tpl_nav_empty();
tpl_auth_needed();
tpl_footer(array());
return;
}
if ($pNav == "init") {
if (authInit() === NULL) {
tpl_header();
tpl_nav_empty();
tpl_auth_error();
tpl_footer(array());
}
return;
}
if ($pNav == "verify") {
$verify = authVerify();
if ($verify === NULL) {
tpl_header();
tpl_nav_empty();
tpl_auth_error();
tpl_footer(array());
}
if ($verify === false) {
tpl_header();
tpl_nav_empty();
tpl_auth_negative();
tpl_footer(array());
}
if ($pNav == "error") {
tpl_header();
tpl_nav_empty();
function auth()
{
// Globals
global $DB;
global $TIMEMARK;
global $IGB;
// Handle possible logouts, activations et all.
include_once './functions/login/preAuth.php';
// Trust, INC.
$alert = getConfig("trustSetting");
if ($IGB && $alert == 2) {
// So we are an IGB call and we want passwordless logins.
// Check for a previous "Login"
$MySelf = authKeyIsValid();
// Now we check if MySelf is "true" if it is, we have a valid login.
if ($MySelf == false) {
/*
* Okay here we want passwordless logins. We also have no previous active login.
* This means we now have to search the database for a matching username.
*/
global $EVE_Charname;
$MySelf = authVerify(sanitize($EVE_Charname), false, true);
/*
* If we were successfull $MySelf does now contain a userrecord, or is false on failure.
*/
if ($MySelf == false) {
/*
* No such user found. To avoid a login loop we will now break the cycle and
* present the user with the request account form.
*/
makeNotice("You do not belong here. Leave at once!", "warning", "ACCESS DENIED");
die;
global $page;
$page = makeRequestAccountPage(true) . makeFooter();
print $page;
} else {
/*
* Here we found a matching user. What we do now is to create an auth key
* for this user, drop other logins from the database and store the login time.
*/
createAuthKey($MySelf);
$DB->query("update users set lastlogin = '******' where username = '******'");
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION[betawarning] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
}
}
}
} else {
/*
* Lets see wether there is a login request, this has priority over
* anything else. We dont want to create a login loop.
*/
if (isset($_POST['login'])) {
/*
* So we have a login post. We will now check the username and
* password combination against the database. Lets see if it is
* a legit user or a fraud^wtypo.
*/
// The dynamical banning module.
checkBan();
$SUPPLIED_USERNAME = strtolower(sanitize($_POST['username']));
// Check for validity.
if (!ctypeAlnum($SUPPLIED_USERNAME)) {
makeNotice("Invalid username. Only characters a-z, A-Z and 0-9 are allowed.", "error", "Invalid Username");
}
if (!isset($_SESSION['testauth'])) {
$SUPPLIED_PASSWORD = sha1($_POST['password']);
// Lets check the password.
$MySelf = authVerify($SUPPLIED_USERNAME, $SUPPLIED_PASSWORD);
} else {
$MySelf = authVerify($SUPPLIED_USERNAME, false);
}
if ($MySelf == false) {
// Lets try again, shall we?
makeLoginPage($SUPPLIED_USERNAME);
} else {
if ($MySelf->isValid()) {
// storing the new login time.
$DB->query("update users set lastlogin = '******' where username = '******'");
// Create the auth-key.
createAuthKey($MySelf);
}
}
// We are done here.
$_SESSION['MySelf'] = base64_encode(serialize($MySelf));
// Beta Warning.
global $IS_BETA;
if ($IS_BETA && $_SESSION['betawarning'] != $MySelf->getLastlogin()) {
$_SESSION[betawarning] = $MySelf->getLastlogin();
makeNotice("You are using a beta version of MiningBuddy. Be aware that some functions may not " . "be ready for production servers, and that there may be bugs around. You have been warned.", "warning", "Beta Warning");
} else {
header("Location: index.php?{$_SERVER['QUERY_STRING']}");
die;
}
}
/*
* This is to check wether the user still has a valid login ticket.
*/
$MySelf = authKeyIsValid();
if ($MySelf == false) {
$_SESSION['lastModDisplay'] = false;
session_destroy();
makeLoginPage();
die;
}
}
/*
* Print motd. (Only on login) - and only if set.
*/
$MOTD = getTemplate("motd", "announce");
if (!$_SESSION['seenMotd'] && !empty($MOTD)) {
$_SESSION['seenMotd'] = true;
makeNotice(nl2br(stripslashes($MOTD)), "notice", "Announcement");
}
return $MySelf;
}
