Location: PHPKode > projects > MyPhpMoney > myphpmoney_2.0/public_html/login.php
<?php
/**
 * $Id: login.php 420 2007-05-24 18:32:09Z hpfn $
 *
 * Author     : courou&#64;users.sourceforge.net
 * Website    : http://allreponse.ath.cx
 *
 * Support    : http://sourceforge.net/projects/myphpmoney/
 * CVS        : http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/myphpmoney/
 */

/**
 * INCLUDE FILE
 */
     require_once 'config/settings.inc.php';

/**
 * LOGOUT AND CLOSE BROWSER
 */
     if (isset($_GET['op']) && $_GET['op'] == 'Logout') {

       ## Dump the data storage
       if (isset($OPTION_CONFIG) && $OPTION_CONFIG == 1) MPM_DumpDays();

       ## Delete the old file storage
       if (isset($OPTION_SAUV_AUTO) && $OPTION_SAUV_AUTO == 1) MPM_DelDumpDays(__BACK_DAYS__,$_MPM['date_gettime']['mday']);

       ## CLOSE BROWSER NO CONFIRMATION
       if (isset($_GET['more']) && $_GET['more'] == 'close') {
          echo '<script type="text/javascript">javascript:opener=window;top.close();</script>';
       exit;
       }

     ## delete the current session and go the new session
     $sess->delete();
     page_open(array('sess'=>'MPM_Session'));
     }

/**
 * VERIF THE POST VALUE
 */
     if (isset($_POST['op'])) {
        switch ($_POST['op']) {
           ## Add new user
           case 'ADD':

              if (isset($_POST['new_password2']) && isset($_POST['new_username']) && isset($_POST['new_email'])) {

              $_POST['new_username'] = SQL_Clean($_POST['new_username']);
	      $_POST['new_lastname'] = SQL_Clean($_POST['new_lastname']);
              $_POST['new_firstname'] = SQL_Clean($_POST['new_lastname']);
	      $_POST['new_password2'] = SQL_Clean($_POST['new_password2']);
	      $_POST['new_email'] = SQL_Clean($_POST['new_email']);
	       
	       ## Number maxi user
               if (SQL_NumberAccount() >= __MAX_USERS__) {
                  XHTML_DisplayJs($_VAR['MESSAGE_JS']['JS_NBR_ACCOUNT']);
                  $sess->delete();
               page_open(array('sess'=>'MPM_Session'));
               }
               ## Ok for add the new user
               else if (!SQL_VerifUser($_POST['new_username'])) {

                $hash = isset($_POST['md5']) && $_POST['md5'] == 1 ? $_POST['new_password2'] : md5($_POST['new_password2']);
                SQL_InsertUser
                (
                  $tools->numero_unique(12),
                  $_POST['new_username'],
                  $hash,
                  $langs->detected_browser_country,
                  $langs->detected_browser_languages,
                  $_MPM['date_sql'],
                  $_MPM['date_sql'],
                  $_MPM['date_sql'],
                  $_POST['new_email'],
                  ## addslashes for the (') AND str_replace for the (')
                  isset($_POST['new_firstname']) ? str_replace('\"',"&quot;",$_POST['new_firstname']) : '',
                  isset($_POST['new_lastname']) ? str_replace('\"',"&quot;",$_POST['new_lastname']) : ''
                 );

                   ## Ok create the news session
                   $sess_pid  = $tools->numero_unique(12);
                   $sess_user = $_POST['new_username'];
                   $sess_pwd  = $hash;
                   $sess_time = $_MPM['date_unix'] + $_MPM['sess_expire'];
                   $sess->register('sess_pid');  $sess->register('sess_user');
                   $sess->register('sess_pwd');  $sess->register('sess_time');

                   $new_enter = true;
                   }
                   ## User exist
                   else {
                      $_GET['op']      = 'Signup';
                      $_MPM['message'] = 1;
                  } ## end of if SQL_NumberAccount
              } ## end if isset
        break;

           ## Normal enter
           case 'ENTER':

	      $_POST['user_name'] = SQL_Clean($_POST['user_name']);

              if (isset($_POST['md5']) && isset($sess_challenge) && isset($_POST['challenge']) && isset($_POST['response'])
                  && isset($_POST['user_name']) && !(isset($sess_pid))) {

                  $pass = SQL_ReturnPassword($_POST['user_name']);
                  $hash = md5(md5($_POST['user_name']).':'.$pass.':'.$sess_challenge);

                  ## No Use Encryption
                  if ($_POST['md5'] == 0) {
                     $each_response = explode(':',$_POST['response']);
                     ## Just Security (paranoid)
                     if ($each_response[0] == $_POST['user_name'] && md5($each_response[1]) == $pass && $each_response[2] == $sess_challenge) {
                        $_POST['response'] = md5(md5($each_response[0]).':'.md5($each_response[1]).':'.$each_response[2]);
                     }
                  }

                ## OK enter
                if ($_POST['challenge'] == $sess_challenge && $_POST['response'] == $hash) {

                  $db->query (
                      "SELECT USERID, LASTVISIT FROM ".$_MPM['table'][3]."
                      WHERE PWD='$pass' AND LOGIN_NAME='".$_POST['user_name']."'"
                  );

                  ## Update last visite
                  if ($db->num_rows() == 1) {
                       $db->next_record();

                        $sess_pid      = $db->f('USERID');
                        $sess_user     = $_POST['user_name'];
                        $sess_pwd      = $pass;
                        $sess_time     = $_MPM['date_unix'] + $_MPM['sess_expire'];
                        $sess->register('sess_pid');  $sess->register('sess_user');
                        $sess->register('sess_pwd');  $sess->register('sess_time');

                   ## Update the last visite
                   SQL_UpdateUser(3,$db->f('LASTVISIT'),$_MPM['date_sql'],$db->f('USERID'));
                   } else {
                        $_MPM['message'] = 2;
                   } ## end of $db->num_rows()
                } ## end $_POST['challenge'] == $sess_challenge ....
              } ## end ENTER
        break;

        // default case
           default:
        break;
        } ## end switch $_POST['op']
     } ## end isset $_POST['op']

/**
 * ENTER IN THE SESSION OR BUILD THE LOGIN FORM
 */
     if (SQL_VerifSession() && !isset($new_enter)) {
         header('location: '.$_MPM['http'][0].'');
     page_close(); exit;
     }
     else if (isset($new_enter))                   {
         header('location: '.$_MPM["http"][1].'?opt=new');
     page_close(); exit;
     }
     else {
         XHTML_DisplayLogin();
     }

/**
 * BUILD THE FOOTER
 */
     XHTML_footer();
Return current item: MyPhpMoney