summaryrefslogtreecommitdiffstats
path: root/web/html/index.php
diff options
context:
space:
mode:
authoreric <eric>2004-06-19 20:19:42 +0000
committereric <eric>2004-06-19 20:19:42 +0000
commit30aea4ec8cfee1ffc8786955ecb012ef73a68b73 (patch)
treed4eacdc75f16fc8d9c5080325ee6fecda36a9366 /web/html/index.php
parentf478d7204f23cbf23d7149cd8694a3e74211ae9f (diff)
downloadaurweb-30aea4ec8cfee1ffc8786955ecb012ef73a68b73.tar.xz
started working on the login
Diffstat (limited to 'web/html/index.php')
-rw-r--r--web/html/index.php104
1 files changed, 101 insertions, 3 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 8038992..3bda551 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -2,12 +2,110 @@
include("index_po.inc");
include("aur.inc");
set_lang();
+check_sid();
+
+# Need to do the authentication prior to sending HTML
+#
+$login_error = "";
+if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
+ # Attempting to log in
+ #
+ if (!isset($_REQUEST['user'])) {
+ $login_error = __("You must supply a username.");
+ }
+ if (!isset($_REQUEST['pass'])) {
+ $login_error = __("You must supply a password.");
+ }
+ if (!$login_error) {
+ # Try and authenticate the user
+ #
+ $dbh = db_connect();
+ $q = "SELECT ID, Suspended FROM Users ";
+ $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' ";
+ $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'";
+ $result = mysql_query($q, $dbh);
+ if (!$result) {
+ $login_error = __("Incorrect password for username %s.",
+ array($_REQUEST["user"]));
+ }
+ $row = mysql_fetch_row($result);
+ if ($row[1]) {
+ $login_error = __("Your account has been suspended.");
+ }
+
+ if (!$login_error) {
+ # Account looks good. Generate a SID and store it.
+ #
+ $logged_in = 0;
+ $num_tries = 0;
+ while (!$logged_in && $num_tries < 5) {
+ $new_sid = new_sid();
+ $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
+ $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
+ $result = mysql_query($q, $dbh);
+ # Query will fail if $new_sid is not unique
+ #
+ if ($result) {
+ $logged_in = 1;
+ break;
+ }
+ $num_tries++;
+ }
+ if ($logged_in) {
+ # set our SID cookie
+ #
+ setcookie("AURSID", $new_sid, 0, "/");
+ header("Location: /index.php");
+ } else {
+ $login_error = __("Error trying to generate session id.");
+ }
+ }
+ }
+}
+
+# Any cookies have been sent, can now display HTML
+#
html_header();
+print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n";
+print "<tr>\n";
+print " <td align='left'>";
+print __("This is where the intro text will go.");
+print __("For now, it's just a place holder.");
+print __("It's more important to get the login functionality finished.");
+print __("After that, this can be filled in with more meaningful text.");
+print " </td>";
+print " <td align='right'>";
+if (!isset($_COOKIE["AURSID"])) {
+ # the user is not logged in, give them login widgets
+ #
+ print "<form action='/index.php' method='post'>\n";
+ if ($login_error) {
+ print $login_error . "<br/>\n";
+ }
+ print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
+ print "<tr>\n";
+ print "<td>".__("Username:")."</td>";
+ print "<td><input type='text' name='user' size='30' maxlength='64'></td>";
+ print "</tr>\n";
+ print "<tr>\n";
+ print "<td>".__("Password:")."</td>";
+ print "<td><input type='password' name='pass' size='30' maxlength='32'></td>";
+ print "</tr>\n";
+ print "<tr>\n";
+ print "<td colspan='2' align='right'>&nbsp;<br/>";
+ print "<input type='submit' value='".__("Login")."'></td>";
+ print "</tr>\n";
+ print "</table>\n";
+ print "</form>\n";
-#$dbh = db_connect();
-print "Connected...<br>\n";
-print "My LANG is: " . $LANG . "<br>\n";
+} else {
+ print __("Currently logged in as: %h%s%h",
+ array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
+}
+print " </td>";
+print "</tr>\n";
+print "</table>\n";
html_footer("\$Id$");