last minute modifications (2.2.0 release)
[phpns.git] / login.php
blobf5e9120c9c95cc2a005f09d527e82d6cc3f3c858
1 <?php
3 /* Copyright (c) 2007-08 Alec Henriksen
4 * phpns is free software; you can redistribute it and/or modify it under the
5 * terms of the GNU General Public Licence (GPL) as published by the Free
6 * Software Foundation; either version 2 of the Licence, or (at your option) any
7 * later version.
8 * Please see the GPL at http://www.gnu.org/copyleft/gpl.html for a complete
9 * understanding of what this license means and how to abide by it.
11 include("inc/init.php");
13 $globalvars['pagetype'] = "login"; //set page type
15 include("inc/header.php"); //include header file
17 $do = $_GET['do']; //get action
19 if ($_GET['m'] == "out") {
20 $message .= '<div class="warning warning_login">You are successfully logged out!</div>';
21 } elseif ($_GET['m'] == "nologin") {
22 $message .= '<div class="warning">Your username and password are correct, however, your rank is disallowing logging in at this time. Contact your administrator if you think this is a mistake.</div>';
25 if (!$do) {
27 $content .= login_form($message);
29 } elseif ($do == "p") {
30 $loginvar = array("username"=>$_POST['username'],"password"=>sha1($_POST['password']),"remember"=>$_POST['remember']);
32 $loginvar = clean_data($loginvar); //clean the data
34 //check if database has entry + password
35 $lsql = "SELECT * FROM ".$databaseinfo['prefix']."users WHERE user_name='".$loginvar['username']."' AND password='".$loginvar['password']."'";
36 $lres = mysql_query($lsql) or die(mysql_error());
37 $lnumcheck = mysql_num_rows($lres);
38 if ($lnumcheck == 0) { //if no result was found...
39 $content .= login_form('<div id="login_warning" class="warning warning_login">
40 Incorrect username and/or password. Cookies must be enabled to login to the system!
41 </div>');
42 } else {
43 //insert login record.
44 $loginvar['timestamp'] = time();
46 //get some vars from db
47 $fdata = general_query('SELECT * FROM '.$databaseinfo['prefix'].'users WHERE user_name="'.$loginvar['username'].'"', TRUE);
48 //get rank string
49 $rdata = general_query('SELECT * FROM '.$databaseinfo['prefix'].'ranks WHERE id='.$fdata['rank_id'].'', TRUE);
50 //insert login record
51 $res = general_query("INSERT INTO ".$databaseinfo['prefix']."userlogin
52 (username,rank_id,timestamp,ip)
53 VALUES (
54 '".$loginvar['username']."',
55 '".$rdata['id']."',
56 '".$loginvar['timestamp']."',
57 '".$globalvars['ip']."')");
59 //define session variables, set cookies
60 //IF YOU MODIFY SOMETHING HERE, YOU NEED TO *ALSO* add it to auth.php!
61 $_SESSION['username'] = $fdata['user_name'];
62 $_SESSION['userID'] = $fdata['id'];
63 $_SESSION['rankID'] = $fdata['rank_id'];
64 $_SESSION['permissions'] = $rdata['permissions'];
65 $_SESSION['category_list'] = $rdata['category_list'];
66 $_SESSION['auth'] = "yes";
67 $_SESSION['path'] = $globalvars['path_to'];
69 //if the user wants to set a cookie, we have to do more stuff. (bleh.)
70 if ($loginvar['remember']) {
71 //generate randomized string for cookie identification
72 //we'll generate it now.
73 $cookie_string = md5(uniqid(rand(), true));
74 $cookielog_res = general_query('INSERT INTO '.$databaseinfo['prefix'].'cookielog
75 (user_id,rank_id,cookie_id,timestamp,ip)
76 VALUES (
77 "'.$fdata['id'].'",
78 "'.$fdata['rank_id'].'",
79 "'.$cookie_string.'",
80 "'.$loginvar['timestamp'].'",
81 "'.$globalvars['ip'].'"
82 )');
84 setcookie('cookie_auth', $cookie_string, time()+604800); //set cookie to expire in a week
87 //quick permission check (redir to error)
88 if ($rdata['permissions'][8] == 0) {
89 session_destroy();
90 header("Location: login.php?m=nologin");
91 die(); //kill just in case
94 //log the login
95 log_this('login','User <i>'.$_SESSION['username'].'</i> has <strong>logged in</strong>.');
97 //go to index
98 header("Location: index.php"); //redirect to index
101 } elseif ($do == "logout") { //if we're logging out...
102 log_this('logout','User <i>'.$_SESSION['username'].'</i> has <strong>logged out</strong>.');
103 session_destroy(); //destroy session
104 header("Location: login.php?m=out");
106 include("inc/themecontrol.php");