X-Git-Url: https://git.nubati.net/cgi-bin/gitweb.cgi?p=e-DoKo.git;a=blobdiff_plain;f=include%2Flogin.php;h=eb7d5b8e39de6e56c93a1b82fc9d39e5c1251beb;hp=c1a0e42029c6e1b5ffd2579524082a6a365c703d;hb=14f6017a5b84d70320bde9d6e074ea8ac948a85e;hpb=eb20bf1a0cae1192eb50c19220e72df8d971d8e7
diff --git a/include/login.php b/include/login.php
index c1a0e42..eb7d5b8 100644
--- a/include/login.php
+++ b/include/login.php
@@ -1,36 +1,115 @@
+ *
+ * This file is part of e-DoKo.
+ *
+ * e-DoKo is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * e-DoKo is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with e-DoKo. If not, see .
+ *
+ */
+
/* make sure that we are not called from outside the scripts,
* use a variable defined in config.php to check this
*/
if(!isset($HOST))
exit;
-/* check if login information is present */
-if(!myisset('email','password'))
+include_once('openid.php');
+
+function escape($thing) {
+ return htmlentities($thing);
+}
+
+/* check for openid stuff */
+if($OPENIDPATH && myisset('openid_identity') && $_REQUEST['openid_identity']!='')
{
- echo "can't log you in... missing login information.";
+ /* what openid is being used? */
+ $openid_url = OpenIDUrlEncode($_REQUEST['openid_identity']);
+ /* get the userid from the database, openids need to be registered within E-DoKo */
+ $data = OpenIDVerify();
+ $ok = 0;
+
+ /* verify ok? */
+ if($data)
+ {
+ /* do we know this openid?*/
+ $myid = DB_GetUserId($openid_url);
+
+ if(!$myid)
+ {
+ /* openid unknown, perhaps not registered? */
+ echo "Openid ok, but not registered with any account. If you have an account ".
+ "on E-DoKo, please log in and add your openid in your preferences first.
\n";
+
+
+ /* or perhaps a new user...*/
+ $email = $data['email'];
+ $name = $data['fullname'];
+ echo "If you wan to register a new account with this OpenID, please follow this ".
+ "link.
";
+ }
+ else
+ $ok=1;
+ }
+
+ if($ok)
+ {
+ /* user information is ok, set session variabel */
+ $email = DB_get_email('userid',$myid);
+ $myname = DB_get_name('email',$email);
+ $password = DB_get_passwd_by_userid($myid);
+ $_SESSION['name'] = $myname;
+ $_SESSION['id'] = $myid;
+ $_SESSION['pass'] = $password;
+ }
}
-else
+else if($OPENIDPATH && myisset('openid_url') && $_REQUEST['openid_url']!='')
+ {
+ OpenIDAskForVerification(OpenIDUrlEncode($_REQUEST['openid_url']));
+ }
+/* check if normal login information is present */
+else if(myisset('email','password'))
{
$email = $_REQUEST['email'];
$password = $_REQUEST['password'];
/* verify password and email */
- if(strlen($password)!=32)
- $password = md5($password);
$ok = 1;
- $myid = DB_get_userid('email-password',$email,$password);
- if(!$myid)
- $ok = 0;
+ $myid = DB_get_userid('email',$email);
- if($ok)
+ $result = verify_password($email, $password);
+ switch($result)
{
- /* user information is ok, set session variabel */
- $myname = DB_get_name('email',$email);
+ case 0:
+ /* user information is ok, set session variable */
+ $myname = DB_get_name('email',$email);
+ $hashedpassword = DB_get_passwd_by_userid($myid);
$_SESSION['name'] = $myname;
$_SESSION['id'] = $myid;
- $_SESSION['pass'] = $password;
+ $_SESSION['pass'] = $hashedpassword;
+ break;
+ case 1:
+ echo "Can't find you in the database\n";
+ break;
+ case 2:
+ echo "Problem creating password hash, please contact $ADMIN at $ADMIN_EMAIL\n";
+ break;
}
}
+else
+ {
+ echo "can't log you in... missing login information.";
+ }
?>
\ No newline at end of file