Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
<?php
function auth_init() {
// define user right and id if new session
if (!$_SESSION["user_id"] or !$_SESSION["user_right"]) {
$_SESSION["user_id"] = 0;
$_SESSION["user_right"] = 0;
}
// No logged user is allowed without https!
if ($_SERVER['HTTPS'] != "on" && $_SESSION["user_id"] > 0)
auth_disconnect();
// Process auth if asked
if ($_POST['connect']) {
if (!auth_connect(stripslashes($_POST['user_login']),
stripslashes($_POST['user_pass'])))
redirect('/?html=Connection&fail='.stripslashes($_POST['user_login']));
}
//Process disconnect if asked
if ($_POST['disconnect'])
auth_disconnect();
}
function auth_connect($login, $pass) {
$md5_pass = md5($pass);
$result = getOneUserByLogin($login);
if (mysql_num_rows($result) > 0) {
$user = mysql_fetch_array($result);
if ($user["user_login"] == $login && $user["user_pass"] == $md5_pass)
if (!auth_blacklisted($login)) {
$_SESSION["user_right"] = $user["user_right"];
$_SESSION["user_id"] = $user["user_id"];
return true;
}
}
return false;
}
function auth_disconnect() {
$_SESSION["user_id"] = 0;
$_SESSION["user_right"] = 0;
}
function auth_blacklisted($login) {
$result = getOneBlacklistByLogin($login);
return mysql_num_rows($result) > 0;
}
?>