]>
src.bluestatic.org Git - bugdar.git/blob - login.php
2 /*=====================================================================*\
3 || ###################################################################
5 || # Copyright 2002-2007 Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array (
29 $focus [ 'user' ] = 'focus' ;
31 require_once ( './global.php' );
32 require_once ( './includes/api_user.php' );
34 // ###################################################################
36 if ( bugdar
:: $userinfo [ 'userid' ] AND $_REQUEST [ 'do' ] != 'logout' AND $_POST [ 'do' ] != 'cplogin' AND $_REQUEST [ 'do' ] != 'cplogout' )
38 $message- > error ( T ( 'You are already logged in.' ));
41 // ###################################################################
43 if ( empty ( $_REQUEST [ 'do' ]))
45 BSTemplate
:: fetch ( 'login' )-> evaluate ()-> flush ();
48 // ###################################################################
50 if ( $_POST [ 'do' ] == 'login' OR $_POST [ 'do' ] == 'cplogin' )
52 $keeplogin = $input- > inputClean ( 'rememberme' , TYPE_BOOL
);
53 if ( $_POST [ 'cplogin' ])
58 if ( $_SERVER [ 'HTTP_REFERER' ] AND ! $_POST [ 'goindex' ])
60 $url = $_SERVER [ 'HTTP_REFERER' ];
67 if ( $auth- > authenticateLogin ( $input- > in
[ 'email' ], $input- > in
[ 'password' ], $keeplogin ))
69 if ( $_POST [ 'do' ] == 'cplogin' )
71 $hash = BSFunctions
:: random ( 90 );
72 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE dateline < " . ( TIMENOW
- 3600 ));
73 $db- > query ( "INSERT INTO " . TABLE_PREFIX
. "adminsession (sessionid, userid, dateline) VALUES (' $hash' , " . $auth- > bugdarUser
[ 'userid' ] . ", " . TIMENOW
. ")" );
74 BSFunctions
:: cookie ( COOKIE_PREFIX
. 'adminsession' , $hash , false );
76 $message- > redirect ( T ( 'Welcome back! You are now logged in.' ), $url );
80 $message- > error ( T ( 'Invalid email or password.' ));
84 // ###################################################################
86 if ( $_REQUEST [ 'do' ] == 'logout' )
88 if ( bugdar
:: $userinfo [ 'userid' ])
90 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $input- > inputEscape ( COOKIE_PREFIX
. 'adminsession' ) . "'" );
91 $auth- > clearCookies ();
92 BSFunctions
:: cookie ( COOKIE_PREFIX
. 'adminsession' , false );
93 $message- > redirect ( T ( 'You have been logged out.' ), ( $_SERVER [ 'HTTP_REFERER' ] ? $_SERVER [ 'HTTP_REFERER' ] : 'index.php' ));
97 $message- > error ( T ( 'You need to be logged in to access this feature.' ));
101 // ###################################################################
103 if ( $_POST [ 'do' ] == 'sendpw' )
105 $user = new UserAPI ();
106 $user- > set ( 'email' , $input- > in
[ 'email' ], true , false ); // don't verify so we don't get errors about existing emails
107 $user- > setCondition ( array ( 'email' ));
110 if ( $message- > hasErrors ())
112 $show [ 'lostpwerror' ] = true ;
113 $_REQUEST [ 'do' ] = 'lostpw' ;
117 $activator = BSFunctions
:: random ( 25 );
118 $db- > query ( "INSERT INTO " . TABLE_PREFIX
. "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW
. ", " . $user- > record
[ 'userid' ] . ")" );
120 $email = get_email_text ( 'password_reset' );
121 $mail = new BSMail ();
122 $mail- > setSubject ( $email [ 'subject' ]);
123 $mail- > setBodyText ( sprintf ( $email [ 'bodyText' ], $user- > record
[ 'displayname' ], bugdar
:: $options [ 'trackertitle' ], bugdar
:: $options [ 'trackerurl' ], $activator ));
124 $mail- > setFromAddress ( MAIL_FROM_ADDRESS
);
125 $mail- > setFromName ( MAIL_FROM_NAME
);
126 $mail- > send ( $user- > record
[ 'email' ], $user- > record
[ 'displayname' ]);
128 $message- > message ( sprintf ( T ( 'An email has been dispatched to %1 $s that contains instructions on how to reset your password.' ), $user- > record
[ 'email' ]));
132 // ###################################################################
134 if ( $_REQUEST [ 'do' ] == 'lostpw' )
136 BSTemplate
:: fetch ( 'lostpassword' )-> evaluate ()-> flush ();
139 // ###################################################################
141 if ( $_POST [ 'do' ] == 'resetpw' )
143 // remove old activators
144 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . ( TIMENOW
- 86400 ));
147 $activation = $db- > queryFirst ( "SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $input- > inputEscape ( 'activator' ) . "'" );
150 $message- > error ( L_INVALID_ID
);
153 $user = new UserAPI ();
154 $user- > set ( 'userid' , $activation [ 'userid' ]);
156 if ( $input- > in
[ 'fix_password' ] != $input- > in
[ 'confirm_password' ])
158 $message- > addError ( T ( 'The passwords you entered do not patch.' ));
160 if ( empty ( $input- > in
[ 'fix_password' ]))
162 $message- > addError ( T ( 'Your new password cannot be empty.' ));
165 $user- > set ( 'password' , $input- > in
[ 'fix_password' ]);
167 if (! $message- > hasErrors ())
169 // remove old other activators for this user
170 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE userid = " . $activation [ 'userid' ]);
173 $message- > redirect ( T ( 'Your password has been changed successfully. You will now be redirected to the login page.' ), 'login.php' );
177 $show [ 'errors' ] = true ;
178 $_REQUEST [ 'do' ] = 'recoverpw' ;
182 // ###################################################################
184 if ( $_REQUEST [ 'do' ] == 'recoverpw' )
186 // remove old activators
187 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . ( TIMENOW
- 86400 ));
190 $activation = $db- > queryFirst ( "SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $input- > inputEscape ( 'activator' ) . "'" );
193 $message- > error ( T ( 'Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.' ));
196 $tpl = new BSTemplate ( 'passwordreset' );
198 'activation' => $activation ,
199 'message' => $message
201 $tpl- > evaluate ()-> flush ();
204 // ###################################################################
206 if ( $_REQUEST [ 'do' ] == 'cplogout' )
208 if ( $_COOKIE [ COOKIE_PREFIX
. 'adminsession' ])
210 $db- > query ( "DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $input- > inputEscape ( COOKIE_PREFIX
. 'adminsession' ) . "'" );
211 BSFunctions
:: cookie ( COOKIE_PREFIX
. 'adminsession' , false );
212 $message- > redirect ( T ( 'You have been logged out.' ), 'admin/' );
216 $message- > error ( T ( 'You are not logged in.' ));