root/trunk/actions/login.action.php

Revision 33, 3.2 KB (checked in by alexx, 6 years ago)
  • Auth: Remove MySQL PASSWORD hashing method to hash password, replace by MD5 hashing, add code to make a smooth transition between hashing method
  • XML engine: Fix a trivial recent bug in dotnode-xml.php
  • Robots: fix a bug in crontab script robots/launch_robots.sh (add cd dirname $0)
  • CSS: Add max_width to image in blog (work on Mozilla/*, Opera but not good on Safari (no proportional resizing), of course, that doesn't work on IE)
  • DB: changing DB structure !!! 
    ALTER TABLE `user` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `user` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
ALTER TABLE `dntp_translator` ADD `passwd_md5` CHAR( 32 ) NOT NULL AFTER `passwd` ;
ALTER TABLE `dntp_translator` CHANGE `passwd` `passwd` VARCHAR( 42 ) NULL ;
Line 
1<?php
2/****************************************************** Open .node ***
3 * Description:   
4 * Status:        Stable.
5 * Author:        Alexandre Dath <alexandre@dotnode.com>
6 * $Id$
7 *
8 * Copyright (C) 2005 Alexandre Dath <alexandre@dotnode.com>
9 *
10 * This program is free software; you can redistribute it and/or modify
11 * it under the terms of the GNU General Public License as published by
12 * the Free Software Foundation; either version 2 of the License, or
13 * (at your option) any later version.
14 *
15 * This program is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18 * GNU General Public License for more details.
19 *
20 * You should have received a copy of the GNU General Public License
21 * along with this program; if not, write to the Free Software Foundation,
22 * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
23 ******************** http://opensource.ikse.net/projects/dotnode ***/
24
25
26if( $_POST['login'] && $_POST['passwd'])
27{
28    $user =& $db->getRow('SELECT id, login, fname, lname, nick, status, passwd FROM user WHERE login=? AND (passwd_md5=? OR passwd=OLD_PASSWORD(?))', array( $_POST['login'], md5($_POST['passwd']), $_POST['passwd']));
29
30    if( $user['id'] )
31    {
32        // If success with old password hashing method, update new passwd_md5 field
33        if(!is_null($user['passwd']))
34            $db->query('UPDATE user SET passwd_md5=?, passwd=NULL WHERE id=?', array(md5($_POST['passwd']), $user['id']));
35   
36        session_destroy();
37        session_set_save_handler ('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc');
38        session_start();
39
40        $_SESSION['my_ip'] = $_SERVER['REMOTE_ADDR'];
41        srand(time());
42        $SecID = md5(rand(1,10000000));
43        setcookie('SecID', $SecID, time()+31536000, '/');
44        $_SESSION['SecID'] = $SecID;
45        $_SESSION['status'] = 'member';
46        $_SESSION['my_id'] = $user['id'];
47        $_SESSION['my_login'] = $user['login'];
48        $_SESSION['my_fname'] = $user['fname'];
49        $_SESSION['my_lname'] = $user['lname'];
50        $_SESSION['my_nick'] = $user['nick'];
51        if($user['status']=='jail')
52        {
53            session_unset();
54            session_destroy();
55            header('Location: /pub/join');
56            exit();
57        }
58        $_SESSION['my_status'] = $user['status'];
59        $_SESSION['my_photo'] = build_image_url($user['id']);
60
61        $cache_user = get_cache_user_info($user['id'], 'country, friends_id, communities_id');
62        $_SESSION['my_country'] = $cache_user['country'];
63        $_SESSION['my_friends_id'] = $cache_user['friends_id'];
64        $_SESSION['my_communities_id'] = $cache_user['communities_id'];
65
66        $_SESSION['nb_new_messages'] = $db->getOne('SELECT COUNT(id_mess) FROM message WHERE id=? AND flag=? AND box=?', array($_SESSION['my_id'], 'new', 'inbox'));
67        $_SESSION['nb_new_messages_timestamp'] = time();
68
69        $_SESSION['lastaction_timestamp'] = 1;
70
71        $db->query('UPDATE user SET last_visite=?, ip=? WHERE id=?', array(time(), $_SERVER['REMOTE_ADDR'], $_SESSION['my_id'] )) ;
72
73        if($_POST['url'])
74            header('Location: '.urldecode($_POST['url']));
75        else
76            header('Location: /my');
77    }
78    else
79        header('Location: /error/wrong_login'); // Wrong login / pass
80}
81else
82    header('Location: /error/no_login'); // no login/pass
83
84?>
Note: See TracBrowser for help on using the browser.