From c630a2d50349c57660cfc98eb13ec71444b27610 Mon Sep 17 00:00:00 2001
From: neoraider <devnull@localhost>
Date: Sat, 14 Jan 2006 02:14:01 +0000
Subject: Login implementiert. Puh... Und dabei auch den Handler phpexec und
 die Nav-Pages eingebaut.

---
 code/user.inc.php | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 63 insertions(+), 5 deletions(-)

(limited to 'code/user.inc.php')

diff --git a/code/user.inc.php b/code/user.inc.php
index 00c7355..34b12f2 100644
--- a/code/user.inc.php
+++ b/code/user.inc.php
@@ -6,19 +6,69 @@
     
     class User {
       var $uid = 0, $gid = 0;
+      var $key = '', $type = '';
       
       function User() {
-      	if($_GET['id'] && $_GET['sid']) {
-          $res = DBQuery('SELECT id, gid FROM users WHERE id = ? AND sid = ?',
-                         array($_GET['id'],$_GET['sid']));
-        
-          if($res->RecordCount()) {
+      	if($_COOKIE['login']) {
+      	  $res = DBQuery('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?',
+                         array(substr($_COOKIE['login'], 32),
+                               substr($_COOKIE['login'], 0, 32)));
+          
+          if($res->RecordCount() && $res->fields[2]) {
           	$this->uid = $res->fields[0];
           	$this->gid = $res->fields[1];
+          	
+          	$this->type = 'cookie';
+          	$this->key = $_COOKIE['login'];
+          }
+      	}
+      	
+      	if($this->uid == 0 && $_GET['login']) {
+          $res = DBQuery('SELECT id, gid, sid FROM users WHERE id = ? AND sid = ?',
+                         array(substr($_GET['login'], 32),
+                               substr($_GET['login'], 0, 32)));
+          
+          if($res->RecordCount() && $res->fields[2]) {
+          	$this->uid = $res->fields[0];
+          	$this->gid = $res->fields[1];
+          	
+          	$this->type = 'url';
+          	$this->key = $_GET['login'];
           }
         }
       }
       
+      function Login($name, $pass) {
+      	$res = DBQuery('SELECT id, gid FROM users WHERE user = ? AND password = ?', array($name, $pass));
+    
+        if($res->RecordCount()) {
+          $id = $res->fields[0];
+          $sid = md5(uniqid($name . " * " . $pass . " * " . rand()));
+          
+          DBQuery('UPDATE users SET sid = ? WHERE id = ?', array($sid, $id));
+          
+          $this->uid = $id;
+          $this->gid = $res->fields[1];
+          
+          $this->type = 'url';
+          $this->key = $sid . $id;
+          
+          return $id;
+        }
+        
+        return 0;
+      }
+      
+      function Logout() {
+        DBQuery('UPDATE users SET sid = \'\' WHERE id = ?', $this->uid);
+        
+        $this->uid = 0;
+        $this->gid = 0;
+        
+        $this->type = '';
+        $this->key = '';
+      }
+      
       function GetUid() {
       	return $this->uid;
       }
@@ -26,6 +76,14 @@
       function GetGid() {
       	return $this->gid;
       }
+      
+      function GetLoginType() {
+        return $this->type;
+      }
+      
+      function GetLoginKey() {
+        return $this->key;
+      }
     }
     
     $user = new User;
-- 
cgit v1.2.3