login.php

   1 <?php
   2 /*=====================================================================*\
   3 || ###################################################################
   4 || # Bugdar
   5 || # Copyright 2002-2007 Blue Static
   6 || #
   7 || # This program is free software; you can redistribute it and/or modify
   8 || # it under the terms of the GNU General Public License as published by
   9 || # the Free Software Foundation; version 2 of the License.
  10 || #
  11 || # This program is distributed in the hope that it will be useful, but
  12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
  14 || # more details.
  15 || #
  16 || # You should have received a copy of the GNU General Public License along
  17 || # with this program; if not, write to the Free Software Foundation, Inc.,
  18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
  19 || ###################################################################
  20 \*=====================================================================*/
  21
  22 $fetchtemplates = array(
  23         'login',
  24         'lostpassword',
  25         'passwordreset'
  26 );
  27
  28 define('SVN', '$Id$');
  29
  30 $focus['user'] = 'focus';
  31
  32 require_once('./global.php');
  33 require_once('./includes/api_user.php');
  34 require_once('./includes/class_api_error.php');
  35
  36 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
  37
  38 // ###################################################################
  39
  40 if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
  41 {
  42         $message->error(_('You are already logged in.'));
  43 }
  44
  45 // ###################################################################
  46
  47 if (empty($_REQUEST['do']))
  48 {
  49         eval('$template->flush("' . $template->fetch('login') . '");');
  50 }
  51
  52 // ###################################################################
  53
  54 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
  55 {
  56         $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL);
  57         if ($_POST['cplogin'])
  58         {
  59                 $keeplogin = 0;
  60         }
  61
  62         if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
  63         {
  64                 $url = $_SERVER['HTTP_REFERER'];
  65         }
  66         else
  67         {
  68                 $url = 'index.php';
  69         }
  70
  71         if ($auth->authenticateLogin($bugsys->in['email'], $bugsys->in['password'], $keeplogin))
  72         {
  73                 if ($_POST['do'] == 'cplogin')
  74                 {
  75                         $hash = $funct->rand(90);
  76                         $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
  77                         $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
  78                         $funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
  79                 }
  80                 $message->redirect(_('Welcome back! You are now logged in.'), $url);
  81         }
  82         else
  83         {
  84                 $message->error(_('Invalid email or password.'));
  85         }
  86 }
  87
  88 // ###################################################################
  89
  90 if ($_REQUEST['do'] == 'logout')
  91 {
  92         if ($bugsys->userinfo['userid'])
  93         {
  94                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
  95                 $auth->clearCookies();
  96                 $funct->cookie(COOKIE_PREFIX . 'adminsession');
  97                 $message->redirect(_('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
  98         }
  99         else
 100         {
 101                 $message->error(_('You need to be logged in to access this feature.'));
 102         }
 103 }
 104
 105 // ###################################################################
 106
 107 if ($_POST['do'] == 'sendpw')
 108 {
 109         $user = new UserAPI($bugsys);
 110         $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
 111         $user->set_condition(array('email'));
 112         $user->fetch();
 113
 114         if ($message->hasErrors())
 115         {
 116                 $show['lostpwerror'] = true;
 117                 $_REQUEST['do'] = 'lostpw';
 118         }
 119         else
 120         {
 121                 $activator = $funct->rand(25);
 122                 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
 123
 124                 eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', $bugsys->datastore['language'][$user->objdata['languageid']]['langcode'])) . '";');
 125                 $email = $bugsys->xml->parse($email);
 126
 127                 $mail->setSubject($email['email']['subject']['value']);
 128                 $mail->setBodyText($email['email']['bodyText']['value']);
 129
 130                 $mail->send($user->objdata['email'], $user->objdata['displayname']);
 131
 132                 $message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
 133         }
 134 }
 135
 136 // ###################################################################
 137
 138 if ($_REQUEST['do'] == 'lostpw')
 139 {
 140         eval('$template->flush("' . $template->fetch('lostpassword') . '");');
 141 }
 142
 143 // ###################################################################
 144
 145 if ($_POST['do'] == 'resetpw')
 146 {
 147         // remove old activators
 148         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 149
 150         // now look for ours
 151         $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
 152         if (!$activation)
 153         {
 154                 $message->error(L_INVALID_ID);
 155         }
 156
 157         $user = new UserAPI($bugsys);
 158         $user->set('userid', $activation['userid']);
 159         $user->set_condition();
 160
 161         if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
 162         {
 163                 $message->addError(_('The passwords you entered do not patch.'));
 164         }
 165         if (empty($bugsys->in['fix_password']))
 166         {
 167                 $message->addError(_('Your new password cannot be empty.'));
 168         }
 169
 170         $user->set('password', $bugsys->in['fix_password']);
 171
 172         if (!$message->hasErrors())
 173         {
 174                 // remove old other activators for this user
 175                 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
 176
 177                 $user->update();
 178                 $message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
 179         }
 180         else
 181         {
 182                 $show['errors'] = true;
 183                 $_REQUEST['do'] = 'recoverpw';
 184         }
 185 }
 186
 187 // ###################################################################
 188
 189 if ($_REQUEST['do'] == 'recoverpw')
 190 {
 191         // remove old activators
 192         $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
 193
 194         // now look for ours
 195         $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
 196         if (!$activation)
 197         {
 198                 $message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
 199         }
 200
 201         eval('$template->flush("' . $template->fetch('passwordreset') . '");');
 202 }
 203
 204 // ###################################################################
 205
 206 if ($_REQUEST['do'] == 'cplogout')
 207 {
 208         if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
 209         {
 210                 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
 211                 $funct->cookie(COOKIE_PREFIX . 'adminsession');
 212                 $message->redirect(_('You have been logged out.'), 'admin/');
 213         }
 214         else
 215         {
 216                 $message->error(_('You are not logged in.'));
 217         }
 218 }
 219
 220 /*=====================================================================*\
 221 || ###################################################################
 222 || # $HeadURL$
 223 || # $Id$
 224 || ###################################################################
 225 \*=====================================================================*/
 226 ?>