Mercurial > hg > fapweb
annotate usrlogin.php @ 1089:00632d30bafe
Implement new settings for making user/votekeys case-insensitive and
setting the array of characters used for generating keys in the config.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Thu, 26 Jan 2017 01:27:32 +0200 |
parents | 48e16e856646 |
children | 95b74632cfe2 |
rev | line source |
---|---|
1074 | 1 <?php |
155
5b92f130ba87
Add copyright header blurbs.
Matti Hamalainen <ccr@tnsp.org>
parents:
129
diff
changeset
|
2 // |
571
ce11ea112a65
Change the header blurb a bit.
Matti Hamalainen <ccr@tnsp.org>
parents:
565
diff
changeset
|
3 // FAPWeb - Simple Web-based Demoparty Management System |
155
5b92f130ba87
Add copyright header blurbs.
Matti Hamalainen <ccr@tnsp.org>
parents:
129
diff
changeset
|
4 // Administration interface session login handler |
1072 | 5 // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) |
155
5b92f130ba87
Add copyright header blurbs.
Matti Hamalainen <ccr@tnsp.org>
parents:
129
diff
changeset
|
6 // |
110 | 7 $sessionType = "user"; |
175
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
156
diff
changeset
|
8 require_once "mconfig.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
156
diff
changeset
|
9 require_once "msite.inc.php"; |
8df523e6326a
User require_once instead of require.
Matti Hamalainen <ccr@tnsp.org>
parents:
156
diff
changeset
|
10 require_once "msession.inc.php"; |
110 | 11 |
156 | 12 // |
13 // Initialize | |
14 // | |
110 | 15 stSetupCacheControl(); |
16 | |
17 if (!stConnectSQLDB()) | |
18 die("Could not connect to SQL database."); | |
19 | |
20 stReloadSettings(); | |
21 | |
22 | |
156 | 23 // |
24 // Authenticate | |
25 // | |
110 | 26 $gotoPage = stGetRequestItem("goto", FALSE); |
306
6610311ac48e
Improve user login handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
304
diff
changeset
|
27 $errorPage = stGetRequestItem("error", FALSE); |
110 | 28 $password = stGetRequestItem("key", FALSE); |
1089
00632d30bafe
Implement new settings for making user/votekeys case-insensitive and
Matti Hamalainen <ccr@tnsp.org>
parents:
1074
diff
changeset
|
29 if (stGetSetting("userKeyCase", NULL) === FALSE) |
00632d30bafe
Implement new settings for making user/votekeys case-insensitive and
Matti Hamalainen <ccr@tnsp.org>
parents:
1074
diff
changeset
|
30 $password = strtoupper($password); |
00632d30bafe
Implement new settings for making user/votekeys case-insensitive and
Matti Hamalainen <ccr@tnsp.org>
parents:
1074
diff
changeset
|
31 |
306
6610311ac48e
Improve user login handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
304
diff
changeset
|
32 $error = 0; |
110 | 33 |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
34 $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", $password); |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
35 if (($key = stFetchSQL($sql)) !== false) |
110 | 36 { |
554 | 37 // |
38 // Validate login based on current vote key mode | |
39 // | |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
40 switch (stGetSetting("voteKeyMode")) |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
41 { |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
42 case VOTE_ACTIVATE: |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
43 if ($key["active"] == 0) |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
44 $error = 3; |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
45 break; |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
46 |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
47 case VOTE_ASSIGN: |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
48 $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
49 if (stFetchSQL($sql) === false) |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
50 $error = 3; |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
51 break; |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
52 } |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
53 |
554 | 54 // |
55 // Okay, attempt to set up session if no error | |
56 // | |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
57 if ($error == 0) |
110 | 58 { |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
59 if (!stSessionStart(SESS_USER, $password, "userTimeout")) |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
60 { |
874 | 61 stLogError("User session AUTH LOGIN failed (session setup)"); |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
62 $error = 2; |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
63 } |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
64 else |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
65 { |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
66 stSetSessionItem("key_id", $key["id"]); |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
67 stSetSessionItem("mode", stGetRequestItem("mode", "error")); |
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
68 } |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
69 } |
110 | 70 } |
71 else | |
72 { | |
874 | 73 stLogError("User session AUTH LOGIN failed (password)"); |
306
6610311ac48e
Improve user login handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
304
diff
changeset
|
74 $error = 1; |
110 | 75 } |
76 | |
554 | 77 |
78 // Select destination page based on error status and | |
79 // if error page has been set. Use common destination page | |
80 // if no error or no error page. | |
325 | 81 $nextPage = ($error != 0 && $errorPage !== FALSE) ? $errorPage : $gotoPage; |
306
6610311ac48e
Improve user login handling.
Matti Hamalainen <ccr@tnsp.org>
parents:
304
diff
changeset
|
82 |
554 | 83 // Okay, if destination page is set, go there. |
84 // Otherwise, just use the default page. | |
311
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
85 header("Location: ". |
2f46b6254ff2
We'll be checking key validity in login phase, so start working on that.
Matti Hamalainen <ccr@tnsp.org>
parents:
306
diff
changeset
|
86 ($nextPage !== FALSE ? $nextPage : stGetSetting("defaultPage")). |
323 | 87 ($error ? "?error=".$error : "")); |
315
100d9f7f9dde
Implement bits of user login checking.
Matti Hamalainen <ccr@tnsp.org>
parents:
311
diff
changeset
|
88 |
110 | 89 ?> |