if (user_VerifyPassword($password, $hash)) {
// Success! //
user_StartSession(false);
user_DoLogin($response['id']);
user_EndSession();
// TODO: Clear login attempt cache //
} else {
my_LoginError();
}
// ** Successfully Logged in ** //
// Retrieve my info //
// Retrieve my list of Favourites, and a list of most recent posts I've loved. //
} else {
if ($action === 'logout') {
user_Start();
user_DoLogout();
// Destroy session
} else {
if ($action === 'register') {
// Add a user (if legal), send a verification e-mail.
} else {
if ($action === 'verify') {
// Verify a previously added user given a verification URL.
} else {
if ($action === 'resend') {
// Resend verification e-mail.
} else {
if ($action === 'lost-password') {
// Send a password recovery e-mail.
} else {
if ($action === 'verify-user') {
function user_StartLogin($force_regen = false, $preserve_token = false)
{
// If the token is set, that means we are potentially logged in //
if (isset($_SESSION['TOKEN'])) {
// Confirm that the tokens match //
if (_user_IsLoginTokenValid()) {
// Confirm that we have an ID //
if (isset($_SESSION['ID'])) {
// Confirm that the ID is a number //
if (is_numeric($_SESSION['ID'])) {
// Confirm that we have a generation time //
if (isset($_SESSION['__generated'])) {
// If it's time to regenerate the token (or explicitly NOT regenerate it) //
if (!$preserve_token && ($force_regen || time() - $_SESSION['__generated'] > CMW_SESSION_REGENERATE)) {
_user_SetLoginToken();
}
return;
// Everything is OK!
} else {
//LogError
}
} else {
//LogError "Login ID isn't numeric by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")";
}
} else {
//LogError "Login ID unset by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")";
}
} else {
//LogError "Login token mismatch for user " . (isset($_SESSION['ID'])?$_SESSION['ID']:"N/A") . " by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")";
}
}
// If we get here, there was a problem validating or confirming the Login //
//_user_ClearLogin();
user_DoLogout();
}
