$comm->ident = insert_record('users', $comm);
}
$f = new StdClass();
$f->owner = $ident;
$f->friend = $comm->ident;
insert_record('friends', $f);
$f->owner = $comm->ident;
$f->friend = $ident;
insert_record('friends', $f);
unset($USER->signingup);
unset($USER->alias);
if ($mode == 'join') {
// we don't need to do these if the user has already had an account.
$_SESSION['messages'][] = __gettext('Your account creation was successful!');
// authenticate them.
authenticate_account($u->username, $u->password);
}
redirect($CFG->wwwroot . $u->username);
}
$showform = true;
}
if (!empty($showform)) {
define("context", "lmsjoin");
templates_page_setup();
$title = __gettext('Join up');
ob_start();
require_once $CFG->dirroot . 'lms/join.html';
$body = ob_get_contents();
ob_end_clean();
$body = templates_draw(array('context' => 'contentholder', 'title' => $title, 'body' => $body));
$title1 = __gettext('Login');
$redirect_url = trim(optional_param('passthru_url'));
if (empty($redirect_url)) {
$redirect_url = $CFG->wwwroot . "index.php";
}
// if we're already logged in, redirect away again.
if (logged_on) {
$messages[] = gettext("You are already logged on.");
define('redirect_url', $redirect_url);
$_SESSION['messages'] = $messages;
header("Location: " . redirect_url);
exit;
}
$l = optional_param('username');
$p = optional_param('password');
if (!empty($l) && !empty($p)) {
$ok = authenticate_account($l, $p);
if ($ok) {
$messages[] = gettext("You have been logged on.");
define('redirect_url', $redirect_url);
$_SESSION['messages'] = $messages;
header("Location: " . redirect_url);
exit;
} else {
$messages[] = gettext("Unrecognised username or password. The system could not log you on, or you may not have activated your account.");
}
} else {
if (!empty($l) || !empty($p)) {
// if ONLY one was entered, make the error message.
$messages[] = gettext("Either the username or password were not specified. The system could not log you on.");
}
}
if (array_key_exists("invite:join:mailwithoutpass", $function)) {
$msg = run("invite:join:mailwithoutpass", array($sitename, $username, url));
}
email_to_user($u, null, sprintf(__gettext("Your %s account"), $sitename), $msg);
}
if (INVITE_AUTO_LOGIN) {
// It would append the passthru_url to the default URL for the user
// http://yoursite.com/<redirect>
// You can use the following keywords to be replaced at this time
// {{username}} User name
// {{user_id}} User id
$redirect_url = trim(optional_param('passthru_url', '{{username}}'));
$redirect_url = str_replace('{{username}}', $username, $redirect_url);
$redirect_url = str_replace('{{user_id}}', $ident, $redirect_url);
$redirect_url = $CFG->wwwroot . $redirect_url;
$ok = authenticate_account($username, $displaypassword);
if ($ok) {
//$messages[] = __gettext("You have been logged on.");
if (md5($p) == md5("password")) {
$_SESSION['messages'][] = __gettext("The password for this account is extremely insecure and represents a major security risk. You should change it immediately.");
}
define('redirect_url', $redirect_url);
header("Location: " . redirect_url);
exit;
} else {
$messages[] = __gettext("Unrecognised username or password. The system could not log you on, or you may not have activated your account.");
}
}
header("Location: " . $CFG->wwwroot);
exit;
}
<?php
// Start the session
if (isset($_COOKIE['sessionid'])) {
session_id($_COOKIE['sessionid']);
}
session_name(user_session_name);
session_start();
// Check to see if authorization is needed (check cookie)
$logged_in = authenticate_account();
// Set logged-in status in stone
define('logged_on', $logged_in);
// If we're not logged in, set the user ID to -1
if (!logged_on) {
$_SESSION['userid'] = -1;
}
$auth['method'] = $good_pw;
} elseif (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']) && $_SERVER['PHP_AUTH_USER'] != "" && $_SERVER['PHP_AUTH_PW'] != "") {
$username = $_SERVER['PHP_AUTH_USER'];
$password = md5($_SERVER['PHP_AUTH_PW']);
$auth['method'] = "http-basic-auth";
} elseif (isset($_POST['username']) && isset($_POST['password']) && $_POST['username'] != "" && $_POST['password'] != "") {
$username = trim($_POST['username']);
$password = trim(md5($_POST['password']));
$auth['method'] = "post";
}
// Conditions to be extended for other methods (tokens etc.)
// If all is well we have a username and password
// To be modified for different providers, tokens, etc. and fall-through (iterate through the configured providers)
// Elgg authentication provider
if (isset($username)) {
$logonsuccess = authenticate_account($username, $password);
if ($logonsuccess) {
$auth['status'] = true;
$auth['message'] = "Authenticated";
$auth['code'] = 200;
} else {
$auth['status'] = false;
$auth['message'] = "Incorrect username or password";
$auth['code'] = 801;
}
} else {
$auth['status'] = false;
$auth['message'] = "No username or password provided";
$auth['code'] = 801;
}
$run_result = $auth;
