po/src/login.php

309 lines
10 KiB
PHP

<?php
// Copyright (C) 2002-2006 Balint Kis (balint@k-i-s.net)
// Copyright (C) 2005-2013 Solomon Peachy (pizza@shaftnet.org)
// This program is free software; you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation; either version 3 of the License, or
// (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
include_once "include/config.php";
include_once "include/common.php";
include_once "include/site.php";
include_once "include/mail.php";
include_once "include/admin.php";
/* Log the user in based on their supplied credentials */
function login_user($database, $auth_handle, $username, $password, $auto_login, $lang) {
global $strings;
global $po_user;
global $reason;
if (!$username) {
$reason = "invalid_login";
return FALSE;
}
$username = $auth_handle->auth_user($username, $password);
if ($username === FALSE) {
$reason = "invalid_login";
return FALSE;
}
/* Sanity-check the admin password */
if (($username == 'admin') &&
($password == 'admin')) {
$po_user['admin_change_password'] = 1;
}
return setup_user_info($database, $auth_handle, $username, $lang, $auto_login);
}
function res_password($database, $password, $orig) {
global $po_user;
global $po_options;
if ($password == "") {
return FALSE;
}
$found = FALSE;
foreach ($po_user['passwords'] as $pwd) {
if ($password == $pwd) {
$found = TRUE;
break;
}
}
foreach ($po_options['passwords'] as $pwd) {
if ($password == $pwd) {
$found = TRUE;
break;
}
}
if (!$found) {
if ($po_user['id']) {
array_push($po_options['passwords'], $password);
store_user_pref($database, $po_user['id'],
'passwords', serialize($po_options['passwords']));
} else {
array_push($po_user['passwords'], $password);
}
}
site_update_session();
header("Location: $orig");
exit();
}
function display_email_form() {
global $strings;
global $thm_elem;
site_header($strings['generic_login']);
site_navigator(3);
site_navigator_status("<a href=\"login.php\">".$strings['generic_login']."</a> : ".$strings['login_email_prep'], "");
print "<center>\n";
print "<p>";
print $strings['login_email_prompt'];
print "</p>";
print "<form action=\"login.php\" method=\"post\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"operation\" value=\"send_info\" />\n";
print "<input type=\"text\" name=\"email\" size=\"40\" tabindex=\"1\"/><br/>\n";
print $thm_elem['button.submit'];
print $thm_elem['button.clear'];
print "</form>\n";
print "</center><p>\n";
}
function display_login_form($username, $orig, $reason, $lang, $status_a, $status_b, $auth_handle, $thm) {
global $strings;
global $thm_elem;
global $po_user;
global $po_options_default;
$username = htmlentities($username);
if ($po_user['type'] > PO_USER_TYPE_DISABLED)
site_header($strings['generic_logout']);
else
site_header($strings['generic_login']);
site_navigator(3);
site_navigator_status($status_a, $status_b);
print "<center><table class=\"search\"><tr>\n";
print "<td align=\"center\" valign=\"top\" >\n";
if ($orig != "" && $reason == 'protected') {
print "<form action=\"login.php\" method=\"post\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"operation\" value=\"password\" />\n";
print "<input type=\"hidden\" name=\"orig\" value=\"$orig\" />\n";
print "<input type=\"hidden\" name=\"reason\" value=\"$reason\" />\n";
print "<table class=\"login\">\n";
print "<tr><td>".$strings['generic_resource_password']."</td><td><input type=\"password\" name=\"password\" value=\"\" /></td></tr>\n";
print "</table>\n";
print $thm_elem['button.submit'];
print "</form>\n";
print "&nbsp;<br/>\n";
} elseif ($po_user['type'] == PO_USER_TYPE_DISABLED) {
print "<form action=\"login.php\" method=\"post\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"operation\" value=\"login\" />\n";
print "<input type=\"hidden\" name=\"orig\" value=\"$orig\" />\n";
print "<input type=\"hidden\" name=\"reason\" value=\"$reason\" />\n";
print "<table class=\"login\">\n";
print "<tr>". emit_td($strings['generic_username']). "<td><input type=\"text\" name=\"username\" value=\"$username\" tabindex=\"1\"/></td></tr>\n";
print "<tr>" . emit_td($strings['generic_password'])."<td><input type=\"password\" name=\"password\" tabindex=\"2\"/></td></tr>\n";
print emit_language_combo($lang);
print emit_theme_combo($thm);
print "<tr><td colspan=\"2\">".emit_checkbox_item("auto_login", "auto_login", "", true).$strings['login_auto_login']."</td></tr>\n";
print "</table>\n";
print $thm_elem['button.login'];
print $thm_elem['button.clear'];
print "</form>\n";
} else {
print "<p>";
print $strings['login_logout_prompt'];
print "</p>";
print "<form action=\"login.php\" method=\"post\" accept-charset=\"".$strings['formats_encoding']."\">\n";
print "<input type=\"hidden\" name=\"operation\" value=\"logout\" />\n";
print "<input type=\"hidden\" name=\"orig\" value=\"$orig\" />\n";
print $thm_elem['button.logout'];
print "</form>\n";
}
if ($po_user['type'] == PO_USER_TYPE_DISABLED && ($auth_handle->local_register === TRUE)) {
if ($po_options_default['new_user_type'] != PO_USER_TYPE_DISABLED) {
print "&nbsp;<br/>\n";
print $strings['login_user_register'] . "<br/>";
print "&nbsp;<br/>\n";
print "<div align=\"center\">";
print "<form action=\"register.php\" method=\"post\" accept-charset=\"".$strings['formats_encoding']."\">";
print $thm_elem['button.register'];
print "</form>";
print "</div>";
}
print "</td></tr>";
if ($auth_handle->local_register === TRUE) {
print "<tr><td align=\"center\" valign=\"bottom\" >";
print "&nbsp;<br/>\n";
print $strings['login_forgot_password'] ." <a href=\"login.php?operation=get_email\">".$strings['generic_here']."</a>.";
}
}
print "</td></tr>\n";
print "</table></center>\n";
}
/* -------------- */
$success = FALSE;
$username = isset($_REQUEST['username']) ? $_REQUEST['username'] : "";
$password = isset($_REQUEST['password']) ? $_REQUEST['password'] : "";
$auto_login = isset($_REQUEST['auto_login']) ? $_REQUEST['auto_login'] : "";
$operation = isset($_REQUEST['operation']) ? $_REQUEST['operation'] : "";
/* Login reason */
$reason = isset($_REQUEST['reason']) ? $_REQUEST['reason'] : FALSE;
$database = site_prolog();
$auth_handle = new $po_auth();
/* Referer */
$orig = isset($_REQUEST['orig']) ? $_REQUEST['orig'] : (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : "");
switch ($operation) {
case "send_info":
$email = $_REQUEST['email'];
if (send_login_information($database, $email, FALSE, FALSE, $auth_handle) == FALSE) {
$reason = "invalid_email";
}
break;
case "logout":
if ($po_user['session_id'])
session_id($po_user['session_id']);
po_log("Logged out");
session_start();
setcookie(session_name(), '', time()-3600, $po_cookie_path);
session_destroy();
$operation = "";
$po_user['id'] = 0;
$po_user['type'] = PO_USER_TYPE_DISABLED;
$po_user['session'] = FALSE;
break;
case "login":
$success = login_user($database, $auth_handle, $username, $password, $auto_login, $po_options['lang']);
if ($success) {
po_log("Login successful");
if (isset($_REQUEST['orig'])) {
header("Location: $orig");
} else {
header("Location: ".generate_link('user', $po_user['username']));
}
site_epilog($database);
exit();
} else {
po_log("Login failed");
$operation = "login_failed";
if ($po_user['session_id']) {
session_id($po_user['session_id']);
}
session_start();
setcookie(session_name(), '', time()-3600, $po_cookie_path);
session_destroy();
}
break;
case "password":
$success = res_password($database, $password, $orig);
break;
default:
break;
}
if ($operation == "get_email") {
display_email_form();
} elseif ($po_user['type'] > PO_USER_TYPE_DISABLED) {
/* Login successful */
switch ($po_user['type']) {
case PO_USER_TYPE_DISABLED:
$status_string = $strings['login_disabled_account'];
break;
case PO_USER_TYPE_CLIENT:
$status_string = $strings['login_client_account'];
break;
case PO_USER_TYPE_USER:
$status_string = $strings['login_user_account'];
break;
case PO_USER_TYPE_ADMIN:
$status_string = $strings['login_admin_account'];
break;
}
if ($po_user['first_name'] || $po_user['last_name']) {
$status_a = $strings['login_logged_in_as'] ."<b>$po_user[first_name] $po_user[last_name]</b>, ".$strings['generic_username'].": <b>$po_user[username]</b>";
$status_b = $status_string;
} else {
$status_a = $strings['login_logged_in_as'] ."<b>$po_user[username]</b>";
$status_b = "";
}
display_login_form($username, $orig, $reason, $po_options['lang'], $status_a, $status_b, $auth_handle, $po_options['theme']);
} else { /* Login failed? */
if ($reason) {
$status_a = "<font color=\"red\">".$strings["errors_$reason"]."</font>";
$status_b = $orig != "" ? "<a href=\"$orig\">".$strings['generic_return']."</a>" : "";
} elseif ($operation == "send_info") {
$status_a = $strings['login_email_sent'] . " <b>$email</b>.";
$status_b = "";
} else {
$status_a = $strings['login_login_prompt'];
$status_b = "";
}
display_login_form($username, $orig, $reason, $po_options['lang'], $status_a, $status_b, $auth_handle, $po_options['theme']);
}
site_footer($database);
site_epilog($database);
?>