Friendica Communications Platform (please note that this is a clone of the repository at github, issues are handled there) https://friendi.ca
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

129 lines
3.6 KiB

  1. <?php
  2. // login/logout
  3. if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
  4. if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
  5. // process logout request
  6. unset($_SESSION['authenticated']);
  7. unset($_SESSION['uid']);
  8. unset($_SESSION['visitor_id']);
  9. unset($_SESSION['administrator']);
  10. unset($_SESSION['cid']);
  11. unset($_SESSION['theme']);
  12. unset($_SESSION['page_flags']);
  13. notice( t('Logged out.') . EOL);
  14. goaway($a->get_baseurl());
  15. }
  16. if(x($_SESSION,'uid')) {
  17. // already logged in user returning
  18. $r = q("SELECT * FROM `user` WHERE `uid` = %d LIMIT 1",
  19. intval($_SESSION['uid'])
  20. );
  21. if(! count($r)) {
  22. goaway($a->get_baseurl());
  23. }
  24. // initialise user environment
  25. $a->user = $r[0];
  26. $_SESSION['theme'] = $a->user['theme'];
  27. $_SESSION['page_flags'] = $a->user['page-flags'];
  28. if(strlen($a->user['timezone']))
  29. date_default_timezone_set($a->user['timezone']);
  30. $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $a->user['nickname'];
  31. $r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `self` = 1 LIMIT 1",
  32. intval($_SESSION['uid']));
  33. if(count($r)) {
  34. $a->contact = $r[0];
  35. $a->cid = $r[0]['id'];
  36. $_SESSION['cid'] = $a->cid;
  37. }
  38. header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
  39. }
  40. }
  41. else {
  42. if(isset($_SESSION)) {
  43. unset($_SESSION['authenticated']);
  44. unset($_SESSION['uid']);
  45. unset($_SESSION['visitor_id']);
  46. unset($_SESSION['administrator']);
  47. unset($_SESSION['cid']);
  48. unset($_SESSION['theme']);
  49. unset($_SESSION['my_url']);
  50. unset($_SESSION['page_flags']);
  51. }
  52. if(x($_POST,'password'))
  53. $encrypted = hash('whirlpool',trim($_POST['password']));
  54. if((x($_POST,'auth-params')) && $_POST['auth-params'] === 'login') {
  55. // process login request
  56. $r = q("SELECT * FROM `user`
  57. WHERE ( `email` = '%s' OR `nickname` = '%s' ) AND `password` = '%s' AND `blocked` = 0 AND `verified` = 1 LIMIT 1",
  58. dbesc(trim($_POST['login-name'])),
  59. dbesc(trim($_POST['login-name'])),
  60. dbesc($encrypted));
  61. if(($r === false) || (! count($r))) {
  62. notice( t('Login failed.') . EOL );
  63. goaway($a->get_baseurl());
  64. }
  65. $_SESSION['uid'] = $r[0]['uid'];
  66. $_SESSION['theme'] = $r[0]['theme'];
  67. $_SESSION['authenticated'] = 1;
  68. $_SESSION['page_flags'] = $r[0]['page-flags'];
  69. $_SESSION['my_url'] = $a->get_baseurl() . '/profile/' . $r[0]['nickname'];
  70. notice( t("Welcome back ") . $r[0]['username'] . EOL);
  71. $a->user = $r[0];
  72. if(strlen($a->user['timezone']))
  73. date_default_timezone_set($a->user['timezone']);
  74. $r = q("SELECT * FROM `contact` WHERE `uid` = %s AND `self` = 1 LIMIT 1",
  75. intval($_SESSION['uid']));
  76. if(count($r)) {
  77. $a->contact = $r[0];
  78. $a->cid = $r[0]['id'];
  79. $_SESSION['cid'] = $a->cid;
  80. }
  81. header('X-Account-Management-Status: active; name="' . $a->user['username'] . '"; id="' . $a->user['nickname'] .'"');
  82. if(($a->module !== 'home') && isset($_SESSION['return_url']))
  83. goaway($a->get_baseurl() . '/' . $_SESSION['return_url']);
  84. }
  85. }
  86. // Returns an array of group id's this contact is a member of.
  87. // This array will only contain group id's related to the uid of this
  88. // DFRN contact. They are *not* neccessarily unique across the entire site.
  89. if(! function_exists('init_groups_visitor')) {
  90. function init_groups_visitor($contact_id) {
  91. $groups = array();
  92. $r = q("SELECT `gid` FROM `group_member`
  93. WHERE `contact-id` = %d ",
  94. intval($contact_id)
  95. );
  96. if(count($r)) {
  97. foreach($r as $rr)
  98. $groups[] = $rr['gid'];
  99. }
  100. return $groups;
  101. }}