diff options
-rw-r--r-- | web/html/account.php | 2 | ||||
-rw-r--r-- | web/lib/acctfuncs.inc | 1 | ||||
-rw-r--r-- | web/lib/aur.inc | 72 | ||||
-rw-r--r-- | web/template/header.php | 19 | ||||
-rw-r--r-- | web/template/login_form.php | 53 |
5 files changed, 33 insertions, 114 deletions
diff --git a/web/html/account.php b/web/html/account.php index 9c1eb31..b46ad55 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -3,7 +3,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang'); include("aur.inc"); # access AUR common functions -include("acctfuncs.inc"); # access Account specific functions +include_once("acctfuncs.inc"); # access Account specific functions include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages include("account_po.inc"); # use some form of this for i18n support set_lang(); # this sets up the visitor's language diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 2968adb..29c80de 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -603,7 +603,6 @@ function display_account_info($U="",$T="", /* * Returns SID (Session ID) and error (error message) in an array * SID of 0 means login failed. - * There should be a better way of doing this...I think */ function try_login() { $login_error = ""; diff --git a/web/lib/aur.inc b/web/lib/aur.inc index e7e8c49..168fa4b 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -9,6 +9,7 @@ include_once("config.inc"); include_once("aur_po.inc"); // TODO: remove this, move translations over for login form include_once("index_po.inc"); +include_once("acctfuncs.inc"); # TODO do we need to set the domain on cookies? I seem to remember some # security concerns about not using domains - but it's not like @@ -71,7 +72,7 @@ function check_sid() { global $_COOKIE; global $LOGIN_TIMEOUT; - if ($_COOKIE["AURSID"]) { + if (isset($_COOKIE["AURSID"])) { $failed = 0; # the visitor is logged in, try and update the session # @@ -285,18 +286,18 @@ function set_lang() { global $SUPPORTED_LANGS; $update_cookie = 0; - if ($_REQUEST['setlang']) { + if (isset($_REQUEST['setlang'])) { # visitor is requesting a language change # $LANG = $_REQUEST['setlang']; $update_cookie = 1; - } elseif ($_COOKIE['AURLANG']) { + } elseif (isset($_COOKIE['AURLANG'])) { # If a cookie is set, use that # $LANG = $_COOKIE['AURLANG']; - } elseif ($_COOKIE["AURSID"]) { + } elseif (isset($_COOKIE["AURSID"])) { $dbh = db_connect(); $q = "SELECT LangPreference FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; @@ -334,67 +335,8 @@ function html_header($title="") { global $LANG; global $SUPPORTED_LANGS; - $login_error = ""; - if (isset($_POST["user"]) || isset($_POST["pass"])) { - # Attempting to log in - # - if (!isset($_POST["user"]) || $_POST['user'] === "") { - $login_error = __("You must supply a username."); - } - if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) { - $login_error = __("You must supply a password."); - } - if (!$login_error) { - # Try and authenticate the user - # - - #md5 hash it - $_POST["pass"] = md5($_POST["pass"]); - $dbh = db_connect(); - $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'"; - $result = db_query($q, $dbh); - if (!$result) { - $login_error = __("Login failure: Bad user or pass."); - } else { - $row = mysql_fetch_row($result); - if (empty($row)) { - $login_error = __("Login failure: Bad user or pass."); - } elseif ($row[1]) { - $login_error = __("Your account has been suspended."); - } - } - - if (!$login_error) { - # Account looks good. Generate a SID and store it. - # - $logged_in = 0; - $num_tries = 0; - while (!$logged_in && $num_tries < 5) { - $new_sid = new_sid(); - $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; - $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; - $result = db_query($q, $dbh); - # Query will fail if $new_sid is not unique - # - if ($result) { - $logged_in = 1; - break; - } - $num_tries++; - } - if ($logged_in) { - # set our SID cookie - # - setcookie("AURSID", $new_sid, 0, "/"); - $_COOKIE['AURSID'] = $new_sid; - } else { - $login_error = __("Error trying to generate session id."); - } - } - } - } + $login = try_login(); + $login_error = $login['error']; $title = htmlspecialchars($title, ENT_QUOTES); diff --git a/web/template/header.php b/web/template/header.php index 488d290..ea8d43d 100644 --- a/web/template/header.php +++ b/web/template/header.php @@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) { ?> </ul> </span> - <span id="login_bar"> -<?php -if (isset($_COOKIE["AURSID"])) { - print __("Logged-in as: %h%s%h", - array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); -} else { - if ($login_error) { - print "<span class='error'>" . $login_error . "</span><br />\n"; - } ?> - <form method='post'> - <?php print __("Username:"); ?> - <input type='text' name='user' size='30' maxlength='64' value='<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>'> - <?php print __("Password:"); ?> - <input type='password' name='pass' size='30' maxlength='32'> - <input type='submit' class='button' value='<?php print __("Login"); ?>'> - </form> -<?php } ?> - </span> + <?php include("login_form.php"); ?> </div> </div> <div id="maincontent"> diff --git a/web/template/login_form.php b/web/template/login_form.php index 89f11c1..7fd40fb 100644 --- a/web/template/login_form.php +++ b/web/template/login_form.php @@ -1,33 +1,28 @@ +<span id="login_bar"> <?php -# Now present the user login stuff -if (!isset($_COOKIE["AURSID"])): - - # the user is not logged in, give them login widgets - # - if (!empty($login['error'])) { - print '<div class="error">' . $login['error'] - . '</div>'; - } -?> - - <form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post"> - <label class="lbox"><?php print __("Username"); ?><br /> - <input type="text" name="user" size="30" - maxlength="<?php print USERNAME_MAX_LEN;?>"></label> - - <label class="lbox"><?php print __("Password"); ?><br /> - <input type="password" name="passwd" size="30" - maxlength="<?php print PASSWD_MAX_LEN; ?>"></label> - <br /> - <input type="submit" class="button" - value="<?php print __("Login"); ?>"> - </form> - -<?php -else: +if (isset($_COOKIE["AURSID"])) { print __("Logged-in as: %h%s%h", array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>")); -endif; +} +else { + if ($login_error) { + print "<span class='error'>" . $login_error . "</span><br />\n"; + } ?> + <form method='post'> + <?php print __("Username:"); ?> + <input type='text' name='user' size='30' + maxlength="<?php print USERNAME_MAX_LEN; ?>" + value='<?php + if (isset($_POST['user'])) { + print htmlspecialchars($_POST['user'], ENT_QUOTES); + } ?>'> + <?php print __("Password:"); ?> + <input type='password' name='passwd' size='30' + maxlength="<?php print PASSWD_MAX_LEN; ?>"> + <input type='submit' class='button' + value='<?php print __("Login"); ?>'> +</form> +<?php } ?> +</span> + -# vim: ts=2 sw=2 noet ft=php -?> |