diff options
Diffstat (limited to 'include/login.php')
-rw-r--r-- | include/login.php | 62 |
1 files changed, 58 insertions, 4 deletions
diff --git a/include/login.php b/include/login.php index c1a0e42..3c3f6be 100644 --- a/include/login.php +++ b/include/login.php @@ -5,12 +5,62 @@ if(!isset($HOST)) exit; -/* check if login information is present */ -if(!myisset('email','password')) +include_once('openid.php'); + +function escape($thing) { + return htmlentities($thing); +} + +/* check for openid stuff */ +if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='') { - echo "can't log you in... missing login information."; + /* what openid is being used? */ + $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']); + /* get the userid from the database, openids need to be registered within E-DoKo */ + $data = OpenIDVerify(); + $ok = 0; + + /* verify ok? */ + if($data) + { + /* do we know this openid?*/ + $myid = DB_GetUserId($openid_url); + + if(!$myid) + { + /* openid unknown, perhaps not registered? */ + echo "<p>Openid ok, but not registered with any account. If you have an account ". + "on E-DoKo, please log in and add your openid in your preferences first. </p>\n"; + + + /* or perhaps a new user...*/ + $email = $data['email']; + $name = $data['fullname']; + echo "<p>If you wan to register a new account with this OpenID, please follow this ". + "<a href=\"index.php?action=register&openid_url=".$openid_url. + "&openidname=$name&openidemail=$email\">link</a>.</p>"; + } + else + $ok=1; + } + + if($ok) + { + /* user information is ok, set session variabel */ + $email = DB_get_email('userid',$myid); + $myname = DB_get_name('email',$email); + $password = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $password; + } } -else +else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='') + { + OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url'])); + } +/* check if normal login information is present */ +else if(myisset('email','password')) { $email = $_REQUEST['email']; $password = $_REQUEST['password']; @@ -33,4 +83,8 @@ else $_SESSION['pass'] = $password; } } +else + { + echo "can't log you in... missing login information."; + } ?>
\ No newline at end of file |