| 4 |
david |
1 |
<?php
|
|
|
2 |
|
|
|
3 |
//
|
|
|
4 |
// Ce fichier ne sera execute qu'une fois
|
|
|
5 |
if (defined("_INC_LOGIN")) return;
|
|
|
6 |
define("_INC_LOGIN", "1");
|
|
|
7 |
|
|
|
8 |
|
|
|
9 |
include_ecrire ("inc_meta.php3");
|
|
|
10 |
include_ecrire ("inc_session.php3");
|
|
|
11 |
include_ecrire ("inc_filtres.php3");
|
|
|
12 |
include_ecrire ("inc_texte.php3");
|
|
|
13 |
include_local ("inc-formulaires.php3");
|
|
|
14 |
|
|
|
15 |
// gerer l'auth http
|
|
|
16 |
function auth_http($cible, $essai_auth_http) {
|
|
|
17 |
if ($essai_auth_http == 'oui') {
|
|
|
18 |
include_ecrire('inc_session.php3');
|
|
|
19 |
if (!verifier_php_auth()) {
|
|
|
20 |
$url = urlencode($cible->getUrl());
|
|
|
21 |
$page_erreur = "<b>"._T('login_connexion_refusee')."</b><p>"._T('login_login_pass_incorrect')."<p>[<a href='./'>"._T('login_retour_site')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&url=$url'>"._T('login_nouvelle_tentative')."</a>]";
|
|
|
22 |
if (ereg("ecrire/", $url))
|
|
|
23 |
$page_erreur .= " [<a href='ecrire/'>"._T('login_espace_prive')."</a>]";
|
|
|
24 |
ask_php_auth($page_erreur);
|
|
|
25 |
}
|
|
|
26 |
else
|
|
|
27 |
@header("Location: " . $cible->getUrl() );
|
|
|
28 |
exit;
|
|
|
29 |
}
|
|
|
30 |
// si demande logout auth_http
|
|
|
31 |
else if ($essai_auth_http == 'logout') {
|
|
|
32 |
include_ecrire('inc_session.php3');
|
|
|
33 |
ask_php_auth("<b>"._T('login_deconnexion_ok')."</b><p>"._T('login_verifiez_navigateur')."<p>[<a href='./'>"._T('login_retour_public')."</a>] [<a href='./spip_cookie.php3?essai_auth_http=oui&redirect=ecrire'>"._T('login_test_navigateur')."</a>] [<a href='ecrire/'>"._T('login_espace_prive')."</a>]");
|
|
|
34 |
exit;
|
|
|
35 |
}
|
|
|
36 |
}
|
|
|
37 |
|
|
|
38 |
function ouvre_login($titre='') {
|
|
|
39 |
|
|
|
40 |
$retour .= "<div>";
|
|
|
41 |
|
|
|
42 |
if ($titre) $retour .= "<h3 class='spip'>$titre</h3>";
|
|
|
43 |
|
|
|
44 |
$retour .= '<font size="2" face="Verdana,arial,helvetica,sans-serif">';
|
|
|
45 |
return $retour;
|
|
|
46 |
}
|
|
|
47 |
|
|
|
48 |
function ferme_login() {
|
|
|
49 |
$retour = "</font>";
|
|
|
50 |
$retour .= "</div>";
|
|
|
51 |
return $retour;
|
|
|
52 |
}
|
|
|
53 |
|
|
|
54 |
function login($cible = '', $prive = 'prive', $message_login='') {
|
|
|
55 |
$login = $GLOBALS['var_login'];
|
|
|
56 |
$erreur = '';
|
|
|
57 |
$essai_auth_http = $GLOBALS['var_essai_auth_http'];
|
|
|
58 |
$logout = $GLOBALS['var_logout'];
|
|
|
59 |
|
|
|
60 |
// en cas d'echec de cookie, inc_auth a renvoye vers spip_cookie qui
|
|
|
61 |
// a tente de poser un cookie ; s'il n'est pas la, c'est echec cookie
|
|
|
62 |
// s'il est la, c'est probablement un bookmark sur bonjour=oui,
|
|
|
63 |
// et pas un echec cookie.
|
|
|
64 |
if ($GLOBALS['var_echec_cookie'])
|
|
|
65 |
$echec_cookie = ($GLOBALS['spip_session'] != 'test_echec_cookie');
|
|
|
66 |
|
|
|
67 |
global $auteur_session;
|
|
|
68 |
global $spip_session, $PHP_AUTH_USER, $ignore_auth_http;
|
|
|
69 |
global $spip_admin;
|
|
|
70 |
global $php_module;
|
|
|
71 |
global $clean_link;
|
|
|
72 |
|
|
|
73 |
if (!$cible) {
|
|
|
74 |
if ($GLOBALS['var_url']) $cible = new Link($GLOBALS['var_url']);
|
|
|
75 |
else if ($prive) $cible = new Link('ecrire/');
|
|
|
76 |
else $cible = $clean_link;
|
|
|
77 |
}
|
|
|
78 |
|
|
|
79 |
$cible->delVar('var_erreur');
|
|
|
80 |
$cible->delVar('var_url');
|
|
|
81 |
$clean_link->delVar('var_erreur');
|
|
|
82 |
$clean_link->delVar('var_login');
|
|
|
83 |
|
|
|
84 |
include_ecrire("inc_session.php3");
|
|
|
85 |
verifier_visiteur();
|
|
|
86 |
if ($auteur_session AND !$logout AND
|
|
|
87 |
($auteur_session['statut']=='0minirezo' OR $auteur_session['statut']=='1comite')) {
|
|
|
88 |
$url = $cible->getUrl();
|
|
|
89 |
if ($url != $GLOBALS['clean_link']->getUrl())
|
|
|
90 |
@Header("Location: $url");
|
|
|
91 |
echo "<a href='$url'>"._T('login_par_ici')."</a>\n";
|
|
|
92 |
return;
|
|
|
93 |
}
|
|
|
94 |
|
|
|
95 |
// initialisations
|
|
|
96 |
$nom_site = lire_meta('nom_site');
|
|
|
97 |
if (!$nom_site) $nom_site = _T('info_mon_site_spip');
|
|
|
98 |
$url_site = lire_meta('adresse_site');
|
|
|
99 |
if (!$url_site) $url_site = "./";
|
|
|
100 |
if ($GLOBALS['var_erreur'] =='pass') $erreur = _T('login_erreur_pass');
|
|
|
101 |
|
|
|
102 |
// Le login est memorise dans le cookie d'admin eventuel
|
|
|
103 |
if (!$login) {
|
|
|
104 |
if (ereg("^@(.*)$", $spip_admin, $regs))
|
|
|
105 |
$login = $regs[1];
|
|
|
106 |
} else if ($login == '-1')
|
|
|
107 |
$login = '';
|
|
|
108 |
|
|
|
109 |
$flag_autres_sources = $GLOBALS['ldap_present'];
|
|
|
110 |
|
|
|
111 |
if ($login) {
|
|
|
112 |
$statut_login = 0; // statut inconnu
|
|
|
113 |
$login = addslashes($login);
|
|
|
114 |
$query = "SELECT * FROM spip_auteurs WHERE login='$login'";
|
|
|
115 |
$result = spip_query($query);
|
|
|
116 |
if ($row = spip_fetch_array($result)) {
|
|
|
117 |
if ($row['statut'] == '5poubelle' OR ($source == 'spip' AND $row['pass'] == '')) {
|
|
|
118 |
$statut_login = -1; // refus
|
|
|
119 |
} else {
|
|
|
120 |
|
|
|
121 |
$statut_login = 1; // login connu
|
|
|
122 |
|
|
|
123 |
// Quels sont les aleas a passer pour le javascript ?
|
|
|
124 |
if ($row['source'] == 'spip') {
|
|
|
125 |
$id_auteur = $row['id_auteur'];
|
|
|
126 |
$source_auteur = $row['source'];
|
|
|
127 |
$alea_actuel = $row['alea_actuel'];
|
|
|
128 |
$alea_futur = $row['alea_futur'];
|
|
|
129 |
}
|
|
|
130 |
|
|
|
131 |
// Bouton duree de connexion
|
|
|
132 |
if ($row['prefs']) {
|
|
|
133 |
$prefs = unserialize($row['prefs']);
|
|
|
134 |
$rester_checked = ($prefs['cnx'] == 'perma' ? ' checked':'');
|
|
|
135 |
}
|
|
|
136 |
}
|
|
|
137 |
}
|
|
|
138 |
|
|
|
139 |
// login inconnu (sauf LDAP) ou refuse
|
|
|
140 |
if ($statut_login == -1 OR ($statut_login == 0 AND !$flag_autres_sources)) {
|
|
|
141 |
$erreur = _T('login_identifiant_inconnu', array('login' => htmlspecialchars($login)));
|
|
|
142 |
$login = '';
|
|
|
143 |
@spip_setcookie("spip_admin", "", time() - 3600);
|
|
|
144 |
}
|
|
|
145 |
}
|
|
|
146 |
|
|
|
147 |
// javascript pour le focus
|
|
|
148 |
if ($login)
|
|
|
149 |
$js_focus = 'document.form_login.session_password.focus();';
|
|
|
150 |
else
|
|
|
151 |
$js_focus = 'document.form_login.var_login.focus();';
|
|
|
152 |
|
|
|
153 |
if ($echec_cookie == "oui") {
|
|
|
154 |
echo ouvre_login (_T('erreur_probleme_cookie'));
|
|
|
155 |
echo "<p><b>"._T('login_cookie_oblige')."</b> ";
|
|
|
156 |
echo _T('login_cookie_accepte')."\n";
|
|
|
157 |
}
|
|
|
158 |
else {
|
|
|
159 |
echo ouvre_login ();
|
|
|
160 |
if (strlen($message_login) > 0) echo "<br>$message_login<br>\n";
|
|
|
161 |
}
|
|
|
162 |
|
|
|
163 |
if ($login) {
|
|
|
164 |
// Affiche formulaire de login en incluant le javascript MD5
|
|
|
165 |
$flag_challenge_md5 = ($source_auteur == 'spip');
|
|
|
166 |
|
|
|
167 |
if ($flag_challenge_md5) echo "<script type=\"text/javascript\" src=\"ecrire/md5.js\"></script>";
|
|
|
168 |
echo "<form name='form_login' action='./spip_cookie.php3' method='post'";
|
|
|
169 |
if ($flag_challenge_md5) echo " onSubmit='if (this.session_password.value) {
|
|
|
170 |
this.session_password_md5.value = calcMD5(\"$alea_actuel\" + this.session_password.value);
|
|
|
171 |
this.next_session_password_md5.value = calcMD5(\"$alea_futur\" + this.session_password.value);
|
|
|
172 |
this.session_password.value = \"\";
|
|
|
173 |
}'";
|
|
|
174 |
echo ">\n";
|
|
|
175 |
echo "<div class='spip_encadrer' style='text-align:".$GLOBALS["spip_lang_left"].";'>";
|
|
|
176 |
if ($erreur) echo "<div class='reponse_formulaire'><b>$erreur</b></div><p>";
|
|
|
177 |
|
|
|
178 |
if ($flag_challenge_md5) {
|
|
|
179 |
// si jaja actif, on affiche le login en 'dur', et on le passe en champ hidden
|
|
|
180 |
echo "<script type=\"text/javascript\"><!--\n" .
|
|
|
181 |
"document.write('".addslashes(_T('login_login'))." <b>$login</b> <br><font size=\\'2\\'>[<a href=\\'spip_cookie.php3?cookie_admin=non&url=".rawurlencode($clean_link->getUrl())."\\'>".addslashes(_T('login_autre_identifiant'))."</a>]</font>');\n" .
|
|
|
182 |
"//--></script>\n";
|
|
|
183 |
echo "<input type='hidden' name='session_login_hidden' value='$login'>";
|
|
|
184 |
|
|
|
185 |
// si jaja inactif, le login est modifiable (puisque le challenge n'est pas utilise)
|
|
|
186 |
echo "<noscript>";
|
|
|
187 |
echo "<font face='Georgia, Garamond, Times, serif' size='3'>";
|
|
|
188 |
echo _T('login_non_securise')." <a href=\"".$clean_link->getUrl()."\">"._T('login_recharger')."</a>.<p></font>\n";
|
|
|
189 |
}
|
|
|
190 |
echo "<label><b>"._T('login_login2')."</b><br></label>";
|
|
|
191 |
echo "<input type='text' name='session_login' class='forml' value=\"$login\" size='40'>\n";
|
|
|
192 |
if ($flag_challenge_md5) echo "</noscript>\n";
|
|
|
193 |
|
|
|
194 |
echo "<br><br>\n<label><b>"._T('login_pass2')."</b><br></label>";
|
|
|
195 |
echo "<input type='password' name='session_password' class='forml' value=\"\" size='40'>\n";
|
|
|
196 |
echo "<input type='hidden' name='essai_login' value='oui'>\n";
|
|
|
197 |
|
|
|
198 |
echo "<br> <input type='checkbox' name='session_remember' value='oui' id='session_remember'$rester_checked> ";
|
|
|
199 |
echo "<label for='session_remember'>"._T('login_rester_identifie')."</label>";
|
|
|
200 |
|
|
|
201 |
$url = $cible->getUrl();
|
|
|
202 |
echo "<input type='hidden' name='url' value='$url'>\n";
|
|
|
203 |
echo "<input type='hidden' name='session_password_md5' value=''>\n";
|
|
|
204 |
echo "<input type='hidden' name='next_session_password_md5' value=''>\n";
|
|
|
205 |
echo "<div align='right'><input type='submit' class='spip_bouton' name='submit' value='"._T('bouton_valider')."'></div>\n";
|
|
|
206 |
echo "</div>";
|
|
|
207 |
echo "</form>";
|
|
|
208 |
}
|
|
|
209 |
else { // demander seulement le login
|
|
|
210 |
|
|
|
211 |
$url = $cible->getUrl();
|
|
|
212 |
$action = $clean_link->getUrl();
|
|
|
213 |
|
|
|
214 |
echo "<form name='form_login' action='$action' method='post'>\n";
|
|
|
215 |
echo "<div class='spip_encadrer'>";
|
|
|
216 |
if ($erreur) echo "<font color=red><b>$erreur</b></font><p>";
|
|
|
217 |
echo "<label><b>"._T('login_login2')."</b><br></label>";
|
|
|
218 |
echo "<input type='text' name='var_login' class='forml' value=\"\" size='40'>\n";
|
|
|
219 |
|
|
|
220 |
echo "<input type='hidden' name='var_url' value='$url'>\n";
|
|
|
221 |
echo "<div align='right'><input type='submit' class='spip_bouton' name='submit' value='"._T('bouton_valider')."'></div>\n";
|
|
|
222 |
echo "</div>";
|
|
|
223 |
echo "</form>";
|
|
|
224 |
}
|
|
|
225 |
|
|
|
226 |
// Gerer le focus
|
|
|
227 |
echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n";
|
|
|
228 |
|
|
|
229 |
if ($echec_cookie == "oui" AND $php_module AND !$ignore_auth_http) {
|
|
|
230 |
echo "<form action='spip_cookie.php3' method='get'>";
|
|
|
231 |
echo "<fieldset>\n<p>";
|
|
|
232 |
echo _T('login_preferez_refuser')." \n";
|
|
|
233 |
echo "<input type='hidden' name='essai_auth_http' value='oui'> ";
|
|
|
234 |
$url = $cible->getUrl();
|
|
|
235 |
echo "<input type='hidden' name='url' value='$url'>\n";
|
|
|
236 |
echo "<div align='right'><input type='submit' name='submit' class='spip_bouton' value='"._T('login_sans_cookiie')."'></div>\n";
|
|
|
237 |
echo "</fieldset></form>\n";
|
|
|
238 |
}
|
|
|
239 |
|
|
|
240 |
echo "\n<center>"; // debut du pied de login
|
|
|
241 |
|
|
|
242 |
// Bouton s'inscrire
|
|
|
243 |
$inscriptions_ecrire = (lire_meta("accepter_inscriptions") == "oui");
|
|
|
244 |
if ((!$prive AND (lire_meta('accepter_visiteurs') == 'oui') OR (lire_meta('forums_publics') == 'abo')) OR ($prive AND $inscriptions_ecrire)) {
|
|
|
245 |
echo '[<a href="spip_pass.php3" target="spip_pass" onclick="'
|
|
|
246 |
."javascript:window.open(this.href, 'spip_pass', 'scrollbars=yes, resizable=yes, width=480, height=450'); return false;\">"
|
|
|
247 |
._T('login_sinscrire').'</a>]';
|
|
|
248 |
}
|
|
|
249 |
// Bouton oubli de mot de passe
|
|
|
250 |
include_ecrire ("inc_mail.php3");
|
|
|
251 |
if (tester_mail()) {
|
|
|
252 |
echo ' [<a href="spip_pass.php3?oubli_pass=oui" target="spip_pass" onclick="'
|
|
|
253 |
."javascript:window.open(this.href, 'spip_pass', 'scrollbars=yes, resizable=yes, width=480, height=280'); return false;\">"
|
|
|
254 |
._T('login_motpasseoublie').'</a>]';
|
|
|
255 |
}
|
|
|
256 |
// Bouton retour au site public
|
|
|
257 |
if ($prive) echo " [<a href='$url_site'>"._T('login_retoursitepublic')."</a>]";
|
|
|
258 |
|
|
|
259 |
echo "</center>\n";
|
|
|
260 |
|
|
|
261 |
echo ferme_login();
|
|
|
262 |
}
|
|
|
263 |
|
|
|
264 |
?>
|