include("index_po.inc"); include("aur.inc"); set_lang(); check_sid(); # Need to do the authentication prior to sending any HTML (including header) # $login_error = ""; if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) { # Attempting to log in # if (!isset($_REQUEST['user'])) { $login_error = __("You must supply a username."); } if (!isset($_REQUEST['pass'])) { $login_error = __("You must supply a password."); } if (!$login_error) { # Try and authenticate the user # #md5 hash it $_REQUEST["pass"] = md5($_REQUEST["pass"]); $dbh = db_connect(); $q = "SELECT ID, Suspended FROM Users "; $q.= "WHERE Username = '" . mysql_escape_string($_REQUEST["user"]) . "' "; $q.= "AND Passwd = '" . mysql_escape_string($_REQUEST["pass"]) . "'"; $result = db_query($q, $dbh); if (!$result) { $login_error = __("Error looking up username, %s.", array($_REQUEST["user"])); } else { $row = mysql_fetch_row($result); if (empty($row)) { $login_error = __("Incorrect password for username, %s.", array($_REQUEST["user"])); } elseif ($row[1]) { $login_error = __("Your account has been suspended."); } } if (!$login_error) { # Account looks good. Generate a SID and store it. # $logged_in = 0; $num_tries = 0; while (!$logged_in && $num_tries < 5) { $new_sid = new_sid(); $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) "; $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())"; $result = db_query($q, $dbh); # Query will fail if $new_sid is not unique # if ($result) { $logged_in = 1; break; } $num_tries++; } if ($logged_in) { # set our SID cookie # setcookie("AURSID", $new_sid, 0, "/"); header("Location: /index.php"); } else { $login_error = __("Error trying to generate session id."); } } } } # Any cookies have been sent, can now display HTML # html_header(); print "
"; ?> Welcome to the AUR! If you're a newcomer, you may want to read the User Documentation and the Guidelines. "; # XXX Is this the proper way to add some spacing between table cells? # print " | "; print " | \n";
if (!isset($_COOKIE["AURSID"])) {
# the user is not logged in, give them login widgets
#
if ($login_error) {
print "" . $login_error . " \n"; } print " | ";
print "