BUGFIX: fix mysql insert statements (null values for timestamps didn't work anymore)
[e-DoKo.git] / include / login.php
index ab7b48a5d971f41f095e4b4781e8d7e4a4666177..2dee3a4dc5090d8f36cd5a7fd7100935073720b3 100644 (file)
@@ -1,5 +1,5 @@
 <?php
-/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2013, 2014 Arun Persaud <arun@nubati.net>
  *
  *   This file is part of e-DoKo.
  *
@@ -85,21 +85,27 @@ else if(myisset('email','password'))
     $password  = $_REQUEST['password'];
 
     /* verify password and email */
-    if(strlen($password)!=32)
-      $password = md5($password);
 
     $ok  = 1;
-    $myid = DB_get_userid('email-password',$email,$password);
-    if(!$myid)
-      $ok = 0;
+    $myid = DB_get_userid('email',$email);
 
-    if($ok)
+    $result = verify_password($email, $password);
+    switch($result)
       {
-       /* user information is ok, set session variabel */
-       $myname = DB_get_name('email',$email);
+      case 0:
+       /* user information is ok, set session variable */
+       $myname         = DB_get_name('email',$email);
+       $hashedpassword = DB_get_passwd_by_userid($myid);
        $_SESSION['name'] = $myname;
        $_SESSION['id']   = $myid;
-       $_SESSION['pass'] = $password;
+       $_SESSION['pass'] = $hashedpassword;
+       break;
+      case 1:
+       echo "Can't find you in the database\n";
+       break;
+      case 2:
+       echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
+       break;
       }
   }
 else