]> src.bluestatic.org Git - bugdar.git/blob - login.php
We were hitting an infinite loop with isso_pre_parse_hook
[bugdar.git] / login.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright 2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'login',
24 'lostpassword',
25 'passwordreset'
26 );
27
28 define('SVN', '$Id$');
29
30 $focus['user'] = 'focus';
31
32 require_once('./global.php');
33 require_once('./includes/api_user.php');
34 require_once('./includes/class_api_error.php');
35
36 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
37
38 // ###################################################################
39
40 if (bugdar::$userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
41 {
42 $message->error(T('You are already logged in.'));
43 }
44
45 // ###################################################################
46
47 if (empty($_REQUEST['do']))
48 {
49 eval('$template->flush("' . $template->fetch('login') . '");');
50 }
51
52 // ###################################################################
53
54 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
55 {
56 $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL);
57 if ($_POST['cplogin'])
58 {
59 $keeplogin = 0;
60 }
61
62 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
63 {
64 $url = $_SERVER['HTTP_REFERER'];
65 }
66 else
67 {
68 $url = 'index.php';
69 }
70
71 if ($auth->authenticateLogin($bugsys->in['email'], $bugsys->in['password'], $keeplogin))
72 {
73 if ($_POST['do'] == 'cplogin')
74 {
75 $hash = BSFunctions::random(90);
76 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
77 $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
78 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
79 }
80 $message->redirect(T('Welcome back! You are now logged in.'), $url);
81 }
82 else
83 {
84 $message->error(T('Invalid email or password.'));
85 }
86 }
87
88 // ###################################################################
89
90 if ($_REQUEST['do'] == 'logout')
91 {
92 if (bugdar::$userinfo['userid'])
93 {
94 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
95 $auth->clearCookies();
96 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession');
97 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
98 }
99 else
100 {
101 $message->error(T('You need to be logged in to access this feature.'));
102 }
103 }
104
105 // ###################################################################
106
107 if ($_POST['do'] == 'sendpw')
108 {
109 $user = new UserAPI($bugsys);
110 $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
111 $user->set_condition(array('email'));
112 $user->fetch();
113
114 if ($message->hasErrors())
115 {
116 $show['lostpwerror'] = true;
117 $_REQUEST['do'] = 'lostpw';
118 }
119 else
120 {
121 $activator = BSFunctions::random(25);
122 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
123
124 eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->objdata['languageid']]['langcode'])) . '";');
125 $email = $bugsys->xml->parse($email);
126
127 $mail->setSubject($email['email']['subject']['value']);
128 $mail->setBodyText($email['email']['bodyText']['value']);
129
130 $mail->send($user->objdata['email'], $user->objdata['displayname']);
131
132 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
133 }
134 }
135
136 // ###################################################################
137
138 if ($_REQUEST['do'] == 'lostpw')
139 {
140 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
141 }
142
143 // ###################################################################
144
145 if ($_POST['do'] == 'resetpw')
146 {
147 // remove old activators
148 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
149
150 // now look for ours
151 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
152 if (!$activation)
153 {
154 $message->error(L_INVALID_ID);
155 }
156
157 $user = new UserAPI($bugsys);
158 $user->set('userid', $activation['userid']);
159 $user->set_condition();
160
161 if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
162 {
163 $message->addError(T('The passwords you entered do not patch.'));
164 }
165 if (empty($bugsys->in['fix_password']))
166 {
167 $message->addError(T('Your new password cannot be empty.'));
168 }
169
170 $user->set('password', $bugsys->in['fix_password']);
171
172 if (!$message->hasErrors())
173 {
174 // remove old other activators for this user
175 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
176
177 $user->update();
178 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
179 }
180 else
181 {
182 $show['errors'] = true;
183 $_REQUEST['do'] = 'recoverpw';
184 }
185 }
186
187 // ###################################################################
188
189 if ($_REQUEST['do'] == 'recoverpw')
190 {
191 // remove old activators
192 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
193
194 // now look for ours
195 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
196 if (!$activation)
197 {
198 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
199 }
200
201 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
202 }
203
204 // ###################################################################
205
206 if ($_REQUEST['do'] == 'cplogout')
207 {
208 if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
209 {
210 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
211 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession');
212 $message->redirect(T('You have been logged out.'), 'admin/');
213 }
214 else
215 {
216 $message->error(T('You are not logged in.'));
217 }
218 }
219
220 /*=====================================================================*\
221 || ###################################################################
222 || # $HeadURL$
223 || # $Id$
224 || ###################################################################
225 \*=====================================================================*/
226 ?>