X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Flogin.php;h=eb7d5b8e39de6e56c93a1b82fc9d39e5c1251beb;hp=3c3f6be51add51387d1a740fea2c66dc350671ba;hb=14f6017a5b84d70320bde9d6e074ea8ac948a85e;hpb=a57cfa3be6ee0fbce336dc98e2862ac39f2b1add

diff --git a/include/login.php b/include/login.php
index 3c3f6be..eb7d5b8 100644
--- a/include/login.php
+++ b/include/login.php
@@ -1,4 +1,23 @@
 <?php
+/* Copyright 2006, 2007, 2008, 2009, 2010, 2011, 2012 Arun Persaud <arun@nubati.net>
+ *
+ *   This file is part of e-DoKo.
+ *
+ *   e-DoKo is free software: you can redistribute it and/or modify
+ *   it under the terms of the GNU General Public License as published by
+ *   the Free Software Foundation, either version 3 of the License, or
+ *   (at your option) any later version.
+ *
+ *   e-DoKo is distributed in the hope that it will be useful,
+ *   but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *   GNU General Public License for more details.
+ *
+ *   You should have received a copy of the GNU General Public License
+ *   along with e-DoKo.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
 /* make sure that we are not called from outside the scripts,
  * use a variable defined in config.php to check this
  */
@@ -66,21 +85,27 @@ else if(myisset('email','password'))
     $password  = $_REQUEST['password'];
 
     /* verify password and email */
-    if(strlen($password)!=32)
-      $password = md5($password);
 
     $ok  = 1;
-    $myid = DB_get_userid('email-password',$email,$password);
-    if(!$myid)
-      $ok = 0;
+    $myid = DB_get_userid('email',$email);
 
-    if($ok)
+    $result = verify_password($email, $password);
+    switch($result)
       {
-	/* user information is ok, set session variabel */
-	$myname = DB_get_name('email',$email);
+      case 0:
+	/* user information is ok, set session variable */
+	$myname         = DB_get_name('email',$email);
+	$hashedpassword = DB_get_passwd_by_userid($myid);
 	$_SESSION['name'] = $myname;
 	$_SESSION['id']   = $myid;
-	$_SESSION['pass'] = $password;
+	$_SESSION['pass'] = $hashedpassword;
+	break;
+      case 1:
+	echo "Can't find you in the database\n";
+	break;
+      case 2:
+	echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
+	break;
       }
   }
 else