/**
* Login the user and delegate the setup if login is valid.
*
* @return array
*/
function login_user($dirty_user, $p_pass)
{
// Internal function due to it being insecure otherwise.
if (!function_exists('_login_user')) {
}
$success = false;
$login_error = 'That password/username combination was incorrect.';
// Just checks whether the username and password are correct.
$data = authenticate($dirty_user, $p_pass);
if (is_array($data)) {
if ((bool) $data['authenticated'] && (bool) $data['operational']) {
if ((bool) $data['confirmed']) {
_login_user($data['uname'], $data['player_id'], $data['account_id']);
// Block by ip list here, if necessary.
// *** Set return values ***
$success = true;
$login_error = null;
} else {
// *** Account was not activated yet ***
$success = false;
$login_error = "You must confirm your account before logging in, check your email. <a href='/account_issues.php'>You can request another confirmation email here.</a>";
}
}
// The LOGIN FAILURE case occurs here, and is the default.
}
// *** Return array of return values ***
return ['success' => $success, 'login_error' => $login_error];
}
$password = trim(@$_REQUEST['p']);
$url_aastra_login = GS_PROV_SCHEME . '://' . GS_PROV_HOST . (GS_PROV_PORT ? ':' . GS_PROV_PORT : '') . GS_PROV_PATH . 'aastra/login.php';
if ($action === 'restart') {
$xml = "<AastraIPPhoneExecute Beep=\"yes\">\n" . "\t<ExecuteItem URI=\"Command: FastReboot\"/>\n" . "</AastraIPPhoneExecute>\n";
aastra_transmit_str($xml);
}
if ($action === 'logout' && $type === 'user') {
if (!_logout_user()) {
aastra_textscreen('Error', __('Abmelden nicht erfolgreich!'), 0, true);
} else {
aastra_textscreen('Info', __('Benutzer erfolgreich abgemeldet.'), 3);
}
}
if ($action === 'login' && $type === 'user') {
if ($user && $password) {
if (!_login_user($user, $password)) {
aastra_textscreen('Error', __('Falsche Durchwahl oder PIN!'), 0, true);
} else {
aastra_textscreen('Info', __('Benutzer erfolgreich angemeldet.'), 3);
}
} else {
if ($user) {
$highlight = 3;
} else {
$highlight = 2;
}
$xml = '<AastraIPPhoneInputScreen type="string" destroyOnExit="yes" displayMode="condensed" defaultIndex="' . $highlight . '">' . "\n";
$xml .= '<Title>' . __('Login') . '</Title>' . "\n";
$xml .= '<URL>' . $url_aastra_login . '?a=' . $action . '</URL>' . "\n";
$xml .= '<Default></Default>' . "\n";
$xml .= '<InputField type="empty"></InputField>' . "\n";
/**
* Login a user via a pre-authenticated oauth id.
**/
function login_user_by_oauth($oauth_id, $oauth_provider)
{
$account_info = query_row('select players.player_id, players.uname, accounts.account_id
from players left join account_players on players.player_id = account_players._player_id
left join accounts on accounts.account_id = account_players._account_id
where accounts.oauth_provider = :oauth_provider and accounts.oauth_id = :oauth_id and accounts.operational limit 1', array(':oauth_provider' => $oauth_provider, ':oauth_id' => $oauth_id));
$username = $account_info['uname'];
$player_id = $account_info['player_id'];
$account_id = $account_info['account_id'];
$success = false;
$login_error = 'Sorry, that ' . $oauth_provider . ' account is not yet connected to a ninjawars account.';
if ($username && $player_id && $account_id) {
_login_user($username, $player_id, $account_id);
$success = true;
$login_error = null;
}
return array('success' => $success, 'login_error' => $login_error);
}
session_start();
include_once $_SERVER['DOCUMENT_ROOT'] . "/app/etc/dbconfig.php";
include_once $_SERVER['DOCUMENT_ROOT'] . "/app/etc/PHPMailer_5.2.4/class.phpmailer.php";
if (isset($_POST['ssd'])) {
$action = mysql_real_escape_string($_POST['ssd']);
switch ($action) {
case 'insert_user':
if (isset($_POST['data'])) {
parse_str($_POST['data'], $data);
_insert_user($data);
}
break;
case 'login_user':
if (isset($_POST['data'])) {
parse_str($_POST['data'], $data);
_login_user($data);
}
break;
case 'user_pwd_forget_recovery':
if (isset($_POST['data'])) {
parse_str($_POST['data'], $data);
_user_pwd_forget_recovery($data);
}
break;
case 'reset_user_pwd':
if (isset($_POST['data'])) {
parse_str($_POST['data'], $data);
_reset_user_pwd($data);
}
break;
case 'add_user_role':
