}
}
+/**
+ * Perform user authentication routine
+ *
+ * If a user is already authenticated via session data, this bypasses some routines.
+ * After a user has ben authenticated, several SESSION variables ar set.
+ * If the authentication fails, the session is destroyed.
+ *
+ * @access public
+ * @param string The username to check
+ * @param string The password to check (may contain plaintext or MD5 hash)
+ * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE).
+ * @param boolean Indicates whether to query external plugins for authentication
+ * @return boolean True on success, False on error
+ */
+function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) {
+ global $serendipity;
+
+ if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) {
+ $username = $_SESSION['serendipityUser'];
+ $password = $_SESSION['serendipityPassword'];
+ // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata
+ $is_md5 = true;
+ }
+
+ if ($username != '') {
+ if ($use_external) {
+ serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password));
+ }
+
+ if ($is_md5 === false && !empty($password)) {
+ $password = md5($password);
+ }
+
+ $query = "SELECT DISTINCT
+ email, authorid, userlevel, right_publish
+ FROM
+ {$serendipity['dbPrefix']}authors
+ WHERE
+ username = '" . serendipity_db_escape_string($username) . "'
+ AND password = '" . serendipity_db_escape_string($password) . "'";
+ $row = serendipity_db_query($query, true, 'assoc');
+
+ if (is_array($row)) {
+ serendipity_setCookie('old_session', session_id());
+ $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username;
+ $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
+ $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email'];
+ $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
+ $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
+ $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
+ $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish'];
+ serendipity_load_configuration($serendipity['authorid']);
+ return true;
+ } else {
+ $_SESSION['serendipityAuthedUser'] = false;
+ @session_destroy();
+ }
+ }
+
+ return false;
+}
+
/**
* Check if a user is logged in
*
unset($serendipity['COOKIE'][$name]);
}
-/**
- * Perform user authentication routine
- *
- * If a user is already authenticated via session data, this bypasses some routines.
- * After a user has ben authenticated, several SESSION variables ar set.
- * If the authentication fails, the session is destroyed.
- *
- * @access public
- * @param string The username to check
- * @param string The password to check (may contain plaintext or MD5 hash)
- * @param boolean Indicates whether the input password is already in MD5 format (TRUE) or not (FALSE).
- * @param boolean Indicates whether to query external plugins for authentication
- * @return boolean True on success, False on error
- */
-function serendipity_authenticate_author($username = '', $password = '', $is_md5 = false, $use_external = true) {
- global $serendipity;
-
- if (isset($_SESSION['serendipityUser']) && isset($_SESSION['serendipityPassword']) && isset($_SESSION['serendipityAuthedUser']) && $_SESSION['serendipityAuthedUser'] == true) {
- $username = $_SESSION['serendipityUser'];
- $password = $_SESSION['serendipityPassword'];
- // For safety reasons when multiple blogs are installed on the same host, we need to check the current author each time to not let him log into a different blog with the same sessiondata
- $is_md5 = true;
- }
-
- if ($username != '') {
- if ($use_external) {
- serendipity_plugin_api::hook_event('backend_auth', $is_md5, array('username' => $username, 'password' => $password));
- }
-
- if ($is_md5 === false && !empty($password)) {
- $password = md5($password);
- }
-
- $query = "SELECT DISTINCT
- email, authorid, userlevel, right_publish
- FROM
- {$serendipity['dbPrefix']}authors
- WHERE
- username = '" . serendipity_db_escape_string($username) . "'
- AND password = '" . serendipity_db_escape_string($password) . "'";
- $row = serendipity_db_query($query, true, 'assoc');
-
- if (is_array($row)) {
- serendipity_setCookie('old_session', session_id());
- $_SESSION['serendipityUser'] = $serendipity['serendipityUser'] = $username;
- $_SESSION['serendipityPassword'] = $serendipity['serendipityPassword'] = $password;
- $_SESSION['serendipityEmail'] = $serendipity['serendipityEmail'] = $row['email'];
- $_SESSION['serendipityAuthorid'] = $serendipity['authorid'] = $row['authorid'];
- $_SESSION['serendipityUserlevel'] = $serendipity['serendipityUserlevel'] = $row['userlevel'];
- $_SESSION['serendipityAuthedUser'] = $serendipity['serendipityAuthedUser'] = true;
- $_SESSION['serendipityRightPublish']= $serendipity['serendipityRightPublish'] = $row['right_publish'];
- serendipity_load_configuration($serendipity['authorid']);
- return true;
- } else {
- $_SESSION['serendipityAuthedUser'] = false;
- @session_destroy();
- }
- }
-
- return false;
-}
-
/**
* Performs a check whether an iframe for the admin section shall be emitted
*
projects / s9y.git / commitdiff