X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=include%2Fauth.php;h=7e04cb2e70a1280ceae7330cbaee512ba9950af0;hb=1d2fdb259eab5af5f6ba967c61707e3a6dd9a3d0;hp=e30b94d2e389e2a8577fa5f76f6b8c8e216e5c59;hpb=948cb293023b64512ee4220ddc4198769d5eb938;p=friendica.git

diff --git a/include/auth.php b/include/auth.php
index e30b94d2e3..7e04cb2e70 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -3,28 +3,43 @@
 // login/logout 
 
 if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
+
 	if($_POST['auth-params'] === 'logout' || $a->module === 'logout') {
+	
+		// process logout request
+
 		unset($_SESSION['authenticated']);
 		unset($_SESSION['uid']);
 		unset($_SESSION['visitor_id']);
 		unset($_SESSION['administrator']);
 		unset($_SESSION['cid']);
 		unset($_SESSION['theme']);
+		unset($_SESSION['page_flags']);
 		notice( t('Logged out.') . EOL);
 		goaway($a->get_baseurl());
 	}
+
 	if(x($_SESSION,'uid')) {
+
+		// already logged in user returning
+
 		$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
-			intval($_SESSION['uid']));
-		if($r === NULL || (! count($r))) {
+			intval($_SESSION['uid'])
+		);
+
+		if(! count($r)) {
 			goaway($a->get_baseurl());
 		}
+
+		// initialise user environment
+
 		$a->user = $r[0];
 		$_SESSION['theme'] = $a->user['theme'];
+		$_SESSION['page_flags'] = $a->user['page-flags'];
 		if(strlen($a->user['timezone']))
 			date_default_timezone_set($a->user['timezone']);
 
-		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
+		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
 
 		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
 			intval($_SESSION['uid']));
@@ -37,18 +52,25 @@ if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] === 'login'))) {
 	}
 }
 else {
+
 	unset($_SESSION['authenticated']);
 	unset($_SESSION['uid']);
 	unset($_SESSION['visitor_id']);
 	unset($_SESSION['administrator']);
 	unset($_SESSION['cid']);
 	unset($_SESSION['theme']);
+	unset($_SESSION['my_url']);
+	unset($_SESSION['page_flags']);
 
 	$encrypted = hash('whirlpool',trim($_POST['password']));
 
 	if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
+
+		// process login request
+
 		$r = q("SELECT * FROM `user` 
-			WHERE `email` = '%s' AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
+			dbesc(trim($_POST['login-name'])),
 			dbesc(trim($_POST['login-name'])),
 			dbesc($encrypted));
 		if(($r === false) || (! count($r))) {
@@ -58,6 +80,7 @@ else {
 		$_SESSION['uid'] = $r[0]['uid'];
 		$_SESSION['theme'] = $r[0]['theme'];
 		$_SESSION['authenticated'] = 1;
+		$_SESSION['page_flags'] = $r[0]['page-flags'];
 		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
 
 		notice( t("Welcome back ") . $r[0]['username'] . EOL);