diff options
Diffstat (limited to 'web/html')
| -rw-r--r-- | web/html/index.php | 98 |
1 files changed, 1 insertions, 97 deletions
diff --git a/web/html/index.php b/web/html/index.php index 2a1a4893..99cccbc6 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,78 +2,12 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang'); -include("index_po.inc"); +# include("index_po.inc"); include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages include("aur.inc"); set_lang(); check_sid(); -# Need to do the authentication prior to sending any HTML (including header) -# -$login_error = ""; -if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { - # Attempting to log in - # - if (!isset($_REQUEST["user"])) { - $login_error = __("You must supply a username."); - } - if (!isset($_REQUEST["pass"])) { - $login_error = __("You must supply a password."); - } - if (!$login_error) { - # Try and authenticate the user - # - - #md5 hash it - $_REQUEST["pass"] = md5($_REQUEST["pass"]); - $dbh = db_connect(); - $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'"; - $result = db_query($q, $dbh); - if (!$result) { - $login_error = __("Error looking up username, %s.", - array(htmlspecialchars($_REQUEST["user"]))); - } else { - $row = mysql_fetch_row($result); - if (empty($row)) { - $login_error = __("Incorrect password for username, %s.", - array(htmlspecialchars($_REQUEST["user"]))); - } elseif ($row[1]) { - $login_error = __("Your account has been suspended."); - } - } - - if (!$login_error) { - # Account looks good. Generate a SID and store it. - # - $logged_in = 0; - $num_tries = 0; - while (!$logged_in && $num_tries < 5) { - $new_sid = new_sid(); - $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; - $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; - $result = db_query($q, $dbh); - # Query will fail if $new_sid is not unique - # - if ($result) { - $logged_in = 1; - break; - } - $num_tries++; - } - if ($logged_in) { - # set our SID cookie - # - setcookie("AURSID", $new_sid, 0, "/"); - header("Location: /index.php"); - } else { - $login_error = __("Error trying to generate session id."); - } - } - } -} - # Any cookies have been sent, can now display HTML # html_header(); @@ -97,36 +31,6 @@ print __("The most popular packages will be provided as binary packages in [comm print "</td>"; print "<td class='boxSoft' valign='top'>"; -# Now present the user login stuff -if (!isset($_COOKIE["AURSID"])) { - # the user is not logged in, give them login widgets - # - if ($login_error) { - print "<span class='error'>" . $login_error . "</span><br />\n"; - } - print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n"; - print "<form action='/index.php' method='post'>\n"; - print "<tr>\n"; - print "<td>".__("Username:")."</td>"; - print "<td><input type='text' name='user' size='30' maxlength='64'></td>"; - print "</tr>\n"; - print "<tr>\n"; - print "<td>".__("Password:")."</td>"; - print "<td><input type='password' name='pass' size='30' maxlength='32'></td>"; - print "</tr>\n"; - print "<tr>\n"; - print "<td colspan='2' align='right'> <br />"; - print "<input type='submit' class='button'"; - print " value='".__("Login")."'></td>"; - print "</tr>\n"; - print "</form>\n"; - print "</table>\n"; - -} else { - print __("Logged-in as: %h%s%h", - array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); -} - # MAIN: Bottom Left print "</td>"; print "</tr>"; |