1 files changed, 60 insertions, 0 deletions

diff --git a/lib/login.php b/lib/login.php
new file mode 100644
index 0000000..2ba954e
--- /dev/null
+++ b/lib/login.php
@@ -0,0 +1,60 @@
+<?php
+
+require("conf/login.php");
+
+session_start($session_name);
+
+$priv = array(0 => "Anonymous", 1 => "Member", 2 => "Administrator");
+$user = array('id' => 0, 'name' => 'Anonymous', 'priv' => 0);
+
+require("sql.php");
+
+if (isset($_GET['logout'])) {
+	unset($_SESSION['user_id']);
+	unset($_SESSION['user']);
+}
+
+if (isset($_POST['login']) && isset($_POST['pw'])) {
+	$sql = sql("SELECT id FROM account ".
+		"WHERE login = '" . esc($_POST['login']) . "' AND password = PASSWORD('" . esc($_POST['pw']) . "')");
+	if ($util = mysql_fetch_assoc($sql)) {
+		$_SESSION['user_id'] = intval($util['id']);
+	} else {
+		$error = "Wrong username or password.";
+		$login = $_POST['login'];
+		require("tpl/account/login.php");
+	}
+}
+
+if (isset($_SESSION['user_id'])) {
+	if (isset($_SESSION['user']) && $_SESSION['user']['id'] == $_SESSION['user_id']) {
+		$user = $_SESSION['user'];
+	} else {
+		$sql = sql("SELECT login AS name, id, priv ".
+			"FROM account ".
+			"WHERE id = " . $_SESSION['user_id']);
+		if ($util = mysql_fetch_assoc($sql)) {
+			$user['id'] = $_SESSION['user_id'];
+			$user['name'] = $util['name'];
+			$user['priv'] = $util['priv'];
+			$_SESSION['user'] = $user;
+		} else {
+			unset($_SESSION['user_id']);
+			unset($_SESSION['user']);
+		}
+	}
+}
+
+if ($user['priv'] < $priv_required) {
+	$error = "You must be " . strtolower($priv[$priv_required]) . " to have acces to this page.";
+	if ($user['id'] == 0) {
+		require("tpl/account/login.php");
+	} else {
+		require("tpl/general/empty.php");
+	}
+}
+
+// Si on demande la page de login, ...
+if (isset($_GET['login']) && !(isset($_POST['login']) && isset($_POST['pw']))) {
+	require ("tpl/account/login.php");
+}