a few minor changes

1 files changed, 44 insertions, 37 deletions

diff --git a/include/auth.php b/include/auth.php
index cba6a67a7..4dfe74472 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -20,12 +20,36 @@ function nuke_session() {
 	unset($_SESSION['page_flags']);
 }
 
+/**
+ * Verify login credentials
+ *
+ * Returns account record on success, null on failure
+ *
+ */
+
+function account_verify_password($email,$pass) {
+	$r = q("select * from account where account_email = '%s'",
+		dbesc($email)
+	);
+	if(! ($r && count($r)))
+		return null;
+	foreach($r as $record) {
+		if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+			&& (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
+			return $record;
+		}
+	}
+	return null;
+}
+
 
 // login/logout 
 
 
 
 
+
+
 if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
 
 	if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
@@ -59,6 +83,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
 			goaway(z_root());
 		}
 
+		$r = q("select * from account where account_id = %d limit 1",
+			intval($_SESSION['account_id'])
+		);
+		if(count($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED)))
+			get_app()->account = $r[0];
+		else
+			$_SESSION['account_id'] = 0;
+
 		$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey` 
 		FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
 			intval($_SESSION['uid'])
@@ -80,43 +112,6 @@ else {
 
 	if((x($_POST,'password')) && strlen($_POST['password']))
 		$encrypted = hash('whirlpool',trim($_POST['password']));
-	else {
-		if((x($_POST,'openid_url')) && strlen($_POST['openid_url']) ||
-		   (x($_POST,'username')) && strlen($_POST['username'])) {
-
-			$noid = get_config('system','no_openid');
-
-			$openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
-
-			// validate_url alters the calling parameter
-
-			$temp_string = $openid_url;
-
-			// if it's an email address or doesn't resolve to a URL, fail.
-
-			if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
-				$a = get_app();
-				notice( t('Login failed.') . EOL);
-				goaway(z_root());
-				// NOTREACHED
-			}
-
-			// Otherwise it's probably an openid.
-
-                        try {
-			require_once('library/openid.php');
-			$openid = new LightOpenID;
-			$openid->identity = $openid_url;
-			$_SESSION['openid'] = $openid_url;
-			$a = get_app();
-			$openid->returnUrl = $a->get_baseurl(true) . '/openid'; 
-                        goaway($openid->authUrl());
-                        } catch (Exception $e) {
-                            notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
-                        }
-			// NOTREACHED
-		}
-	}
 
 	if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
 
@@ -144,6 +139,18 @@ else {
 		}
 		else {
 
+			get_app()->account = account_verify_password($_POST['username'],$_POST['password']);
+
+			if(get_app()->account) {
+				$_SESSION['account_id'] = get_app()->account['account_id'];
+			}
+			else {
+				notice( t('Failed authentication') . EOL);
+			}
+
+			logger('authenticate: ' . print_r(get_app()->account,true));
+
+
 			// process normal login request
 
 			$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`