aboutsummaryrefslogtreecommitdiffstats
path: root/include/functions_user.inc.php
diff options
context:
space:
mode:
authorrvelices <rv-github@modusoptimus.com>2007-01-23 01:22:52 +0000
committerrvelices <rv-github@modusoptimus.com>2007-01-23 01:22:52 +0000
commite90aaffbd551a2e80b67cb67362519b16ee61203 (patch)
tree1f449b20b66d1321860db9762b126ed8d48068dc /include/functions_user.inc.php
parent767064c9fe94e28acb77a1123c2853281d13f2d1 (diff)
- revert feature 564: log the login of each user; but add the possibility to be
done by a plugin - create a "standard" way to define PHP functions that we use but might not be available in the current php version - when a comment is rejected (spam, anti-flood etc), put the content back to the browser in case there is a real user behind it - now a comment can be entered only if the page was retrieved between 2 seconds ago and 1 hour ago git-svn-id: http://piwigo.org/svn/trunk@1744 68402e56-0260-453c-a942-63ccdbb3a9ee
Diffstat (limited to '')
-rw-r--r--include/functions_user.inc.php42
1 files changed, 37 insertions, 5 deletions
diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index 5499eb86c..74c1c81f1 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -858,8 +858,9 @@ function get_language_filepath($filename, $dirname = '')
/**
* returns the auto login key or false on error
* @param int user_id
+ * @param string [out] username
*/
-function calculate_auto_login_key($user_id)
+function calculate_auto_login_key($user_id, &$username)
{
global $conf;
$query = '
@@ -871,7 +872,12 @@ WHERE '.$conf['user_fields']['id'].' = '.$user_id;
if (mysql_num_rows($result) > 0)
{
$row = mysql_fetch_assoc($result);
- $key = sha1( $row['username'].$row['password'] );
+ $username = $row['username'];
+ $data = $row['username'].$row['password'];
+ $key = base64_encode(
+ pack('H*', sha1($data))
+ .hash_hmac('md5', $data, $conf['secret_key'],true)
+ );
return $key;
}
return false;
@@ -889,7 +895,7 @@ function log_user($user_id, $remember_me)
if ($remember_me and $conf['authorize_remembering'])
{
- $key = calculate_auto_login_key($user_id);
+ $key = calculate_auto_login_key($user_id, $username);
if ($key!==false)
{
$cookie = array('id' => (int)$user_id, 'key' => $key);
@@ -928,12 +934,13 @@ function auto_login() {
if ( isset( $_COOKIE[$conf['remember_me_name']] ) )
{
$cookie = unserialize(stripslashes($_COOKIE[$conf['remember_me_name']]));
- if ($cookie!==false)
+ if ($cookie!==false and is_numeric(@$cookie['id']) )
{
- $key = calculate_auto_login_key($cookie['id']);
+ $key = calculate_auto_login_key( $cookie['id'], $username );
if ($key!==false and $key===$cookie['key'])
{
log_user($cookie['id'], true);
+ trigger_action('login_success', $username);
return true;
}
}
@@ -942,6 +949,31 @@ function auto_login() {
return false;
}
+/**
+ * Tries to login a user given username and password (must be MySql escaped)
+ * return true on success
+ */
+function try_log_user($username, $password, $remember_me)
+{
+ global $conf;
+ // retrieving the encrypted password of the login submitted
+ $query = '
+SELECT '.$conf['user_fields']['id'].' AS id,
+ '.$conf['user_fields']['password'].' AS password
+ FROM '.USERS_TABLE.'
+ WHERE '.$conf['user_fields']['username'].' = \''.$username.'\'
+;';
+ $row = mysql_fetch_assoc(pwg_query($query));
+ if ($row['password'] == $conf['pass_convert']($password))
+ {
+ log_user($row['id'], $remember_me);
+ trigger_action('login_success', $username);
+ return true;
+ }
+ trigger_action('login_failure', $username);
+ return false;
+}
+
/*
* Return access_type definition of uuser
* Test does with user status