2 /*=====================================================================*\
3 || ###################################################################
5 || # Copyright 2002-2007 Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array(
29 $focus['user'] = 'focus';
31 require_once('./global.php');
32 require_once('./includes/api_user.php');
33 require_once('./includes/class_api_error.php');
35 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
37 // ###################################################################
39 if ($bugsys->userinfo
['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
41 $message->error(T('You are already logged in.'));
44 // ###################################################################
46 if (empty($_REQUEST['do']))
48 eval('$template->flush("' . $template->fetch('login') . '");');
51 // ###################################################################
53 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
55 $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL
);
56 if ($_POST['cplogin'])
61 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
63 $url = $_SERVER['HTTP_REFERER'];
70 if ($auth->authenticateLogin($bugsys->in
['email'], $bugsys->in
['password'], $keeplogin))
72 if ($_POST['do'] == 'cplogin')
74 $hash = $funct->rand(90);
75 $db->query("INSERT INTO " . TABLE_PREFIX
. "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser
['userid'] . ", " . TIMENOW
. ")");
76 $funct->cookie(COOKIE_PREFIX
. 'adminsession', $hash, false
);
78 $message->redirect(T('Welcome back! You are now logged in.'), $url);
82 $message->error(T('Invalid email or password.'));
86 // ###################################################################
88 if ($_REQUEST['do'] == 'logout')
90 if ($bugsys->userinfo
['userid'])
92 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX
. 'adminsession') . "'");
93 $auth->clearCookies();
94 $funct->cookie(COOKIE_PREFIX
. 'adminsession');
95 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ?
$_SERVER['HTTP_REFERER'] : 'index.php'));
99 $message->error(T('You need to be logged in to access this feature.'));
103 // ###################################################################
105 if ($_POST['do'] == 'sendpw')
107 $user = new UserAPI($bugsys);
108 $user->set('email', $bugsys->in
['email'], true
, false
); // don't verify so we don't get errors about existing emails
109 $user->set_condition(array('email'));
112 if ($message->hasErrors())
114 $show['lostpwerror'] = true
;
115 $_REQUEST['do'] = 'lostpw';
119 $activator = $funct->rand(25);
120 $db->query("INSERT INTO " . TABLE_PREFIX
. "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW
. ", " . $user->objdata
['userid'] . ")");
122 eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', bugdar
::$datastore['language'][$user->objdata
['languageid']]['langcode'])) . '";');
123 $email = $bugsys->xml
->parse($email);
125 $mail->setSubject($email['email']['subject']['value']);
126 $mail->setBodyText($email['email']['bodyText']['value']);
128 $mail->send($user->objdata
['email'], $user->objdata
['displayname']);
130 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata
['email']));
134 // ###################################################################
136 if ($_REQUEST['do'] == 'lostpw')
138 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
141 // ###################################################################
143 if ($_POST['do'] == 'resetpw')
145 // remove old activators
146 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
149 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
152 $message->error(L_INVALID_ID
);
155 $user = new UserAPI($bugsys);
156 $user->set('userid', $activation['userid']);
157 $user->set_condition();
159 if ($bugsys->in
['fix_password'] != $bugsys->in
['confirm_password'])
161 $message->addError(T('The passwords you entered do not patch.'));
163 if (empty($bugsys->in
['fix_password']))
165 $message->addError(T('Your new password cannot be empty.'));
168 $user->set('password', $bugsys->in
['fix_password']);
170 if (!$message->hasErrors())
172 // remove old other activators for this user
173 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE userid = " . $activation['userid']);
176 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
180 $show['errors'] = true
;
181 $_REQUEST['do'] = 'recoverpw';
185 // ###################################################################
187 if ($_REQUEST['do'] == 'recoverpw')
189 // remove old activators
190 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
193 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
196 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
199 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
202 // ###################################################################
204 if ($_REQUEST['do'] == 'cplogout')
206 if ($_COOKIE[COOKIE_PREFIX
. 'adminsession'])
208 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX
. 'adminsession') . "'");
209 $funct->cookie(COOKIE_PREFIX
. 'adminsession');
210 $message->redirect(T('You have been logged out.'), 'admin/');
214 $message->error(T('You are not logged in.'));