We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

login.php 2.73 KB
Newer Older
mattl's avatar
mattl committed
1 2
<?php

3
/* GNU FM -- a free network service for sharing your music listening habits
mattl's avatar
mattl committed
4

5
   Copyright (C) 2009 Free Software Foundation, Inc
mattl's avatar
mattl committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

elleo's avatar
elleo committed
22

23
require_once('database.php');
24
require_once('templating.php');
25
require_once($install_path . '/data/User.php');
elleo's avatar
elleo committed
26

27 28 29
if(isset($_COOKIE['session_id']) && $_GET['action'] == 'logout') {
	setcookie('session_id', '', time() - 3600);
	header('Location: index.php');
jurgbohn's avatar
jurgbohn committed
30 31
}

elleo's avatar
elleo committed
32 33
if(isset($_POST['login'])) {

34
	$errors = '';
elleo's avatar
elleo committed
35 36
	$username = $_POST['username'];
	$password = $_POST['password'];
37
	$remember = $_POST['remember'];
elleo's avatar
elleo committed
38 39

	if(empty($username)) {
40
		$errors .= 'You must enter a username.<br />';
elleo's avatar
elleo committed
41 42 43
	}

	if(empty($errors)) {
clint's avatar
clint committed
44
		try {
45
		$userid = $adodb->GetOne('SELECT uniqueid FROM Users WHERE '
clint's avatar
clint committed
46 47 48 49
			. ' lower(username) = ' . $adodb->qstr(strtolower($username))
			. ' AND password = ' . $adodb->qstr(md5($password)) . ' AND active = 1');
		}
		catch (exception $e) {
50
			$errors .= 'A database error happened.';
clint's avatar
clint committed
51
		}
52
		if(!$userid) {
53
			$errors .= 'Invalid username or password.';
54
			$smarty->assign('invalid', true);
elleo's avatar
elleo committed
55 56 57
		} else {
			// Give the user a session id, like any other client
			$session_id = md5(md5($password) . time());
58 59 60 61 62
			if(isset($remember)){
				$session_time = time() + 31536000; // 1 year
			} else {
				$session_time = time() + 86400; // 1 day
			}
63 64
			$adodb->Execute('INSERT INTO Scrobble_Sessions (userid, sessionid, expires) VALUES ('
				. ($userid) . ', '
clint's avatar
clint committed
65 66
				. $adodb->qstr($session_id) . ', '
				. (int)($session_time) . ')');
67

68
			setcookie('session_id', $session_id, $session_time);
elleo's avatar
elleo committed
69 70 71 72 73
			$logged_in = true;
		}
	}
}

74
if(isset($logged_in) && $logged_in) {
tobyink's avatar
tobyink committed
75
	// Check that return URI is on this server. Prevents possible phishing uses.
elleo's avatar
elleo committed
76 77 78
	if ( substr($_POST['return'], 0, 1) == '/' ) {
		header(sprintf('Location: http://%s%s', $_SERVER['SERVER_NAME'], $_POST['return']));
	} else {
clint's avatar
clint committed
79
		header('Location: ' . $base_url);
elleo's avatar
elleo committed
80
	}
tobyink's avatar
tobyink committed
81

elleo's avatar
elleo committed
82
} else {
elleo's avatar
elleo committed
83 84 85
	if ( substr($_REQUEST['return'], 0, 1) == '/' ) {
		$smarty->assign('return', $_REQUEST['return']);
	} else {
clint's avatar
clint committed
86
		$smarty->assign('return', '');
elleo's avatar
elleo committed
87
	}
88 89 90

	$smarty->assign('username', $username);
	$smarty->assign('errors', $errors);
91
	$smarty->display('login.tpl');
elleo's avatar
elleo committed
92
}