public function __construct() { socialFeed::get_favicon_from('http://www.delicious.com/sydlawrence'); $this->session = Session::instance(); $this->db = new Database(); parent::__construct(); $_POST = $this->input->xss_clean($_POST); if ($this->input->post('attempt_login')) { $return = login::attempt_login(); if (isset($return->id) && $return->id > 0) { $this->user = $return; } else { $this->__set_options(array('error' => $return)); } if (isset($_GET['redirect'])) { url::redirect(urldecode($_GET['redirect'])); } } $this->user = login::check_login(); if ($this->input->get('logout')) { Auth::instance()->logout(TRUE); url::redirect(); } $this->page = Page_Model::get_by_url(); $this->feed = Feed_Model::get_by_url(); $this->feedpost = Feedpost_Model::get_by_url(); $this->__setup(); $this->header = new View('includes/header'); $this->footer = new View('includes/footer'); $this->__binds(); }
public function delete() { $log = ORM::factory('activity'); $log->user_id = login::check_login()->id; $log->item_type = $this->object_name; $log->item_id = $this->id; $log->activity_type = "delete"; $log->item_old = serialize($this); $log->save(); return parent::delete(); }
public static function check_login() { return login::check_login(); }
function loginCheck($priv_level_needed, $internal = false) { global $conn, $config, $lang; // Load misc Class $display = ''; $checked = login::check_login(); if (!$checked and !isset($_POST['user_name'])) { if ($internal !== true) { return login::display_login($priv_level_needed); } else { return false; } } elseif (isset($_POST['user_name'])) { if (!$_POST['user_name'] || !$_POST['user_pass']) { if ($internal !== true) { $display .= $lang['required_field_not_filled']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Spruce up username, check length */ $_POST['user_name'] = trim($_POST['user_name']); if (strlen($_POST['user_name']) > 30) { if ($internal !== true) { $display .= $lang['username_excessive_length']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } /* Checks that username is in database and password is correct */ $md5pass = md5($_POST['user_pass']); $result = login::confirm_user($_POST['user_name'], $md5pass); /* Check error codes */ if ($result == 1) { if ($internal !== true) { $display .= $lang['nonexistent_username']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 2) { if ($internal !== true) { $display .= $lang['incorrect_password']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { if ($result == 3) { if ($internal !== true) { $display .= $lang['inactive_user']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } } } } if (isset($_POST['user_name']) || $checked) { /* Username and password correct, register session variables */ if (isset($_POST['user_name'])) { $_POST['user_name'] = stripslashes($_POST['user_name']); $_SESSION['username'] = $_POST['user_name']; $_SESSION['userpassword'] = $md5pass; } require_once $config['basepath'] . '/include/misc.inc.php'; $misc = new misc(); $username = $misc->make_db_safe($_SESSION['username']); $sql = 'SELECT * FROM ' . $config['table_prefix'] . 'userdb WHERE userdb_user_name= ' . $username; $recordSet = $conn->Execute($sql); $_SESSION['userID'] = $recordSet->fields['userdb_id']; $_SESSION['admin_privs'] = $recordSet->fields['userdb_is_admin']; $_SESSION['active'] = $recordSet->fields['userdb_active']; $_SESSION['isAgent'] = $recordSet->fields['userdb_is_agent']; $_SESSION['featureListings'] = $recordSet->fields['userdb_can_feature_listings']; $_SESSION['viewLogs'] = $recordSet->fields['userdb_can_view_logs']; $_SESSION['moderator'] = $recordSet->fields['userdb_can_moderate']; $_SESSION['editpages'] = $recordSet->fields['userdb_can_edit_pages']; $_SESSION['havevtours'] = $recordSet->fields['userdb_can_have_vtours']; $_SESSION['havefiles'] = $recordSet->fields['userdb_can_have_files']; $_SESSION['is_member'] = 'yes'; // Removed in 2.1 // $_SESSION['editForms'] = $recordSet->fields['userdb_can_edit_forms']; // New Permissions with OR 2.1 $_SESSION['edit_site_config'] = $recordSet->fields['userdb_can_edit_site_config']; $_SESSION['edit_member_template'] = $recordSet->fields['userdb_can_edit_member_template']; $_SESSION['edit_agent_template'] = $recordSet->fields['userdb_can_edit_agent_template']; $_SESSION['edit_listing_template'] = $recordSet->fields['userdb_can_edit_listing_template']; $_SESSION['export_listings'] = $recordSet->fields['userdb_can_export_listings']; $_SESSION['edit_all_listings'] = $recordSet->fields['userdb_can_edit_all_listings']; $_SESSION['edit_all_users'] = $recordSet->fields['userdb_can_edit_all_users']; $_SESSION['edit_property_classes'] = $recordSet->fields['userdb_can_edit_property_classes']; $_SESSION['edit_expiration'] = $recordSet->fields['userdb_can_edit_expiration']; $_SESSION['blog_user_type'] = $recordSet->fields['userdb_blog_user_type']; $_SESSION['can_manage_addons'] = $recordSet->fields['userdb_can_manage_addons']; /** * This is the cool part: the user has requested that we remember that * he's logged in, so we set two cookies. One to hold his username, * and one to hold his md5 encrypted password. We set them both to * expire in 100 days. Now, next time he comes to our site, we will * log him in automatically. */ if (isset($_POST['remember'])) { setcookie('cookname', $_SESSION['username'], time() + 60 * 60 * 24 * 100, '/'); setcookie('cookpass', $_SESSION['userpassword'], time() + 60 * 60 * 24 * 100, '/'); } if (!login::verify_priv($priv_level_needed)) { if ($internal !== true) { $display .= $lang['access_denied']; $display .= login::display_login($priv_level_needed); return $display; } else { return false; } } else { return true; } } }