// remember login for a year
setcookie('DiogenesLogin',$_REQUEST['login'],(time()+25920000));
- // check response
- $res = $globals->db->query( "SELECT user_id,password FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
-
- if (!list($uid,$password) = mysql_fetch_row($res)) {
+ // lookup user
+ $res = $globals->db->query("SELECT user_id,username,password,firstname,lastname,perms FROM {$globals->tauth['native']} WHERE username='{$_REQUEST['login']}'");
+ if (!list($uid,$username,$password,$firstname,$lastname,$perms) = mysql_fetch_row($res)) {
$page->info(__("Authentication error!"));
$this->doLogin($page);
}
+ mysql_free_result($res);
+ // check response
if ($_REQUEST['response'] != md5("{$_REQUEST['login']}:$password:{$this->challenge}"))
{
// log the login failure
}
// retrieve user info
- $res = $globals->db->query("select user_id,username,firstname,lastname,perms from {$globals->tauth['native']} where username='{$_REQUEST['login']}'");
- list($this->uid,$this->username,$firstname,$lastname,$perms) = mysql_fetch_row($res);
+ $this->uid = $uid;
+ $this->username = $username;
+ $this->firstname = $firstname;
+ $this->lastname = $lastname;
$this->fullname = $firstname . ($lastname ? " $lastname" : "");
// create logger
// check credentials
$pass = md5($pass);
- $res = $globals->db->query("select user_id,username,perms from {$globals->tauth['native']} where username='$user' and password='$pass'");
+ $res = $globals->db->query("SELECT user_id,username,perms FROM {$globals->tauth['native']} WHERE username='$user' AND password='$pass'");
if (!list($uid,$user,$perms) = mysql_fetch_row($res))
return false;
if (isset($_COOKIE['DiogenesLogin']))
$page->assign('username', $_COOKIE['DiogenesLogin']);
- $page->assign('post',htmlentities($page->script_uri()));
+ $page->assign('post',htmlentities($page->script_uri(), ENT_COMPAT | ENT_HTML401, "ISO-8859-1"));
$page->assign('challenge',$this->challenge);
$page->assign('md5',$page->url("md5.js"));
$page->display('login.tpl');
}
// read site specific permissions
- $res = $globals->db->query("select perms from diogenes_perm where alias='{$alias}'".
- " and auth='{$this->auth}' and uid='{$this->uid}'");
- if (mysql_num_rows($res)>0) {
+ $res = $globals->db->query("SELECT perms FROM diogenes_perm WHERE alias='{$alias}' AND auth='{$this->auth}' AND uid='{$this->uid}'");
+ if (list($tmp) = mysql_fetch_row($res)) {
$this->perms->addflag('user');
- list($tmp) = mysql_fetch_row($res);
$this->perms->addflag($tmp);
}
mysql_free_result($res);