2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar [#]version[#]
5 || # Copyright 2002-[#]year[#] Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version [#]gpl[#] of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array(
28 define('SVN', '$Id$');
30 $focus['user'] = 'focus';
32 require_once('./global.php');
33 require_once('./includes/api_user.php');
34 require_once('./includes/class_api_error.php');
36 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
38 // ###################################################################
40 if ($bugsys->userinfo
['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
42 $message->error(_('You are already logged in.'));
45 // ###################################################################
47 if (empty($_REQUEST['do']))
49 eval('$template->flush("' . $template->fetch('login') . '");');
52 // ###################################################################
54 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
56 $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL
);
57 if ($_POST['cplogin'])
62 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
64 $url = $_SERVER['HTTP_REFERER'];
71 $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "user WHERE email = '" . $bugsys->input_escape('email') . "'");
72 if (md5(md5($bugsys->in
['password']) . md5($userinfo['salt'])) == $userinfo['password'])
74 if (!$bugsys->userinfo
['userid'])
76 $funct->cookie(COOKIE_PREFIX
. 'userid', $userinfo['userid'], $keeplogin);
77 $funct->cookie(COOKIE_PREFIX
. 'authkey', $userinfo['authkey'], $keeplogin);
80 if ($_POST['do'] == 'cplogin')
82 $hash = $funct->rand(90);
83 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE dateline < " . (TIMENOW
- 3600));
84 $db->query("INSERT INTO " . TABLE_PREFIX
. "adminsession (sessionid, userid, dateline) VALUES ('$hash', $userinfo[userid], " . TIMENOW
. ")");
85 $funct->cookie(COOKIE_PREFIX
. 'adminsession', $hash, false
);
90 if (!$bugsys->userinfo
['userid'])
92 $funct->cookie(COOKIE_PREFIX
. 'userid');
93 $funct->cookie(COOKIE_PREFIX
. 'authkey');
96 $message->error(_('Invalid email or password.'));
99 $message->redirect(_('Welcome back! You are now logged in.'), $url);
102 // ###################################################################
104 if ($_REQUEST['do'] == 'logout')
106 if ($bugsys->userinfo
['userid'])
108 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX
. 'adminsession') . "'");
109 $funct->cookie(COOKIE_PREFIX
. 'userid');
110 $funct->cookie(COOKIE_PREFIX
. 'authkey');
111 $funct->cookie(COOKIE_PREFIX
. 'adminsession');
112 $message->redirect(_('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ?
$_SERVER['HTTP_REFERER'] : 'index.php'));
116 $message->error(_('You need to be logged in to access this feature.'));
120 // ###################################################################
122 if ($_POST['do'] == 'sendpw')
124 $user = new UserAPI($bugsys);
125 $user->set('email', $bugsys->in
['email'], true
, false
); // don't verify so we don't get errors about existing emails
126 $user->set_condition(array('email'));
131 $show['lostpwerror'] = true
;
132 $_REQUEST['do'] = 'lostpw';
136 $activator = $funct->rand(25);
137 $db->query("INSERT INTO " . TABLE_PREFIX
. "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW
. ", " . $user->objdata
['userid'] . ")");
139 $mail->setSubject(sprintf(_('%1$s Password Reset'), $bugsys->options
['trackertitle']));
140 $mail->setBodyText(sprintf(_('Hi %1$s,
142 You requested this lost password email at the %2$s bug tracker. To reset your password, simply click the link below (or paste it into your browser window exactly) and enter a new password.
144 %3$s/login.php?do=recoverpw&activator=%4$s
146 If you did not request this, do not worry as this notice will expire in 24 hours.'),
148 $user->objdata
['displayname'],
149 $bugsys->options
['trackertitle'],
150 $bugsys->options
['trackerurl'],
154 $mail->send($user->objdata
['email'], $user->objdata
['displayname']);
156 $message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata
['email']));
160 // ###################################################################
162 if ($_REQUEST['do'] == 'lostpw')
164 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
167 // ###################################################################
169 if ($_POST['do'] == 'resetpw')
171 // remove old activators
172 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
175 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
178 $message->error(L_INVALID_ID
);
181 $user = new UserAPI($bugsys);
182 $user->set('userid', $activation['userid']);
183 $user->set_condition();
185 if ($bugsys->in
['fix_password'] != $bugsys->in
['confirm_password'])
187 $message->add_error(_('The passwords you entered do not patch.'));
189 if (empty($bugsys->in
['fix_password']))
191 $message->add_error(_('Your new password cannot be empty.'));
194 $user->set('password', $bugsys->in
['fix_password']);
196 if (!$message->items
)
198 // remove old other activators for this user
199 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE userid = " . $activation['userid']);
202 $message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
206 $show['errors'] = true
;
207 $_REQUEST['do'] = 'recoverpw';
208 $message->error_list_process();
212 // ###################################################################
214 if ($_REQUEST['do'] == 'recoverpw')
216 // remove old activators
217 $db->query("DELETE FROM " . TABLE_PREFIX
. "passwordreset WHERE dateline < " . (TIMENOW
- 86400));
220 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX
. "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
223 $message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
226 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
229 // ###################################################################
231 if ($_REQUEST['do'] == 'cplogout')
233 if ($_COOKIE[COOKIE_PREFIX
. 'adminsession'])
235 $db->query("DELETE FROM " . TABLE_PREFIX
. "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX
. 'adminsession') . "'");
236 $funct->cookie(COOKIE_PREFIX
. 'adminsession');
237 $message->redirect(_('You have been logged out.'), 'admin/');
241 $message->error(_('You are not logged in.'));
245 /*=====================================================================*\
246 || ###################################################################
249 || ###################################################################
250 \*=====================================================================*/