summaryrefslogtreecommitdiff
path: root/lib/login.php
blob: a58ee750bc9c2bc97ab23743da2062492fae38f1 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
<?php

require("conf/login.php");

session_start();

$priv = array(0 => "Anonymous", 1 => "Member", 2 => "Administrator");
$user = array('id' => 0, 'name' => 'Anonymous', 'priv' => 0);

require("sql.php");

if (isset($_GET['logout'])) {
	unset($_SESSION['user_id']);
	unset($_SESSION['user']);
}

if (isset($_POST['login']) && isset($_POST['pw'])) {
	$sql = sql("SELECT id FROM account WHERE login = ? AND password = PASSWORD(?)",
				esc($_POST['login']), esc($_POST['pw']));
	if ($util = $sql->fetch()) {
		$_SESSION['user_id'] = intval($util['id']);
	} else {
		$error = "Wrong username or password.";
		$login = $_POST['login'];
		require("tpl/account/login.php");
	}
}

if (isset($_SESSION['user_id'])) {
	if (isset($_SESSION['user']) && $_SESSION['user']['id'] == $_SESSION['user_id']) {
		$user = $_SESSION['user'];
	} else {
		$sql = sql("SELECT login AS name, id, priv ".
			"FROM account WHERE id = ?",
			$_SESSION['user_id']);
		if ($util = $sql->fetch()) {
			$user['id'] = $_SESSION['user_id'];
			$user['name'] = $util['name'];
			$user['priv'] = $util['priv'];
			$_SESSION['user'] = $user;
		} else {
			unset($_SESSION['user_id']);
			unset($_SESSION['user']);
		}
	}
}

if ($user['priv'] < $priv_required) {
	$error = "You must be " . strtolower($priv[$priv_required]) . " to have acces to this page.";
	if ($user['id'] == 0) {
		require("tpl/account/login.php");
	} else {
		require("tpl/general/empty.php");
	}
}

// Si on demande la page de login, ...
if (isset($_GET['login']) && !(isset($_POST['login']) && isset($_POST['pw']))) {
	require ("tpl/account/login.php");
}