if (user_VerifyPassword($password, $hash)) { // Success! // user_StartSession(false); user_DoLogin($response['id']); user_EndSession(); // TODO: Clear login attempt cache // } else { my_LoginError(); } // ** Successfully Logged in ** // // Retrieve my info // // Retrieve my list of Favourites, and a list of most recent posts I've loved. // } else { if ($action === 'logout') { user_Start(); user_DoLogout(); // Destroy session } else { if ($action === 'register') { // Add a user (if legal), send a verification e-mail. } else { if ($action === 'verify') { // Verify a previously added user given a verification URL. } else { if ($action === 'resend') { // Resend verification e-mail. } else { if ($action === 'lost-password') { // Send a password recovery e-mail. } else { if ($action === 'verify-user') {
function user_StartLogin($force_regen = false, $preserve_token = false) { // If the token is set, that means we are potentially logged in // if (isset($_SESSION['TOKEN'])) { // Confirm that the tokens match // if (_user_IsLoginTokenValid()) { // Confirm that we have an ID // if (isset($_SESSION['ID'])) { // Confirm that the ID is a number // if (is_numeric($_SESSION['ID'])) { // Confirm that we have a generation time // if (isset($_SESSION['__generated'])) { // If it's time to regenerate the token (or explicitly NOT regenerate it) // if (!$preserve_token && ($force_regen || time() - $_SESSION['__generated'] > CMW_SESSION_REGENERATE)) { _user_SetLoginToken(); } return; // Everything is OK! } else { //LogError } } else { //LogError "Login ID isn't numeric by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")"; } } else { //LogError "Login ID unset by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")"; } } else { //LogError "Login token mismatch for user " . (isset($_SESSION['ID'])?$_SESSION['ID']:"N/A") . " by " . $_SERVER['REMOTE_ADDR'] . " (" . session_id() . ")"; } } // If we get here, there was a problem validating or confirming the Login // //_user_ClearLogin(); user_DoLogout(); }