From 30aea4ec8cfee1ffc8786955ecb012ef73a68b73 Mon Sep 17 00:00:00 2001 From: eric Date: Sat, 19 Jun 2004 20:19:42 +0000 Subject: started working on the login --- web/html/index.php | 104 +++++++++++++++++++++++++++++++++++++++++++++++++-- web/html/timeout.php | 13 +++++++ 2 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 web/html/timeout.php (limited to 'web/html') diff --git a/web/html/index.php b/web/html/index.php index 80389923..3bda5511 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,12 +2,110 @@ include("index_po.inc"); include("aur.inc"); set_lang(); +check_sid(); + +# Need to do the authentication prior to sending HTML +# +$login_error = ""; +if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { + # Attempting to log in + # + if (!isset($_REQUEST['user'])) { + $login_error = __("You must supply a username."); + } + if (!isset($_REQUEST['pass'])) { + $login_error = __("You must supply a password."); + } + if (!$login_error) { + # Try and authenticate the user + # + $dbh = db_connect(); + $q = "SELECT ID, Suspended FROM Users "; + $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $login_error = __("Incorrect password for username %s.", + array($_REQUEST["user"])); + } + $row = mysql_fetch_row($result); + if ($row[1]) { + $login_error = __("Your account has been suspended."); + } + + if (!$login_error) { + # Account looks good. Generate a SID and store it. + # + $logged_in = 0; + $num_tries = 0; + while (!$logged_in && $num_tries < 5) { + $new_sid = new_sid(); + $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; + $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; + $result = mysql_query($q, $dbh); + # Query will fail if $new_sid is not unique + # + if ($result) { + $logged_in = 1; + break; + } + $num_tries++; + } + if ($logged_in) { + # set our SID cookie + # + setcookie("AURSID", $new_sid, 0, "/"); + header("Location: /index.php"); + } else { + $login_error = __("Error trying to generate session id."); + } + } + } +} + +# Any cookies have been sent, can now display HTML +# html_header(); +print "\n"; +print "\n"; +print " "; +print " "; +print "\n"; +print "
"; +print __("This is where the intro text will go."); +print __("For now, it's just a place holder."); +print __("It's more important to get the login functionality finished."); +print __("After that, this can be filled in with more meaningful text."); +print " "; +if (!isset($_COOKIE["AURSID"])) { + # the user is not logged in, give them login widgets + # + print "
\n"; + if ($login_error) { + print $login_error . "
\n"; + } + print "\n"; + print "\n"; + print ""; + print ""; + print "\n"; + print "\n"; + print ""; + print ""; + print "\n"; + print "\n"; + print ""; + print "\n"; + print "
".__("Username:")."
".__("Password:")."
 
"; + print "
\n"; + print "
\n"; -#$dbh = db_connect(); -print "Connected...
\n"; -print "My LANG is: " . $LANG . "
\n"; +} else { + print __("Currently logged in as: %h%s%h", + array("", username_from_sid($_COOKIE["AURSID"]), "")); +} +print "
\n"; html_footer("\$Id$"); diff --git a/web/html/timeout.php b/web/html/timeout.php new file mode 100644 index 00000000..6a543c52 --- /dev/null +++ b/web/html/timeout.php @@ -0,0 +1,13 @@ +\n"; +print __("Click on the Home link above to log in."); +print "

\n"; + +html_footer("\$Id$"); +?> -- cgit v1.2.3-24-g4f1b