login.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar
   5 || # Copyright 2002-2007 Blue Static
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version 2 of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 $fetchtemplates = array(
  23         'login',
  24         'lostpassword',
  25         'passwordreset'
  26 );
  27
  28 define('SVN', '$Id$');
  29
  30 $focus['user'] = 'focus';
  31
  32 require_once('./global.php');
  33 require_once('./includes/api_user.php');
  34 require_once('./includes/class_api_error.php');
  35
  36 // ###################################################################
  37
  38 if (bugdar::$userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
  39 {
  40         $message->error(T('You are already logged in.'));
  41 }
  42
  43 // ###################################################################
  44
  45 if (empty($_REQUEST['do']))
  46 {
  47         BSTemplate::fetch('login')->evaluate()->flush();
  48 }
  49
  50 // ###################################################################
  51
  52 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
  53 {
  54         $keeplogin = $input->inputClean('rememberme', TYPE_BOOL);
  55         if ($_POST['cplogin'])
  56         {
  57                 $keeplogin = 0;
  58         }
  59
  60         if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
  61         {
  62                 $url = $_SERVER['HTTP_REFERER'];
  63         }
  64         else
  65         {
  66                 $url = 'index.php';
  67         }
  68
  69         if ($auth->authenticateLogin($input->in['email'], $input->in['password'], $keeplogin))
  70         {
  71                 if ($_POST['do'] == 'cplogin')
  72                 {
  73                         $hash = BSFunctions::random(90);
  74                         $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
  75                         $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
  76                         BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
  77                 }
  78                 $message->redirect(T('Welcome back! You are now logged in.'), $url);
  79         }
  80         else
  81         {
  82                 $message->error(T('Invalid email or password.'));
  83         }
  84 }
  85
  86 // ###################################################################
  87
  88 if ($_REQUEST['do'] == 'logout')
  89 {
  90         if (bugdar::$userinfo['userid'])
  91         {
  92                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
  93                 $auth->clearCookies();
  94                 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null);
  95                 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
  96         }
  97         else
  98         {
  99                 $message->error(T('You need to be logged in to access this feature.'));
 100         }
 101 }
 102
 103 // ###################################################################
 104
 105 if ($_POST['do'] == 'sendpw')
 106 {
 107         $user = new UserAPI();
 108         $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails
 109         $user->setCondition(array('email'));
 110         $user->fetch();
 111
 112         if ($message->hasErrors())
 113         {
 114                 $show['lostpwerror'] = true;
 115                 $_REQUEST['do'] = 'lostpw';
 116         }
 117         else
 118         {
 119                 $activator = BSFunctions::random(25);
 120                 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")");
 121
 122                 $email = new BSTemplate(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->record['languageid']]['langcode']));
 123                 $email->vars = array('activator' => $activator);
 124
 125                 $email = $bugsys->xml->parse($email->evaluate()->getTemplate());
 126
 127                 $mail->setSubject($email['email']['subject']['value']);
 128                 $mail->setBodyText($email['email']['bodyText']['value']);
 129
 130                 $mail->send($user->record['email'], $user->record['displayname']);
 131
 132                 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->record['email']));
 133         }
 134 }
 135
 136 // ###################################################################
 137
 138 if ($_REQUEST['do'] == 'lostpw')
 139 {
 140         BSTemplate::fetch('lostpassword')->evaluate()->flush();
 141 }
 142
 143 // ###################################################################
 144
 145 if ($_POST['do'] == 'resetpw')
 146 {
 147         // remove old activators
 148         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 149
 150         // now look for ours
 151         $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
 152         if (!$activation)
 153         {
 154                 $message->error(L_INVALID_ID);
 155         }
 156
 157         $user = new UserAPI();
 158         $user->set('userid', $activation['userid']);
 159
 160         if ($input->in['fix_password'] != $input->in['confirm_password'])
 161         {
 162                 $message->addError(T('The passwords you entered do not patch.'));
 163         }
 164         if (empty($input->in['fix_password']))
 165         {
 166                 $message->addError(T('Your new password cannot be empty.'));
 167         }
 168
 169         $user->set('password', $input->in['fix_password']);
 170
 171         if (!$message->hasErrors())
 172         {
 173                 // remove old other activators for this user
 174                 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
 175
 176                 $user->update();
 177                 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
 178         }
 179         else
 180         {
 181                 $show['errors'] = true;
 182                 $_REQUEST['do'] = 'recoverpw';
 183         }
 184 }
 185
 186 // ###################################################################
 187
 188 if ($_REQUEST['do'] == 'recoverpw')
 189 {
 190         // remove old activators
 191         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 192
 193         // now look for ours
 194         $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
 195         if (!$activation)
 196         {
 197                 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
 198         }
 199
 200         $tpl = new BSTemplate('passwordreset');
 201         $tpl->vars = array(
 202                 'activation'    => $activation,
 203                 'message'               => $message
 204         );
 205         $tpl->evaluate()->flush();
 206 }
 207
 208 // ###################################################################
 209
 210 if ($_REQUEST['do'] == 'cplogout')
 211 {
 212         if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
 213         {
 214                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
 215                 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', null);
 216                 $message->redirect(T('You have been logged out.'), 'admin/');
 217         }
 218         else
 219         {
 220                 $message->error(T('You are not logged in.'));
 221         }
 222 }
 223
 224 /*=====================================================================*\
 225 || ###################################################################
 226 || # $HeadURL$
 227 || # $Id$
 228 || ###################################################################
 229 \*=====================================================================*/
 230 ?>