<?php
// Check to see if we're logging in....
if ((!isset($_SESSION['loggedin']) || !$_SESSION['loggedin']) && isset($_REQUEST['us']) && isset($_REQUEST['pw'])) {
buginError("Trying to log in...", 1);
$userinfo = $bugDatabase->getUser($_REQUEST['us']);
$ldapinfo = 0;
// Do we use LDAP stuffs?
if ($options['ldapEnable']) {
require("{$options['buginLibBase']}/ldap.inc.php");
$ldapinfo = ldapGetUser($_REQUEST['us'], $_REQUEST['pw']);
}
if ($userinfo && is_array($ldapinfo)) {
// This is where we update SQL if the LDAP info is different.
$upRowNum = 0;
// We have both, compare and update if necessairy...
if ($userinfo['pass'] != $ldapinfo['pass']) {
// Password out of date.
$update[0]['modify'][$upRowNum]['fieldName'] = "pass";
$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['pass']);
$upRowNum ++;
}
if ($userinfo['email'] != $ldapinfo['email']) {
// email out of date.
$update[0]['modify'][$upRowNum]['fieldName'] = "email";
$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['email']);
$upRowNum ++;
}
if (($userinfo['name'] != $ldapinfo['name']) && $ldapinfo['name']) {
// name out of date.
$update[0]['modify'][$upRowNum]['fieldName'] = "name";
$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['name']);
$upRowNum ++;
}
if (($userinfo['phone'] != $ldapinfo['phone']) && $bugDatabase->db->qstr($ldapinfo['phone'])) {
// phone out of date.
$update[0]['modify'][$upRowNum]['fieldName'] = "phone";
$update[0]['modify'][$upRowNum]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['phone']);
$upRowNum ++;
}
if ($update) {
$update[0]['action'] = "change";
$update[0]['tableName'] = "users";
$update[0]['uniqueRow'] = "uid";
$update[0]['rowid'] = $userinfo['uid'];
}
}
elseif (is_array($ldapinfo)) {
// Add the user to the DB
$update[0]['action'] = "add";
$update[0]['tableName'] = "users";
$update[0]['modify'][0]['fieldName'] = "username";
$update[0]['modify'][0]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['username']);
$update[0]['modify'][1]['fieldName'] = "pass";
$update[0]['modify'][1]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['pass']);
$update[0]['modify'][2]['fieldName'] = "name";
$update[0]['modify'][2]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['name']);
$update[0]['modify'][3]['fieldName'] = "email";
$update[0]['modify'][3]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['email']);
$update[0]['modify'][4]['fieldName'] = "phone";
$update[0]['modify'][4]['fieldValue'] = $bugDatabase->db->qstr($ldapinfo['phone']);
}
elseif ($userinfo) {
if ($userinfo['pass'] != md5($_REQUEST['pw'])) {
unset($userinfo);
}
}
if (isset($update) && $update) {
// Now we assemble the DB info...
$bugDatabase->alterDb($update);
$userinfo = $bugDatabase->getUser($_REQUEST['us']);
if (!$userinfo['uid']) {
// Assign the UID from the DB if we don't already have it.
$userinfo['uid'] = $result;
}
}
if (isset($userinfo) && $userinfo) {
buginError("Login Successful", MESSAGE_DEBUG);
$_SESSION['loggedin'] = 1;
$_SESSION['userinfo'] = $userinfo;
$_SESSION['us'] = $_REQUEST['us'];
$area = "loggedin";
}
else {
$_SESSION['loginError'] = "{$verbage['invalid_login']}\n";
$area = "login";
}
}
elseif (isset($area) && !isset($_SESSION['loggedin']) && !isset($_SESSION['userinfo']) && ($area != "signup") &&
// This is for the changelog
!($changeLogOpen && ( $area == "changelog" )) &&
// This is for adding tickets without signing up...
( (($area != "add") && ($area != "add_submit")) && (!$options['noSignupTicketEnable']) ) &&
( ($area != "scheduler") && (!$options['schedulerEnabled']))
) {
// Hack attempt?
$_SESSION['loginError'] = "{$verbage['sess_outdated']}\n";
$area = "login";
}
elseif (isset($_SESSION['userinfo'])) {
$userinfo = $_SESSION['userinfo'];
}
if (!isset($area)) {
if (isset($bassVersion)) {
$area = "search";
}
elseif (isset($_SESSION['loggedin'])) {
// We are not in bass
$area = "loggedin";
}
else {
$area = "login";
}
}