]> src.bluestatic.org Git - bugdar.git/blob - login.php
https://src.bluestatic.org / bugdar.git / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Drop the executable bit from all PHP files.
[bugdar.git] / login.php
1 <?php
2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar
5 || # Copyright 2002-2007 Blue Static
6 || #
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version 2 of the License.
10 || #
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 || # more details.
15 || #
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
21
22 $fetchtemplates = array(
23 'login',
24 'lostpassword',
25 'passwordreset'
26 );
27
28
29 $focus['user'] = 'focus';
30
31 require_once('./global.php');
32 require_once('./includes/api_user.php');
33 require_once('./includes/class_api_error.php');
34
35 APIError(array(new API_Error_Handler($message), 'user_cumulative'));
36
37 // ###################################################################
38
39 if ($bugsys->userinfo['userid'] AND $_REQUEST['do'] != 'logout' AND $_POST['do'] != 'cplogin' AND $_REQUEST['do'] != 'cplogout')
40 {
41 $message->error(T('You are already logged in.'));
42 }
43
44 // ###################################################################
45
46 if (empty($_REQUEST['do']))
47 {
48 eval('$template->flush("' . $template->fetch('login') . '");');
49 }
50
51 // ###################################################################
52
53 if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin')
54 {
55 $keeplogin = $bugsys->input_clean('rememberme', TYPE_BOOL);
56 if ($_POST['cplogin'])
57 {
58 $keeplogin = 0;
59 }
60
61 if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex'])
62 {
63 $url = $_SERVER['HTTP_REFERER'];
64 }
65 else
66 {
67 $url = 'index.php';
68 }
69
70 if ($auth->authenticateLogin($bugsys->in['email'], $bugsys->in['password'], $keeplogin))
71 {
72 if ($_POST['do'] == 'cplogin')
73 {
74 $hash = $funct->rand(90);
75 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600));
76 $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")");
77 $funct->cookie(COOKIE_PREFIX . 'adminsession', $hash, false);
78 }
79 $message->redirect(T('Welcome back! You are now logged in.'), $url);
80 }
81 else
82 {
83 $message->error(T('Invalid email or password.'));
84 }
85 }
86
87 // ###################################################################
88
89 if ($_REQUEST['do'] == 'logout')
90 {
91 if ($bugsys->userinfo['userid'])
92 {
93 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
94 $auth->clearCookies();
95 $funct->cookie(COOKIE_PREFIX . 'adminsession');
96 $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php'));
97 }
98 else
99 {
100 $message->error(T('You need to be logged in to access this feature.'));
101 }
102 }
103
104 // ###################################################################
105
106 if ($_POST['do'] == 'sendpw')
107 {
108 $user = new UserAPI($bugsys);
109 $user->set('email', $bugsys->in['email'], true, false); // don't verify so we don't get errors about existing emails
110 $user->set_condition(array('email'));
111 $user->fetch();
112
113 if ($message->hasErrors())
114 {
115 $show['lostpwerror'] = true;
116 $_REQUEST['do'] = 'lostpw';
117 }
118 else
119 {
120 $activator = $funct->rand(25);
121 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid'] . ")");
122
123 eval('$email = "' . $template->fetch(FetchEmailPath('passwordreset.xml', bugdar::$datastore['language'][$user->objdata['languageid']]['langcode'])) . '";');
124 $email = $bugsys->xml->parse($email);
125
126 $mail->setSubject($email['email']['subject']['value']);
127 $mail->setBodyText($email['email']['bodyText']['value']);
128
129 $mail->send($user->objdata['email'], $user->objdata['displayname']);
130
131 $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->objdata['email']));
132 }
133 }
134
135 // ###################################################################
136
137 if ($_REQUEST['do'] == 'lostpw')
138 {
139 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
140 }
141
142 // ###################################################################
143
144 if ($_POST['do'] == 'resetpw')
145 {
146 // remove old activators
147 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
148
149 // now look for ours
150 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
151 if (!$activation)
152 {
153 $message->error(L_INVALID_ID);
154 }
155
156 $user = new UserAPI($bugsys);
157 $user->set('userid', $activation['userid']);
158 $user->set_condition();
159
160 if ($bugsys->in['fix_password'] != $bugsys->in['confirm_password'])
161 {
162 $message->addError(T('The passwords you entered do not patch.'));
163 }
164 if (empty($bugsys->in['fix_password']))
165 {
166 $message->addError(T('Your new password cannot be empty.'));
167 }
168
169 $user->set('password', $bugsys->in['fix_password']);
170
171 if (!$message->hasErrors())
172 {
173 // remove old other activators for this user
174 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']);
175
176 $user->update();
177 $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php');
178 }
179 else
180 {
181 $show['errors'] = true;
182 $_REQUEST['do'] = 'recoverpw';
183 }
184 }
185
186 // ###################################################################
187
188 if ($_REQUEST['do'] == 'recoverpw')
189 {
190 // remove old activators
191 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
192
193 // now look for ours
194 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
195 if (!$activation)
196 {
197 $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.'));
198 }
199
200 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
201 }
202
203 // ###################################################################
204
205 if ($_REQUEST['do'] == 'cplogout')
206 {
207 if ($_COOKIE[COOKIE_PREFIX . 'adminsession'])
208 {
209 $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $bugsys->input_escape(COOKIE_PREFIX . 'adminsession') . "'");
210 $funct->cookie(COOKIE_PREFIX . 'adminsession');
211 $message->redirect(T('You have been logged out.'), 'admin/');
212 }
213 else
214 {
215 $message->error(T('You are not logged in.'));
216 }
217 }
218
Open-source PHP-MySQL bug tracking system that has customizable CSS/XHTML templates, email notifications, Atom syndication, internationalization support, and a very simple setup.