From 4d4f2acfe707a83dec8789f8159cb60eab38e290 Mon Sep 17 00:00:00 2001
From: Kelly Rauchenberger <fefferburbia@gmail.com>
Date: Fri, 15 Aug 2008 13:49:58 +0000
Subject: Central: Added a login page

Refs #25
---
 central/trunk/activate.php       |   2 +
 central/trunk/db.php             |   2 +
 central/trunk/login.php          | 100 +++++++++++++++++++++++++++++++++++++++
 central/trunk/register.php       |   2 +
 central/trunk/theme/loggedin.tpl |  14 ++++++
 central/trunk/theme/login.tpl    |  61 ++++++++++++++++++++++++
 6 files changed, 181 insertions(+)
 create mode 100644 central/trunk/login.php
 create mode 100644 central/trunk/theme/loggedin.tpl
 create mode 100644 central/trunk/theme/login.tpl

diff --git a/central/trunk/activate.php b/central/trunk/activate.php
index 7b319b5..3237b70 100644
--- a/central/trunk/activate.php
+++ b/central/trunk/activate.php
@@ -99,3 +99,5 @@ function addError(&$numOfErrors, &$errors, $field, $msg)
         $numOfErrors++;
         $errors[$numOfErrors] = array('field' => $field, 'msg' => $msg);
 }
+
+?>
diff --git a/central/trunk/db.php b/central/trunk/db.php
index 3d70d6c..168d303 100644
--- a/central/trunk/db.php
+++ b/central/trunk/db.php
@@ -18,6 +18,8 @@ if (file_exists('install.php'))
 	die('Excuse me, but you need to delete install.php before you can use this as leaving install.php there is a biiiig security hole.');
 }
 
+session_start();
+
 include('config.php');
 
 mysql_connect($dbhost, $dbuser, $dbpass);
diff --git a/central/trunk/login.php b/central/trunk/login.php
new file mode 100644
index 0000000..cb96356
--- /dev/null
+++ b/central/trunk/login.php
@@ -0,0 +1,100 @@
+<?php
+
+/* InstaDisc Server - A Four Island Project */
+
+include('instadisc.php');
+include('template.php');
+
+if (!isset($_GET['submit']))
+{
+	showForm('','',array());
+} else {
+	$numOfErrors = 0;
+	$errors = array();
+
+	$getuser = "SELECT * FROM users WHERE username = \"" . mysql_real_escape_string($_POST['username']) . "\" AND password = \"" . mysql_real_escape_string(md5($_POST['password'])) . "\"";
+	$getuser2 = mysql_query($getuser);
+	$getuser3 = mysql_fetch_array($getuser2);
+	if ($getuser3['username'] != $_POST['username'])
+	{
+		addError($numOfErrors, $errors, '', 'Account could not be found');
+	}
+
+	if ($numOfErrors > 0)
+	{
+		showForm($_POST['username'], $_POST['password'], $errors);
+	} else {
+		if (instaDisc_verifyUser($_POST['username'], $_POST['password']))
+		{
+			$_SESSION['username'] == $_POST['username'];
+
+			$template = new FITemplate('loggedin');
+			$template->add('SITENAME', instaDisc_getConfig('siteName'));
+			$template->display();
+		} else {
+			addError($numOfErrors, $errors, '', 'Account could not be found');
+			showForm($_POST['username'], $_POST['password'], $errors);
+		}
+	}
+}
+
+function showForm($username, $password, $errors)
+{
+	$template = new FITemplate('login');
+	$template->add('SITENAME', instaDisc_getConfig('siteName'));
+
+	if (isset($errors[1]))
+	{
+		$template->adds('ERROR', array('ex'=>'1'));
+
+		foreach ($errors as $name => $value)
+		{
+			$template->adds('ERRORS', array(	'NAME' => $name,
+								'MSG' => $value['msg']));
+		}
+	}
+
+	$template->add('USERNAME_ERR', ifErrors($errors, 'username'));
+	$template->add('PASSWORD_ERR', ifErrors($errors, 'password'));
+
+	doErrors($template, $errors, 'username');
+	doErrors($template, $errors, 'password');
+
+	$template->add('USERNAME', $username);
+	$template->add('PASSWORD', $password);
+
+	$template->display();
+}
+
+function ifErrors($errors, $id)
+{
+        foreach ($errors as $name => $value)
+        {
+                if ($value['field'] == $id)
+                {
+                        return ' error';
+                }
+        }
+
+	return '';
+}
+
+function doErrors($template, $errors, $id)
+{
+        foreach ($errors as $name => $value)
+        {
+                if ($value['field'] == $id)
+                {
+			$template->adds(strtoupper($id) . '_ERRS', array(	'NAME' => $name,
+										'VALUE' => $value['msg']));
+                }
+        }
+}
+
+function addError(&$numOfErrors, &$errors, $field, $msg)
+{
+        $numOfErrors++;
+        $errors[$numOfErrors] = array('field' => $field, 'msg' => $msg);
+}
+
+?>
diff --git a/central/trunk/register.php b/central/trunk/register.php
index 0d4d61d..87774fc 100644
--- a/central/trunk/register.php
+++ b/central/trunk/register.php
@@ -104,3 +104,5 @@ function addError(&$numOfErrors, &$errors, $field, $msg)
         $numOfErrors++;
         $errors[$numOfErrors] = array('field' => $field, 'msg' => $msg);
 }
+
+?>
diff --git a/central/trunk/theme/loggedin.tpl b/central/trunk/theme/loggedin.tpl
new file mode 100644
index 0000000..4fcffc4
--- /dev/null
+++ b/central/trunk/theme/loggedin.tpl
@@ -0,0 +1,14 @@
+<HTML>
+	<HEAD>
+		<TITLE><!--SITENAME--> InstaDisc Central Server</TITLE>
+	</HEAD>
+
+	<BODY>
+		<CENTER>
+			<H1>InstaDisc Sign-in</H1>
+
+			<P>Thank you for logging in. <A HREF="userpanel.php">You may now procede to the user panel</A>
+		</CENTER>
+	</BODY>
+</HTML>
+
diff --git a/central/trunk/theme/login.tpl b/central/trunk/theme/login.tpl
new file mode 100644
index 0000000..90fe253
--- /dev/null
+++ b/central/trunk/theme/login.tpl
@@ -0,0 +1,61 @@
+<HTML>
+	<HEAD>
+		<TITLE><!--SITENAME--> InstaDisc Central Server</TITLE>
+		<LINK REL="stylesheet" TYPE="text/css" HREF="uniform.css">
+	</HEAD>
+
+	<BODY>
+		<CENTER>
+			<H1>InstaDisc Sign-in</H1>
+
+			<P>If you've registered and activated your account, you can sign in to modify your account here!
+		</CENTER>
+
+		<FORM CLASS="uniform" ACTION="./login.php?submit=" METHOD="POST">
+
+			<!--BEGIN ERROR-->
+			<DIV ID="errorMsg">Uh oh! Validation errors!<P>
+				<OL>
+			<!--END ERROR-->
+
+			<!--BEGIN ERRORS-->
+					<LI><A HREF="#error<!--ERRORS.NAME-->"><!--ERRORS.MSG--></A></LI>
+			<!--END ERRORS-->
+
+			<!--BEGIN ERROR-->
+				</OL>
+			</DIV>
+			<!--END ERROR-->
+
+			<FIELDSET CLASS="inlineLabels">
+				<LEGEND>User Details</LEGEND>
+
+				<DIV CLASS="ctrlHolder<!--USERNAME_ERR-->">
+					<!--BEGIN USERNAME_ERRS-->
+						<P ID="error<!--USERNAME_ERRS.NAME-->" CLASS="errorField"><EM>*</EM>
+							<!--USERNAME_ERRS.MSG-->
+						</P>
+					<!--END USERNAME_ERRS-->
+
+					<LABEL FOR="username"><EM>*</EM> Username: </LABEL>
+					<INPUT TYPE="text" ID="username" NAME="username" CLASS="textInput" VALUE="<!--USERNAME-->">			
+				</DIV>
+
+				<DIV CLASS="ctrlHolder<!--PASSWORD_ERR-->">
+					<!--BEGIN PASSWORD_ERRS-->
+						<P ID="error<!--PASSWORD_ERRS.NAME-->" CLASS="errorField"><EM>*</EM>
+							<!--PASSWORD_ERRS.MSG-->
+						</P>
+					<!--END PASSWORD_ERRS-->
+
+					<LABEL FOR="password"><EM>*</EM> Password: </LABEL>
+					<INPUT TYPE="password" ID="password" NAME="password" CLASS="textInput" VALUE="<!--PASSWORD-->">
+				</DIV>
+			</FIELDSET>
+
+			<DIV CLASS="buttonHolder">
+				<INPUT TYPE="submit" NAME="submit" VALUE="Submit">
+			</DIV>
+		</FORM>
+	</BODY>
+</HTML>
-- 
cgit 1.4.1