summaryrefslogtreecommitdiffstats
path: root/web
diff options
context:
space:
mode:
Diffstat (limited to 'web')
-rw-r--r--web/html/account.php2
-rw-r--r--web/lib/acctfuncs.inc1
-rw-r--r--web/lib/aur.inc72
-rw-r--r--web/template/header.php19
-rw-r--r--web/template/login_form.php53
5 files changed, 33 insertions, 114 deletions
diff --git a/web/html/account.php b/web/html/account.php
index 9c1eb313..b46ad554 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -3,7 +3,7 @@
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang');
include("aur.inc"); # access AUR common functions
-include("acctfuncs.inc"); # access Account specific functions
+include_once("acctfuncs.inc"); # access Account specific functions
include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages
include("account_po.inc"); # use some form of this for i18n support
set_lang(); # this sets up the visitor's language
diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc
index 2968adbb..29c80deb 100644
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@@ -603,7 +603,6 @@ function display_account_info($U="",$T="",
/*
* Returns SID (Session ID) and error (error message) in an array
* SID of 0 means login failed.
- * There should be a better way of doing this...I think
*/
function try_login() {
$login_error = "";
diff --git a/web/lib/aur.inc b/web/lib/aur.inc
index e7e8c494..168fa4b4 100644
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@@ -9,6 +9,7 @@ include_once("config.inc");
include_once("aur_po.inc");
// TODO: remove this, move translations over for login form
include_once("index_po.inc");
+include_once("acctfuncs.inc");
# TODO do we need to set the domain on cookies? I seem to remember some
# security concerns about not using domains - but it's not like
@@ -71,7 +72,7 @@ function check_sid() {
global $_COOKIE;
global $LOGIN_TIMEOUT;
- if ($_COOKIE["AURSID"]) {
+ if (isset($_COOKIE["AURSID"])) {
$failed = 0;
# the visitor is logged in, try and update the session
#
@@ -285,18 +286,18 @@ function set_lang() {
global $SUPPORTED_LANGS;
$update_cookie = 0;
- if ($_REQUEST['setlang']) {
+ if (isset($_REQUEST['setlang'])) {
# visitor is requesting a language change
#
$LANG = $_REQUEST['setlang'];
$update_cookie = 1;
- } elseif ($_COOKIE['AURLANG']) {
+ } elseif (isset($_COOKIE['AURLANG'])) {
# If a cookie is set, use that
#
$LANG = $_COOKIE['AURLANG'];
- } elseif ($_COOKIE["AURSID"]) {
+ } elseif (isset($_COOKIE["AURSID"])) {
$dbh = db_connect();
$q = "SELECT LangPreference FROM Users, Sessions ";
$q.= "WHERE Users.ID = Sessions.UsersID ";
@@ -334,67 +335,8 @@ function html_header($title="") {
global $LANG;
global $SUPPORTED_LANGS;
- $login_error = "";
- if (isset($_POST["user"]) || isset($_POST["pass"])) {
- # Attempting to log in
- #
- if (!isset($_POST["user"]) || $_POST['user'] === "") {
- $login_error = __("You must supply a username.");
- }
- if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) {
- $login_error = __("You must supply a password.");
- }
- if (!$login_error) {
- # Try and authenticate the user
- #
-
- #md5 hash it
- $_POST["pass"] = md5($_POST["pass"]);
- $dbh = db_connect();
- $q = "SELECT ID, Suspended FROM Users ";
- $q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' ";
- $q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- $login_error = __("Login failure: Bad user or pass.");
- } else {
- $row = mysql_fetch_row($result);
- if (empty($row)) {
- $login_error = __("Login failure: Bad user or pass.");
- } elseif ($row[1]) {
- $login_error = __("Your account has been suspended.");
- }
- }
-
- if (!$login_error) {
- # Account looks good. Generate a SID and store it.
- #
- $logged_in = 0;
- $num_tries = 0;
- while (!$logged_in && $num_tries < 5) {
- $new_sid = new_sid();
- $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
- $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
- $result = db_query($q, $dbh);
- # Query will fail if $new_sid is not unique
- #
- if ($result) {
- $logged_in = 1;
- break;
- }
- $num_tries++;
- }
- if ($logged_in) {
- # set our SID cookie
- #
- setcookie("AURSID", $new_sid, 0, "/");
- $_COOKIE['AURSID'] = $new_sid;
- } else {
- $login_error = __("Error trying to generate session id.");
- }
- }
- }
- }
+ $login = try_login();
+ $login_error = $login['error'];
$title = htmlspecialchars($title, ENT_QUOTES);
diff --git a/web/template/header.php b/web/template/header.php
index 488d2906..ea8d43d8 100644
--- a/web/template/header.php
+++ b/web/template/header.php
@@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
?>
</ul>
</span>
- <span id="login_bar">
-<?php
-if (isset($_COOKIE["AURSID"])) {
- print __("Logged-in as: %h%s%h",
- array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-} else {
- if ($login_error) {
- print "<span class='error'>" . $login_error . "</span><br />\n";
- } ?>
- <form method='post'>
- <?php print __("Username:"); ?>
- <input type='text' name='user' size='30' maxlength='64' value='<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>'>
- <?php print __("Password:"); ?>
- <input type='password' name='pass' size='30' maxlength='32'>
- <input type='submit' class='button' value='<?php print __("Login"); ?>'>
- </form>
-<?php } ?>
- </span>
+ <?php include("login_form.php"); ?>
</div>
</div>
<div id="maincontent">
diff --git a/web/template/login_form.php b/web/template/login_form.php
index 89f11c1e..7fd40fb0 100644
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@@ -1,33 +1,28 @@
+<span id="login_bar">
<?php
-# Now present the user login stuff
-if (!isset($_COOKIE["AURSID"])):
-
- # the user is not logged in, give them login widgets
- #
- if (!empty($login['error'])) {
- print '<div class="error">' . $login['error']
- . '</div>';
- }
-?>
-
- <form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post">
- <label class="lbox"><?php print __("Username"); ?><br />
- <input type="text" name="user" size="30"
- maxlength="<?php print USERNAME_MAX_LEN;?>"></label>
-
- <label class="lbox"><?php print __("Password"); ?><br />
- <input type="password" name="passwd" size="30"
- maxlength="<?php print PASSWD_MAX_LEN; ?>"></label>
- <br />
- <input type="submit" class="button"
- value="<?php print __("Login"); ?>">
- </form>
-
-<?php
-else:
+if (isset($_COOKIE["AURSID"])) {
print __("Logged-in as: %h%s%h",
array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-endif;
+}
+else {
+ if ($login_error) {
+ print "<span class='error'>" . $login_error . "</span><br />\n";
+ } ?>
+ <form method='post'>
+ <?php print __("Username:"); ?>
+ <input type='text' name='user' size='30'
+ maxlength="<?php print USERNAME_MAX_LEN; ?>"
+ value='<?php
+ if (isset($_POST['user'])) {
+ print htmlspecialchars($_POST['user'], ENT_QUOTES);
+ } ?>'>
+ <?php print __("Password:"); ?>
+ <input type='password' name='passwd' size='30'
+ maxlength="<?php print PASSWD_MAX_LEN; ?>">
+ <input type='submit' class='button'
+ value='<?php print __("Login"); ?>'>
+</form>
+<?php } ?>
+</span>
+
-# vim: ts=2 sw=2 noet ft=php
-?>