2 /*=====================================================================*\
3 || ###################################################################
4 || # Bugdar [#]version[#]
5 || # Copyright 2002-[#]year[#] Blue Static
7 || # This program is free software; you can redistribute it and/or modify
8 || # it under the terms of the GNU General Public License as published by
9 || # the Free Software Foundation; version [#]gpl[#] of the License.
11 || # This program is distributed in the hope that it will be useful, but
12 || # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
13 || # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 || # You should have received a copy of the GNU General Public License along
17 || # with this program; if not, write to the Free Software Foundation, Inc.,
18 || # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
19 || ###################################################################
20 \*=====================================================================*/
22 $fetchtemplates = array(
28 define('SVN', '$Id$');
30 $focus['user
'] = 'focus
';
32 require_once('./global.php
');
33 require_once('./includes
/api_user
.php
');
34 require_once('./includes
/class_api_error
.php
');
36 APIError(array(new API_Error_Handler($message), 'user_cumulative
'));
38 // ###################################################################
40 if ($bugsys->userinfo['userid
'] AND $_REQUEST['do'] != 'logout
' AND $_POST['do'] != 'cplogin
' AND $_REQUEST['do'] != 'cplogout
')
42 $message->error(_('You are already logged in
.'));
45 // ###################################################################
47 if (empty($_REQUEST['do']))
49 eval('$template->flush("' . $template->fetch('login') . '");');
52 // ###################################################################
54 if ($_POST['do'] == 'login
' OR $_POST['do'] == 'cplogin
')
56 $keeplogin = $bugsys->input_clean('rememberme
', TYPE_BOOL);
57 if ($_POST['cplogin
'])
62 if ($_SERVER['HTTP_REFERER
'] AND !$_POST['goindex
'])
64 $url = $_SERVER['HTTP_REFERER
'];
71 $userinfo = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "user WHERE email = '" . $bugsys->input_escape('email') . "'");
72 if (md5(md5($bugsys->in['password
']) . md5($userinfo['salt
'])) == $userinfo['password
'])
74 if (!$bugsys->userinfo['userid
'])
76 $funct->cookie(COOKIE_PREFIX . 'userid
', $userinfo['userid
'], $keeplogin);
77 $funct->cookie(COOKIE_PREFIX . 'authkey
', $userinfo['authkey
'], $keeplogin);
80 if ($_POST['do'] == 'cplogin
')
82 $funct->cookie(COOKIE_PREFIX . 'adminsession
', md5(md5($userinfo['authkey
']) . md5(gmdate('F j
, Y
@ H
'))), false);
87 if (!$bugsys->userinfo['userid
'])
89 $funct->cookie(COOKIE_PREFIX . 'userid
');
90 $funct->cookie(COOKIE_PREFIX . 'authkey
');
93 $message->error(_('Invalid email
or password
.'));
96 $message->redirect(_('Welcome back
! You are now logged in
.'), $url);
99 // ###################################################################
101 if ($_REQUEST['do'] == 'logout
')
103 if ($bugsys->userinfo['userid
'])
105 $funct->cookie(COOKIE_PREFIX . 'userid
');
106 $funct->cookie(COOKIE_PREFIX . 'authkey
');
107 $funct->cookie(COOKIE_PREFIX . 'adminsession
');
108 $message->redirect(_('You have been logged out
.'), ($_SERVER['HTTP_REFERER
'] ? $_SERVER['HTTP_REFERER
'] : 'index
.php
'));
112 $message->error(_('You need to be logged in to access this feature
.'));
116 // ###################################################################
118 if ($_POST['do'] == 'sendpw
')
120 $user = new UserAPI($bugsys);
121 $user->set('email
', $bugsys->in['email
'], true, false); // don't verify so we don
't get errors about existing emails
122 $user->set_condition(array('email
'));
127 $show['lostpwerror
'] = true;
128 $_REQUEST['do'] = 'lostpw
';
132 $activator = $funct->rand(25);
133 $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->objdata['userid
'] . ")");
135 $mail->setSubject(sprintf(_('%
1$s Password Reset
'), $bugsys->options['trackertitle
']));
136 $mail->setBodyText(sprintf(_('Hi %
1$s,
138 You requested this lost password email at the %
2$s bug tracker
. To reset your password
, simply click the link
below (or paste it into your browser window exactly
) and enter a
new password
.
140 %
3$s/login
.php
?do=recoverpw
&activator
=%
4$s
142 If you did not request this
, do not worry
as this notice will expire in
24 hours
.'),
144 $user->objdata['displayname
'],
145 $bugsys->options['trackertitle
'],
146 $bugsys->options['trackerurl
'],
150 $mail->send($user->objdata['email
'], $user->objdata['displayname
']);
152 $message->message(sprintf(_('An email has been dispatched to %
1$s that contains instructions on how to reset your password
.'), $user->objdata['email
']));
156 // ###################################################################
158 if ($_REQUEST['do'] == 'lostpw
')
160 eval('$template->flush("' . $template->fetch('lostpassword') . '");');
163 // ###################################################################
165 if ($_POST['do'] == 'resetpw
')
167 // remove old activators
168 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
171 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
174 $message->error(L_INVALID_ID);
177 $user = new UserAPI($bugsys);
178 $user->set('userid
', $activation['userid
']);
179 $user->set_condition();
181 if ($bugsys->in['fix_password
'] != $bugsys->in['confirm_password
'])
183 $message->add_error(_('The passwords you entered
do not patch
.'));
185 if (empty($bugsys->in['fix_password
']))
187 $message->add_error(_('Your
new password cannot be
empty.'));
190 $user->set('password
', $bugsys->in['fix_password
']);
192 if (!$message->items)
194 // remove old other activators for this user
195 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid
']);
198 $message->redirect(_('Your password has been changed successfully
. You will now be redirected to the login page
.'), 'login
.php
');
202 $show['errors
'] = true;
203 $_REQUEST['do'] = 'recoverpw
';
204 $message->error_list_process();
208 // ###################################################################
210 if ($_REQUEST['do'] == 'recoverpw
')
212 // remove old activators
213 $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400));
216 $activation = $db->query_first("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $bugsys->input_escape('activator') . "'");
219 $message->error(_('Invalid activation reset key
. Please make sure you copied the URL exactly
as it appeared in the email
.'));
222 eval('$template->flush("' . $template->fetch('passwordreset') . '");');
225 // ###################################################################
227 if ($_REQUEST['do'] == 'cplogout
')
229 if ($_COOKIE[COOKIE_PREFIX . 'adminsession
'])
231 $funct->cookie(COOKIE_PREFIX . 'adminsession
');
232 $message->redirect(_('You have been logged out
.'), 'admin
/');
236 $message->error(_('You are not logged in
.'));
240 /*=====================================================================*\
241 || ###################################################################
244 || ###################################################################
245 \*=====================================================================*/
https://src.bluestatic.org / bugdar.git / blob