Subversion Repositories Applications.papyrus

Rev

Rev 831 | Blame | Last modification | View Log | RSS feed

<?php

////////////////////////////////////////////////////////////////////////////////
//                                                                            //
//   Copyright (C) 2006  Phorum Development Team                              //
//   http://www.phorum.org                                                    //
//                                                                            //
//   This program is free software. You can redistribute it and/or modify     //
//   it under the terms of either the current Phorum License (viewable at     //
//   phorum.org) or the Phorum License that was distributed with this file    //
//                                                                            //
//   This program is distributed in the hope that it will be useful,          //
//   but WITHOUT ANY WARRANTY, without even the implied warranty of           //
//   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.                     //
//                                                                            //
//   You should have received a copy of the Phorum License                    //
//   along with this program.                                                 //
////////////////////////////////////////////////////////////////////////////////
define('phorum_page','login');

include_once( "./common.php" );
include_once( "./include/users.php" );
include_once( "./include/email_functions.php" );

// ----------------------------------------------------------------------------
// Handle logout
// ----------------------------------------------------------------------------

if ($PHORUM['DATA']['LOGGEDIN'] && !empty($PHORUM["args"]["logout"])) {

    // killing long-term cookie
    phorum_user_clear_session(PHORUM_SESSION_LONG_TERM);
    // killing short-term (write) cookie
    phorum_user_clear_session(PHORUM_SESSION_SHORT_TERM);

    // reset the sessid if not using cookies
    if(!$PHORUM['use_cookies']) {

        $new_sessid=md5($_POST['username'].microtime().$_POST['password']);

        $user=array(
        'user_id'=>$PHORUM['user']['user_id'],
        'sessid_st'=>$new_sessid
        );
        phorum_user_save_simple($user);
    }


    // Determine the URL to redirect the user to. The hook "after_logout"
    // can be used by module writers to set a custom redirect URL.
    if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER['HTTP_REFERER'])) {
        $url = $_SERVER["HTTP_REFERER"];
    } else {
        $url = phorum_get_url(PHORUM_LIST_URL);
    }

    // Strip the session id from the URL in case URI auth is in use.
    if (stristr($url, PHORUM_SESSION_LONG_TERM)){
        $url = str_replace(PHORUM_SESSION_LONG_TERM."=".urlencode($PHORUM["args"][PHORUM_SESSION_LONG_TERM]), "", $url);
    }

    $url = phorum_hook("after_logout", $url);

    phorum_redirect_by_url($url);
    exit();
}

// ----------------------------------------------------------------------------
// Handle login and password reminder
// ----------------------------------------------------------------------------

// Set all our URLs.
phorum_build_common_urls();

$template = "login";
$error = "";
$okmsg = "";
$username = "";

// Handle posted form data.
if (count($_POST) > 0) {

    // The user wants to retrieve a new password.
    if (isset($_POST["lostpass"])) {

        // Trim the email address.
        $_POST["lostpass"] = trim($_POST["lostpass"]);

        // Did the user enter an email address?
        if (empty($_POST["lostpass"])) {
            $error = $PHORUM["DATA"]["LANG"]["LostPassError"];
        }

        // Is the email address available in the database?
        elseif ($uid = phorum_user_check_email($_POST["lostpass"])) {

            // An existing user id was found for the entered email
            // address. Retrieve the user.
            $user = phorum_user_get($uid);

            $tmp_user=array();

            // User registration not yet approved by a moderator.
            if($user["active"] == PHORUM_USER_PENDING_MOD) {
                $template = "message";
                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];
            // User registration still need email verification.
            } elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL ||
                      $user["active"] == PHORUM_USER_PENDING_BOTH) {

                // Generate and store a new email confirmation code.
                $tmp_user["user_id"] = $uid;
                $tmp_user["password_temp"] = substr(md5(microtime()), 0, 8);
                phorum_user_save( $tmp_user );

                // Mail the new confirmation code to the user.
                $verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=".$tmp_user["password_temp"]."$uid");
                $maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["VerifyRegEmailSubject"];
                $maildata["mailmessage"] =
                   wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody1"],72).
                   "\n\n$verify_url\n\n".
                   wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody2"],72);
                phorum_email_user(array($user["email"]), $maildata);

                $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];
                $template="message";

            // The user is active.
            } else {

                // Generate and store a new password for the user.
                include_once( "./include/profile_functions.php" );
                $newpass = phorum_gen_password();
                $tmp_user["user_id"] = $uid;
                $tmp_user["password_temp"] = $newpass;
                phorum_user_save($tmp_user);

                // Mail the new password.
                $user = phorum_user_get( $uid );
                $maildata = array();
                $maildata['mailmessage'] =
                   wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72).
                   "\n\n".
                   $PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n".
                   $PHORUM["DATA"]["LANG"]["Password"] .": $newpass".
                   "\n\n".
                   wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72);
                $maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"];
                phorum_email_user(array( 0 => $user['email'] ), $maildata);

                $okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"];

            }
        }

        // The entered email address was not found.
        else {
            $error = $PHORUM["DATA"]["LANG"]["LostPassError"];
        }
    }

    // The user wants to login.
    else {

        // Check if the phorum_tmp_cookie was set. If not, the user's
        // browser does not support cookies.
        if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) {
            $PHORUM["use_cookies"] = false;
        }

        $username = trim($_POST["username"]);
        $password = trim($_POST["password"]);

        // Check if the login credentials are right.
        if (phorum_user_check_login($username, $password)) {

            // Destroy the temporary cookie.
            if(isset($_COOKIE["phorum_tmp_cookie"])){
                setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
            }

            // Create an URI session id if cookies are not used..
            if(!$PHORUM["use_cookies"]) {
                $uri_session_id = md5($_POST['username'].microtime().$_POST['password']);
                $user = array(
                    'user_id'  => $PHORUM['user']['user_id'],
                    'sessid_st'=> $uri_session_id
                );
                phorum_user_save_simple($user);
                phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);
            // Create cookie session(s).
            } else {
                if (!$PHORUM["DATA"]["LOGGEDIN"]) {
                    phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);
                }
                if($PHORUM["tight_security"]){
                    phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);
                }
            }

            // Determine the URL to redirect the user to.
            // If redir is a number, it is a URL constant.
            if(is_numeric($_POST["redir"])){
                $redir = phorum_get_url($_POST["redir"]);
            }

            // Redirecting to the registration or login page is a little weird,
            // so we just go to the list page if we came from one of those.
            elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {
                $redir = $_POST["redir"];

            // By default, we redirect to the list page.
            } else {
                $redir = phorum_get_url( PHORUM_LIST_URL );
            }

            // The hook "after_login" can be used by module writers to
            // set a custom redirect URL.
            $redir =phorum_hook( "after_login", $redir );

            phorum_redirect_by_url($redir);
            exit();
        }

        // Login failed.
        else {
            $error = $PHORUM["DATA"]["LANG"]["InvalidLogin"];
        }
    }
}

// No data posted, so this is the first request. Here we set
// a temporary cookie, so we can check if the user's browser
// supports cookies.
elseif($PHORUM["use_cookies"]) {
    setcookie( "phorum_tmp_cookie", "this will be destroyed once logged in", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );
}

// Determine to what URL the user must be redirected after login.
if (!empty( $PHORUM["args"]["redir"])) {
    $redir = htmlspecialchars(urldecode($PHORUM["args"]["redir"]));
} elseif (!empty( $_REQUEST["redir"])) {
    $redir = htmlspecialchars($_REQUEST["redir"]);
} elseif (!empty( $_SERVER["HTTP_REFERER"])) {
    $base = strtolower(phorum_get_url(PHORUM_BASE_URL));
    $len = strlen($base);
    if (strtolower(substr($_SERVER["HTTP_REFERER"],0,$len)) == $base) {
        $redir = htmlspecialchars($_SERVER["HTTP_REFERER"]);
    }
}
if (! isset($redir)) {
    $redir = phorum_get_url(PHORUM_LIST_URL);
}

// Setup template data.
$PHORUM["DATA"]["LOGIN"]["redir"] = $redir;
$PHORUM["DATA"]["URL"]["REGISTER"] = phorum_get_url( PHORUM_REGISTER_URL );
$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url( PHORUM_LOGIN_ACTION_URL );
$PHORUM["DATA"]["LOGIN"]["forum_id"] = ( int )$PHORUM["forum_id"];
$PHORUM["DATA"]["LOGIN"]["username"] = htmlspecialchars( $username );
$PHORUM["DATA"]["ERROR"] = htmlspecialchars( $error );
$PHORUM["DATA"]["OKMSG"] = htmlspecialchars( $okmsg );

// Set the field to set the focus to after loading.
$PHORUM["DATA"]["FOCUS_TO_ID"] = empty($username) ? "username" : "password";

// Display the page.
include phorum_get_template( "header" );
phorum_hook( "after_header" );
include phorum_get_template( $template );
phorum_hook( "before_footer" );
include phorum_get_template( "footer" );

?>