<?php
# Jisko: An open-source microblogging application
# Copyright (C) 2010 Rubén Díaz <outime@gmail.com>
# 
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
# 
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Affero General Public License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

global $db;
global $_POST;

define('TITLE', __('Login'));

if(!$_POST) header('Location: '.BASE);

$postusername = $_POST['username'];
$postpassword = $_POST['password'];
$mobile = (bool) $_POST['usemobile'];
$mbase = BASE . 'mobile/';

if($mobile) define('NO_GUI', 1);

if(empty($postusername) or empty($postpassword)) {
	if($mobile) {
		header("Location: $mbase" . 'login?err=empty');
	} else {
		echo showStatus(__('There are empty fields, fill them and try again'), 'warning');
	}
} else {
	if (filter_var($postusername, FILTER_VALIDATE_EMAIL)) $userInfo = $db->getUserInfo(false, false, $postusername);
	else $userInfo = $db->getUserInfo(false, $postusername);
	if($userInfo) {
		extract($userInfo);
		if ($status == 'banned') die(showStatus(__('Your username is banned'), 'error'));
		$enc_password = md5(md5($postpassword).md5($salt));
		if(($password == $enc_password) and ($status == 'ok')) {
			$SID = md5($password.$salt.$api.time());
			$db->newSession($userInfo['ID'], $SID);
			setcookie(NAME, $SID, time()+(86400*60));
			if($mobile) {
				header("Location: $mbase" . 'notes');
			} else {
				header('Location: '.BASE);
			}
		} else {
			if($mobile) {
				header("Location: $mbase" . 'login?err=passwd');
			} else {
				if ($status == 'nc') echo showStatus(__("This account hasn't been confirmed yet"), 'warning');
				else echo showStatus(__('Incorrect password'), 'warning');
			}
		}
	} else {
		if($mobile) {
			header("Location: $mbase" . 'login?err=noname');
		} else {
			echo showStatus(__('There is no user with that name'), 'warning');
		}
	}
}