https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
r1410: Moving the password reset email to the template system
[bugdar.git] / login.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar [#]version[#]
5 || # Copyright 2002-[#]year[#] Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version [#]gpl[#] of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'login',
24 'lostpassword',
25 'passwordreset'
26 );
27
28 define('SVN', '$Id$');
29
30 $focus['user'] = 'focus';
31
32 require_once('./global.php');
33 require_once('./includes/api_user.php');
34 require_once('./includes/class_api_error.php');
35
36 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
37
38 // ###################################################################
39
40 if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
41 {
42 $message->error(_('You are already logged in.'));
43 }
44
45 // ###################################################################
46
47 if (empty($_REQUEST['do']))
48 {
49 eval('$template->flush("' . $template->fetch('login') . '");');
50 }
51
52 // ###################################################################
53
54 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
55 {
56 $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL);
57 if ($_POST['cplogin'])
58 {
59 $keeplogin = 0;
60 }
61
62 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
63 {
64 $url = $_SERVER['HTTP_REFERER'];
65 }
66 else
67 {
68 $url = 'index.php';
69 }
70
71 $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'");
72 if (md5(md5($bugsys->in['password']) . md5($userinfo['salt'])) == $userinfo['password'])
73 {
74 if (!$bugsys->userinfo['userid'])
75 {
76 $funct->cookie(COOKIE_PREFIX . 'userid', $userinfo['userid'], $keeplogin);
77 $funct->cookie(COOKIE_PREFIX . 'authkey', $userinfo['authkey'], $keeplogin);
78 }
79
80 if ($_POST['do'] == 'cplogin')
81 {
82 $hash = $funct->rand(90);
83 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
84 $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', $userinfo[userid], " . TIMENOW . ")");
85 $funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
86 }
87 }
88 else
89 {
90 if (!$bugsys->userinfo['userid'])
91 {
92 $funct->cookie(COOKIE_PREFIX . 'userid');
93 $funct->cookie(COOKIE_PREFIX . 'authkey');
94 }
95
96 $message->error(_('Invalid email or password.'));
97 }
98
99 $message->redirect(_('Welcome back! You are now logged in.'), $url);
100 }
101
102 // ###################################################################
103
104 if ($_REQUEST['do'] == 'logout')
105 {
106 if ($bugsys->userinfo['userid'])
107 {
108 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
109 $funct->cookie(COOKIE_PREFIX . 'userid');
110 $funct->cookie(COOKIE_PREFIX . 'authkey');
111 $funct->cookie(COOKIE_PREFIX . 'adminsession');
112 $message->redirect(_('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
113 }
114 else
115 {
116 $message->error(_('You need to be logged in to access this feature.'));
117 }
118 }
119
120 // ###################################################################
121
122 if ($_POST['do'] == 'sendpw')
123 {
124 $user = new UserAPI($bugsys);
125 $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
126 $user->set_condition(array('email'));
127 $user->fetch();
128
129 if ($message->items)
130 {
131 $show['lostpwerror'] = true;
132 $_REQUEST['do'] = 'lostpw';
133 }
134 else
135 {
136 $activator = $funct->rand(25);
137 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
138
139 eval('$email = "' . $template->fetch('email/passwordreset.xml') . '";');
140 $email = $bugsys->xml->parse($email);
141
142 $mail->setSubject($email['email']['subject']['value']);
143 $mail->setBodyText($email['email']['bodyText']['value']);
144
145 $mail->send($user->objdata['email'], $user->objdata['displayname']);
146
147 $message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
148 }
149 }
150
151 // ###################################################################
152
153 if ($_REQUEST['do'] == 'lostpw')
154 {
155 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
156 }
157
158 // ###################################################################
159
160 if ($_POST['do'] == 'resetpw')
161 {
162 // remove old activators
163 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
164
165 // now look for ours
166 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
167 if (!$activation)
168 {
169 $message->error(L_INVALID_ID);
170 }
171
172 $user = new UserAPI($bugsys);
173 $user->set('userid', $activation['userid']);
174 $user->set_condition();
175
176 if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
177 {
178 $message->add_error(_('The passwords you entered do not patch.'));
179 }
180 if (empty($bugsys->in['fix_password']))
181 {
182 $message->add_error(_('Your new password cannot be empty.'));
183 }
184
185 $user->set('password', $bugsys->in['fix_password']);
186
187 if (!$message->items)
188 {
189 // remove old other activators for this user
190 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
191
192 $user->update();
193 $message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
194 }
195 else
196 {
197 $show['errors'] = true;
198 $_REQUEST['do'] = 'recoverpw';
199 $message->error_list_process();
200 }
201 }
202
203 // ###################################################################
204
205 if ($_REQUEST['do'] == 'recoverpw')
206 {
207 // remove old activators
208 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
209
210 // now look for ours
211 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
212 if (!$activation)
213 {
214 $message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
215 }
216
217 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
218 }
219
220 // ###################################################################
221
222 if ($_REQUEST['do'] == 'cplogout')
223 {
224 if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
225 {
226 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
227 $funct->cookie(COOKIE_PREFIX . 'adminsession');
228 $message->redirect(_('You have been logged out.'), 'admin/');
229 }
230 else
231 {
232 $message->error(_('You are not logged in.'));
233 }
234 }
235
236 /*=====================================================================*\
237 || ###################################################################
238 || # $HeadURL$
239 || # $Id$
240 || ###################################################################
241 \*=====================================================================*/
242 ?>
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.