2 /*=====================================================================*\
3 || ###################################################################
5 || # Copyright 2002-2007 Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array(
28 define('SVN', '$Id$');
30 $focus['user'] = 'focus';
32 require_once('./global.php');
33 require_once('./includes/api_user.php');
35 // ###################################################################
37 if (bugdar
::$userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
39 $message->error(T('You are already logged in.'));
42 // ###################################################################
44 if (empty($_REQUEST['do']))
46 BSTemplate
::fetch('login')->evaluate()->flush();
49 // ###################################################################
51 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
53 $keeplogin = $input->inputClean('rememberme', TYPE_BOOL
);
54 if ($_POST['cplogin'])
59 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
61 $url = $_SERVER['HTTP_REFERER'];
68 if ($auth->authenticateLogin($input->in
['email'], $input->in
['password'], $keeplogin))
70 if ($_POST['do'] == 'cplogin')
72 $hash = BSFunctions
::random(90);
73 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE dateline < " . (TIMENOW
- 3600));
74 $db->query("INSERT INTO " . TABLE_PREFIX
. "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser
['userid'] . ", " . TIMENOW
. ")");
75 BSFunctions
::cookie(COOKIE_PREFIX
. 'adminsession', $hash, false
);
77 $message->redirect(T('Welcome back! You are now logged in.'), $url);
81 $message->error(T('Invalid email or password.'));
85 // ###################################################################
87 if ($_REQUEST['do'] == 'logout')
89 if (bugdar
::$userinfo['userid'])
91 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX
. 'adminsession') . "'");
92 $auth->clearCookies();
93 BSFunctions
::cookie(COOKIE_PREFIX
. 'adminsession', false
);
94 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ?
$_SERVER['HTTP_REFERER'] : 'index.php'));
98 $message->error(T('You need to be logged in to access this feature.'));
102 // ###################################################################
104 if ($_POST['do'] == 'sendpw')
106 $user = new UserAPI();
107 $user->set('email', $input->in
['email'], true
, false
); // don't verify so we don't get errors about existing emails
108 $user->setCondition(array('email'));
111 if ($message->hasErrors())
113 $show['lostpwerror'] = true
;
114 $_REQUEST['do'] = 'lostpw';
118 $activator = BSFunctions
::random(25);
119 $db->query("INSERT INTO " . TABLE_PREFIX
. "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW
. ", " . $user->record
['userid'] . ")");
121 $email = get_email_text('password_reset');
122 $mail = new BSMail();
123 $mail->setSubject($email['subject']);
124 $mail->setBodyText(sprintf($email['bodyText'], $user->record
['displayname'], bugdar
::$options['trackertitle'], bugdar
::$options['trackerurl'], $activator));
125 $mail->setFromAddress(MAIL_FROM_ADDRESS
);
126 $mail->setFromName(MAIL_FROM_NAME
);
127 $mail->send($user->record
['email'], $user->record
['displayname']);
129 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->record
['email']));
133 // ###################################################################
135 if ($_REQUEST['do'] == 'lostpw')
137 BSTemplate
::fetch('lostpassword')->evaluate()->flush();
140 // ###################################################################
142 if ($_POST['do'] == 'resetpw')
144 // remove old activators
145 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
148 $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
151 $message->error(L_INVALID_ID
);
154 $user = new UserAPI();
155 $user->set('userid', $activation['userid']);
157 if ($input->in
['fix_password'] != $input->in
['confirm_password'])
159 $message->addError(T('The passwords you entered do not patch.'));
161 if (empty($input->in
['fix_password']))
163 $message->addError(T('Your new password cannot be empty.'));
166 $user->set('password', $input->in
['fix_password']);
168 if (!$message->hasErrors())
170 // remove old other activators for this user
171 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE userid = " . $activation['userid']);
174 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
178 $show['errors'] = true
;
179 $_REQUEST['do'] = 'recoverpw';
183 // ###################################################################
185 if ($_REQUEST['do'] == 'recoverpw')
187 // remove old activators
188 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
191 $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
194 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
197 $tpl = new BSTemplate('passwordreset');
199 'activation' => $activation,
200 'message' => $message
202 $tpl->evaluate()->flush();
205 // ###################################################################
207 if ($_REQUEST['do'] == 'cplogout')
209 if ($_COOKIE[COOKIE_PREFIX
. 'adminsession'])
211 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX
. 'adminsession') . "'");
212 BSFunctions
::cookie(COOKIE_PREFIX
. 'adminsession', false
);
213 $message->redirect(T('You have been logged out.'), 'admin/');
217 $message->error(T('You are not logged in.'));
221 /*=====================================================================*\
222 || ###################################################################
225 || ###################################################################
226 \*=====================================================================*/