1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
|
<?php
/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Arun Persaud <arun@nubati.net>
*
* This file is part of e-DoKo.
*
* e-DoKo is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* e-DoKo is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with e-DoKo. If not, see <http://www.gnu.org/licenses/>.
*
*/
/* make sure that we are not called from outside the scripts,
* use a variable defined in config.php to check this
*/
if(!isset($HOST))
exit;
include_once('openid.php');
function escape($thing) {
return htmlentities($thing);
}
/* check for openid stuff */
if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='')
{
/* what openid is being used? */
$openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']);
/* get the userid from the database, openids need to be registered within E-DoKo */
$data = OpenIDVerify();
$ok = 0;
/* verify ok? */
if($data)
{
/* do we know this openid?*/
$myid = DB_GetUserId($openid_url);
if(!$myid)
{
/* openid unknown, perhaps not registered? */
echo "<p>Openid ok, but not registered with any account. If you have an account ".
"on E-DoKo, please log in and add your openid in your preferences first. </p>\n";
/* or perhaps a new user...*/
$email = $data['email'];
$name = $data['fullname'];
echo "<p>If you wan to register a new account with this OpenID, please follow this ".
"<a href=\"index.php?action=register&openid_url=".$openid_url.
"&openidname=$name&openidemail=$email\">link</a>.</p>";
}
else
$ok=1;
}
if($ok)
{
/* user information is ok, set session variabel */
$email = DB_get_email('userid',$myid);
$myname = DB_get_name('email',$email);
$password = DB_get_passwd_by_userid($myid);
$_SESSION['name'] = $myname;
$_SESSION['id'] = $myid;
$_SESSION['pass'] = $password;
}
}
else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='')
{
OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url']));
}
/* check if normal login information is present */
else if(myisset('email','password'))
{
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
/* verify password and email */
$ok = 1;
$myid = DB_get_userid('email',$email);
$result = verify_password($email, $password);
switch($result)
{
case 0:
/* user information is ok, set session variable */
$myname = DB_get_name('email',$email);
$hashedpassword = DB_get_passwd_by_userid($myid);
$_SESSION['name'] = $myname;
$_SESSION['id'] = $myid;
$_SESSION['pass'] = $hashedpassword;
break;
case 1:
echo "Can't find you in the database\n";
break;
case 2:
echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
break;
}
}
else
{
echo "can't log you in... missing login information.";
}
?>
|