login.php

Go to the documentation of this file.
00001 <?php
00002 
00005 
00006 set_include_path( '../php' . PATH_SEPARATOR . get_include_path());
00007 set_include_path( '../smarty/libs' . PATH_SEPARATOR . get_include_path());
00008 
00009 if (session_id() == "") { session_start(); }
00010 
00011 require_once 'Smarty.class.php';
00012 require_once 'error.php';
00013 require_once 'redirect.php';
00014 require_once 'sql.php';
00015 require_once 'util.php';
00016 
00025 
00026 function do_login() {
00027 
00028 global $validation_info;
00029 
00030 $smarty =& smarty_init();
00031 
00032 ## parameters accepted by this php script
00033 
00034 $valid_input = array(
00035         "login"  => "/^.+$/",
00036         "password"  => "/^.+$/",
00037 );      
00038 
00039 ## check user input 
00040 
00041 $INPUT = array_merge($_GET, $_POST);
00042 $errors = check_input($INPUT, $validation_info); 
00043 
00044 if ($debug_level > 10) {
00045          print "<hr><pre>Input: ";
00046         print_r($INPUT);
00047         print "</pre><hr>";
00048 }
00049 
00050 if (empty($errors) and $INPUT['mode'] == "edit" and empty($INPUT['id']) ) {
00051         $errors[] = 'id';
00052 }
00053 
00054 if (!empty($errors)) {
00055         user_error("Missing or malformed input parameter(s): " . join($errors, ", "),
00056                 E_USER_ERROR); 
00057 }
00058 
00059 
00060 ## process buttons
00061 
00062 # "OK" button pressed? 
00063 
00064 $display_html_form = (isset($INPUT['b_ok'])) ? FALSE : TRUE;
00065 
00066 # "Cancel" button pressed?
00067 
00068 if (isset($INPUT['b_cancel'])) {
00069         redirect($_SESSION['last_page']);
00070         exit(0);
00071 }
00072 
00073 
00074 # stricter checks for user input (per item)
00075 
00076 if (!$display_html_form) {
00077 
00078         $errors = check_input($INPUT, $valid_input, FALSE); 
00079 
00080         if (!empty($errors)) {
00081                 # user input was invalid, user must correct it
00082                 $display_html_form = TRUE;
00083         } 
00084 }
00085 
00086 if ($display_html_form) {
00087 
00088         ## (re-)display the input form
00089 
00090         $tpl_vars = $INPUT;
00091         $tpl_vars['errors_info'] = $errors;
00092         do_template($smarty, 'login.tpl' , $tpl_vars);
00093 
00094 } else  {
00095 
00096         # init mysql connection
00097         $db = sql_init();
00098         
00099         # encrypt password
00100         $INPUT['password'] = "{SHA1}" .  sha1($INPUT['password']);
00101         sleep(2);
00102 
00103         $ans = sql_query('check_pw', $INPUT, $db);
00104         sql_exit($db);
00105 
00106         if (empty($ans)) {
00107                 # wrong login / password
00108 
00109                 $tpl_vars['errors_info'][] = 'password';
00110                 do_template($smarty, 'login.tpl' , $tpl_vars);
00111 
00112         } else {
00113                 $_SESSION['user'] = $ans[0];
00114 
00115                 # xxx
00116 
00117                 switch ($ans[0]['role_id']) {
00118                         case 1:  $_SESSION['mode'] = 'admin'; break;
00119                         case 2:  $_SESSION['mode'] = 'staff'; break;
00120                         default: $_SESSION['mode'] = 'edit'; 
00121                 }
00122 
00123                 redirect('index.php');
00124         }
00125 }
00126 
00127 }
00128 
00129 do_login();
00130 
00131 ?>
Generated on Fri Jul 14 17:38:55 2006 for semapp by  doxygen 1.4.7