Mercurial > hg > fapweb
view usrlogin.php @ 1096:bbc0a3d0b51e
Major renaming / refactor of site messages. Some that were previously
modifiable from admin interface are now "hardcoded" in the configuration
file. Having these settings made modifiable from there made no sense
and just took space in the UI.
| author | Matti Hamalainen <ccr@tnsp.org> |
|---|---|
| date | Fri, 27 Jan 2017 22:15:06 +0200 |
| parents | 95b74632cfe2 |
| children | 0a2117349f46 |
line wrap: on
line source
<?php // // FAPWeb - Simple Web-based Demoparty Management System // Administration interface session login handler // (C) Copyright 2012-2017 Tecnic Software productions (TNSP) // $sessionType = "user"; require_once "mconfig.inc.php"; require_once "msite.inc.php"; require_once "msession.inc.php"; // // Initialize // stSetupCacheControl(); if (!stConnectSQLDB()) die("Could not connect to SQL database."); stReloadSettings(); // // Authenticate // $gotoPage = stGetRequestItem("goto", FALSE); $errorPage = stGetRequestItem("error", FALSE); $password = stGetRequestItem("key", FALSE); if (stGetSetting("userKeyCase", NULL) === FALSE) $password = strtoupper($password); $error = 0; $sql = stPrepareSQL("SELECT * FROM userkeys WHERE key=%s", $password); if (($key = stFetchSQL($sql)) !== false) { // // Validate login based on current user key mode // switch (stGetSetting("userKeyMode")) { case VOTE_ACTIVATE: if ($key["active"] == 0) $error = 3; break; case VOTE_ASSIGN: $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]); if (stFetchSQL($sql) === false) $error = 3; break; } // // Okay, attempt to set up session if no error // if ($error == 0) { if (!stSessionStart(SESS_USER, $password, "userTimeout")) { stLogError("User session AUTH LOGIN failed (session setup)"); $error = 2; } else { stSetSessionItem("key_id", $key["id"]); stSetSessionItem("mode", stGetRequestItem("mode", "error")); } } } else { stLogError("User session AUTH LOGIN failed (password)"); $error = 1; } // Select destination page based on error status and // if error page has been set. Use common destination page // if no error or no error page. $nextPage = ($error != 0 && $errorPage !== FALSE) ? $errorPage : $gotoPage; // Okay, if destination page is set, go there. // Otherwise, just use the default page. header("Location: ". ($nextPage !== FALSE ? $nextPage : stGetSetting("defaultPage")). ($error ? "?error=".$error : "")); ?>