function login($user, $pass)
{
global $session;
if (!valid_passwd($pass) || valid_user($user, $pass, $privilege)) {
$session['user'] = $user;
$session['privilege'] = $privilege;
echo "&end";
} else {
echo "¬found";
}
}
/**
* Attempt to login and generate a session
*
* @return array Session ID for user, error message if applicable
*/
function try_login()
{
$login_error = "";
$new_sid = "";
$userID = null;
if (!isset($_REQUEST['user']) && !isset($_REQUEST['passwd'])) {
return array('SID' => '', 'error' => null);
}
if (is_ipbanned()) {
$login_error = __('The login form is currently disabled ' . 'for your IP address, probably due ' . 'to sustained spam attacks. Sorry for the ' . 'inconvenience.');
return array('SID' => '', 'error' => $login_error);
}
$dbh = DB::connect();
$userID = uid_from_loginname($_REQUEST['user']);
if (user_suspended($userID)) {
$login_error = __('Account suspended');
return array('SID' => '', 'error' => $login_error);
} elseif (passwd_is_empty($userID)) {
$login_error = __('Your password has been reset. ' . 'If you just created a new account, please ' . 'use the link from the confirmation email ' . 'to set an initial password. Otherwise, ' . 'please request a reset key on the %s' . 'Password Reset%s page.', '<a href="' . htmlspecialchars(get_uri('/passreset')) . '">', '</a>');
return array('SID' => '', 'error' => $login_error);
} elseif (!valid_passwd($userID, $_REQUEST['passwd'])) {
$login_error = __("Bad username or password.");
return array('SID' => '', 'error' => $login_error);
}
$logged_in = 0;
$num_tries = 0;
/* Generate a session ID and store it. */
while (!$logged_in && $num_tries < 5) {
$session_limit = config_get_int('options', 'max_sessions_per_user');
if ($session_limit) {
/*
* Delete all user sessions except the
* last ($session_limit - 1).
*/
$q = "DELETE s.* FROM Sessions s ";
$q .= "LEFT JOIN (SELECT SessionID FROM Sessions ";
$q .= "WHERE UsersId = " . $userID . " ";
$q .= "ORDER BY LastUpdateTS DESC ";
$q .= "LIMIT " . ($session_limit - 1) . ") q ";
$q .= "ON s.SessionID = q.SessionID ";
$q .= "WHERE s.UsersId = " . $userID . " ";
$q .= "AND q.SessionID IS NULL;";
$dbh->query($q);
}
$new_sid = new_sid();
$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS)" . " VALUES (" . $userID . ", '" . $new_sid . "', UNIX_TIMESTAMP())";
$result = $dbh->exec($q);
/* Query will fail if $new_sid is not unique. */
if ($result) {
$logged_in = 1;
break;
}
$num_tries++;
}
if (!$logged_in) {
$login_error = __('An error occurred trying to generate a user session.');
return array('SID' => $new_sid, 'error' => $login_error);
}
$q = "UPDATE Users SET LastLogin = UNIX_TIMESTAMP(), ";
$q .= "LastLoginIPAddress = " . $dbh->quote(ip2long($_SERVER['REMOTE_ADDR'])) . " ";
$q .= "WHERE ID = '{$userID}'";
$dbh->exec($q);
/* Set the SID cookie. */
if (isset($_POST['remember_me']) && $_POST['remember_me'] == "on") {
/* Set cookies for 30 days. */
$timeout = config_get_int('options', 'persistent_cookie_timeout');
$cookie_time = time() + $timeout;
/* Set session for 30 days. */
$q = "UPDATE Sessions SET LastUpdateTS = {$cookie_time} ";
$q .= "WHERE SessionID = '{$new_sid}'";
$dbh->exec($q);
} else {
$cookie_time = 0;
}
setcookie("AURSID", $new_sid, $cookie_time, "/", null, !empty($_SERVER['HTTPS']), true);
$referer = in_request('referer');
if (strpos($referer, aur_location()) !== 0) {
$referer = '/';
}
header("Location: " . get_uri($referer));
$login_error = "";
}