/**
* Performs user sign-in by user name and password hash.
*
* @access public
* @param string $un The user name
* @param string $pw_hash The password hash
* @since 3.0
*
*/
function login($un, $pw_hash)
{
global $_SESSION, $_POST, $SANITIZER, $SecureSession, $CONFIG;
$PL_PW = $CONFIG->secure_login_password;
$str_error = '';
// init
$_POST["remember_me"] = 1;
$remember_me = true;
$sql = "\n\t\t\t\t\t\tSELECT u.id, u.un, u.firstname, u.lastname, u.email, u.web, u.bio\n\t\t\t\t\t\t, GROUP_CONCAT(un.notice_fid ORDER BY un.notice_fid ASC SEPARATOR '|') AS u_notices\n\t\t\t\t\t\tFROM users AS u\n\t\t\t\t\t\tLEFT OUTER JOIN user_notices AS un ON un.user_fid = u.id\n\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\tAND u.deleted IS NULL\n\t\t\t\t\t\tGROUP BY un.user_fid\n\t\t\t\t\t\tLIMIT 0, 1\n\t\t\t\t\t ";
if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
// echo $sql;
}
$result = mysql_query($sql);
$record_count = 0;
if ($result) {
$record_count = MySQL_NUM_ROWS($result);
}
if ($record_count == 1) {
$u_id = mysql_result($result, 0, "u.id");
//ZUser::get($u_id);
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_';
$ss->regenerate_id = true;
$ss->Open();
$_SESSION['logged_in'] = true;
/** Generate a secure user id **/
$_SESSION['u'] = md5($_SESSION['ss_fprint'] . $u_id);
$_SESSION['u_temp'] = $u_id;
$u_un = mysql_result($result, 0, "u.un");
$u_email = mysql_result($result, 0, "u.email");
$u_firstname = mysql_result($result, 0, "u.firstname");
$u_lastname = mysql_result($result, 0, "u.lastname");
$u_web = mysql_result($result, 0, "u.web");
$u_bio = mysql_result($result, 0, "u.bio");
$_SESSION['u_un'] = $u_un;
$_SESSION['u_email'] = $u_email;
if (trim($u_lastname) != "") {
$_SESSION['u_name'] = trim($u_firstname . " " . $u_lastname);
} else {
$_SESSION['u_name'] = trim($u_firstname);
}
$_SESSION['u_web'] = trim($u_web);
$_SESSION['u_bio'] = trim($u_bio);
$u_notices = mysql_result($result, 0, "u_notices");
$u_notices = explode("|", $u_notices);
if (array_search("1", $u_notices) !== false) {
$_SESSION["u_notice_1"] = "checked";
} else {
$_SESSION["u_notice_1"] = "";
}
if (array_search("2", $u_notices) !== false) {
$_SESSION["u_notice_2"] = "checked";
} else {
$_SESSION["u_notice_2"] = "";
}
/** Get user data **/
ZUser::query_user("", $_SESSION['u_temp']);
ZUser::set();
/** Save Session ID if 'Remember Me' activated **/
if (isset($_POST["remember_me"])) {
$pl = MD5($u_id . $PL_PW);
$pl_ssid = md5(uniqid(rand(), true));
@setcookie("pl", $pl, time() + 3600 * 24 * 14, "/");
/* expire in 2 weeks */
@setcookie("pl_ssid", $pl_ssid, time() + 3600 * 24 * 14, "/");
/* expire in 2 weeks */
} else {
$this_session_id = "";
@setcookie("pl", "", time() - 3600);
/* delete cookie */
@setcookie("pl_ssid", "", time() - 3600);
/* delete cookie */
}
/** Save new Persistent Login Session ID **/
$sql = "\n\t\t\t\t\t\t\tUPDATE users AS u\n\t\t\t\t\t\t\tSET u.session_id = '{$pl_ssid}'\n\t\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\t ";
if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
//echo $sql;
}
$result2 = mysql_query($sql);
//@header('Location: index.php');
//die();
} else {
@session_destroy();
$str_error .= JText::_('Username and password do not match.') . '<br />';
}
return $str_error;
}