2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar [#]version[#]
5 || # Copyright 2002-[#]year[#] Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version [#]gpl[#] of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array(
28 define('SVN', '$Id$');
30 $focus['user
'] = 'focus
';
32 require_once('./global.php
');
33 require_once('./includes
/api_user
.php
');
34 require_once('./includes
/class_api_error
.php
');
36 APIError(array(new API_Error_Handler($message), 'user_cumulative
'));
38 // ###################################################################
40 if ($bugsys->userinfo['userid
'] AND $_REQUEST['do'] != 'logout
' AND $_POST['do'] != 'cplogin
' AND $_REQUEST['do'] != 'cplogout
')
42 $message->error(_('You are already logged in
.'));
45 // ###################################################################
47 if (empty($_REQUEST['do']))
49 eval('$template->flush("' . $template->fetch('login') . '");');
52 // ###################################################################
54 if ($_POST['do'] == 'login
' OR $_POST['do'] == 'cplogin
')
56 $keeplogin = $bugsys->input_clean('rememberme
', TYPE_BOOL);
57 if ($_POST['cplogin
'])
62 if ($_SERVER['HTTP_REFERER
'] AND !$_POST['goindex
'])
64 $url = $_SERVER['HTTP_REFERER
'];
71 if ($auth->authenticateLogin($bugsys->in['email
'], $bugsys->in['password
'], $keeplogin))
73 if ($_POST['do'] == 'cplogin
')
75 $hash = $funct->rand(90);
76 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
77 $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
78 $funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
80 $message->redirect(_('Welcome back! You are now logged in.'), $url);
84 $message->error(_('Invalid email or password.'));
88 // ###################################################################
90 if ($_REQUEST['do'] == 'logout')
92 if ($bugsys->userinfo['userid'])
94 $db->query("DELETE FROM
" . TABLE_PREFIX . "adminsession WHERE sessionid
= '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession
') . "'");
95 $funct->cookie(COOKIE_PREFIX . 'userid');
96 $funct->cookie(COOKIE_PREFIX . 'authkey');
97 $funct->cookie(COOKIE_PREFIX . 'adminsession');
98 $message->redirect(_('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
102 $message->error(_('You need to be logged in to access this feature.'));
106 // ###################################################################
108 if ($_POST['do'] == 'sendpw')
110 $user = new UserAPI($bugsys);
111 $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
112 $user->set_condition(array('email'));
117 $show['lostpwerror'] = true;
118 $_REQUEST['do'] = 'lostpw';
122 $activator = $funct->rand(25);
123 $db->query("INSERT INTO
" . TABLE_PREFIX . "passwordreset (activatorid
, dateline
, userid
) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
125 eval('$email = "' . $template->fetch('email
/passwordreset
.xml
') . '";');
126 $email = $bugsys->xml->parse($email);
128 $mail->setSubject($email['email']['subject']['value']);
129 $mail->setBodyText($email['email']['bodyText']['value']);
131 $mail->send($user->objdata['email'], $user->objdata['displayname']);
133 $message->message(sprintf(_('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
137 // ###################################################################
139 if ($_REQUEST['do'] == 'lostpw')
141 eval('$template->flush("' . $template->fetch('lostpassword
') . '");');
144 // ###################################################################
146 if ($_POST['do'] == 'resetpw')
148 // remove old activators
149 $db->query("DELETE FROM
" . TABLE_PREFIX . "passwordreset WHERE dateline
< " . (TIMENOW - 86400));
152 $activation = $db->query_first("SELECT
* FROM
" . TABLE_PREFIX . "passwordreset WHERE activatorid
= '" . $bugsys->input_escape('activator
') . "'");
155 $message->error(L_INVALID_ID);
158 $user = new UserAPI($bugsys);
159 $user->set('userid', $activation['userid']);
160 $user->set_condition();
162 if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
164 $message->addError(_('The passwords you entered do not patch.'));
166 if (empty($bugsys->in['fix_password']))
168 $message->addError(_('Your new password cannot be empty.'));
171 $user->set('password', $bugsys->in['fix_password']);
173 if (!$message->hasErrors())
175 // remove old other activators for this user
176 $db->query("DELETE FROM
" . TABLE_PREFIX . "passwordreset WHERE userid
= " . $activation['userid']);
179 $message->redirect(_('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
183 $show['errors'] = true;
184 $_REQUEST['do'] = 'recoverpw';
188 // ###################################################################
190 if ($_REQUEST['do'] == 'recoverpw')
192 // remove old activators
193 $db->query("DELETE FROM
" . TABLE_PREFIX . "passwordreset WHERE dateline
< " . (TIMENOW - 86400));
196 $activation = $db->query_first("SELECT
* FROM
" . TABLE_PREFIX . "passwordreset WHERE activatorid
= '" . $bugsys->input_escape('activator
') . "'");
199 $message->error(_('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
202 eval('$template->flush("' . $template->fetch('passwordreset
') . '");');
205 // ###################################################################
207 if ($_REQUEST['do'] == 'cplogout')
209 if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
211 $db->query("DELETE FROM
" . TABLE_PREFIX . "adminsession WHERE sessionid
= '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession
') . "'");
212 $funct->cookie(COOKIE_PREFIX . 'adminsession');
213 $message->redirect(_('You have been logged out.'), 'admin/');
217 $message->error(_('You are not logged in.'));
221 /*=====================================================================*\
222 || ###################################################################
225 || ###################################################################
226 \*=====================================================================*/