Code: Select all
# if login, and auth returns true, then refresh month view, and close window
if ($action == "login"
&& auth($_POST['username'], md5($_POST['password'])) ) {
echo "<script language=\"JavaScript\">";
echo "opener.location = \"index.php?month=$m&year=$y\";";
echo "window.setTimeout('window.close()', 500);";
echo "</script>";
} elseif ($action == "logout") {
session_start();
session_destroy();
header ("Location: index.php?month=$m&year=$y");
}
Code: Select all
# if login, and auth returns true, then refresh month view, and close window
define("IN_PHPBB",true);
require_once("./forum/includes/functions.php");
if ($action == "login"
&& auth($_POST['username'], phpbb_hash($_POST['password'])) ) {
echo "<script language=\"JavaScript\">";
echo "opener.location = \"index.php?month=$m&year=$y\";";
echo "window.setTimeout('window.close()', 500);";
echo "</script>";
} elseif ($action == "logout") {
session_start();
session_destroy();
header ("Location: index.php?month=$m&year=$y");
}
Code: Select all
function auth($login = '', $passwd = '')
{
define("IN_PHPBB",true);
require_once("../forum/includes/functions.php");
session_start();
$auth = 0;
$register = false;
$authdata = null;
if (isset($_SESSION['authdata'])) {
$authdata = $_SESSION['authdata'];
}
# return false if login neither passed to func, nor in session
if (empty($login) && empty($authdata['login'])) {
return 0;
}
# get login passed to function
if (!empty($login)) {
$username = $login;
$pw = $passwd;
$register = true;
} else {
$username = $authdata['login'];
$pw = $authdata['password'];
}
mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
mysql_select_db(DB_NAME) or die(mysql_error());
$sql = "
SELECT * FROM phpbb_users
WHERE username = '" . $username . "'";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
# validate login, and register session data if appropriate
if ( phpbb_check_hash($pw,$row['user_password']) && $row["group_id"] <= 8 ) {
$auth = "1";
if ($register) {
$_SESSION['authdata'] = array(
'login' => $row['username'],
'password' => $pw,
'userlevel' => "1",
'uid' => $row['user_id'],
);
}
} else {
# if passwords didn't match, delete authdata session data
unset($_SESSION['authdata']);
}
return $auth;
}