include/login.php

   1 <?php
   2 /* make sure that we are not called from outside the scripts,
   3  * use a variable defined in config.php to check this
   4  */
   5 if(!isset($HOST))
   6   exit;
   7
   8 include_once('openid.php');
   9
  10 function escape($thing) {
  11     return htmlentities($thing);
  12 }
  13
  14 /* check for openid stuff */
  15 if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='')
  16   {
  17     /* what openid is being used? */
  18     $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']);
  19     /* get the userid from the database, openids need to be registered within E-DoKo */
  20     $data = OpenIDVerify();
  21     $ok  = 0;
  22
  23     /* verify ok? */
  24     if($data)
  25       {
  26         /* do we know this openid?*/
  27         $myid = DB_GetUserId($openid_url);
  28
  29         if(!$myid)
  30           {
  31             /* openid unknown, perhaps not registered? */
  32             echo "<p>Openid ok, but not registered with any account. If you have an account ".
  33               "on E-DoKo, please log in and add your openid in your preferences first. </p>\n";
  34
  35
  36             /* or perhaps a new user...*/
  37             $email = $data['email'];
  38             $name  = $data['fullname'];
  39             echo "<p>If you wan to register a new account with this OpenID, please follow this ".
  40               "<a href=\"index.php?action=register&amp;openid_url=".$openid_url.
  41               "&amp;openidname=$name&amp;openidemail=$email\">link</a>.</p>";
  42           }
  43         else
  44           $ok=1;
  45       }
  46
  47     if($ok)
  48       {
  49         /* user information is ok, set session variabel */
  50         $email  = DB_get_email('userid',$myid);
  51         $myname = DB_get_name('email',$email);
  52         $password =  DB_get_passwd_by_userid($myid);
  53         $_SESSION['name'] = $myname;
  54         $_SESSION['id']   = $myid;
  55         $_SESSION['pass'] = $password;
  56       }
  57   }
  58 else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='')
  59   {
  60     OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url']));
  61   }
  62 /* check if normal login information is present */
  63 else if(myisset('email','password'))
  64   {
  65     $email     = $_REQUEST['email'];
  66     $password  = $_REQUEST['password'];
  67
  68     /* verify password and email */
  69     if(strlen($password)!=32)
  70       $password = md5($password);
  71
  72     $ok  = 1;
  73     $myid = DB_get_userid('email-password',$email,$password);
  74     if(!$myid)
  75       $ok = 0;
  76
  77     if($ok)
  78       {
  79         /* user information is ok, set session variabel */
  80         $myname = DB_get_name('email',$email);
  81         $_SESSION['name'] = $myname;
  82         $_SESSION['id']   = $myid;
  83         $_SESSION['pass'] = $password;
  84       }
  85   }
  86 else
  87   {
  88     echo "can't log you in... missing login information.";
  89   }
  90 ?>