[Openfirst-cvscommit] members auth.php,1.1.1.1,1.2 index.php,1.1.1.1,1.2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/openfirst/members
In directory sc8-pr-cvs1:/tmp/cvs-serv23992

Modified Files:
	auth.php index.php 
Log Message:
Finish authentication work.

Index: auth.php
===================================================================
RCS file: /cvsroot/openfirst/members/auth.php,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** auth.php	11 May 2003 12:58:08 -0000	1.1.1.1
--- auth.php	11 May 2003 22:15:05 -0000	1.2
***************
*** 43,53 ****
    }
  
    // Determine if the user has already logged in with this session.  If
    // they have, set variables indicating this.  If they have not, make a
    // note of this so that components requiring them to log in are disabled.
  
-   $query = mysql_query("SELECT * FROM ofirst_members WHERE ID='".$_GET['ID']."'");
  
!   if(mysql_errno() != "") {
     // There was an error, check if it's because they didn't create the 
     // members table.
--- 43,88 ----
    }
  
+   function showlogin () {
+     echo("<form action='".$_SERVER["PHP_SELF"] . "' method='post'>
+     Login: <input name='login' type='text' />
+     <br />Password: <input name='password' type='password' />
+     <br /><input type='submit' value='Login'>
+     </form>");
+     return(0);
+   }
+ 
    // Determine if the user has already logged in with this session.  If
    // they have, set variables indicating this.  If they have not, make a
    // note of this so that components requiring them to log in are disabled.
  
  
!   session_start();
! 
!   if(isset($_SESSION['authcode'])) {
!     $authcode = $_SESSION['authcode'];
!     $query = mysql_query("SELECT * FROM ofirst_members WHERE authcode='$authcode';");
!     $user = mysql_fetch_object($query);
!    } elseif(isset($_POST["login"]) == true && isset($_POST["password"]) == true) {
!     
!     $query = mysql_query("SELECT * FROM ofirst_members WHERE user='" . $_POST["login"] . "';");
! 
!      $user = mysql_fetch_object($query);
! 
!     if(mysql_num_rows($query) == 1) {
!      if(cryptpassword($_POST["password"], $encryption, $user->password) == $user->password) {
!        session_register("authcode");
!        $_SESSION["authcode"] = sha1(rand(1,50000000));
!        $aquery = mysql_query("UPDATE ofirst_members SET authcode='" . $_SESSION["authcode"] . "' WHERE user='" . $_POST["login"] . "';");
!        session_write_close();
!      } else {
!        unset($user);
!      }
!     }
!    }
! 
! 
!   if(mysql_errno() == 0) {
! 
!   } else {
     // There was an error, check if it's because they didn't create the 
     // members table.
***************
*** 74,78 ****
         dateregistered TINYTEXT,
         picturelocation TINYTEXT,
!        team INTEGER
       );");
       if(mysql_errno() == 0) {
--- 109,114 ----
         dateregistered TINYTEXT,
         picturelocation TINYTEXT,
!        team INTEGER,
!        skills TEXT
       );");
       if(mysql_errno() == 0) {

Index: index.php
===================================================================
RCS file: /cvsroot/openfirst/members/index.php,v
retrieving revision 1.1.1.1
retrieving revision 1.2
diff -C2 -d -r1.1.1.1 -r1.2
*** index.php	11 May 2003 12:58:08 -0000	1.1.1.1
--- index.php	11 May 2003 22:15:05 -0000	1.2
***************
*** 28,34 ****
    include("../config/globals.php");
    include($header);
  ?> 
  <h1>Members Area</h1>
! <p>This is the openFIRST members area.</p>
  
! <?php include($footer); ?>
--- 28,41 ----
    include("../config/globals.php");
    include($header);
+ 
+   if(isset($user->user)) {
  ?> 
+ 
  <h1>Members Area</h1>
! <p>This is the openFIRST members area.  You are logged in as: <?php
! echo($user->user . " the " . $user->membertype . "."); ?></p>
  
! <?php } else {
!   showlogin();
! }
!  include($footer); ?>