diff options
author | eric <eric> | 2004-06-19 20:19:42 +0000 |
---|---|---|
committer | eric <eric> | 2004-06-19 20:19:42 +0000 |
commit | 30aea4ec8cfee1ffc8786955ecb012ef73a68b73 (patch) | |
tree | d4eacdc75f16fc8d9c5080325ee6fecda36a9366 /web/html/index.php | |
parent | f478d7204f23cbf23d7149cd8694a3e74211ae9f (diff) | |
download | aurweb-30aea4ec8cfee1ffc8786955ecb012ef73a68b73.tar.xz |
started working on the login
Diffstat (limited to 'web/html/index.php')
-rw-r--r-- | web/html/index.php | 104 |
1 files changed, 101 insertions, 3 deletions
diff --git a/web/html/index.php b/web/html/index.php index 8038992..3bda551 100644 --- a/web/html/index.php +++ b/web/html/index.php @@ -2,12 +2,110 @@ include("index_po.inc"); include("aur.inc"); set_lang(); +check_sid(); + +# Need to do the authentication prior to sending HTML +# +$login_error = ""; +if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { + # Attempting to log in + # + if (!isset($_REQUEST['user'])) { + $login_error = __("You must supply a username."); + } + if (!isset($_REQUEST['pass'])) { + $login_error = __("You must supply a password."); + } + if (!$login_error) { + # Try and authenticate the user + # + $dbh = db_connect(); + $q = "SELECT ID, Suspended FROM Users "; + $q.= "WHERE Email = '" . mysql_escape_string($_REQUEST["user"]) . "' "; + $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; + $result = mysql_query($q, $dbh); + if (!$result) { + $login_error = __("Incorrect password for username %s.", + array($_REQUEST["user"])); + } + $row = mysql_fetch_row($result); + if ($row[1]) { + $login_error = __("Your account has been suspended."); + } + + if (!$login_error) { + # Account looks good. Generate a SID and store it. + # + $logged_in = 0; + $num_tries = 0; + while (!$logged_in && $num_tries < 5) { + $new_sid = new_sid(); + $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; + $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; + $result = mysql_query($q, $dbh); + # Query will fail if $new_sid is not unique + # + if ($result) { + $logged_in = 1; + break; + } + $num_tries++; + } + if ($logged_in) { + # set our SID cookie + # + setcookie("AURSID", $new_sid, 0, "/"); + header("Location: /index.php"); + } else { + $login_error = __("Error trying to generate session id."); + } + } + } +} + +# Any cookies have been sent, can now display HTML +# html_header(); +print "<table border='0' cellpadding='0' cellspacing='3' width='90%'>\n"; +print "<tr>\n"; +print " <td align='left'>"; +print __("This is where the intro text will go."); +print __("For now, it's just a place holder."); +print __("It's more important to get the login functionality finished."); +print __("After that, this can be filled in with more meaningful text."); +print " </td>"; +print " <td align='right'>"; +if (!isset($_COOKIE["AURSID"])) { + # the user is not logged in, give them login widgets + # + print "<form action='/index.php' method='post'>\n"; + if ($login_error) { + print $login_error . "<br/>\n"; + } + print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n"; + print "<tr>\n"; + print "<td>".__("Username:")."</td>"; + print "<td><input type='text' name='user' size='30' maxlength='64'></td>"; + print "</tr>\n"; + print "<tr>\n"; + print "<td>".__("Password:")."</td>"; + print "<td><input type='password' name='pass' size='30' maxlength='32'></td>"; + print "</tr>\n"; + print "<tr>\n"; + print "<td colspan='2' align='right'> <br/>"; + print "<input type='submit' value='".__("Login")."'></td>"; + print "</tr>\n"; + print "</table>\n"; + print "</form>\n"; -#$dbh = db_connect(); -print "Connected...<br>\n"; -print "My LANG is: " . $LANG . "<br>\n"; +} else { + print __("Currently logged in as: %h%s%h", + array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); +} +print " </td>"; +print "</tr>\n"; +print "</table>\n"; html_footer("\$Id$"); |