/**
* Attempt to login and generate a session
*
* @return array Session ID for user, error message if applicable
*/
function try_login()
{
$login_error = "";
$new_sid = "";
$userID = null;
if (!isset($_REQUEST['user']) && !isset($_REQUEST['passwd'])) {
return array('SID' => '', 'error' => null);
}
if (is_ipbanned()) {
$login_error = __('The login form is currently disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.');
return array('SID' => '', 'error' => $login_error);
}
$dbh = DB::connect();
$userID = uid_from_loginname($_REQUEST['user']);
if (user_suspended($userID)) {
$login_error = __('Account suspended');
return array('SID' => '', 'error' => $login_error);
} elseif (passwd_is_empty($userID)) {
$login_error = __('Your password has been reset. ' . 'If you just created a new account, please ' . 'use the link from the confirmation email ' . 'to set an initial password. Otherwise, ' . 'please request a reset key on the %s' . 'Password Reset%s page.', '<a href="' . htmlspecialchars(get_uri('/passreset')) . '">', '</a>');
return array('SID' => '', 'error' => $login_error);
} elseif (!valid_passwd($userID, $_REQUEST['passwd'])) {
$login_error = __("Bad username or password.");
return array('SID' => '', 'error' => $login_error);
}
$logged_in = 0;
$num_tries = 0;
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user');
if ($session_limit) {
/*
* Delete all user sessions except the
* last ($session_limit - 1).
*/
$q = "DELETE s.* FROM Sessions s ";
$q .= "LEFT JOIN (SELECT SessionID FROM Sessions ";
$q .= "WHERE UsersId = " . $userID . " ";
$q .= "ORDER BY LastUpdateTS DESC ";
$q .= "LIMIT " . ($session_limit - 1) . ") q ";
$q .= "ON s.SessionID = q.SessionID ";
$q .= "WHERE s.UsersId = " . $userID . " ";
$q .= "AND q.SessionID IS NULL;";
$dbh->query($q);
}
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" . " VALUES (" . $userID . ", '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = $dbh->exec($q);
/* Query will fail if $new_sid is not unique. */
if ($result) {
$logged_in = 1;
break;
}
$num_tries++;
}
if (!$logged_in) {
$login_error = __('An error occurred trying to generate a user session.');
return array('SID' => $new_sid, 'error' => $login_error);
}
$q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
$q .= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
$q .= "WHERE ID = '{$userID}'";
$dbh->exec($q);
/* Set the SID cookie. */
if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
/* Set cookies for 30 days. */
$timeout = config_get_int('options', 'persistent_cookie_timeout');
$cookie_time = time() + $timeout;
/* Set session for 30 days. */
$q = "UPDATE Sessions SET LastUpdateTS = {$cookie_time} ";
$q .= "WHERE SessionID = '{$new_sid}'";
$dbh->exec($q);
} else {
$cookie_time = 0;
}
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
$referer = in_request('referer');
if (strpos($referer, aur_location()) !== 0) {
$referer = '/';
}
header("Location: " . get_uri($referer));
$login_error = "";
}
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib');
include_once 'aur.inc.php';
# access AUR common functions
include_once 'acctfuncs.inc.php';
# access Account specific functions
set_lang();
# this sets up the visitor's language
check_sid();
# see if they're still logged in
if (isset($_COOKIE["AURSID"])) {
header('Location: /');
exit;
}
html_header(__('Register'));
echo '<div class="box">';
echo '<h2>' . __('Register') . '</h2>';
if (in_request("Action") == "NewAccount") {
list($success, $message) = process_account_form("new", "NewAccount", in_request("U"), 1, 0, in_request("E"), in_request("H"), '', '', in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK"));
print $message;
if (!$success) {
display_account_form("NewAccount", in_request("U"), 1, 0, in_request("E"), in_request("H"), '', '', in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK"));
}
} else {
print '<p>' . __("Use this form to create an account.") . '</p>';
display_account_form("NewAccount", "", "", "", "", "", "", "", "", $LANG);
}
echo '</div>';
html_footer(AURWEB_VERSION);
<input type="submit" class="button" value="<?php
print __("Login");
?>
" />
<a href="<?php
echo get_uri('/passreset/');
?>
">[<?php
echo __('Forgot Password');
?>
]</a>
<?php
if (in_request('referer') !== "") {
?>
<input id="id_referer" type="hidden" name="referer" value="<?php
echo in_request('referer');
?>
" />
<?php
} elseif (isset($_SERVER['HTTP_REFERER'])) {
?>
<input id="id_referer" type="hidden" name="referer" value="<?php
echo htmlspecialchars($_SERVER['HTTP_REFERER'], ENT_QUOTES);
?>
" />
<?php
}
?>
</p>
</fieldset>
</form>
}
} else {
print __("You do not have permission to edit this account.");
}
} elseif ($action == "AccountInfo") {
# no editing, just looking up user info
#
if (empty($row)) {
print __("Could not retrieve information for the specified user.");
} else {
include "account_details.php";
}
} elseif ($action == "UpdateAccount") {
print $update_account_message;
if (!$success) {
display_account_form("UpdateAccount", in_request("U"), in_request("T"), in_request("S"), in_request("E"), in_request("H"), in_request("P"), in_request("C"), in_request("R"), in_request("L"), in_request("I"), in_request("K"), in_request("PK"), in_request("J"), in_request("ID"), $row["Username"]);
}
} else {
if (has_credential(CRED_ACCOUNT_SEARCH)) {
# display the search page if they're a TU/dev
#
print __("Use this form to search existing accounts.") . "<br />\n";
include 'search_accounts_form.php';
} else {
print __("You are not allowed to access this area.");
}
}
} else {
# visitor is not logged in
#
print __("You must log in to view user information.");
