https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
We can't evaluate the footer template as a globalVar because it won't have all the...
[bugdar.git] / login.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright 2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'login',
24 'lostpassword',
25 'passwordreset'
26 );
27
28
29 $focus['user'] = 'focus';
30
31 require_once('./global.php');
32 require_once('./includes/api_user.php');
33
34 // ###################################################################
35
36 if (bugdar::$userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
37 {
38 $message->error(T('You are already logged in.'));
39 }
40
41 // ###################################################################
42
43 if (empty($_REQUEST['do']))
44 {
45 BSTemplate::fetch('login')->evaluate()->flush();
46 }
47
48 // ###################################################################
49
50 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
51 {
52 $keeplogin = $input->inputClean('rememberme', TYPE_BOOL);
53 if ($_POST['cplogin'])
54 {
55 $keeplogin = 0;
56 }
57
58 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
59 {
60 $url = $_SERVER['HTTP_REFERER'];
61 }
62 else
63 {
64 $url = 'index.php';
65 }
66
67 if ($auth->authenticateLogin($input->in['email'], $input->in['password'], $keeplogin))
68 {
69 if ($_POST['do'] == 'cplogin')
70 {
71 $hash = BSFunctions::random(90);
72 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
73 $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
74 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
75 }
76 $message->redirect(T('Welcome back! You are now logged in.'), $url);
77 }
78 else
79 {
80 $message->error(T('Invalid email or password.'));
81 }
82 }
83
84 // ###################################################################
85
86 if ($_REQUEST['do'] == 'logout')
87 {
88 if (bugdar::$userinfo['userid'])
89 {
90 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
91 $auth->clearCookies();
92 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false);
93 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
94 }
95 else
96 {
97 $message->error(T('You need to be logged in to access this feature.'));
98 }
99 }
100
101 // ###################################################################
102
103 if ($_POST['do'] == 'sendpw')
104 {
105 $user = new UserAPI();
106 $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails
107 $user->setCondition(array('email'));
108 $user->fetch();
109
110 if ($message->hasErrors())
111 {
112 $show['lostpwerror'] = true;
113 $_REQUEST['do'] = 'lostpw';
114 }
115 else
116 {
117 $activator = BSFunctions::random(25);
118 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")");
119
120 $email = get_email_text('password_reset');
121 $mail = new BSMail();
122 $mail->setSubject($email['subject']);
123 $mail->setBodyText(sprintf($email['bodyText'], $user->record['displayname'], bugdar::$options['trackertitle'], bugdar::$options['trackerurl'], $activator));
124 $mail->setFromAddress(MAIL_FROM_ADDRESS);
125 $mail->setFromName(MAIL_FROM_NAME);
126 $mail->send($user->record['email'], $user->record['displayname']);
127
128 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->record['email']));
129 }
130 }
131
132 // ###################################################################
133
134 if ($_REQUEST['do'] == 'lostpw')
135 {
136 BSTemplate::fetch('lostpassword')->evaluate()->flush();
137 }
138
139 // ###################################################################
140
141 if ($_POST['do'] == 'resetpw')
142 {
143 // remove old activators
144 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
145
146 // now look for ours
147 $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
148 if (!$activation)
149 {
150 $message->error(L_INVALID_ID);
151 }
152
153 $user = new UserAPI();
154 $user->set('userid', $activation['userid']);
155
156 if ($input->in['fix_password'] != $input->in['confirm_password'])
157 {
158 $message->addError(T('The passwords you entered do not patch.'));
159 }
160 if (empty($input->in['fix_password']))
161 {
162 $message->addError(T('Your new password cannot be empty.'));
163 }
164
165 $user->set('password', $input->in['fix_password']);
166
167 if (!$message->hasErrors())
168 {
169 // remove old other activators for this user
170 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
171
172 $user->update();
173 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
174 }
175 else
176 {
177 $show['errors'] = true;
178 $_REQUEST['do'] = 'recoverpw';
179 }
180 }
181
182 // ###################################################################
183
184 if ($_REQUEST['do'] == 'recoverpw')
185 {
186 // remove old activators
187 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
188
189 // now look for ours
190 $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'");
191 if (!$activation)
192 {
193 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
194 }
195
196 $tpl = new BSTemplate('passwordreset');
197 $tpl->vars = array(
198 'activation' => $activation,
199 'message' => $message
200 );
201 $tpl->evaluate()->flush();
202 }
203
204 // ###################################################################
205
206 if ($_REQUEST['do'] == 'cplogout')
207 {
208 if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
209 {
210 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'");
211 BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false);
212 $message->redirect(T('You have been logged out.'), 'admin/');
213 }
214 else
215 {
216 $message->error(T('You are not logged in.'));
217 }
218 }
219
220 ?>
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.