<?php
/**
* $Id: login.php 420 2007-05-24 18:32:09Z hpfn $
*
* Author : courou@users.sourceforge.net
* Website : http://allreponse.ath.cx
*
* Support : http://sourceforge.net/projects/myphpmoney/
* CVS : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/myphpmoney/
*/
/**
* INCLUDE FILE
*/
require_once 'config/settings.inc.php';
/**
* LOGOUT AND CLOSE BROWSER
*/
if (isset($_GET['op']) && $_GET['op'] == 'Logout') {
## Dump the data storage
if (isset($OPTION_CONFIG) && $OPTION_CONFIG == 1) MPM_DumpDays();
## Delete the old file storage
if (isset($OPTION_SAUV_AUTO) && $OPTION_SAUV_AUTO == 1) MPM_DelDumpDays(__BACK_DAYS__,$_MPM['date_gettime']['mday']);
## CLOSE BROWSER NO CONFIRMATION
if (isset($_GET['more']) && $_GET['more'] == 'close') {
echo '<script type="text/javascript">javascript:opener=window;top.close();</script>';
exit;
}
## delete the current session and go the new session
$sess->delete();
page_open(array('sess'=>'MPM_Session'));
}
/**
* VERIF THE POST VALUE
*/
if (isset($_POST['op'])) {
switch ($_POST['op']) {
## Add new user
case 'ADD':
if (isset($_POST['new_password2']) && isset($_POST['new_username']) && isset($_POST['new_email'])) {
$_POST['new_username'] = SQL_Clean($_POST['new_username']);
$_POST['new_lastname'] = SQL_Clean($_POST['new_lastname']);
$_POST['new_firstname'] = SQL_Clean($_POST['new_lastname']);
$_POST['new_password2'] = SQL_Clean($_POST['new_password2']);
$_POST['new_email'] = SQL_Clean($_POST['new_email']);
## Number maxi user
if (SQL_NumberAccount() >= __MAX_USERS__) {
XHTML_DisplayJs($_VAR['MESSAGE_JS']['JS_NBR_ACCOUNT']);
$sess->delete();
page_open(array('sess'=>'MPM_Session'));
}
## Ok for add the new user
else if (!SQL_VerifUser($_POST['new_username'])) {
$hash = isset($_POST['md5']) && $_POST['md5'] == 1 ? $_POST['new_password2'] : md5($_POST['new_password2']);
SQL_InsertUser
(
$tools->numero_unique(12),
$_POST['new_username'],
$hash,
$langs->detected_browser_country,
$langs->detected_browser_languages,
$_MPM['date_sql'],
$_MPM['date_sql'],
$_MPM['date_sql'],
$_POST['new_email'],
## addslashes for the (') AND str_replace for the (')
isset($_POST['new_firstname']) ? str_replace('\"',""",$_POST['new_firstname']) : '',
isset($_POST['new_lastname']) ? str_replace('\"',""",$_POST['new_lastname']) : ''
);
## Ok create the news session
$sess_pid = $tools->numero_unique(12);
$sess_user = $_POST['new_username'];
$sess_pwd = $hash;
$sess_time = $_MPM['date_unix'] + $_MPM['sess_expire'];
$sess->register('sess_pid'); $sess->register('sess_user');
$sess->register('sess_pwd'); $sess->register('sess_time');
$new_enter = true;
}
## User exist
else {
$_GET['op'] = 'Signup';
$_MPM['message'] = 1;
} ## end of if SQL_NumberAccount
} ## end if isset
break;
## Normal enter
case 'ENTER':
$_POST['user_name'] = SQL_Clean($_POST['user_name']);
if (isset($_POST['md5']) && isset($sess_challenge) && isset($_POST['challenge']) && isset($_POST['response'])
&& isset($_POST['user_name']) && !(isset($sess_pid))) {
$pass = SQL_ReturnPassword($_POST['user_name']);
$hash = md5(md5($_POST['user_name']).':'.$pass.':'.$sess_challenge);
## No Use Encryption
if ($_POST['md5'] == 0) {
$each_response = explode(':',$_POST['response']);
## Just Security (paranoid)
if ($each_response[0] == $_POST['user_name'] && md5($each_response[1]) == $pass && $each_response[2] == $sess_challenge) {
$_POST['response'] = md5(md5($each_response[0]).':'.md5($each_response[1]).':'.$each_response[2]);
}
}
## OK enter
if ($_POST['challenge'] == $sess_challenge && $_POST['response'] == $hash) {
$db->query (
"SELECT USERID, LASTVISIT FROM ".$_MPM['table'][3]."
WHERE PWD='$pass' AND LOGIN_NAME='".$_POST['user_name']."'"
);
## Update last visite
if ($db->num_rows() == 1) {
$db->next_record();
$sess_pid = $db->f('USERID');
$sess_user = $_POST['user_name'];
$sess_pwd = $pass;
$sess_time = $_MPM['date_unix'] + $_MPM['sess_expire'];
$sess->register('sess_pid'); $sess->register('sess_user');
$sess->register('sess_pwd'); $sess->register('sess_time');
## Update the last visite
SQL_UpdateUser(3,$db->f('LASTVISIT'),$_MPM['date_sql'],$db->f('USERID'));
} else {
$_MPM['message'] = 2;
} ## end of $db->num_rows()
} ## end $_POST['challenge'] == $sess_challenge ....
} ## end ENTER
break;
// default case
default:
break;
} ## end switch $_POST['op']
} ## end isset $_POST['op']
/**
* ENTER IN THE SESSION OR BUILD THE LOGIN FORM
*/
if (SQL_VerifSession() && !isset($new_enter)) {
header('location: '.$_MPM['http'][0].'');
page_close(); exit;
}
else if (isset($new_enter)) {
header('location: '.$_MPM["http"][1].'?opt=new');
page_close(); exit;
}
else {
XHTML_DisplayLogin();
}
/**
* BUILD THE FOOTER
*/
XHTML_footer();