function login($email, $password)
{
if (account_exists($email, $password)) {
$_SESSION["name"] = $email;
redirect("versus", "Login successful! Welcome back!");
} else {
print "Invalid login account, try again.";
}
}
session_destroy();
unset($action);
$_SESSION = array();
}
//need to process choose, delete or store account before drawing header
if (isset($action)) {
switch ($action) {
case 'delete-account':
delete_account($_SESSION['auth_user'], $account);
break;
case 'store-settings':
store_account_settings($_SESSION['auth_user'], $_POST);
break;
case 'select-account':
// if have chosen a valid account, store it as a session variable
if ($account && account_exists($_SESSION['auth_user'], $account)) {
$_SESSION['selected_account'] = $account;
}
}
}
// set the buttons that will be on the tool bar
$buttons[0] = 'view-mailbox';
$buttons[1] = 'new-message';
$buttons[2] = 'account-setup';
//only offer a log out button if logged in
if (check_auth_user()) {
$buttons[4] = 'log-out';
}
//*****************************************************************************
// Stage 2: headers
// Send the HTML headers and menu bar appropriate to current action
});
// Users
// --------------------------------------------------------------------------------
get('/users', function () {
if (!is_reviewer()) {
render('err403', null, false);
return;
}
$users = account_list();
uasort($users, 'account_group_cmp');
render('user_list', array('head_title' => 'Users', 'users' => $users));
});
// The url router wasn't matching "/users/:email" probably something to do with the @ and the dots in emails
if (startsWith(request_uri(), '/users/') && strlen(trim(request_uri(), '/')) > 5) {
$email = remove_first(request_uri(), '/users/');
if (!account_exists($email)) {
render('err404', null, false);
die;
}
if ($email !== user_email() && !is_reviewer()) {
render('err403', null, false);
die;
}
$data = account_data($email);
$email = $data['email'];
if (request_method() == 'GET') {
render('user', array('head_title' => $data['email'], 'user' => $data, 'user_apps' => app_get_user($data['email'], valid_bool(from($_REQUEST, 'show-deleted'))), 'is_self' => user_email() == $email));
} else {
if (request_method() == 'POST') {
$action = from($_REQUEST, 'action');
switch (strtolower($action)) {
if ($action == 'log-out') {
session_destroy();
unset($action);
unset($HTTP_SESSION_VARS);
}
//need to process choose, delete or store account before drawing header
switch ($action) {
case 'delete-account':
delete_account($HTTP_SESSION_VARS['auth_user'], $account);
break;
case 'store-settings':
store_account_settings($HTTP_SESSION_VARS['auth_user'], $HTTP_POST_VARS);
break;
case 'select-account':
// if have chosen a valid account, store it as a session variable
if ($account && account_exists($HTTP_SESSION_VARS['auth_user'], $account)) {
$HTTP_SESSION_VARS['selected_account'] = $account;
}
}
// set the buttons that will be on the tool bar
$buttons[0] = 'view-mailbox';
$buttons[1] = 'new-message';
$buttons[2] = 'account-setup';
//only offer a log out button if logged in
if (check_auth_user()) {
$buttons[4] = 'log-out';
}
//*****************************************************************************
// Stage 2: headers
// Send the HTML headers and menu bar appropriate to current action
//*****************************************************************************
function send_friend($ciphered_message, $real_message, $friend, $sender)
{
if (!account_exists($friend)) {
add_message_to_db($ciphered_message, $real_message, $friend, $sender);
} else {
print "That friend's account does not exist.";
}
}
function account_username($email)
{
return account_exists($email) ? account_data($email)['username'] : null;
}
ini_set('session.use_trans_sid', 0);
ini_set('session.cookie_lifetime', 0);
// ini_set('session.cookie_secure', 1); only on https
ini_set('session.cookie_httponly', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cache_expire', 30);
ini_set('default_socket_timeout', 60);
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', 256);
ini_set('session.gc_maxlifetime', 2678400);
session_set_cookie_params(0);
session_start();
// Reset session variables in case stuff changed
if (logged_in()) {
if (account_exists(user_email())) {
create_session(user_email(), false);
} else {
destroy_session();
}
}
function destroy_session()
{
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
if (isset($_COOKIE['login'])) {
unset($_COOKIE['login']);
setcookie('login', '', time() - 3600, '/');
}