login.inc.php at Php4dvd - movie database

<?php
/**
================================================================================ 
 LISENCE
================================================================================

    This file is part of php4dvd.

    php4dvd is free software: you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.

    php4dvd is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with php4dvd. If not, see <http://www.gnu.org/licenses/>.
**/

/**
 * Some important variables for other users to work with in code or templates:
 * - 'loggedin' is true when the user is logged in
 * - 'guestview' is true when guests can view movies
 * - 'User' is the logged in user and its information
 */
// Datamanagers
require_once($loc."/lib/db/UserDataManager.class.php");
$userdm = new UserDataManager($db, $settings);

// See if a user is logged in
if(isset($_SESSION["User"])) {
	$User = unserialize($_SESSION["User"]);
	if($User && isset($User->id)) {
		$User = $userdm->getUser($User->id);
		// If this user exists in the database, he/she is logged in
		if($User)
			$w->assign("User", $User);
		// Otherwise log this user out
		else
			logOut();
	}
}

// Login
if(!isset($User) && isset($_POST["username"]) && isset($_POST["password"])) {
	$User = $userdm->getUserByName($_POST["username"]);
	// Correct information?
	if($User && $User->password == md5($_POST["password"])) {
		$User->lastlogin = date("Y-m-d h:i:s");
		$User->update();
		$_SESSION["User"] = serialize($User);
		
		// Logged in, go back
		goBack();
	}
	// Wrong information
	else {
		unset($User);
		$w->assign("login_error", true);
	}
}

// Logout
if(isset($_GET["logout"])) {
	logOut();
}

/**
 * Determine if someone is logged in
 */
$loggedin = isset($User);
$w->assign("loggedin", $loggedin);
/**
 * Determine if guests can view the movies
 */
$guestview = $settings["user"]["guestview"];
$w->assign("guestview", $guestview);

// Change password
if(isset($_POST["update"]) && $_POST["update"] == 1 && isset($_POST["password"])) {
	// Empty password is not allowed	
	if(isset($User) && trim($_POST["password"]) != "") {
		$User->password = md5($_POST["password"]);
		$User->update();
	}
}

// Log out
function logOut() {
	// Log out
	unset($_SESSION["User"]);
	unset($User);
	// Go back
	goBack();
}
?>