git.gnu.io has moved to IP address 209.51.188.249 -- please double check where you are logging in.

login.php 3 KB
Newer Older
mattl's avatar
mattl committed
1 2
<?php

3
/* GNU FM -- a free network service for sharing your music listening habits
mattl's avatar
mattl committed
4

5
   Copyright (C) 2009 Free Software Foundation, Inc
mattl's avatar
mattl committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21

   This program is free software: you can redistribute it and/or modify
   it under the terms of the GNU Affero General Public License as published by
   the Free Software Foundation, either version 3 of the License, or
   (at your option) any later version.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU Affero General Public License for more details.

   You should have received a copy of the GNU Affero General Public License
   along with this program.  If not, see <http://www.gnu.org/licenses/>.

*/

22
require_once('database.php');
23
require_once('templating.php');
24
require_once($install_path . '/data/User.php');
elleo's avatar
elleo committed
25

26
if (isset($_COOKIE['session_id']) && $_GET['action'] == 'logout') {
27
	setcookie('session_id', '', time() - 3600);
28
	setcookie('lang', '', time() - 3600);
29
	header('Location: index.php');
jurgbohn's avatar
jurgbohn committed
30 31
}

32
if (isset($_POST['login'])) {
elleo's avatar
elleo committed
33

34
	$errors = '';
elleo's avatar
elleo committed
35 36
	$username = $_POST['username'];
	$password = $_POST['password'];
37
	$remember = $_POST['remember'];
elleo's avatar
elleo committed
38

39
	if (empty($username)) {
40
		$errors .= 'You must enter a username.<br />';
elleo's avatar
elleo committed
41 42
	}

43
	if (empty($errors)) {
clint's avatar
clint committed
44
		try {
45
			$sql = 'SELECT uniqueid, active FROM Users WHERE '
46
				. ' lower(username) = lower(' . $adodb->qstr($username) . ')'
47
				. ' AND password = ' . $adodb->qstr(md5($password));
48 49 50
			$row = $adodb->GetRow($sql);
			$userid = $row['uniqueid'];
			$active = $row['active'];
51
		} catch (Exception $e) {
52
			$errors .= 'A database error happened.';
clint's avatar
clint committed
53
		}
54
		if (!$userid) {
55
			$errors .= 'Invalid username or password. Would you like to <a href="' . $base_url . '/reset.php">recover your password?</a>';
56
			$smarty->assign('invalid', true);
57
		} else if (!$active) {
58 59
			$errors .= 'This account hasn\'t been activated. Please follow the link in the e-mail you received when you signed up to activate your account.</a>';
			$smarty->assign('invalid', true);
elleo's avatar
elleo committed
60 61
		} else {
			// Give the user a session id, like any other client
62
			if (isset($remember)) {
63
				$expire_limit = 31536000; // 1 year
64
			} else {
65
				$expire_limit = 86400; // 1 day
66
			}
67 68
			$session_id = Server::getScrobbleSession($userid, $gnufm_key, $expire_limit);
			$session_time = time() + $expire_limit;
69

70
			setcookie('session_id', $session_id, $session_time);
elleo's avatar
elleo committed
71 72 73 74 75
			$logged_in = true;
		}
	}
}

76
if (isset($logged_in) && $logged_in) {
tobyink's avatar
tobyink committed
77
	// Check that return URI is on this server. Prevents possible phishing uses.
78
	if (substr($_POST['return'], 0, 1) == '/') {
elleo's avatar
elleo committed
79 80
		header(sprintf('Location: http://%s%s', $_SERVER['SERVER_NAME'], $_POST['return']));
	} else {
clint's avatar
clint committed
81
		header('Location: ' . $base_url);
elleo's avatar
elleo committed
82
	}
elleo's avatar
elleo committed
83
} else {
84
	if (substr($_REQUEST['return'], 0, 1) == '/') {
elleo's avatar
elleo committed
85 86
		$smarty->assign('return', $_REQUEST['return']);
	} else {
clint's avatar
clint committed
87
		$smarty->assign('return', '');
elleo's avatar
elleo committed
88
	}
89 90 91

	$smarty->assign('username', $username);
	$smarty->assign('errors', $errors);
92
	$smarty->display('login.tpl');
elleo's avatar
elleo committed
93
}