error(T('You are already logged in.')); } // ################################################################### if (empty($_REQUEST['do'])) { BSTemplate::fetch('login')->evaluate()->flush(); } // ################################################################### if ($_POST['do'] == 'login' OR $_POST['do'] == 'cplogin') { $keeplogin = $input->inputClean('rememberme', TYPE_BOOL); if ($_POST['cplogin']) { $keeplogin = 0; } if ($_SERVER['HTTP_REFERER'] AND !$_POST['goindex']) { $url = $_SERVER['HTTP_REFERER']; } else { $url = 'index.php'; } if ($auth->authenticateLogin($input->in['email'], $input->in['password'], $keeplogin)) { if ($_POST['do'] == 'cplogin') { $hash = BSFunctions::random(90); $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE dateline < " . (TIMENOW - 3600)); $db->query("INSERT INTO " . TABLE_PREFIX . "adminsession (sessionid, userid, dateline) VALUES ('$hash', " . $auth->bugdarUser['userid'] . ", " . TIMENOW . ")"); BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', $hash, false); } $message->redirect(T('Welcome back! You are now logged in.'), $url); } else { $message->error(T('Invalid email or password.')); } } // ################################################################### if ($_REQUEST['do'] == 'logout') { if (bugdar::$userinfo['userid']) { $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'"); $auth->clearCookies(); BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false); $message->redirect(T('You have been logged out.'), ($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php')); } else { $message->error(T('You need to be logged in to access this feature.')); } } // ################################################################### if ($_POST['do'] == 'sendpw') { $user = new UserAPI(); $user->set('email', $input->in['email'], true, false); // don't verify so we don't get errors about existing emails $user->setCondition(array('email')); $user->fetch(); if ($message->hasErrors()) { $show['lostpwerror'] = true; $_REQUEST['do'] = 'lostpw'; } else { $activator = BSFunctions::random(25); $db->query("INSERT INTO " . TABLE_PREFIX . "passwordreset (activatorid, dateline, userid) VALUES ('" . $activator . "', " . TIMENOW . ", " . $user->record['userid'] . ")"); $email = get_email_text('password_reset'); $mail = new BSMail(); $mail->setSubject($email['subject']); $mail->setBodyText(sprintf($email['bodyText'], $user->record['displayname'], bugdar::$options['trackertitle'], bugdar::$options['trackerurl'], $activator)); $mail->setFromAddress(MAIL_FROM_ADDRESS); $mail->setFromName(MAIL_FROM_NAME); $mail->send($user->record['email'], $user->record['displayname']); $message->message(sprintf(T('An email has been dispatched to %1$s that contains instructions on how to reset your password.'), $user->record['email'])); } } // ################################################################### if ($_REQUEST['do'] == 'lostpw') { BSTemplate::fetch('lostpassword')->evaluate()->flush(); } // ################################################################### if ($_POST['do'] == 'resetpw') { // remove old activators $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400)); // now look for ours $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'"); if (!$activation) { $message->error(L_INVALID_ID); } $user = new UserAPI(); $user->set('userid', $activation['userid']); if ($input->in['fix_password'] != $input->in['confirm_password']) { $message->addError(T('The passwords you entered do not patch.')); } if (empty($input->in['fix_password'])) { $message->addError(T('Your new password cannot be empty.')); } $user->set('password', $input->in['fix_password']); if (!$message->hasErrors()) { // remove old other activators for this user $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE userid = " . $activation['userid']); $user->update(); $message->redirect(T('Your password has been changed successfully. You will now be redirected to the login page.'), 'login.php'); } else { $show['errors'] = true; $_REQUEST['do'] = 'recoverpw'; } } // ################################################################### if ($_REQUEST['do'] == 'recoverpw') { // remove old activators $db->query("DELETE FROM " . TABLE_PREFIX . "passwordreset WHERE dateline < " . (TIMENOW - 86400)); // now look for ours $activation = $db->queryFirst("SELECT * FROM " . TABLE_PREFIX . "passwordreset WHERE activatorid = '" . $input->inputEscape('activator') . "'"); if (!$activation) { $message->error(T('Invalid activation reset key. Please make sure you copied the URL exactly as it appeared in the email.')); } $tpl = new BSTemplate('passwordreset'); $tpl->vars = array( 'activation' => $activation, 'message' => $message ); $tpl->evaluate()->flush(); } // ################################################################### if ($_REQUEST['do'] == 'cplogout') { if ($_COOKIE[COOKIE_PREFIX . 'adminsession']) { $db->query("DELETE FROM " . TABLE_PREFIX . "adminsession WHERE sessionid = '" . $input->inputEscape(COOKIE_PREFIX . 'adminsession') . "'"); BSFunctions::cookie(COOKIE_PREFIX . 'adminsession', false); $message->redirect(T('You have been logged out.'), 'admin/'); } else { $message->error(T('You are not logged in.')); } } ?>