aboutsummaryrefslogtreecommitdiffstats
path: root/include/auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/auth.php')
-rw-r--r--include/auth.php81
1 files changed, 44 insertions, 37 deletions
diff --git a/include/auth.php b/include/auth.php
index cba6a67a7..4dfe74472 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -20,12 +20,36 @@ function nuke_session() {
unset($_SESSION['page_flags']);
}
+/**
+ * Verify login credentials
+ *
+ * Returns account record on success, null on failure
+ *
+ */
+
+function account_verify_password($email,$pass) {
+ $r = q("select * from account where account_email = '%s'",
+ dbesc($email)
+ );
+ if(! ($r && count($r)))
+ return null;
+ foreach($r as $record) {
+ if(($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)
+ && (hash('whirlpool',$record['account_salt'] . $pass) === $record['account_password'])) {
+ return $record;
+ }
+ }
+ return null;
+}
+
// login/logout
+
+
if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
@@ -59,6 +83,14 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
goaway(z_root());
}
+ $r = q("select * from account where account_id = %d limit 1",
+ intval($_SESSION['account_id'])
+ );
+ if(count($r) && (($r[0]['account_flags'] == ACCOUNT_OK) || ($r[0]['account_flags'] == ACCOUNT_UNVERIFIED)))
+ get_app()->account = $r[0];
+ else
+ $_SESSION['account_id'] = 0;
+
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`
FROM `user` WHERE `uid` = %d AND `blocked` = 0 AND `account_expired` = 0 AND `verified` = 1 LIMIT 1",
intval($_SESSION['uid'])
@@ -80,43 +112,6 @@ else {
if((x($_POST,'password')) && strlen($_POST['password']))
$encrypted = hash('whirlpool',trim($_POST['password']));
- else {
- if((x($_POST,'openid_url')) && strlen($_POST['openid_url']) ||
- (x($_POST,'username')) && strlen($_POST['username'])) {
-
- $noid = get_config('system','no_openid');
-
- $openid_url = trim((strlen($_POST['openid_url'])?$_POST['openid_url']:$_POST['username']) );
-
- // validate_url alters the calling parameter
-
- $temp_string = $openid_url;
-
- // if it's an email address or doesn't resolve to a URL, fail.
-
- if(($noid) || (strpos($temp_string,'@')) || (! validate_url($temp_string))) {
- $a = get_app();
- notice( t('Login failed.') . EOL);
- goaway(z_root());
- // NOTREACHED
- }
-
- // Otherwise it's probably an openid.
-
- try {
- require_once('library/openid.php');
- $openid = new LightOpenID;
- $openid->identity = $openid_url;
- $_SESSION['openid'] = $openid_url;
- $a = get_app();
- $openid->returnUrl = $a->get_baseurl(true) . '/openid';
- goaway($openid->authUrl());
- } catch (Exception $e) {
- notice( t('We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID.').'<br /><br >'. t('The error message was:').' '.$e->getMessage());
- }
- // NOTREACHED
- }
- }
if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
@@ -144,6 +139,18 @@ else {
}
else {
+ get_app()->account = account_verify_password($_POST['username'],$_POST['password']);
+
+ if(get_app()->account) {
+ $_SESSION['account_id'] = get_app()->account['account_id'];
+ }
+ else {
+ notice( t('Failed authentication') . EOL);
+ }
+
+ logger('authenticate: ' . print_r(get_app()->account,true));
+
+
// process normal login request
$r = q("SELECT `user`.*, `user`.`pubkey` as `upubkey`, `user`.`prvkey` as `uprvkey`