summaryrefslogtreecommitdiff
path: root/web/html
diff options
context:
space:
mode:
authorCallan Barrett <wizzomafizzo@gmail.com>2008-01-04 01:27:17 +0900
committerDan McGee <dan@archlinux.org>2008-01-20 00:21:19 -0600
commit0e4b25211bc2d9629f0f848ea25a4c2fbcbfe339 (patch)
tree6b169f65ac9ec9bb7049e38f3c38213e752ac18c /web/html
parent9a83e56b69bff3ef1921d3f8dab0b2daabb4d4c3 (diff)
Removes timeout page and moves login form to header
This removes the need for a timeout page (and probably hacker.php) and moves the login form and status to the header. If your login times out you won't lose your place anymore and links will always work. Works for me but at the moment index_po.php is imported in aur.inc which has to stay until the translations from it for login are moved to aur_po.php. Signed-off-by: Callan Barrett <wizzomafizzo@gmail.com>
Diffstat (limited to 'web/html')
-rw-r--r--web/html/index.php98
1 files changed, 1 insertions, 97 deletions
diff --git a/web/html/index.php b/web/html/index.php
index 2a1a489..99cccbc 100644
--- a/web/html/index.php
+++ b/web/html/index.php
@@ -2,78 +2,12 @@
set_include_path(get_include_path() . PATH_SEPARATOR . '../lib' . PATH_SEPARATOR . '../lang');
-include("index_po.inc");
+# include("index_po.inc");
include("pkgfuncs_po.inc"); # Add to handle the i18n of My Packages
include("aur.inc");
set_lang();
check_sid();
-# Need to do the authentication prior to sending any HTML (including header)
-#
-$login_error = "";
-if (isset($_REQUEST["user"]) || isset($_REQUEST["pass"])) {
- # Attempting to log in
- #
- if (!isset($_REQUEST["user"])) {
- $login_error = __("You must supply a username.");
- }
- if (!isset($_REQUEST["pass"])) {
- $login_error = __("You must supply a password.");
- }
- if (!$login_error) {
- # Try and authenticate the user
- #
-
- #md5 hash it
- $_REQUEST["pass"] = md5($_REQUEST["pass"]);
- $dbh = db_connect();
- $q = "SELECT ID, Suspended FROM Users ";
- $q.= "WHERE Username = '" . mysql_real_escape_string($_REQUEST["user"]) . "' ";
- $q.= "AND Passwd = '" . mysql_real_escape_string($_REQUEST["pass"]) . "'";
- $result = db_query($q, $dbh);
- if (!$result) {
- $login_error = __("Error looking up username, %s.",
- array(htmlspecialchars($_REQUEST["user"])));
- } else {
- $row = mysql_fetch_row($result);
- if (empty($row)) {
- $login_error = __("Incorrect password for username, %s.",
- array(htmlspecialchars($_REQUEST["user"])));
- } elseif ($row[1]) {
- $login_error = __("Your account has been suspended.");
- }
- }
-
- if (!$login_error) {
- # Account looks good. Generate a SID and store it.
- #
- $logged_in = 0;
- $num_tries = 0;
- while (!$logged_in && $num_tries < 5) {
- $new_sid = new_sid();
- $q = "INSERT INTO Sessions (UsersID, SessionID, LastUpdateTS) ";
- $q.="VALUES (". $row[0]. ", '" . $new_sid . "', UNIX_TIMESTAMP())";
- $result = db_query($q, $dbh);
- # Query will fail if $new_sid is not unique
- #
- if ($result) {
- $logged_in = 1;
- break;
- }
- $num_tries++;
- }
- if ($logged_in) {
- # set our SID cookie
- #
- setcookie("AURSID", $new_sid, 0, "/");
- header("Location: /index.php");
- } else {
- $login_error = __("Error trying to generate session id.");
- }
- }
- }
-}
-
# Any cookies have been sent, can now display HTML
#
html_header();
@@ -97,36 +31,6 @@ print __("The most popular packages will be provided as binary packages in [comm
print "</td>";
print "<td class='boxSoft' valign='top'>";
-# Now present the user login stuff
-if (!isset($_COOKIE["AURSID"])) {
- # the user is not logged in, give them login widgets
- #
- if ($login_error) {
- print "<span class='error'>" . $login_error . "</span><br />\n";
- }
- print "<table border='0' cellpadding='0' cellspacing='0' width='100%'>\n";
- print "<form action='/index.php' method='post'>\n";
- print "<tr>\n";
- print "<td>".__("Username:")."</td>";
- print "<td><input type='text' name='user' size='30' maxlength='64'></td>";
- print "</tr>\n";
- print "<tr>\n";
- print "<td>".__("Password:")."</td>";
- print "<td><input type='password' name='pass' size='30' maxlength='32'></td>";
- print "</tr>\n";
- print "<tr>\n";
- print "<td colspan='2' align='right'>&nbsp;<br />";
- print "<input type='submit' class='button'";
- print " value='".__("Login")."'></td>";
- print "</tr>\n";
- print "</form>\n";
- print "</table>\n";
-
-} else {
- print __("Logged-in as: %h%s%h",
- array("<b>", username_from_sid($_COOKIE["AURSID"]), "</b>"));
-}
-
# MAIN: Bottom Left
print "</td>";
print "</tr>";