diff options
author | Nicolas BERNSTEIN <alexis211@gmail.com> | 2011-09-17 16:48:29 +0200 |
---|---|---|
committer | Nicolas BERNSTEIN <alexis211@gmail.com> | 2011-09-17 16:48:29 +0200 |
commit | d0060968b77c39bdf8abffb071c971c166b59edb (patch) | |
tree | 0be52e00a25bd298235a0cf916fb07496d3ab95f /lib/login.php | |
download | Bits-d0060968b77c39bdf8abffb071c971c166b59edb.tar.gz Bits-d0060968b77c39bdf8abffb071c971c166b59edb.zip |
First commit.
Diffstat (limited to 'lib/login.php')
-rw-r--r-- | lib/login.php | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/lib/login.php b/lib/login.php new file mode 100644 index 0000000..2ba954e --- /dev/null +++ b/lib/login.php @@ -0,0 +1,60 @@ +<?php + +require("conf/login.php"); + +session_start($session_name); + +$priv = array(0 => "Anonymous", 1 => "Member", 2 => "Administrator"); +$user = array('id' => 0, 'name' => 'Anonymous', 'priv' => 0); + +require("sql.php"); + +if (isset($_GET['logout'])) { + unset($_SESSION['user_id']); + unset($_SESSION['user']); +} + +if (isset($_POST['login']) && isset($_POST['pw'])) { + $sql = sql("SELECT id FROM account ". + "WHERE login = '" . esc($_POST['login']) . "' AND password = PASSWORD('" . esc($_POST['pw']) . "')"); + if ($util = mysql_fetch_assoc($sql)) { + $_SESSION['user_id'] = intval($util['id']); + } else { + $error = "Wrong username or password."; + $login = $_POST['login']; + require("tpl/account/login.php"); + } +} + +if (isset($_SESSION['user_id'])) { + if (isset($_SESSION['user']) && $_SESSION['user']['id'] == $_SESSION['user_id']) { + $user = $_SESSION['user']; + } else { + $sql = sql("SELECT login AS name, id, priv ". + "FROM account ". + "WHERE id = " . $_SESSION['user_id']); + if ($util = mysql_fetch_assoc($sql)) { + $user['id'] = $_SESSION['user_id']; + $user['name'] = $util['name']; + $user['priv'] = $util['priv']; + $_SESSION['user'] = $user; + } else { + unset($_SESSION['user_id']); + unset($_SESSION['user']); + } + } +} + +if ($user['priv'] < $priv_required) { + $error = "You must be " . strtolower($priv[$priv_required]) . " to have acces to this page."; + if ($user['id'] == 0) { + require("tpl/account/login.php"); + } else { + require("tpl/general/empty.php"); + } +} + +// Si on demande la page de login, ... +if (isset($_GET['login']) && !(isset($_POST['login']) && isset($_POST['pw']))) { + require ("tpl/account/login.php"); +} |