X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Flogin.php;h=caaf4e13e222245e622e52621e0aa8ec4e19bb75;hp=346c71e53e53b79173f9a64b1ec75ae1f43530db;hb=46140faa11b97252647178a811da22509256d6c4;hpb=924f395a39eeccbcd54d540613e440cbedd6ba3d diff --git a/include/login.php b/include/login.php index 346c71e..caaf4e1 100644 --- a/include/login.php +++ b/include/login.php @@ -1,33 +1,115 @@ + * + * This file is part of e-DoKo. + * + * e-DoKo is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * e-DoKo is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with e-DoKo. If not, see . + * + */ + +/* make sure that we are not called from outside the scripts, * use a variable defined in config.php to check this */ if(!isset($HOST)) exit; -if(!myisset("email","password")) +include_once('openid.php'); + +function escape($thing) { + return htmlentities($thing); +} + +/* check for openid stuff */ +if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='') { - "can't log you in"; + /* what openid is being used? */ + $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']); + /* get the userid from the database, openids need to be registered within E-DoKo */ + $data = OpenIDVerify(); + $ok = 0; + + /* verify ok? */ + if($data) + { + /* do we know this openid?*/ + $myid = DB_GetUserId($openid_url); + + if(!$myid) + { + /* openid unknown, perhaps not registered? */ + echo "

Openid ok, but not registered with any account. If you have an account ". + "on E-DoKo, please log in and add your openid in your preferences first.

\n"; + + + /* or perhaps a new user...*/ + $email = $data['email']; + $name = $data['fullname']; + echo "

If you wan to register a new account with this OpenID, please follow this ". + "link.

"; + } + else + $ok=1; + } + + if($ok) + { + /* user information is ok, set session variabel */ + $email = DB_get_email('userid',$myid); + $myname = DB_get_name('email',$email); + $password = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $password; + } } -else +else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='') { - $email = $_REQUEST["email"]; - $password = $_REQUEST["password"]; + OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url'])); + } +/* check if normal login information is present */ +else if(myisset('email','password')) + { + $email = $_REQUEST['email']; + $password = $_REQUEST['password']; /* verify password and email */ - if(strlen($password)!=32) - $password = md5($password); - + $ok = 1; - $myid = DB_get_userid('email-password',$email,$password); - if(!$myid) - $ok = 0; - - if($ok) + $myid = DB_get_userid('email',$email); + + $result = verify_password($email, $password); + switch($result) { - /* user information is ok */ - $myname = DB_get_name('email',$email); - $_SESSION["name"] = $myname; + case 0: + /* user information is ok, set session variable */ + $myname = DB_get_name('email',$email); + $hashedpassword = DB_get_passwd_by_userid($myid); + $_SESSION['name'] = $myname; + $_SESSION['id'] = $myid; + $_SESSION['pass'] = $hashedpassword; + break; + case 1: + echo "Can't find you in the database\n"; + break; + case 2: + echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n"; + break; } } +else + { + echo "can't log you in... missing login information."; + } ?> \ No newline at end of file