Location: PHPKode > projects > BugIn and Ticketing System > bugin-0.65/lib/auth.inc.php
<?php

// Check to see if we're logging in....
if ((!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) && isset($_REQUEST['us']) && isset($_REQUEST['pw'])) {
	buginError("Trying to log in...", 1);
	$userinfo = $bugDatabase->getUser($_REQUEST['us']);
	$ldapinfo = 0;

	// Do we use LDAP stuffs?
	if ($options['ldapEnable']) {
		require("{$options['buginLibBase']}/ldap.inc.php");
		$ldapinfo = ldapGetUser($_REQUEST['us'], $_REQUEST['pw']);
	}
	if ($userinfo && is_array($ldapinfo)) {
		// This is where we update SQL if the LDAP info is different.
		$upRowNum = 0;
		// We have both, compare and update if necessairy...
		if ($userinfo['pass'] != $ldapinfo['pass']) {
			// Password out of date.
			$update[0]['modify'][$upRowNum]['fieldName'] = "pass";
			$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['pass']);
			$upRowNum ++;
		}

		if ($userinfo['email'] != $ldapinfo['email']) {
			// email out of date.
			$update[0]['modify'][$upRowNum]['fieldName'] = "email";
			$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['email']);
			$upRowNum ++;
		}

		if (($userinfo['name'] != $ldapinfo['name']) && $ldapinfo['name']) {
			// name out of date.
			$update[0]['modify'][$upRowNum]['fieldName'] = "name";
			$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['name']);
			$upRowNum ++;
		}

		if (($userinfo['phone'] != $ldapinfo['phone']) && $bugDatabase->db->qstr($ldapinfo['phone'])) {
			// phone out of date.
			$update[0]['modify'][$upRowNum]['fieldName'] = "phone";
			$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['phone']);
			$upRowNum ++;
		}

		if ($update) {
			$update[0]['action'] = "change";
			$update[0]['tableName'] = "users";
			$update[0]['uniqueRow'] = "uid";
			$update[0]['rowid'] = $userinfo['uid'];
		}
	}
	elseif (is_array($ldapinfo)) {
		// Add the user to the DB
		$update[0]['action'] = "add";
		$update[0]['tableName'] = "users";
		$update[0]['modify'][0]['fieldName'] = "username";
		$update[0]['modify'][0]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['username']);
		$update[0]['modify'][1]['fieldName'] = "pass";
		$update[0]['modify'][1]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['pass']);
		$update[0]['modify'][2]['fieldName'] = "name";
		$update[0]['modify'][2]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['name']);
		$update[0]['modify'][3]['fieldName'] = "email";
		$update[0]['modify'][3]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['email']);
		$update[0]['modify'][4]['fieldName'] = "phone";
		$update[0]['modify'][4]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['phone']);
	}
	elseif ($userinfo) {
		if ($userinfo['pass'] != md5($_REQUEST['pw'])) {
			unset($userinfo);
		}
	}

	if (isset($update) && $update) {
		// Now we assemble the DB info...
		$bugDatabase->alterDb($update);
		$userinfo = $bugDatabase->getUser($_REQUEST['us']);
		if (!$userinfo['uid']) {
			// Assign the UID from the DB if we don't already have it.
			$userinfo['uid'] = $result;
		}
	}

	if (isset($userinfo) && $userinfo) {
		buginError("Login Successful", MESSAGE_DEBUG);
		$_SESSION['loggedin'] = 1;
		$_SESSION['userinfo'] = $userinfo;
		$_SESSION['us'] = $_REQUEST['us'];
		$area = "loggedin";
	}
	else {
		$_SESSION['loginError'] = "{$verbage['invalid_login']}\n";
		$area = "login";
	}
}
elseif (isset($area) && !isset($_SESSION['loggedin']) && !isset($_SESSION['userinfo']) && ($area != "signup") &&
	// This is for the changelog
	!($changeLogOpen && ( $area == "changelog" )) &&
	// This is for adding tickets without signing up...
	( (($area != "add") && ($area != "add_submit")) && (!$options['noSignupTicketEnable']) ) &&
	( ($area != "scheduler") && (!$options['schedulerEnabled']))
	) {
	// Hack attempt?

	$_SESSION['loginError'] = "{$verbage['sess_outdated']}\n";
	$area = "login";
}
elseif (isset($_SESSION['userinfo'])) {
	$userinfo = $_SESSION['userinfo'];
}

if (!isset($area)) {
	if (isset($bassVersion)) {
		$area = "search";
	}
	elseif (isset($_SESSION['loggedin'])) {
		// We are not in bass
		$area = "loggedin";
	}
	else {
		$area = "login";
	}
}
Return current item: BugIn and Ticketing System