| 831 |
florian |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
4 |
// //
|
|
|
5 |
// Copyright (C) 2006 Phorum Development Team //
|
|
|
6 |
// http://www.phorum.org //
|
|
|
7 |
// //
|
|
|
8 |
// This program is free software. You can redistribute it and/or modify //
|
|
|
9 |
// it under the terms of either the current Phorum License (viewable at //
|
|
|
10 |
// phorum.org) or the Phorum License that was distributed with this file //
|
|
|
11 |
// //
|
|
|
12 |
// This program is distributed in the hope that it will be useful, //
|
|
|
13 |
// but WITHOUT ANY WARRANTY, without even the implied warranty of //
|
|
|
14 |
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //
|
|
|
15 |
// //
|
|
|
16 |
// You should have received a copy of the Phorum License //
|
|
|
17 |
// along with this program. //
|
|
|
18 |
////////////////////////////////////////////////////////////////////////////////
|
|
|
19 |
define('phorum_page','login');
|
|
|
20 |
|
|
|
21 |
include_once( "./common.php" );
|
|
|
22 |
include_once( "./include/users.php" );
|
|
|
23 |
include_once( "./include/email_functions.php" );
|
|
|
24 |
|
|
|
25 |
// ----------------------------------------------------------------------------
|
|
|
26 |
// Handle logout
|
|
|
27 |
// ----------------------------------------------------------------------------
|
|
|
28 |
|
|
|
29 |
if ($PHORUM['DATA']['LOGGEDIN'] && !empty($PHORUM["args"]["logout"])) {
|
|
|
30 |
|
|
|
31 |
// killing long-term cookie
|
|
|
32 |
phorum_user_clear_session(PHORUM_SESSION_LONG_TERM);
|
|
|
33 |
// killing short-term (write) cookie
|
|
|
34 |
phorum_user_clear_session(PHORUM_SESSION_SHORT_TERM);
|
|
|
35 |
|
|
|
36 |
// reset the sessid if not using cookies
|
|
|
37 |
if(!$PHORUM['use_cookies']) {
|
|
|
38 |
|
|
|
39 |
$new_sessid=md5($_POST['username'].microtime().$_POST['password']);
|
|
|
40 |
|
|
|
41 |
$user=array(
|
|
|
42 |
'user_id'=>$PHORUM['user']['user_id'],
|
|
|
43 |
'sessid_st'=>$new_sessid
|
|
|
44 |
);
|
|
|
45 |
phorum_user_save_simple($user);
|
|
|
46 |
}
|
|
|
47 |
|
|
|
48 |
|
|
|
49 |
// Determine the URL to redirect the user to. The hook "after_logout"
|
|
|
50 |
// can be used by module writers to set a custom redirect URL.
|
|
|
51 |
if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER['HTTP_REFERER'])) {
|
|
|
52 |
$url = $_SERVER["HTTP_REFERER"];
|
|
|
53 |
} else {
|
|
|
54 |
$url = phorum_get_url(PHORUM_LIST_URL);
|
|
|
55 |
}
|
|
|
56 |
|
|
|
57 |
// Strip the session id from the URL in case URI auth is in use.
|
|
|
58 |
if (stristr($url, PHORUM_SESSION_LONG_TERM)){
|
|
|
59 |
$url = str_replace(PHORUM_SESSION_LONG_TERM."=".urlencode($PHORUM["args"][PHORUM_SESSION_LONG_TERM]), "", $url);
|
|
|
60 |
}
|
|
|
61 |
|
|
|
62 |
$url = phorum_hook("after_logout", $url);
|
|
|
63 |
|
|
|
64 |
phorum_redirect_by_url($url);
|
|
|
65 |
exit();
|
|
|
66 |
}
|
|
|
67 |
|
|
|
68 |
// ----------------------------------------------------------------------------
|
|
|
69 |
// Handle login and password reminder
|
|
|
70 |
// ----------------------------------------------------------------------------
|
|
|
71 |
|
|
|
72 |
// Set all our URLs.
|
|
|
73 |
phorum_build_common_urls();
|
|
|
74 |
|
|
|
75 |
$template = "login";
|
|
|
76 |
$error = "";
|
|
|
77 |
$okmsg = "";
|
|
|
78 |
$username = "";
|
|
|
79 |
|
|
|
80 |
// Handle posted form data.
|
|
|
81 |
if (count($_POST) > 0) {
|
|
|
82 |
|
|
|
83 |
// The user wants to retrieve a new password.
|
|
|
84 |
if (isset($_POST["lostpass"])) {
|
|
|
85 |
|
|
|
86 |
// Trim the email address.
|
|
|
87 |
$_POST["lostpass"] = trim($_POST["lostpass"]);
|
|
|
88 |
|
|
|
89 |
// Did the user enter an email address?
|
|
|
90 |
if (empty($_POST["lostpass"])) {
|
|
|
91 |
$error = $PHORUM["DATA"]["LANG"]["LostPassError"];
|
|
|
92 |
}
|
|
|
93 |
|
|
|
94 |
// Is the email address available in the database?
|
|
|
95 |
elseif ($uid = phorum_user_check_email($_POST["lostpass"])) {
|
|
|
96 |
|
|
|
97 |
// An existing user id was found for the entered email
|
|
|
98 |
// address. Retrieve the user.
|
|
|
99 |
$user = phorum_user_get($uid);
|
|
|
100 |
|
|
|
101 |
$tmp_user=array();
|
|
|
102 |
|
|
|
103 |
// User registration not yet approved by a moderator.
|
|
|
104 |
if($user["active"] == PHORUM_USER_PENDING_MOD) {
|
|
|
105 |
$template = "message";
|
|
|
106 |
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
|
|
|
107 |
// User registration still need email verification.
|
|
|
108 |
} elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL ||
|
|
|
109 |
$user["active"] == PHORUM_USER_PENDING_BOTH) {
|
|
|
110 |
|
|
|
111 |
// Generate and store a new email confirmation code.
|
|
|
112 |
$tmp_user["user_id"] = $uid;
|
|
|
113 |
$tmp_user["password_temp"] = substr(md5(microtime()), 0, 8);
|
|
|
114 |
phorum_user_save( $tmp_user );
|
|
|
115 |
|
|
|
116 |
// Mail the new confirmation code to the user.
|
|
|
117 |
$verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=".$tmp_user["password_temp"]."$uid");
|
|
|
118 |
$maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["VerifyRegEmailSubject"];
|
|
|
119 |
$maildata["mailmessage"] =
|
|
|
120 |
wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody1"],72).
|
|
|
121 |
"\n\n$verify_url\n\n".
|
|
|
122 |
wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody2"],72);
|
|
|
123 |
phorum_email_user(array($user["email"]), $maildata);
|
|
|
124 |
|
|
|
125 |
$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];
|
|
|
126 |
$template="message";
|
|
|
127 |
|
|
|
128 |
// The user is active.
|
|
|
129 |
} else {
|
|
|
130 |
|
|
|
131 |
// Generate and store a new password for the user.
|
|
|
132 |
include_once( "./include/profile_functions.php" );
|
|
|
133 |
$newpass = phorum_gen_password();
|
|
|
134 |
$tmp_user["user_id"] = $uid;
|
|
|
135 |
$tmp_user["password_temp"] = $newpass;
|
|
|
136 |
phorum_user_save($tmp_user);
|
|
|
137 |
|
|
|
138 |
// Mail the new password.
|
|
|
139 |
$user = phorum_user_get( $uid );
|
|
|
140 |
$maildata = array();
|
|
|
141 |
$maildata['mailmessage'] =
|
|
|
142 |
wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72).
|
|
|
143 |
"\n\n".
|
|
|
144 |
$PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n".
|
|
|
145 |
$PHORUM["DATA"]["LANG"]["Password"] .": $newpass".
|
|
|
146 |
"\n\n".
|
|
|
147 |
wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72);
|
|
|
148 |
$maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"];
|
|
|
149 |
phorum_email_user(array( 0 => $user['email'] ), $maildata);
|
|
|
150 |
|
|
|
151 |
$okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"];
|
|
|
152 |
|
|
|
153 |
}
|
|
|
154 |
}
|
|
|
155 |
|
|
|
156 |
// The entered email address was not found.
|
|
|
157 |
else {
|
|
|
158 |
$error = $PHORUM["DATA"]["LANG"]["LostPassError"];
|
|
|
159 |
}
|
|
|
160 |
}
|
|
|
161 |
|
|
|
162 |
// The user wants to login.
|
|
|
163 |
else {
|
|
|
164 |
|
|
|
165 |
// Check if the phorum_tmp_cookie was set. If not, the user's
|
|
|
166 |
// browser does not support cookies.
|
|
|
167 |
if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) {
|
|
|
168 |
$PHORUM["use_cookies"] = false;
|
|
|
169 |
}
|
|
|
170 |
|
|
|
171 |
$username = trim($_POST["username"]);
|
|
|
172 |
$password = trim($_POST["password"]);
|
|
|
173 |
|
|
|
174 |
// Check if the login credentials are right.
|
|
|
175 |
if (phorum_user_check_login($username, $password)) {
|
|
|
176 |
|
|
|
177 |
// Destroy the temporary cookie.
|
|
|
178 |
if(isset($_COOKIE["phorum_tmp_cookie"])){
|
|
|
179 |
setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
|
|
|
180 |
}
|
|
|
181 |
|
|
|
182 |
// Create an URI session id if cookies are not used..
|
|
|
183 |
if(!$PHORUM["use_cookies"]) {
|
|
|
184 |
$uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
|
|
|
185 |
$user = array(
|
|
|
186 |
'user_id' => $PHORUM['user']['user_id'],
|
|
|
187 |
'sessid_st'=> $uri_session_id
|
|
|
188 |
);
|
|
|
189 |
phorum_user_save_simple($user);
|
|
|
190 |
phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
|
|
|
191 |
// Create cookie session(s).
|
|
|
192 |
} else {
|
|
|
193 |
if (!$PHORUM["DATA"]["LOGGEDIN"]) {
|
|
|
194 |
phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
|
|
|
195 |
}
|
|
|
196 |
if($PHORUM["tight_security"]){
|
|
|
197 |
phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
|
|
|
198 |
}
|
|
|
199 |
}
|
|
|
200 |
|
|
|
201 |
// Determine the URL to redirect the user to.
|
|
|
202 |
// If redir is a number, it is a URL constant.
|
|
|
203 |
if(is_numeric($_POST["redir"])){
|
|
|
204 |
$redir = phorum_get_url($_POST["redir"]);
|
|
|
205 |
}
|
|
|
206 |
|
|
|
207 |
// Redirecting to the registration or login page is a little weird,
|
|
|
208 |
// so we just go to the list page if we came from one of those.
|
|
|
209 |
elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {
|
|
|
210 |
$redir = $_POST["redir"];
|
|
|
211 |
|
|
|
212 |
// By default, we redirect to the list page.
|
|
|
213 |
} else {
|
|
|
214 |
$redir = phorum_get_url( PHORUM_LIST_URL );
|
|
|
215 |
}
|
|
|
216 |
|
|
|
217 |
// The hook "after_login" can be used by module writers to
|
|
|
218 |
// set a custom redirect URL.
|
|
|
219 |
$redir =phorum_hook( "after_login", $redir );
|
|
|
220 |
|
|
|
221 |
phorum_redirect_by_url($redir);
|
|
|
222 |
exit();
|
|
|
223 |
}
|
|
|
224 |
|
|
|
225 |
// Login failed.
|
|
|
226 |
else {
|
|
|
227 |
$error = $PHORUM["DATA"]["LANG"]["InvalidLogin"];
|
|
|
228 |
}
|
|
|
229 |
}
|
|
|
230 |
}
|
|
|
231 |
|
|
|
232 |
// No data posted, so this is the first request. Here we set
|
|
|
233 |
// a temporary cookie, so we can check if the user's browser
|
|
|
234 |
// supports cookies.
|
|
|
235 |
elseif($PHORUM["use_cookies"]) {
|
|
|
236 |
setcookie( "phorum_tmp_cookie", "this will be destroyed once logged in", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
|
|
|
237 |
}
|
|
|
238 |
|
|
|
239 |
// Determine to what URL the user must be redirected after login.
|
|
|
240 |
if (!empty( $PHORUM["args"]["redir"])) {
|
|
|
241 |
$redir = htmlspecialchars(urldecode($PHORUM["args"]["redir"]));
|
|
|
242 |
} elseif (!empty( $_REQUEST["redir"])) {
|
|
|
243 |
$redir = htmlspecialchars($_REQUEST["redir"]);
|
|
|
244 |
} elseif (!empty( $_SERVER["HTTP_REFERER"])) {
|
|
|
245 |
$base = strtolower(phorum_get_url(PHORUM_BASE_URL));
|
|
|
246 |
$len = strlen($base);
|
|
|
247 |
if (strtolower(substr($_SERVER["HTTP_REFERER"],0,$len)) == $base) {
|
|
|
248 |
$redir = htmlspecialchars($_SERVER["HTTP_REFERER"]);
|
|
|
249 |
}
|
|
|
250 |
}
|
|
|
251 |
if (! isset($redir)) {
|
|
|
252 |
$redir = phorum_get_url(PHORUM_LIST_URL);
|
|
|
253 |
}
|
|
|
254 |
|
|
|
255 |
// Setup template data.
|
|
|
256 |
$PHORUM["DATA"]["LOGIN"]["redir"] = $redir;
|
|
|
257 |
$PHORUM["DATA"]["URL"]["REGISTER"] = phorum_get_url( PHORUM_REGISTER_URL );
|
|
|
258 |
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url( PHORUM_LOGIN_ACTION_URL );
|
|
|
259 |
$PHORUM["DATA"]["LOGIN"]["forum_id"] = ( int )$PHORUM["forum_id"];
|
|
|
260 |
$PHORUM["DATA"]["LOGIN"]["username"] = htmlspecialchars( $username );
|
|
|
261 |
$PHORUM["DATA"]["ERROR"] = htmlspecialchars( $error );
|
|
|
262 |
$PHORUM["DATA"]["OKMSG"] = htmlspecialchars( $okmsg );
|
|
|
263 |
|
|
|
264 |
// Set the field to set the focus to after loading.
|
|
|
265 |
$PHORUM["DATA"]["FOCUS_TO_ID"] = empty($username) ? "username" : "password";
|
|
|
266 |
|
|
|
267 |
// Display the page.
|
|
|
268 |
include phorum_get_template( "header" );
|
|
|
269 |
phorum_hook( "after_header" );
|
|
|
270 |
include phorum_get_template( $template );
|
|
|
271 |
phorum_hook( "before_footer" );
|
|
|
272 |
include phorum_get_template( "footer" );
|
|
|
273 |
|
|
|
274 |
?>
|