login.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar
   5 || # Copyright 2002-2007 Blue Static
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version 2 of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 $fetchtemplates = array(
  23         'login',
  24         'lostpassword',
  25         'passwordreset'
  26 );
  27
  28 define('SVN', '$Id$');
  29
  30 $focus['user'] = 'focus';
  31
  32 require_once('./global.php');
  33 require_once('./includes/api_user.php');
  34
  35 // ###################################################################
  36
  37 if (bugdar::$userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
  38 {
  39         $message->error(T('You are already logged in.'));
  40 }
  41
  42 // ###################################################################
  43
  44 if (empty($_REQUEST['do']))
  45 {
  46         BSTemplate::fetch('login')->evaluate()->flush();
  47 }
  48
  49 // ###################################################################
  50
  51 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
  52 {
  53         $keeplogin = $input->inputClean('rememberme', TYPE_BOOL);
  54         if ($_POST['cplogin'])
  55         {
  56                 $keeplogin = 0;
  57         }
  58
  59         if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
  60         {
  61                 $url = $_SERVER['HTTP_REFERER'];
  62         }
  63         else
  64         {
  65                 $url = 'index.php';
  66         }
  67
  68         if ($auth->authenticateLogin($input->in['email'], $input->in['password'], $keeplogin))
  69         {
  70                 if ($_POST['do'] == 'cplogin')
  71                 {
  72                         $hash = BSFunctions::random(90);
  73                         $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
  74                         $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
  75                         BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
  76                 }
  77                 $message->redirect(T('Welcome back! You are now logged in.'), $url);
  78         }
  79         else
  80         {
  81                 $message->error(T('Invalid email or password.'));
  82         }
  83 }
  84
  85 // ###################################################################
  86
  87 if ($_REQUEST['do'] == 'logout')
  88 {
  89         if (bugdar::$userinfo['userid'])
  90         {
  91                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
  92                 $auth->clearCookies();
  93                 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false);
  94                 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
  95         }
  96         else
  97         {
  98                 $message->error(T('You need to be logged in to access this feature.'));
  99         }
 100 }
 101
 102 // ###################################################################
 103
 104 if ($_POST['do'] == 'sendpw')
 105 {
 106         $user = new UserAPI();
 107         $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails
 108         $user->setCondition(array('email'));
 109         $user->fetch();
 110
 111         if ($message->hasErrors())
 112         {
 113                 $show['lostpwerror'] = true;
 114                 $_REQUEST['do'] = 'lostpw';
 115         }
 116         else
 117         {
 118                 $activator = BSFunctions::random(25);
 119                 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")");
 120
 121                 $email = get_email_text('password_reset');
 122                 $mail = new BSMail();
 123                 $mail->setSubject($email['subject']);
 124                 $mail->setBodyText(sprintf($email['bodyText'], $user->record['displayname'], bugdar::$options['trackertitle'], bugdar::$options['trackerurl'], $activator));
 125                 $mail->setFromAddress(MAIL_FROM_ADDRESS);
 126                 $mail->setFromName(MAIL_FROM_NAME);
 127                 $mail->send($user->record['email'], $user->record['displayname']);
 128
 129                 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->record['email']));
 130         }
 131 }
 132
 133 // ###################################################################
 134
 135 if ($_REQUEST['do'] == 'lostpw')
 136 {
 137         BSTemplate::fetch('lostpassword')->evaluate()->flush();
 138 }
 139
 140 // ###################################################################
 141
 142 if ($_POST['do'] == 'resetpw')
 143 {
 144         // remove old activators
 145         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 146
 147         // now look for ours
 148         $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
 149         if (!$activation)
 150         {
 151                 $message->error(L_INVALID_ID);
 152         }
 153
 154         $user = new UserAPI();
 155         $user->set('userid', $activation['userid']);
 156
 157         if ($input->in['fix_password'] != $input->in['confirm_password'])
 158         {
 159                 $message->addError(T('The passwords you entered do not patch.'));
 160         }
 161         if (empty($input->in['fix_password']))
 162         {
 163                 $message->addError(T('Your new password cannot be empty.'));
 164         }
 165
 166         $user->set('password', $input->in['fix_password']);
 167
 168         if (!$message->hasErrors())
 169         {
 170                 // remove old other activators for this user
 171                 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
 172
 173                 $user->update();
 174                 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
 175         }
 176         else
 177         {
 178                 $show['errors'] = true;
 179                 $_REQUEST['do'] = 'recoverpw';
 180         }
 181 }
 182
 183 // ###################################################################
 184
 185 if ($_REQUEST['do'] == 'recoverpw')
 186 {
 187         // remove old activators
 188         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 189
 190         // now look for ours
 191         $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
 192         if (!$activation)
 193         {
 194                 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
 195         }
 196
 197         $tpl = new BSTemplate('passwordreset');
 198         $tpl->vars = array(
 199                 'activation'    => $activation,
 200                 'message'               => $message
 201         );
 202         $tpl->evaluate()->flush();
 203 }
 204
 205 // ###################################################################
 206
 207 if ($_REQUEST['do'] == 'cplogout')
 208 {
 209         if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
 210         {
 211                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
 212                 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false);
 213                 $message->redirect(T('You have been logged out.'), 'admin/');
 214         }
 215         else
 216         {
 217                 $message->error(T('You are not logged in.'));
 218         }
 219 }
 220
 221 /*=====================================================================*\
 222 || ###################################################################
 223 || # $HeadURL$
 224 || # $Id$
 225 || ###################################################################
 226 \*=====================================================================*/
 227 ?>