Пример #1
0
/**
   Assumes op=login and login params have been provided

   if(strlen($HTTP_VARS['uid'])>0 && strlen($HTTP_VARS['passwd'])>0)

   returns:
       SITE_IS_DISABLED - if user is not admin and site is diabled
       FALSE - if login failure
       TRUE - if login successful

   Does not perform any redirects
*/
function perform_login($HTTP_VARS)
{
    $HTTP_VARS['uid'] = strtolower($HTTP_VARS['uid']);
    // make lowercase
    if (is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd'])) {
        if (get_opendb_config_var('site', 'enable') !== FALSE || is_user_granted_permission(PERM_ADMIN_LOGIN)) {
            register_user_login($HTTP_VARS['uid'], $HTTP_VARS['remember'] == 'true');
            opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged in', array($HTTP_VARS['uid']));
            return TRUE;
        } else {
            opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User tried to log in while site is disabled', array($HTTP_VARS['uid']));
            return "SITE_IS_DISABLED";
        }
    } else {
        //if(is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd']))
        opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User failed to login', array($HTTP_VARS['uid']));
        return FALSE;
    }
}
Пример #2
0
function handle_opendb_remember_me()
{
    global $PHP_SELF;
    // do nothing for these pages, if any more, should add to array and do !in_array check
    $page = basename($PHP_SELF, '.php');
    if ($page != 'install' && $page != 'url' && $page != 'logout' && $page != 'login') {
        if (isset($_SESSION['remember_me']) && isset($_SESSION['user_id'])) {
            $doRememberMe = TRUE;
        } else {
            $doRememberMe = FALSE;
        }
        $oldCookie = $_COOKIE[get_opendb_remember_me_cookie_name()];
        if (!empty($oldCookie)) {
            $remember_me_r = get_remember_me_r($oldCookie);
            if ($remember_me_r !== FALSE) {
                // no need to register if already logged in
                if ($remember_me_r['valid'] === TRUE && !$doRememberMe) {
                    // the second TRUE, flags the current user login as being enabled by a remember me cookie
                    register_user_login($remember_me_r['user_id'], TRUE, TRUE);
                    $doRememberMe = TRUE;
                }
                delete_remember_me($remember_me_r['id']);
            }
        }
        if ($doRememberMe) {
            $cookie = generate_opendb_cookie();
            $site_r = get_opendb_config_var('site');
            $login_timeout = (int) ifempty(ifempty($site_r['login_timeout'], $site_r['idle_timeout']), 3600);
            if (insert_remember_me($_SESSION['user_id'], $cookie)) {
                setcookie(get_opendb_remember_me_cookie_name(), $cookie, time() + $login_timeout);
            }
        }
    }
}