finished the login/logout/session stuff

11 files changed, 59 insertions, 39 deletions

diff --git a/web/html/account.php b/web/html/account.php
index 6d402cae..4d2cd9f6 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -2,6 +2,7 @@
 include("aur.inc");         # access AUR common functions
 include("account_po.inc");  # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header
 
 
@@ -11,8 +12,5 @@ html_header();              # print out the HTML header
 print __("Under construction...")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/css/containers.css b/web/html/css/containers.css
index 7322b3f1..69ed1d96 100644
--- a/web/html/css/containers.css
+++ b/web/html/css/containers.css
@@ -174,6 +174,12 @@
 		vertical-align: top;

 		padding-left: 5;

 	}

+	td.text

+	{

+		color:	#000;

+		font-family: verdana;

+		font-size: 12px;

+	}

 	th

 	{

 		text-align: left;

diff --git a/web/html/css/fonts.css b/web/html/css/fonts.css
index 55cb2261..fcf46441 100644
--- a/web/html/css/fonts.css
+++ b/web/html/css/fonts.css
@@ -40,6 +40,12 @@
 		font-family:		monospace, fixed, terminal;

 		font-size:			12px;

 	}

+	span.error /* Content Text */

+	{

+		color:				#900;

+		font-family:		verdana;

+		font-size:			12px;

+	}

 

 /* Font Attribute Change (#6c83b0)*/

 	span.blue

diff --git a/web/html/hacker.php b/web/html/hacker.php
new file mode 100644
index 00000000..5d518340
--- /dev/null
+++ b/web/html/hacker.php
@@ -0,0 +1,13 @@
+<?
+include("hacker_po.inc");
+include("aur.inc");
+set_lang();
+html_header();
+
+print __("Your session id is invalid.");
+print "<p>\n";
+print __("If this problem persists, please contact the site administrator.");
+print "</p>\n";
+
+html_footer("\$Id$");
+?>
diff --git a/web/html/index.php b/web/html/index.php
index 3bda5511..ad7b73f0 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -4,7 +4,7 @@ include("aur.inc");
 set_lang();
 check_sid();
 
-# Need to do the authentication prior to sending HTML
+# Need to do the authentication prior to sending any HTML (including header)
 #
 $login_error = "";
 if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
@@ -23,14 +23,15 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
 		$q = "SELECT ID, Suspended FROM Users ";
 		$q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
 		$q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
-		$result = mysql_query($q, $dbh);
+		$result = db_query($q, $dbh);
 		if (!$result) {
 			$login_error = __("Incorrect password for username %s.",
 						array($_REQUEST["user"]));
-		}
-		$row = mysql_fetch_row($result);
-		if ($row[1]) {
-			$login_error = __("Your account has been suspended.");
+		} else {
+			$row = mysql_fetch_row($result);
+			if ($row[1]) {
+				$login_error = __("Your account has been suspended.");
+			}
 		}
 
 		if (!$login_error) {
@@ -42,7 +43,7 @@ if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
 				$new_sid = new_sid();
 				$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
 				$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
-				$result = mysql_query($q, $dbh);
+				$result = db_query($q, $dbh);
 				# Query will fail if $new_sid is not unique
 				#
 				if ($result) {
@@ -69,19 +70,19 @@ html_header();
 
 print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
 print "<tr>\n";
-print "  <td align='left'>";
+print "  <td align='left' valign='top'>&nbsp;<br/>";
 print __("This is where the intro text will go.");
 print __("For now, it's just a place holder.");
 print __("It's more important to get the login functionality finished.");
 print __("After that, this can be filled in with more meaningful text.");
 print "  </td>";
-print "  <td align='right'>";
+print "  <td align='right'>&nbsp;<br/>\n";
 if (!isset($_COOKIE["AURSID"])) {
 	# the user is not logged in, give them login widgets
 	#
 	print "<form action='/index.php' method='post'>\n";
 	if ($login_error) {
-		print $login_error . "<br/>\n";
+		print "<span class='error'>" . $login_error . "</span><br/>\n";
 	}
 	print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
 	print "<tr>\n";
diff --git a/web/html/logout.php b/web/html/logout.php
index 6757784e..07a787a1 100644
--- a/web/html/logout.php
+++ b/web/html/logout.php
@@ -2,17 +2,19 @@
 include("aur.inc");         # access AUR common functions
 include("logout_po.inc");   # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
-html_header();              # print out the HTML header
-
 
-# Any text you print out to the visitor, use the __() function
-# for i18n support.  See 'testpo.php' for more details.
+# if they've got a cookie, log them out - need to do this before
+# sending any HTML output.
 #
-print __("Under construction...")."<br/>\n";
+if (isset($_COOKIE["AURSID"])) {
+	$q = "DELETE FROM Sessions WHERE SessionID = '";
+	$q.= mysql_escape_string($_COOKIE["AURSID"]) . "'";
+	setcookie("AURSID", "", time() - (60*60*24*30), "/");
+}
+
+html_header();              # print out the HTML header
+print __("You have been successfully logged out.")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/pkgmgmnt.php b/web/html/pkgmgmnt.php
index 0988e51e..b1768dbf 100644
--- a/web/html/pkgmgmnt.php
+++ b/web/html/pkgmgmnt.php
@@ -2,6 +2,7 @@
 include("aur.inc");         # access AUR common functions
 include("mgmnt_po.inc");    # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header
 
 
@@ -11,8 +12,5 @@ html_header();              # print out the HTML header
 print __("Under construction...")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/pkgsearch.php b/web/html/pkgsearch.php
index d23a602e..f5ef888e 100644
--- a/web/html/pkgsearch.php
+++ b/web/html/pkgsearch.php
@@ -2,6 +2,7 @@
 include("aur.inc");         # access AUR common functions
 include("search_po.inc");   # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header
 
 
@@ -11,8 +12,5 @@ html_header();              # print out the HTML header
 print __("Under construction...")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/pkgsubmit.php b/web/html/pkgsubmit.php
index fc36da5d..c9465a1d 100644
--- a/web/html/pkgsubmit.php
+++ b/web/html/pkgsubmit.php
@@ -1,6 +1,8 @@
 <?
 include("aur.inc");         # access AUR common functions
 include("submit_po.inc");   # use some form of this for i18n support
+set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header
 
 
@@ -10,8 +12,5 @@ html_header();              # print out the HTML header
 print __("Under construction...")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/pkgvote.php b/web/html/pkgvote.php
index e111937f..594ec168 100644
--- a/web/html/pkgvote.php
+++ b/web/html/pkgvote.php
@@ -2,6 +2,7 @@
 include("aur.inc");         # access AUR common functions
 include("vote_po.inc");     # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header
 
 
@@ -11,8 +12,5 @@ html_header();              # print out the HTML header
 print __("Under construction...")."<br/>\n";
 
 
-html_footer("\$Id$");      # Use the $Id$ keyword
-                           # NOTE: when checking in a new file, use
-                           # 'svn propset svn:keywords "Id" filename.php'
-                           # to tell svn to expand the "Id" keyword.
+html_footer("\$Id$");
 ?>
diff --git a/web/html/template.php b/web/html/template.php
index a61ba6fc..9ae001e4 100644
--- a/web/html/template.php
+++ b/web/html/template.php
@@ -2,6 +2,7 @@
 include("aur.inc");         # access AUR common functions
 include("template_po.inc"); # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
+check_sid();                # see if they're still logged in
 html_header();              # print out the HTML header