diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/auth.php | 79 | ||||
| -rw-r--r-- | include/nav.php | 23 |
2 files changed, 102 insertions, 0 deletions
diff --git a/include/auth.php b/include/auth.php new file mode 100644 index 000000000..e22651cdd --- /dev/null +++ b/include/auth.php @@ -0,0 +1,79 @@ +<?php + +// login/logout + +if((x($_SESSION,'authenticated')) && (! ($_POST['auth-params'] == 'login'))) { + if($_POST['auth-params'] == 'logout' || $a->module == "logout") { + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); + unset($_SESSION['visitor_id']); + unset($_SESSION['administrator']); + $_SESSION['sysmsg'] = "Logged out." . EOL; + goaway($a->get_baseurl()); + } + if(x($_SESSION,'uid')) { + $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1", + intval($_SESSION['uid'])); + if($r === NULL || (! count($r))) { + goaway($a->get_baseurl()); + } + $a->user = $r[0]; + if(strlen($a->user['timezone'])) + date_default_timezone_set($a->user['timezone']); + + } +} +else { + unset($_SESSION['authenticated']); + unset($_SESSION['uid']); + unset($_SESSION['visitor_id']); + unset($_SESSION['administrator']); + $encrypted = hash('whirlpool',trim($_POST['password'])); + + if((x($_POST,'auth-params')) && $_POST['auth-params'] == 'login') { + $r = q("SELECT * FROM `user` + WHERE `email` = '%s' AND `password` = '%s' LIMIT 1", + dbesc(trim($_POST['login-name'])), + dbesc($encrypted)); + if(($r === false) || (! count($r))) { + $_SESSION['sysmsg'] = 'Login failed.' . EOL ; + goaway($a->get_baseurl()); + } + $_SESSION['uid'] = $r[0]['uid']; + $_SESSION['admin'] = $r[0]['admin']; + $_SESSION['authenticated'] = 1; + if(x($r[0],'nickname')) + $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname']; + else + $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['uid']; + + $_SESSION['sysmsg'] = "Welcome back " . $r[0]['username'] . EOL; + $a->user = $r[0]; + if(strlen($a->user['timezone'])) + date_default_timezone_set($a->user['timezone']); + + } +} + +// Returns an array of group names this contact is a member of. +// Since contact-id's are unique and each "belongs" to a given user uid, +// this array will only contain group names related to the uid of this +// DFRN contact. They are *not* neccessarily unique across the entire site. + + +if(! function_exists('init_groups_visitor')) { +function init_groups_visitor($contact_id) { + $groups = array(); + $r = q("SELECT `group_member`.`gid`, `group`.`name` + FROM `group_member` LEFT JOIN `group` ON `group_member`.`gid` = `group`.`id` + WHERE `group_member`.`contact-id` = %d ", + intval($contact_id) + ); + if(count($r)) { + foreach($r as $rr) + $groups[] = $rr['name']; + } + return $groups; +}} + + diff --git a/include/nav.php b/include/nav.php new file mode 100644 index 000000000..c51c56ad2 --- /dev/null +++ b/include/nav.php @@ -0,0 +1,23 @@ + +<?php + $a->page['nav'] .= "<span id=\"nav-link-wrapper\" >\r\n"; + + if(x($_SESSION,'uid')) { + + $a->page['nav'] .= "<a id=\"nav-notify-link\" class=\"nav-commlink\" href=\"notifications\">Notifications</a>\r\n"; + + $a->page['nav'] .= "<a id=\"nav-messages-link\" class=\"nav-commlink\" href=\"Messages\">Messages</a>\r\n"; + + + $a->page['nav'] .= "<a id=\"nav-logout-link\" class=\"nav-link\" href=\"logout\">Logout</a>\r\n"; + + $a->page['nav'] .= "<a id=\"nav-settings-link\" class=\"nav-link\" href=\"settings\">Settings</a>\r\n"; + + $a->page['nav'] .= "<a id=\"nav-profiles-link\" class=\"nav-link\" href=\"profiles\">Profiles</a>\r\n"; + + $a->page['nav'] .= "<a id=\"nav-contacts-link\" class=\"nav-link\" href=\"contacts\">Contacts</a>\r\n"; + + $a->page['nav'] .= "<a id=\"nav-home-link\" class=\"nav-link\" href=\"profile/{$_SESSION['uid']}\">Home</a>\r\n"; + + } + $a->page['nav'] .= "</span>\r\n<span id=\"nav-end\"></span>\r\n"; |