public function __construct()
{
socialFeed::get_favicon_from('http://www.delicious.com/sydlawrence');
$this->session = Session::instance();
$this->db = new Database();
parent::__construct();
$_POST = $this->input->xss_clean($_POST);
if ($this->input->post('attempt_login')) {
$return = login::attempt_login();
if (isset($return->id) && $return->id > 0) {
$this->user = $return;
} else {
$this->__set_options(array('error' => $return));
}
if (isset($_GET['redirect'])) {
url::redirect(urldecode($_GET['redirect']));
}
}
$this->user = login::check_login();
if ($this->input->get('logout')) {
Auth::instance()->logout(TRUE);
url::redirect();
}
$this->page = Page_Model::get_by_url();
$this->feed = Feed_Model::get_by_url();
$this->feedpost = Feedpost_Model::get_by_url();
$this->__setup();
$this->header = new View('includes/header');
$this->footer = new View('includes/footer');
$this->__binds();
}
public function delete()
{
$log = ORM::factory('activity');
$log->user_id = login::check_login()->id;
$log->item_type = $this->object_name;
$log->item_id = $this->id;
$log->activity_type = "delete";
$log->item_old = serialize($this);
$log->save();
return parent::delete();
}
public static function check_login()
{
return login::check_login();
}
function loginCheck($priv_level_needed, $internal = false)
{
global $conn, $config, $lang;
// Load misc Class
$display = '';
$checked = login::check_login();
if (!$checked and !isset($_POST['user_name'])) {
if ($internal !== true) {
return login::display_login($priv_level_needed);
} else {
return false;
}
} elseif (isset($_POST['user_name'])) {
if (!$_POST['user_name'] || !$_POST['user_pass']) {
if ($internal !== true) {
$display .= $lang['required_field_not_filled'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Spruce up username, check length */
$_POST['user_name'] = trim($_POST['user_name']);
if (strlen($_POST['user_name']) > 30) {
if ($internal !== true) {
$display .= $lang['username_excessive_length'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
/* Checks that username is in database and password is correct */
$md5pass = md5($_POST['user_pass']);
$result = login::confirm_user($_POST['user_name'], $md5pass);
/* Check error codes */
if ($result == 1) {
if ($internal !== true) {
$display .= $lang['nonexistent_username'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 2) {
if ($internal !== true) {
$display .= $lang['incorrect_password'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
if ($result == 3) {
if ($internal !== true) {
$display .= $lang['inactive_user'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
}
}
}
}
if (isset($_POST['user_name']) || $checked) {
/* Username and password correct, register session variables */
if (isset($_POST['user_name'])) {
$_POST['user_name'] = stripslashes($_POST['user_name']);
$_SESSION['username'] = $_POST['user_name'];
$_SESSION['userpassword'] = $md5pass;
}
require_once $config['basepath'] . '/include/misc.inc.php';
$misc = new misc();
$username = $misc->make_db_safe($_SESSION['username']);
$sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username;
$recordSet = $conn->Execute($sql);
$_SESSION['userID'] = $recordSet->fields['userdb_id'];
$_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin'];
$_SESSION['active'] = $recordSet->fields['userdb_active'];
$_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent'];
$_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings'];
$_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs'];
$_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate'];
$_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages'];
$_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours'];
$_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files'];
$_SESSION['is_member'] = 'yes';
// Removed in 2.1
// $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms'];
// New Permissions with OR 2.1
$_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config'];
$_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template'];
$_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template'];
$_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template'];
$_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings'];
$_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings'];
$_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users'];
$_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes'];
$_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration'];
$_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type'];
$_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons'];
/**
* This is the cool part: the user has requested that we remember that
* he's logged in, so we set two cookies. One to hold his username,
* and one to hold his md5 encrypted password. We set them both to
* expire in 100 days. Now, next time he comes to our site, we will
* log him in automatically.
*/
if (isset($_POST['remember'])) {
setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/');
setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/');
}
if (!login::verify_priv($priv_level_needed)) {
if ($internal !== true) {
$display .= $lang['access_denied'];
$display .= login::display_login($priv_level_needed);
return $display;
} else {
return false;
}
} else {
return true;
}
}
}
