Mercurial > hg > fapweb

view usrlogin.php @ 1092:95b74632cfe2

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Rename votekeys table to userkeys, and all related variables and settings.
author Matti Hamalainen <ccr@tnsp.org>
date Thu, 26 Jan 2017 13:38:19 +0200
parents 00632d30bafe
children 0a2117349f46
line wrap: on
line source

<?php
//
// FAPWeb - Simple Web-based Demoparty Management System
// Administration interface session login handler
// (C) Copyright 2012-2017 Tecnic Software productions (TNSP)
//
$sessionType = "user";
require_once "mconfig.inc.php";
require_once "msite.inc.php";
require_once "msession.inc.php";

//
// Initialize
//
stSetupCacheControl();

if (!stConnectSQLDB())
  die("Could not connect to SQL database.");

stReloadSettings();


//
// Authenticate
//
$gotoPage = stGetRequestItem("goto", FALSE);
$errorPage = stGetRequestItem("error", FALSE);
$password = stGetRequestItem("key", FALSE);
if (stGetSetting("userKeyCase", NULL) === FALSE)
  $password = strtoupper($password);

$error = 0;

$sql = stPrepareSQL("SELECT * FROM userkeys WHERE key=%s", $password);
if (($key = stFetchSQL($sql)) !== false)
{
  //
  // Validate login based on current user key mode
  //
  switch (stGetSetting("userKeyMode"))
  {
    case VOTE_ACTIVATE:
      if ($key["active"] == 0)
        $error = 3;
      break;

    case VOTE_ASSIGN:
      $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]);
      if (stFetchSQL($sql) === false)
        $error = 3;
      break;
  }

  //
  // Okay, attempt to set up session if no error
  //
  if ($error == 0)
  {
    if (!stSessionStart(SESS_USER, $password, "userTimeout"))
    {
      stLogError("User session AUTH LOGIN failed (session setup)");
      $error = 2;
    }
    else
    {
      stSetSessionItem("key_id", $key["id"]);
      stSetSessionItem("mode", stGetRequestItem("mode", "error"));
    }
  }
}
else
{
  stLogError("User session AUTH LOGIN failed (password)");
  $error = 1;
}


// Select destination page based on error status and
// if error page has been set. Use common destination page
// if no error or no error page.
$nextPage = ($error != 0 && $errorPage !== FALSE) ? $errorPage : $gotoPage;

// Okay, if destination page is set, go there.
// Otherwise, just use the default page.
header("Location: ".
  ($nextPage !== FALSE ? $nextPage : stGetSetting("defaultPage")).
  ($error ? "?error=".$error : ""));

?>