File: authenticate.php

package info (click to toggle)
flyspray 0.9.8-10
  • links: PTS
  • area: main
  • in suites: etch-m68k
  • size: 2,444 kB
  • ctags: 3,031
  • sloc: php: 17,634; sh: 301; makefile: 12
file content (71 lines) | stat: -rw-r--r-- 2,534 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
<?php
// This script authenticates the user, and sets up a session.

$fs->get_language_pack($lang, 'authenticate');

// If logout was requested, log the user out.
if (isset($_REQUEST['action']) && $_REQUEST['action'] == "logout")
{
   // Set cookie expiry time to the past, thus removing them
   setcookie('flyspray_userid', '', time()-60, '/');
   setcookie('flyspray_passhash', '', time()-60, '/');
   setcookie('flyspray_project', '', time()-60, '/');
   if (isset($_COOKIE[session_name()])) {
      setcookie(session_name(), '', time()-60, '/');
   }

   // Unset all of the session variables.
   $_SESSION = array();
   session_destroy();
   $fs->redirect($conf['general']['baseurl']);

// Otherwise, they requested login.  See if they provided the correct credentials...
} elseif (isset($_REQUEST['user_name']) && isset($_REQUEST['password']) )
{
   $username = $_REQUEST['user_name'];
   $password = $_REQUEST['password'];

   // Run the username and password through the login checker
   if (!$fs->checkLogin($username, $password))
   {
      $_SESSION['ERROR'] = $authenticate_text['loginfailed'];
      $fs->redirect($_REQUEST['prev_page']);

   } else
   {
      $user_id = $fs->checkLogin($username, $password);

      // Determine if the user should be remembered on this machine
      if (isset($_REQUEST['remember_login']) )
      {
         $cookie_time = time() + (60 * 60 * 24 * 30); // Set cookies for 30 days
      } else
      {
         $cookie_time = 0; // Set cookies to expire when session ends (browser closes)
      }

      $user = $fs->getUserDetails($user_id);

      // Set a couple of cookies
      setcookie('flyspray_userid', $user['user_id'], $cookie_time, "/");
      setcookie('flyspray_passhash', crypt($user['user_pass'], $cookiesalt), $cookie_time, "/");

      // If the user had previously requested a password change, remove the magic url
      $remove_magic = $db->Query("UPDATE {$dbprefix}users SET
                                  magic_url = ''
                                  WHERE user_id = ?",
                                  array($user['user_id'])
                                );

      $_SESSION['SUCCESS'] = $authenticate_text['loginsuccessful'];
      $fs->redirect($_REQUEST['prev_page']);
   // End of checking credentials
   }

} else
{
   // If the user didn't provide both a username and a password, show this error:
   $_SESSION['ERROR'] = $authenticate_text['loginfailed'] . ' - ' . $authenticate_text['userandpass'];
   $fs->redirect($_REQUEST['prev_page']);
}
?>