コード例 #1
0
ファイル: user.php プロジェクト: scovit/nust-helico
function login($user, $pass)
{
    global $session;
    if (!valid_passwd($pass) || valid_user($user, $pass, $privilege)) {
        $session['user'] = $user;
        $session['privilege'] = $privilege;
        echo "&end";
    } else {
        echo "&notfound";
    }
}
コード例 #2
0
ファイル: acctfuncs.inc.php プロジェクト: pyp22/aurweb
/**
 * Attempt to login and generate a session
 *
 * @return array Session ID for user, error message if applicable
 */
function try_login()
{
    $login_error = "";
    $new_sid = "";
    $userID = null;
    if (!isset($_REQUEST['user']) && !isset($_REQUEST['passwd'])) {
        return array('SID' => '', 'error' => null);
    }
    if (is_ipbanned()) {
        $login_error = __('The login form is currently disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.');
        return array('SID' => '', 'error' => $login_error);
    }
    $dbh = DB::connect();
    $userID = uid_from_loginname($_REQUEST['user']);
    if (user_suspended($userID)) {
        $login_error = __('Account suspended');
        return array('SID' => '', 'error' => $login_error);
    } elseif (passwd_is_empty($userID)) {
        $login_error = __('Your password has been reset. ' . 'If you just created a new account, please ' . 'use the link from the confirmation email ' . 'to set an initial password. Otherwise, ' . 'please request a reset key on the %s' . 'Password Reset%s page.', '<a href="' . htmlspecialchars(get_uri('/passreset')) . '">', '</a>');
        return array('SID' => '', 'error' => $login_error);
    } elseif (!valid_passwd($userID, $_REQUEST['passwd'])) {
        $login_error = __("Bad username or password.");
        return array('SID' => '', 'error' => $login_error);
    }
    $logged_in = 0;
    $num_tries = 0;
    /* Generate a session ID and store it. */
    while (!$logged_in && $num_tries < 5) {
        $session_limit = config_get_int('options', 'max_sessions_per_user');
        if ($session_limit) {
            /*
             * Delete all user sessions except the
             * last ($session_limit - 1).
             */
            $q = "DELETE s.* FROM Sessions s ";
            $q .= "LEFT JOIN (SELECT SessionID FROM Sessions ";
            $q .= "WHERE UsersId = " . $userID . " ";
            $q .= "ORDER BY LastUpdateTS DESC ";
            $q .= "LIMIT " . ($session_limit - 1) . ") q ";
            $q .= "ON s.SessionID = q.SessionID ";
            $q .= "WHERE s.UsersId = " . $userID . " ";
            $q .= "AND q.SessionID IS NULL;";
            $dbh->query($q);
        }
        $new_sid = new_sid();
        $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" . " VALUES (" . $userID . ", '" . $new_sid . "', UNIX_TIMESTAMP())";
        $result = $dbh->exec($q);
        /* Query will fail if $new_sid is not unique. */
        if ($result) {
            $logged_in = 1;
            break;
        }
        $num_tries++;
    }
    if (!$logged_in) {
        $login_error = __('An error occurred trying to generate a user session.');
        return array('SID' => $new_sid, 'error' => $login_error);
    }
    $q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
    $q .= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
    $q .= "WHERE ID = '{$userID}'";
    $dbh->exec($q);
    /* Set the SID cookie. */
    if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
        /* Set cookies for 30 days. */
        $timeout = config_get_int('options', 'persistent_cookie_timeout');
        $cookie_time = time() + $timeout;
        /* Set session for 30 days. */
        $q = "UPDATE Sessions SET LastUpdateTS = {$cookie_time} ";
        $q .= "WHERE SessionID = '{$new_sid}'";
        $dbh->exec($q);
    } else {
        $cookie_time = 0;
    }
    setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
    $referer = in_request('referer');
    if (strpos($referer, aur_location()) !== 0) {
        $referer = '/';
    }
    header("Location: " . get_uri($referer));
    $login_error = "";
}