From a5a8895f497e4c274870e4519c5526542c91dc27 Mon Sep 17 00:00:00 2001 From: Loui Chang Date: Wed, 6 Feb 2008 19:16:21 -0500 Subject: Put login into its own function. Utilise login form template. Also cleaned up a couple notices. Signed-off-by: Loui Chang Signed-off-by: Simo Leone --- web/html/account.php | 2 +- web/lib/acctfuncs.inc | 1 - web/lib/aur.inc | 72 +++++---------------------------------------- web/template/header.php | 19 +----------- web/template/login_form.php | 53 +++++++++++++++------------------ 5 files changed, 33 insertions(+), 114 deletions(-) (limited to 'web') diff --git a/web/html/account.php b/web/html/account.php index 9c1eb31..b46ad55 100644 --- a/web/html/account.php +++ b/web/html/account.php @@ -3,7 +3,7 @@ set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang'); include("aur.inc"); # access AUR common functions -include("acctfuncs.inc"); # access Account specific functions +include_once("acctfuncs.inc"); # access Account specific functions include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages include("account_po.inc"); # use some form of this for i18n support set_lang(); # this sets up the visitor's language diff --git a/web/lib/acctfuncs.inc b/web/lib/acctfuncs.inc index 2968adb..29c80de 100644 --- a/web/lib/acctfuncs.inc +++ b/web/lib/acctfuncs.inc @@ -603,7 +603,6 @@ function display_account_info($U="",$T="", /* * Returns SID (Session ID) and error (error message) in an array * SID of 0 means login failed. - * There should be a better way of doing this...I think */ function try_login() { $login_error = ""; diff --git a/web/lib/aur.inc b/web/lib/aur.inc index e7e8c49..168fa4b 100644 --- a/web/lib/aur.inc +++ b/web/lib/aur.inc @@ -9,6 +9,7 @@ include_once("config.inc"); include_once("aur_po.inc"); // TODO: remove this, move translations over for login form include_once("index_po.inc"); +include_once("acctfuncs.inc"); # TODO do we need to set the domain on cookies? I seem to remember some # security concerns about not using domains - but it's not like @@ -71,7 +72,7 @@ function check_sid() { global $_COOKIE; global $LOGIN_TIMEOUT; - if ($_COOKIE["AURSID"]) { + if (isset($_COOKIE["AURSID"])) { $failed = 0; # the visitor is logged in, try and update the session # @@ -285,18 +286,18 @@ function set_lang() { global $SUPPORTED_LANGS; $update_cookie = 0; - if ($_REQUEST['setlang']) { + if (isset($_REQUEST['setlang'])) { # visitor is requesting a language change # $LANG = $_REQUEST['setlang']; $update_cookie = 1; - } elseif ($_COOKIE['AURLANG']) { + } elseif (isset($_COOKIE['AURLANG'])) { # If a cookie is set, use that # $LANG = $_COOKIE['AURLANG']; - } elseif ($_COOKIE["AURSID"]) { + } elseif (isset($_COOKIE["AURSID"])) { $dbh = db_connect(); $q = "SELECT LangPreference FROM Users, Sessions "; $q.= "WHERE Users.ID = Sessions.UsersID "; @@ -334,67 +335,8 @@ function html_header($title="") { global $LANG; global $SUPPORTED_LANGS; - $login_error = ""; - if (isset($_POST["user"]) || isset($_POST["pass"])) { - # Attempting to log in - # - if (!isset($_POST["user"]) || $_POST['user'] === "") { - $login_error = __("You must supply a username."); - } - if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) { - $login_error = __("You must supply a password."); - } - if (!$login_error) { - # Try and authenticate the user - # - - #md5 hash it - $_POST["pass"] = md5($_POST["pass"]); - $dbh = db_connect(); - $q = "SELECT ID, Suspended FROM Users "; - $q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' "; - $q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'"; - $result = db_query($q, $dbh); - if (!$result) { - $login_error = __("Login failure: Bad user or pass."); - } else { - $row = mysql_fetch_row($result); - if (empty($row)) { - $login_error = __("Login failure: Bad user or pass."); - } elseif ($row[1]) { - $login_error = __("Your account has been suspended."); - } - } - - if (!$login_error) { - # Account looks good. Generate a SID and store it. - # - $logged_in = 0; - $num_tries = 0; - while (!$logged_in && $num_tries < 5) { - $new_sid = new_sid(); - $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; - $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; - $result = db_query($q, $dbh); - # Query will fail if $new_sid is not unique - # - if ($result) { - $logged_in = 1; - break; - } - $num_tries++; - } - if ($logged_in) { - # set our SID cookie - # - setcookie("AURSID", $new_sid, 0, "/"); - $_COOKIE['AURSID'] = $new_sid; - } else { - $login_error = __("Error trying to generate session id."); - } - } - } - } + $login = try_login(); + $login_error = $login['error']; $title = htmlspecialchars($title, ENT_QUOTES); diff --git a/web/template/header.php b/web/template/header.php index 488d290..ea8d43d 100644 --- a/web/template/header.php +++ b/web/template/header.php @@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) { ?> - -", username_from_sid($_COOKIE["AURSID"]), "")); -} else { - if ($login_error) { - print "" . $login_error . "
\n"; - } ?> -
- - '> - - - -
- -
+
diff --git a/web/template/login_form.php b/web/template/login_form.php index 89f11c1..7fd40fb 100644 --- a/web/template/login_form.php +++ b/web/template/login_form.php @@ -1,33 +1,28 @@ + ' . $login['error'] - . '
'; - } -?> - -
- - - -
- "> -
- -", username_from_sid($_COOKIE["AURSID"]), "")); -endif; +} +else { + if ($login_error) { + print "" . $login_error . "
\n"; + } ?> +
+ + '> + + + +
+ + + -# vim: ts=2 sw=2 noet ft=php -?> -- cgit v1.2.3-70-g09d2