$log_this = TRUE; break; case "WS_LOGIN": $user = user_getdatabyusername($u); if ($c_uid = $user['uid']) { // supplied login key $login_key = trim($_REQUEST['login_key']); // saved login key $reg = registry_search($c_uid, 'core', 'webservices', 'login_key'); $c_login_key = trim($reg['core']['webservices']['login_key']); // immediately remove saved login key, only proceed upon successful removal if (registry_remove($c_uid, 'core', 'webservices', 'login_key')) { // auth by comparing login keys if ($login_key && $c_login_key && $login_key == $c_login_key) { // setup login session auth_session_setup($c_uid); _log("webservices logged in u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices"); } else { _log("webservices invalid login u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices"); } } else { _log("webservices error unable to remove registry u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices"); } } else { _log("webservices invalid user u:" . $u . " ip:" . $_SERVER['REMOTE_ADDR'] . " op:" . _OP_, 3, "webservices"); } // redirect to index.php no matter what header('Location: index.php'); exit; break; case "QUERY":
function auth_login_return() { // get previous login $previous_login = $_SESSION['tmp']['login_as'][0]; array_shift($_SESSION['tmp']['login_as']); // return to previous session auth_session_setup($previous_login); }
$username = ''; $validated = FALSE; if (preg_match('/^(.+)@(.+)\\.(.+)$/', $username_or_email)) { if (auth_validate_email($username_or_email, $password)) { $username = user_email2username($username_or_email); $validated = TRUE; } } else { if (auth_validate_login($username_or_email, $password)) { $username = $username_or_email; $validated = TRUE; } } if ($validated) { $uid = user_username2uid($username); auth_session_setup($uid); if (auth_isvalid()) { logger_print("u:" . $_SESSION['username'] . " uid:" . $uid . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); } else { logger_print("unable to setup session u:" . $_SESSION['username'] . " status:" . $_SESSION['status'] . " sid:" . $_SESSION['sid'] . " ip:" . $_SERVER['REMOTE_ADDR'], 2, "login"); $_SESSION['error_string'] = _('Unable to login'); } } else { $_SESSION['error_string'] = _('Invalid username or password'); } } header("Location: " . _u($core_config['http_path']['base'])); exit; } else { // error string if ($_SESSION['error_string']) {