- revert feature 564: log the login of each user; but add the possibility to be

done by a plugin
- create a "standard" way to define PHP functions that we use but might not be
available in the current php version
- when a comment is rejected (spam, anti-flood etc), put the content back to the
browser in case there is a real user behind it
- now a comment can be entered only if the page was retrieved between 2 seconds
ago and 1 hour ago

git-svn-id: http://piwigo.org/svn/trunk@1744 68402e56-0260-453c-a942-63ccdbb3a9ee

1 files changed, 2 insertions, 17 deletions

diff --git a/identification.php b/identification.php
index f78849690..e1edceb1d 100644
--- a/identification.php
+++ b/identification.php
@@ -45,24 +45,9 @@ if ( !empty($_GET['redirect']) )
 if (isset($_POST['login']))
 {
   $redirect_to = isset($_POST['redirect']) ? $_POST['redirect'] : '';
-  $username = mysql_escape_string($_POST['username']);
-  // retrieving the encrypted password of the login submitted
-  $query = '
-SELECT '.$conf['user_fields']['id'].' AS id,
-       '.$conf['user_fields']['password'].' AS password
-  FROM '.USERS_TABLE.'
-  WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
-;';
-  $row = mysql_fetch_array(pwg_query($query));
-  if ($row['password'] == $conf['pass_convert']($_POST['password']))
+  $remember_me = isset($_POST['remember_me']) and $_POST['remember_me']==1;
+  if ( try_log_user($_POST['username'], $_POST['password'], $remember_me) )
   {
-    $remember_me = false;
-    if (isset($_POST['remember_me'])
-        and $_POST['remember_me'] == 1)
-    {
-      $remember_me = true;
-    }
-    log_user($row['id'], $remember_me);
     redirect(empty($redirect_to) ? make_index_url() : $redirect_to);
   }
   else