/** * logs the user in * @param $username username, comes from net * @param $password password, comes from net * @param $remember_me, comes from net * @returns if successful, true; else false */ function login($username, $password, $remember_me = false, $openid = false, $from_remember = false) { global $valid_user; $username = mysql_real_escape_string($username); $password = mysql_real_escape_string($password); $db = AccessDB(); if (!$openid) { if (!$from_remember) { $password_crypted = md5($password); } else { $password_crypted = $password; } if (strpos($username, '@') !== false) { $mid = $db->getOne("SELECT member_id FROM members WHERE email=? AND member_password=? AND openid='no'", array($username, $password_crypted)); } else { $mid = $db->getOne("SELECT member_id FROM members WHERE member_login=? AND member_password=? AND openid='no'", array($username, $password_crypted)); } } else { $mid = $db->getOne("SELECT member_id FROM members WHERE member_login=? AND openid='yes'", array($username)); } if (PEAR::isError($mid)) { die($mid->getMessage()); } if (empty($mid)) { return false; } else { /** * if this is email login */ if (strpos($username, '@') !== false) { $nusername = $db->getOne("SELECT member_login FROM members WHERE email=?", array($username)); if (PEAR::isError($nusername)) { die($nusername->getMessage()); } if (empty($nusername)) { return false; } $username = $nusername; } /** * legacy code here */ $valid_user = $username; session_register("valid_user"); $_SESSION['valid_user'] = $username; /** * shold be changed to this */ //$_SESSION['valid_user'] = $username; if ($remember_me || $from_remember) { rememberUser($username, $password_crypted); } else { dontRememberUser($username); } /** * analytics code here */ if (class_exists('Analytics')) { $ans = new Analytics(); $ans->loggedIn($valid_user); } // set login recovered // because sure that he still knows // his password $u2e = _usernameToEmail($valid_user); if ($u2e[0]) { $email = $u2e[1]; // check for previous login recovery // requests setLoginRecovered($email); } return true; } }