<?php

function check_passwd()
{
  global $db;

  if (empty($_POST['login']) || empty($_POST['passwd']))
    return false;

  if ($_POST['auth_token'] != $_SESSION['token'])
    return false;

  $sql = sprintf("SELECT * FROM sys_user WHERE login = %s AND passwd = %s",
		 $db->quote($_POST['login']), $db->quote(passwd($_POST['login'], $_POST['passwd'])));

  $sth = $db->query($sql);

  if ($sth === false) return false;

  if ((!empty($_SERVER['HTTP_REFERER']) && substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true')
      || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
    error_log('Wrong referer or wrong request uri');
    return false;
  }

  if ($row = $sth->fetch()) {
    $_SESSION['sys'] = array('uid' => $row['id'],
			     'login' => $row['login'],
			     'name' => $row['name'],
			     'email' => $row['email'],
			     'theme' => $row['theme'],
			     'page' => $row['page'],
			     'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));
    $_SESSION['sys']['baseurl'] = substr($_SESSION['sys']['basedir'], strlen($_SERVER['DOCUMENT_ROOT']));
    return true;
  }

  error_log('Failed login attempt for user ' . $_POST['login']);
  return false;
}

function mask_login()
{
  $styles = Styles::instance();
  $javascript = JavaScript::instance();

  $styles->file('lib/rico3/ricoClient/css/rico.css');
  $styles->file('lib/rico3/ricoClient/css/rico_icon.css');
  $styles->file('lib/rico3/ricoClient/css/striping_cupertino.css');
  $styles->file('lib/rico3/ui-cupertino/jquery-ui.css');
  $styles->file('lib/rico3/ui-cupertino/jquery-ui_hallinta.css');

  $javascript->file('lib/rico3/ricoClient/js/rico2jqu.js');
  $javascript->file('lib/rico3/minsrc/rico.js');
  $javascript->file('lib/rico3/minsrc/ricoLocale_en.js');
  $javascript->file('lib/rico3/minsrc/ricoUI.js');
  $javascript->file('lib/rico3/ricoClient/js/ricoThemeroller.js');

  $LOGIN_IMG = 'images/login.jpg';
  if (defined('LOGIN_IMG')) $LOGIN_IMG = LOGIN_IMG;

  $HEIGHT = 800;
  if (file_exists($LOGIN_IMG)) {
    $info = getimagesize($LOGIN_IMG);
    $HEIGHT = $info[1];
  }

  $_SESSION = array('token' => md5(microtime().$_SERVER['DOCUMENT_ROOT']));
  $fname = 'data/misc/login.js';
  if (file_exists($fname))
    $javascript->onLoad(str_replace(array('$LOGIN_IMG', '$HEIGHT', '$TOKEN'),
				    array($LOGIN_IMG, $HEIGHT, $_SESSION['token']),
				    file_get_contents($fname)));
  $fname = 'data/misc/login.html';
  if (file_exists($fname))
    return str_replace(array('$LOGIN_IMG', '$HEIGHT', '$TOKEN'),
		       array($LOGIN_IMG, $HEIGHT, $_SESSION['token']),
		       file_get_contents($fname));
  else
    error_log('data/misc/login.html missing');
}