Subversion Repositories Applications.papyrus

Rev

Rev 1087 | Details | Compare with Previous | Last modification | View Log | RSS feed

Rev Author Line No. Line
831 florian 1
<?php
2
 
3
////////////////////////////////////////////////////////////////////////////////
4
//                                                                            //
5
//   Copyright (C) 2006  Phorum Development Team                              //
6
//   http://www.phorum.org                                                    //
7
//                                                                            //
8
//   This program is free software. You can redistribute it and/or modify     //
9
//   it under the terms of either the current Phorum License (viewable at     //
10
//   phorum.org) or the Phorum License that was distributed with this file    //
11
//                                                                            //
12
//   This program is distributed in the hope that it will be useful,          //
13
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
14
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
15
//                                                                            //
16
//   You should have received a copy of the Phorum License                    //
17
//   along with this program.                                                 //
18
////////////////////////////////////////////////////////////////////////////////
19
define('phorum_page','login');
20
 
21
include_once( "./common.php" );
22
include_once( "./include/users.php" );
23
include_once( "./include/email_functions.php" );
24
 
25
// ----------------------------------------------------------------------------
26
// Handle logout
27
// ----------------------------------------------------------------------------
28
 
29
if ($PHORUM['DATA']['LOGGEDIN'] && !empty($PHORUM["args"]["logout"])) {
30
 
31
    // killing long-term cookie
32
    phorum_user_clear_session(PHORUM_SESSION_LONG_TERM);
33
    // killing short-term (write) cookie
34
    phorum_user_clear_session(PHORUM_SESSION_SHORT_TERM);
35
 
36
    // reset the sessid if not using cookies
37
    if(!$PHORUM['use_cookies']) {
38
 
39
        $new_sessid=md5($_POST['username'].microtime().$_POST['password']);
40
 
41
        $user=array(
42
        'user_id'=>$PHORUM['user']['user_id'],
43
        'sessid_st'=>$new_sessid
44
        );
45
        phorum_user_save_simple($user);
46
    }
47
 
48
 
49
    // Determine the URL to redirect the user to. The hook "after_logout"
50
    // can be used by module writers to set a custom redirect URL.
51
    if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER['HTTP_REFERER'])) {
52
        $url = $_SERVER["HTTP_REFERER"];
53
    } else {
54
        $url = phorum_get_url(PHORUM_LIST_URL);
55
    }
56
 
57
    // Strip the session id from the URL in case URI auth is in use.
58
    if (stristr($url, PHORUM_SESSION_LONG_TERM)){
59
        $url = str_replace(PHORUM_SESSION_LONG_TERM."=".urlencode($PHORUM["args"][PHORUM_SESSION_LONG_TERM]), "", $url);
60
    }
61
 
62
    $url = phorum_hook("after_logout", $url);
63
 
64
    phorum_redirect_by_url($url);
65
    exit();
66
}
67
 
68
// ----------------------------------------------------------------------------
69
// Handle login and password reminder
70
// ----------------------------------------------------------------------------
71
 
72
// Set all our URLs.
73
phorum_build_common_urls();
74
 
75
$template = "login";
76
$error = "";
77
$okmsg = "";
78
$username = "";
79
 
80
// Handle posted form data.
81
if (count($_POST) > 0) {
82
 
83
    // The user wants to retrieve a new password.
84
    if (isset($_POST["lostpass"])) {
85
 
86
        // Trim the email address.
87
        $_POST["lostpass"] = trim($_POST["lostpass"]);
88
 
89
        // Did the user enter an email address?
90
        if (empty($_POST["lostpass"])) {
91
            $error = $PHORUM["DATA"]["LANG"]["LostPassError"];
92
        }
93
 
94
        // Is the email address available in the database?
95
        elseif ($uid = phorum_user_check_email($_POST["lostpass"])) {
96
 
97
            // An existing user id was found for the entered email
98
            // address. Retrieve the user.
99
            $user = phorum_user_get($uid);
100
 
101
            $tmp_user=array();
102
 
103
            // User registration not yet approved by a moderator.
104
            if($user["active"] == PHORUM_USER_PENDING_MOD) {
105
                $template = "message";
106
                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
107
            // User registration still need email verification.
108
            } elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL ||
109
                      $user["active"] == PHORUM_USER_PENDING_BOTH) {
110
 
111
                // Generate and store a new email confirmation code.
112
                $tmp_user["user_id"] = $uid;
113
                $tmp_user["password_temp"] = substr(md5(microtime()), 0, 8);
114
                phorum_user_save( $tmp_user );
115
 
116
                // Mail the new confirmation code to the user.
117
                $verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=".$tmp_user["password_temp"]."$uid");
118
                $maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["VerifyRegEmailSubject"];
119
                $maildata["mailmessage"] =
120
                   wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody1"],72).
121
                   "\n\n$verify_url\n\n".
122
                   wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody2"],72);
123
                phorum_email_user(array($user["email"]), $maildata);
124
 
125
                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];
126
                $template="message";
127
 
128
            // The user is active.
129
            } else {
130
 
131
                // Generate and store a new password for the user.
132
                include_once( "./include/profile_functions.php" );
133
                $newpass = phorum_gen_password();
134
                $tmp_user["user_id"] = $uid;
135
                $tmp_user["password_temp"] = $newpass;
136
                phorum_user_save($tmp_user);
137
 
138
                // Mail the new password.
139
                $user = phorum_user_get( $uid );
140
                $maildata = array();
141
                $maildata['mailmessage'] =
142
                   wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72).
143
                   "\n\n".
144
                   $PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n".
145
                   $PHORUM["DATA"]["LANG"]["Password"] .": $newpass".
146
                   "\n\n".
147
                   wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72);
148
                $maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"];
149
                phorum_email_user(array( 0 => $user['email'] ), $maildata);
150
 
151
                $okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"];
152
 
153
            }
154
        }
155
 
156
        // The entered email address was not found.
157
        else {
158
            $error = $PHORUM["DATA"]["LANG"]["LostPassError"];
159
        }
160
    }
161
 
162
    // The user wants to login.
163
    else {
164
 
165
        // Check if the phorum_tmp_cookie was set. If not, the user's
166
        // browser does not support cookies.
167
        if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) {
168
            $PHORUM["use_cookies"] = false;
169
        }
170
 
171
        $username = trim($_POST["username"]);
172
        $password = trim($_POST["password"]);
173
 
174
        // Check if the login credentials are right.
175
        if (phorum_user_check_login($username, $password)) {
176
 
177
            // Destroy the temporary cookie.
178
            if(isset($_COOKIE["phorum_tmp_cookie"])){
179
                setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
180
            }
181
 
182
            // Create an URI session id if cookies are not used..
183
            if(!$PHORUM["use_cookies"]) {
184
                $uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
185
                $user = array(
186
                    'user_id'  => $PHORUM['user']['user_id'],
187
                    'sessid_st'=> $uri_session_id
188
                );
189
                phorum_user_save_simple($user);
190
                phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
191
            // Create cookie session(s).
192
            } else {
193
                if (!$PHORUM["DATA"]["LOGGEDIN"]) {
194
                    phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
195
                }
196
                if($PHORUM["tight_security"]){
197
                    phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
198
                }
199
            }
200
 
201
            // Determine the URL to redirect the user to.
202
            // If redir is a number, it is a URL constant.
203
            if(is_numeric($_POST["redir"])){
204
                $redir = phorum_get_url($_POST["redir"]);
205
            }
206
 
207
            // Redirecting to the registration or login page is a little weird,
208
            // so we just go to the list page if we came from one of those.
209
            elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {
210
                $redir = $_POST["redir"];
211
 
212
            // By default, we redirect to the list page.
213
            } else {
214
                $redir = phorum_get_url( PHORUM_LIST_URL );
215
            }
216
 
217
            // The hook "after_login" can be used by module writers to
218
            // set a custom redirect URL.
219
            $redir =phorum_hook( "after_login", $redir );
220
 
221
            phorum_redirect_by_url($redir);
222
            exit();
223
        }
224
 
225
        // Login failed.
226
        else {
227
            $error = $PHORUM["DATA"]["LANG"]["InvalidLogin"];
228
        }
229
    }
230
}
231
 
232
// No data posted, so this is the first request. Here we set
233
// a temporary cookie, so we can check if the user's browser
234
// supports cookies.
235
elseif($PHORUM["use_cookies"]) {
236
    setcookie( "phorum_tmp_cookie", "this will be destroyed once logged in", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
237
}
238
 
239
// Determine to what URL the user must be redirected after login.
240
if (!empty( $PHORUM["args"]["redir"])) {
241
    $redir = htmlspecialchars(urldecode($PHORUM["args"]["redir"]));
242
} elseif (!empty( $_REQUEST["redir"])) {
243
    $redir = htmlspecialchars($_REQUEST["redir"]);
244
} elseif (!empty( $_SERVER["HTTP_REFERER"])) {
245
    $base = strtolower(phorum_get_url(PHORUM_BASE_URL));
246
    $len = strlen($base);
247
    if (strtolower(substr($_SERVER["HTTP_REFERER"],0,$len)) == $base) {
248
        $redir = htmlspecialchars($_SERVER["HTTP_REFERER"]);
249
    }
250
}
251
if (! isset($redir)) {
252
    $redir = phorum_get_url(PHORUM_LIST_URL);
253
}
254
 
255
// Setup template data.
256
$PHORUM["DATA"]["LOGIN"]["redir"] = $redir;
257
$PHORUM["DATA"]["URL"]["REGISTER"] = phorum_get_url( PHORUM_REGISTER_URL );
258
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url( PHORUM_LOGIN_ACTION_URL );
259
$PHORUM["DATA"]["LOGIN"]["forum_id"] = ( int )$PHORUM["forum_id"];
260
$PHORUM["DATA"]["LOGIN"]["username"] = htmlspecialchars( $username );
261
$PHORUM["DATA"]["ERROR"] = htmlspecialchars( $error );
262
$PHORUM["DATA"]["OKMSG"] = htmlspecialchars( $okmsg );
263
 
264
// Set the field to set the focus to after loading.
265
$PHORUM["DATA"]["FOCUS_TO_ID"] = empty($username) ? "username" : "password";
266
 
267
// Display the page.
268
include phorum_get_template( "header" );
269
phorum_hook( "after_header" );
270
include phorum_get_template( $template );
271
phorum_hook( "before_footer" );
272
include phorum_get_template( "footer" );
273
 
274
?>