aboutsummaryrefslogtreecommitdiffstats
path: root/include/auth.php
blob: 0a21a276ad6b83610a4c559a394c14d9a3feef92 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php

// login/logout 

if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {

	if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
	
		// process logout request

		unset($_SESSION['authenticated']);
		unset($_SESSION['uid']);
		unset($_SESSION['visitor_id']);
		unset($_SESSION['administrator']);
		unset($_SESSION['cid']);
		unset($_SESSION['theme']);
		unset($_SESSION['page_flags']);
		notice( t('Logged out.') . EOL);
		goaway($a->get_baseurl());
	}

	if(x($_SESSION,'uid')) {

		// already logged in user returning

		$r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
			intval($_SESSION['uid'])
		);

		if(! count($r)) {
			unset($_SESSION['authenticated']);
			unset($_SESSION['uid']);
			goaway($a->get_baseurl());
		}

		// initialise user environment

		$a->user = $r[0];
		$_SESSION['theme'] = $a->user['theme'];
		$_SESSION['page_flags'] = $a->user['page-flags'];
		if(strlen($a->user['timezone']))
			date_default_timezone_set($a->user['timezone']);

		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];

		$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
			intval($_SESSION['uid']));
		if(count($r)) {
			$a->contact = $r[0];
			$a->cid = $r[0]['id'];
			$_SESSION['cid'] = $a->cid;

		}
		header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
	}
}
else {

	if(isset($_SESSION)) {
		unset($_SESSION['authenticated']);
		unset($_SESSION['uid']);
		unset($_SESSION['visitor_id']);
		unset($_SESSION['administrator']);
		unset($_SESSION['cid']);
		unset($_SESSION['theme']);
		unset($_SESSION['my_url']);
		unset($_SESSION['page_flags']);
	}

	if(x($_POST,'password'))
		$encrypted = hash('whirlpool',trim($_POST['password']));
	else {
		if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
			require_once('library/openid.php');
			$openid = new LightOpenID;
			$openid->identity = trim($_POST['login-name']);
			$a = get_app();
			$openid->returnUrl = $a->get_baseurl() . '/openid'; 
			goaway($openid->authUrl());	
		}
	}
	if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {

		// process login request

		$r = q("SELECT * FROM `user` 
			WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
			dbesc(trim($_POST['login-name'])),
			dbesc(trim($_POST['login-name'])),
			dbesc($encrypted));
		if(($r === false) || (! count($r))) {
			notice( t('Login failed.') . EOL );
			goaway($a->get_baseurl());
  		}
		$_SESSION['uid'] = $r[0]['uid'];
		$_SESSION['theme'] = $r[0]['theme'];
		$_SESSION['authenticated'] = 1;
		$_SESSION['page_flags'] = $r[0]['page-flags'];
		$_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];

		notice( t("Welcome back ") . $r[0]['username'] . EOL);
		$a->user = $r[0];
		if(strlen($a->user['timezone']))
			date_default_timezone_set($a->user['timezone']);

		$r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
			intval($_SESSION['uid']));
		if(count($r)) {
			$a->contact = $r[0];
			$a->cid = $r[0]['id'];
			$_SESSION['cid'] = $a->cid;
		}

		header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
		if(($a->module !== 'home') && isset($_SESSION['return_url']))
			goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
	}
}

// Returns an array of group id's this contact is a member of.
// This array will only contain group id's related to the uid of this
// DFRN contact. They are *not* neccessarily unique across the entire site. 


if(! function_exists('init_groups_visitor')) {
function init_groups_visitor($contact_id) {
	$groups = array();
	$r = q("SELECT `gid` FROM `group_member` 
		WHERE `contact-id` = %d ",
		intval($contact_id)
	);
	if(count($r)) {
		foreach($r as $rr)
			$groups[] = $rr['gid'];
	}
	return $groups;
}}