X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Flogin.php;h=2dee3a4dc5090d8f36cd5a7fd7100935073720b3;hp=c1a0e42029c6e1b5ffd2579524082a6a365c703d;hb=65de9655c6002bbfee76f1c3c45b312615fb375a;hpb=eb20bf1a0cae1192eb50c19220e72df8d971d8e7
diff --git a/include/login.php b/include/login.php
index c1a0e42..2dee3a4 100644
--- a/include/login.php
+++ b/include/login.php
@@ -1,36 +1,115 @@
+ *
+ * This file is part of e-DoKo.
+ *
+ * e-DoKo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * e-DoKo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with e-DoKo. If not, see
Openid ok, but not registered with any account. If you have an account ". + "on E-DoKo, please log in and add your openid in your preferences first.
\n"; + + + /* or perhaps a new user...*/ + $email = $data['email']; + $name = $data['fullname']; + echo "If you wan to register a new account with this OpenID, please follow this ". + "link.
"; + } + else + $ok=1; + } + + if($ok) + { + /* user information is ok, set session variabel */ + $email = DB_get_email('userid',$myid); + $myname = DB_get_name('email',$email); + $password = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $password; + } } -else +else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='') + { + OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url'])); + } +/* check if normal login information is present */ +else if(myisset('email','password')) { $email = $_REQUEST['email']; $password = $_REQUEST['password']; /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); $ok = 1; - $myid = DB_get_userid('email-password',$email,$password); - if(!$myid) - $ok = 0; + $myid = DB_get_userid('email',$email); - if($ok) + $result = verify_password($email, $password); + switch($result) { - /* user information is ok, set session variabel */ - $myname = DB_get_name('email',$email); + case 0: + /* user information is ok, set session variable */ + $myname = DB_get_name('email',$email); + $hashedpassword = DB_get_passwd_by_userid($myid); $_SESSION['name'] = $myname; $_SESSION['id'] = $myid; - $_SESSION['pass'] = $password; + $_SESSION['pass'] = $hashedpassword; + break; + case 1: + echo "Can't find you in the database\n"; + break; + case 2: + echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n"; + break; } } +else + { + echo "can't log you in... missing login information."; + } ?> \ No newline at end of file