2 /* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013 Arun Persaud <arun@nubati.net>
4 * This file is part of e-DoKo.
6 * e-DoKo is free software: you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation, either version 3 of the License, or
9 * (at your option) any later version.
11 * e-DoKo is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with e-DoKo. If not, see <http://www.gnu.org/licenses/>.
21 /* make sure that we are not called from outside the scripts,
22 * use a variable defined in config.php to check this
27 include_once('openid.php');
29 function escape($thing) {
30 return htmlentities($thing);
33 /* check for openid stuff */
34 if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='')
36 /* what openid is being used? */
37 $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']);
38 /* get the userid from the database, openids need to be registered within E-DoKo */
39 $data = OpenIDVerify();
45 /* do we know this openid?*/
46 $myid = DB_GetUserId($openid_url);
50 /* openid unknown, perhaps not registered? */
51 echo "<p>Openid ok, but not registered with any account. If you have an account ".
52 "on E-DoKo, please log in and add your openid in your preferences first. </p>\n";
55 /* or perhaps a new user...*/
56 $email = $data['email'];
57 $name = $data['fullname'];
58 echo "<p>If you wan to register a new account with this OpenID, please follow this ".
59 "<a href=\"index.php?action=register&openid_url=".$openid_url.
60 "&openidname=$name&openidemail=$email\">link</a>.</p>";
68 /* user information is ok, set session variabel */
69 $email = DB_get_email('userid',$myid);
70 $myname = DB_get_name('email',$email);
71 $password = DB_get_passwd_by_userid($myid);
72 $_SESSION['name'] = $myname;
73 $_SESSION['id'] = $myid;
74 $_SESSION['pass'] = $password;
77 else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='')
79 OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url']));
81 /* check if normal login information is present */
82 else if(myisset('email','password'))
84 $email = $_REQUEST['email'];
85 $password = $_REQUEST['password'];
87 /* verify password and email */
90 $myid = DB_get_userid('email',$email);
92 $result = verify_password($email, $password);
96 /* user information is ok, set session variable */
97 $myname = DB_get_name('email',$email);
98 $hashedpassword = DB_get_passwd_by_userid($myid);
99 $_SESSION['name'] = $myname;
100 $_SESSION['id'] = $myid;
101 $_SESSION['pass'] = $hashedpassword;
104 echo "Can't find you in the database\n";
107 echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
113 echo "can't log you in... missing login information.";