Mercurial > hg > fapweb

changeset 315:100d9f7f9dde

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Implement bits of user login checking.
author Matti Hamalainen <ccr@tnsp.org>
date Wed, 27 Nov 2013 03:45:18 +0200
parents 50527339b615
children 54dfab6ba12c
files usrlogin.php
diffstat 1 files changed, 17 insertions(+), 8 deletions(-) [+]
line wrap: on
line diff
--- a/usrlogin.php	Wed Nov 27 03:16:36 2013 +0200
+++ b/usrlogin.php	Wed Nov 27 03:45:18 2013 +0200
@@ -34,21 +34,29 @@
   switch (stGetSetting("voteKeyMode"))
   {
     case VOTE_ACTIVATE:
+      if ($key["active"] == 0)
+        $error = 3;
       break;
 
     case VOTE_ASSIGN:
+      $sql = stPrepareSQL("SELECT id FROM attendees WHERE key_id=%d", $key["id"]);
+      if (stFetchSQL($sql) === false)
+        $error = 3;
       break;
   }
 
-  if (!stSessionStart(SESS_USER, $password, "userTimeout"))
+  if ($error == 0)
   {
-    error_log("User session AUTH LOGIN failed (session setup)");
-    $error = 2;
-  }
-  else
-  {
-    stSetSessionItem("key_id", $key["id"]);
-    stSetSessionItem("mode", stGetRequestItem("mode", "error"));
+    if (!stSessionStart(SESS_USER, $password, "userTimeout"))
+    {
+      error_log("User session AUTH LOGIN failed (session setup)");
+      $error = 2;
+    }
+    else
+    {
+      stSetSessionItem("key_id", $key["id"]);
+      stSetSessionItem("mode", stGetRequestItem("mode", "error"));
+    }
   }
 }
 else
@@ -62,4 +70,5 @@
 header("Location: ".
   ($nextPage !== FALSE ? $nextPage : stGetSetting("defaultPage")).
   ($error ? "?error=".$error : "");
+
 ?>
\ No newline at end of file