Location: PHPKode > projects > dracMail > api/classes/login.class.php
<?php
/**
 * Provides main login functionality.
*/
class LOGIN {
	/**
	 * Start session.
	*/
	function __construct() {
		session_start();
	}

	/**
	 * Check login against the database.
	 * @param username
	 *	String username
	 * @param password
	 *	String password
	 * @return
	 *	Mixed false if username/password is invalid, integer account id if valid.
	*/
	public function checkDatabaseLogin( $username, $password ) {
		$result = mysql_query("SELECT id FROM accounts WHERE username = '".mysql_real_escape_string( $username )."' AND password = '".mysql_real_escape_string( $password )."' LIMIT 1");
		if ( mysql_num_rows( $result ) == 1 ) {
			$row = mysql_fetch_assoc( $result );
			return $row['id'];
		}
		return false;
	}

	/**
	 * Check login against IMAP server
	 * @param username
	 *	String username
	 * @param password
	 *	String password
	 * @return
	 *	Boolean true or false if valid or invalid
	*/
	public function checkIMAPLogin( $username, $password ) {
		$folder = "";
		if ( isset( $_GET['folder'] ) ) {
			$folder = $_GET['folder'];
		}
		$GLOBALS['imap'] = new IMAP( IMAP_SERVER_HOST, IMAP_SERVER_PORT, $username, $password, $folder, IMAP_SERVER_VALIDATE_CERTIFICATE );
		if ( $GLOBALS['imap']->stream == null ) {
			return false;
		}
		return true;
	}

	/**
	 * Check if the user is logged in.
	*/
	function checkLogin( $response = true ) {
		global $format;
		/* Fetch existing session */
		if ( isset( $_SESSION['authenticated'] ) && $_SESSION['authenticated'] == true ) {
			$username = $_SESSION['username'];
			$password = $_SESSION['password'];
			if ( !isset( $_GET['randomNumber'] ) || $_SESSION['randomNumber'] != $_GET['randomNumber'] ) {
				if ( $response == true ) {
					echo $format->jsonResponse( array( "success" => false ) ); // Invalid XSRF check.
					return;
				} else {
					return false;
				}
			}
			/* Do a database check first */
			if ( $this->checkDatabaseLogin( $username, $password ) != false ) {
				if ( $response == true ) {
					echo $format->jsonResponse( array( "success" => true, "firstTime" => false ) ); // We have a valid database login.
				} else {
					return true;
				}
			} elseif ( $this->checkIMAPLogin( $username, $password ) ) {
				if ( $response == true ) {
					echo $format->jsonResponse( array( "success" => true, "firstTime" => true ) ); // We have a valid imap login.
				} else {
					return true;
				}
			} else {
				if ( $response == true ) {
					echo $format->jsonResponse( array( "success" => false ) );
				} else {
					return false;
				}
			}
		} else {
			if ( $response == true ) {
				echo $format->jsonResponse( array( "success" => false ) );
			} else {
				return false;
			}
		}
	}

	/**
	 * Set session data.
	*/
	public function setSession( $username, $password, $account_id = "" ) {
		$_SESSION['authenticated'] = true;
		$_SESSION['username'] = $username;
		$_SESSION['password'] = $password;
		$_SESSION['randomNumber'] = rand( rand( 8000000, 100000000 ), rand( 15000000000, 20000000000000 ) ); // A random number, for XSRF checks
		setcookie("randomNumber", $_SESSION['randomNumber'], time()+3600*24, "/");
		if ( $account_id != "" ) {
			$_SESSION['account_id'] = $account_id;
		}
	}

	function doLogin() {
		global $format;
		$username = $_POST['username'];
		$password = $_POST['password'];
		/* Do a database check first */
		if ( $this->checkDatabaseLogin( $username, $password ) != false ) {
			$this->setSession( $username, $password, $this->checkDatabaseLogin( $username, $password ) );
			echo $format->jsonResponse( array( "success" => true, "firstTime" => false ) ); // We have a valid database login.
		} elseif ( $this->checkIMAPLogin( $username, $password ) ) {
			$this->setSession( $username, $password );
			echo $format->jsonResponse( array( "success" => true, "firstTime" => true ) ); // We have a valid imap login.
		} else {
			echo $format->jsonResponse( array( "success" => false, "msg" => 'Invalid Username or Password.' ) ); // We have no valid username or password.
		}
	}

	function logout() {
		unset( $_SESSION );
		session_destroy();
		setcookie("randomNumber", $_SESSION['randomNumber'], time()-3600*24);
	}
}
?>
Return current item: dracMail