'];
 		if(strlen($a->user['timezone']))
 			date_default_timezone_set($a->user['timezone']);
 
-		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
+		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
 
 		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
 			intval($_SESSION['uid']));
@@ -37,16 +52,25 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) {
 	}
 }
 else {
+
 	unset($_SESSION['authenticated']);
 	unset($_SESSION['uid']);
 	unset($_SESSION['visitor_id']);
 	unset($_SESSION['administrator']);
 	unset($_SESSION['cid']);
+	unset($_SESSION['theme']);
+	unset($_SESSION['my_url']);
+	unset($_SESSION['page_flags']);
+
 	$encrypted = hash('whirlpool',trim($_POST['password']));
 
-	if((x($_POST,'auth-params')) && $_POST['auth-params'] == 'login') {
+	if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
+
+		// process login request
+
 		$r = q("SELECT * FROM `user` 
-			WHERE `email` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			dbesc(trim($_POST['login-name'])),
 			dbesc(trim($_POST['login-name'])),
 			dbesc($encrypted));
 		if(($r === false) || (! count($r))) {
@@ -56,6 +80,7 @@ else {
 		$_SESSION['uid'] = $r[0]['uid'];
 		$_SESSION['theme'] = $r[0]['theme'];
 		$_SESSION['authenticated'] = 1;
+		$_SESSION['page_flags'] = $r[0]['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
 
 		notice( t("Welcome back ") . $r[0]['username'] . EOL);
@@ -69,8 +94,8 @@ else {
 			$a->cid = $r[0]['id'];
 			$_SESSION['cid'] = $a->cid;
 		}
-
-
+		if(($a->module !== 'home') && isset($_SESSION['return_url']))
+			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
 	}
 }