Put login into its own function.

Utilise login form template. Also cleaned up a couple notices. Signed-off-by: Loui Chang <louipc.ist@gmail.com> Signed-off-by: Simo Leone <simo@archlinux.org>
2025-02-03 10:43:03 +01:00 · 2008-02-06 19:16:21 -05:00 · 2008-02-06 19:16:21 -05:00 · a5a8895f49
commit a5a8895f49
parent 541ea8aacc
5 changed files with 33 additions and 114 deletions
--- a/web/html/account.php
+++ b/web/html/account.php
@ -3,7 +3,7 @@
 set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang');

 include("aur.inc");         # access AUR common functions
-include("acctfuncs.inc");   # access Account specific functions
+include_once("acctfuncs.inc");   # access Account specific functions
 include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages
 include("account_po.inc");  # use some form of this for i18n support
 set_lang();                 # this sets up the visitor's language
--- a/web/lib/acctfuncs.inc
+++ b/web/lib/acctfuncs.inc
@ -603,7 +603,6 @@ function display_account_info($U="",$T="",
 /*
 * Returns SID (Session ID) and error (error message) in an array
 * SID of 0 means login failed.
- * There should be a better way of doing this...I think
 */
 function try_login() {
 	$login_error = ""; 
--- a/web/lib/aur.inc
+++ b/web/lib/aur.inc
@ -9,6 +9,7 @@ include_once("config.inc");
 include_once("aur_po.inc");
 // TODO: remove this, move translations over for login form
 include_once("index_po.inc");
+include_once("acctfuncs.inc");

 # TODO do we need to set the domain on cookies?  I seem to remember some
 # security concerns about not using domains - but it's not like
@ -71,7 +72,7 @@ function check_sid() {
 	global $_COOKIE;
 	global $LOGIN_TIMEOUT;

-	if ($_COOKIE["AURSID"]) {
+	if (isset($_COOKIE["AURSID"])) {
 		$failed = 0;
 		# the visitor is logged in, try and update the session
 		#
@ -285,18 +286,18 @@ function set_lang() {
 	global $SUPPORTED_LANGS;

 	$update_cookie = 0;
-	if ($_REQUEST['setlang']) {
+	if (isset($_REQUEST['setlang'])) {
 		# visitor is requesting a language change
 		#
 		$LANG = $_REQUEST['setlang'];
 		$update_cookie = 1;

-	} elseif ($_COOKIE['AURLANG']) {
+	} elseif (isset($_COOKIE['AURLANG'])) {
 		# If a cookie is set, use that
 		#
 		$LANG = $_COOKIE['AURLANG'];

-	} elseif ($_COOKIE["AURSID"]) {
+	} elseif (isset($_COOKIE["AURSID"])) {
 		$dbh = db_connect();
 		$q = "SELECT LangPreference FROM Users, Sessions ";
 		$q.= "WHERE Users.ID = Sessions.UsersID ";
@ -334,67 +335,8 @@ function html_header($title="") {
 	global $LANG;
 	global $SUPPORTED_LANGS;

-	$login_error = "";
-	if (isset($_POST["user"]) || isset($_POST["pass"])) {
-		# Attempting to log in
-		#
-		if (!isset($_POST["user"]) || $_POST['user'] === "") {
-			$login_error = __("You must supply a username.");
-		}
-		if ((!isset($_POST["pass"]) || $_POST['pass'] === "") && empty($login_error)) {
-			$login_error = __("You must supply a password.");
-		}
-		if (!$login_error) {
-			# Try and authenticate the user
-			#
-
-			#md5 hash it
-			$_POST["pass"] = md5($_POST["pass"]);
-			$dbh = db_connect();
-			$q = "SELECT ID, Suspended FROM Users ";
-			$q.= "WHERE Username = '" . mysql_real_escape_string($_POST["user"]) . "' ";
-			$q.= "AND Passwd = '" . mysql_real_escape_string($_POST["pass"]) . "'";
-			$result = db_query($q, $dbh);
-			if (!$result) {
-                $login_error = __("Login failure: Bad user or pass.");
-			} else {
-				$row = mysql_fetch_row($result);
-				if (empty($row)) {
-				    $login_error = __("Login failure: Bad user or pass.");
-				} elseif ($row[1]) {
-					$login_error = __("Your account has been suspended.");
-				}
-			}
-
-			if (!$login_error) {
-				# Account looks good.  Generate a SID and store it.
-				#
-				$logged_in = 0;
-				$num_tries = 0;
-				while (!$logged_in && $num_tries < 5) {
-					$new_sid = new_sid();
-					$q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
-					$q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
-					$result = db_query($q, $dbh);
-					# Query will fail if $new_sid is not unique
-					#
-					if ($result) {
-						$logged_in = 1;
-						break;
-					}
-					$num_tries++;
-				}
-				if ($logged_in) {
-					# set our SID cookie
-					#
-					setcookie("AURSID", $new_sid, 0, "/");
-					$_COOKIE['AURSID'] = $new_sid;
-				} else {
-					$login_error = __("Error trying to generate session id.");
-				}
-			}
-		}
-	}
+	$login = try_login();
+  $login_error = $login['error'];

 	$title = htmlspecialchars($title, ENT_QUOTES);

--- a/web/template/header.php
+++ b/web/template/header.php
@ -82,24 +82,7 @@ foreach ($SUPPORTED_LANGS as $lang => $lang_name) {
 ?>
        </ul>
        </span>
-        <span id="login_bar">
-<?php
-if (isset($_COOKIE["AURSID"])) {
-  print __("Logged-in as: %h%s%h",
-			array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-} else {
-	if ($login_error) {
-		print "<span class='error'>" . $login_error . "</span><br />\n";
-    } ?>
-        <form method='post'>
-         <?php print __("Username:"); ?>
-          <input type='text' name='user' size='30' maxlength='64' value='<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?>'>
-         <?php print __("Password:"); ?>
-          <input type='password' name='pass' size='30' maxlength='32'>
-          <input type='submit' class='button' value='<?php  print __("Login"); ?>'>
-        </form>
-<?php } ?>
-        </span>
+	<?php include("login_form.php"); ?>
      </div>
    </div>
    <div id="maincontent">
--- a/web/template/login_form.php
+++ b/web/template/login_form.php
@ -1,33 +1,28 @@
+<span id="login_bar">
 <?php
-# Now present the user login stuff
-if (!isset($_COOKIE["AURSID"])):
-
-	# the user is not logged in, give them login widgets
-	#
-	if (!empty($login['error'])) {
-		print '<div class="error">' . $login['error']
-			. '</div>';
-	}
-?>
-
-	<form action="<?php print $_SERVER['PHP_SELF']; ?>" method="post">
-	<label class="lbox"><?php print __("Username"); ?><br />
-	<input type="text" name="user" size="30"
-	 maxlength="<?php print USERNAME_MAX_LEN;?>"></label>
-
-	<label class="lbox"><?php print  __("Password"); ?><br />
-	<input type="password" name="passwd" size="30"
-	 maxlength="<?php print PASSWD_MAX_LEN; ?>"></label>
-	<br />
-	<input type="submit" class="button"
-	value="<?php print __("Login"); ?>">
-	</form>
-
-<?php 
-else:
+if (isset($_COOKIE["AURSID"])) {
 	print __("Logged-in as: %h%s%h",
 		array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-endif; 
+}
+else {
+	if ($login_error) {
+		print "<span class='error'>" . $login_error . "</span><br />\n";
+	} ?>
+        <form method='post'>
+         <?php print __("Username:"); ?>
+	<input type='text' name='user' size='30'
+		maxlength="<?php print USERNAME_MAX_LEN; ?>"
+		value='<?php
+			if (isset($_POST['user'])) {
+				print htmlspecialchars($_POST['user'], ENT_QUOTES);
+			 } ?>'>
+         <?php print __("Password:"); ?>
+	<input type='password' name='passwd' size='30'
+		maxlength="<?php print PASSWD_MAX_LEN; ?>">
+	<input type='submit' class='button'
+		 value='<?php  print __("Login"); ?>'>
+</form>
+<?php } ?>
+</span>
+

-# vim: ts=2 sw=2 noet ft=php
-?>