Rev 1372 | Blame | Compare with Previous | Last modification | View Log | RSS feed
<?php////////////////////////////////////////////////////////////////////////////////// //// Copyright (C) 2006 Phorum Development Team //// http://www.phorum.org //// //// This program is free software. You can redistribute it and/or modify //// it under the terms of either the current Phorum License (viewable at //// phorum.org) or the Phorum License that was distributed with this file //// //// This program is distributed in the hope that it will be useful, //// but WITHOUT ANY WARRANTY, without even the implied warranty of //// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. //// //// You should have received a copy of the Phorum License //// along with this program. //////////////////////////////////////////////////////////////////////////////////define('phorum_page','login');include_once( "./common.php" );include_once( "./include/users.php" );include_once( "./include/email_functions.php" );// ----------------------------------------------------------------------------// Handle logout// ----------------------------------------------------------------------------if ($PHORUM['DATA']['LOGGEDIN'] && !empty($PHORUM["args"]["logout"])) {// killing long-term cookiephorum_user_clear_session(PHORUM_SESSION_LONG_TERM);// killing short-term (write) cookiephorum_user_clear_session(PHORUM_SESSION_SHORT_TERM);// reset the sessid if not using cookiesif(!$PHORUM['use_cookies']) {$new_sessid=md5($_POST['username'].microtime().$_POST['password']);$user=array('user_id'=>$PHORUM['user']['user_id'],'sessid_st'=>$new_sessid);phorum_user_save_simple($user);}// Determine the URL to redirect the user to. The hook "after_logout"// can be used by module writers to set a custom redirect URL.if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER['HTTP_REFERER'])) {$url = $_SERVER["HTTP_REFERER"];} else {$url = phorum_get_url(PHORUM_LIST_URL);}// Strip the session id from the URL in case URI auth is in use.if (stristr($url, PHORUM_SESSION_LONG_TERM)){$url = str_replace(PHORUM_SESSION_LONG_TERM."=".urlencode($PHORUM["args"][PHORUM_SESSION_LONG_TERM]), "", $url);}$url = phorum_hook("after_logout", $url);phorum_redirect_by_url($url);exit();}// ----------------------------------------------------------------------------// Handle login and password reminder// ----------------------------------------------------------------------------// Set all our URLs.phorum_build_common_urls();$template = "login";$error = "";$okmsg = "";$username = "";// Handle posted form data.if (count($_POST) > 0) {// The user wants to retrieve a new password.if (isset($_POST["lostpass"])) {// Trim the email address.$_POST["lostpass"] = trim($_POST["lostpass"]);// Did the user enter an email address?if (empty($_POST["lostpass"])) {$error = $PHORUM["DATA"]["LANG"]["LostPassError"];}// Is the email address available in the database?elseif ($uid = phorum_user_check_email($_POST["lostpass"])) {// An existing user id was found for the entered email// address. Retrieve the user.$user = phorum_user_get($uid);$tmp_user=array();// User registration not yet approved by a moderator.if($user["active"] == PHORUM_USER_PENDING_MOD) {$template = "message";$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"];// User registration still need email verification.} elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL ||$user["active"] == PHORUM_USER_PENDING_BOTH) {// Generate and store a new email confirmation code.$tmp_user["user_id"] = $uid;$tmp_user["password_temp"] = substr(md5(microtime()), 0, 8);phorum_user_save( $tmp_user );// Mail the new confirmation code to the user.$verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=".$tmp_user["password_temp"]."$uid");$maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["VerifyRegEmailSubject"];$maildata["mailmessage"] =wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody1"],72)."\n\n$verify_url\n\n".wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody2"],72);phorum_email_user(array($user["email"]), $maildata);$PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"];$template="message";// The user is active.} else {// Generate and store a new password for the user.include_once( "./include/profile_functions.php" );$newpass = phorum_gen_password();$tmp_user["user_id"] = $uid;$tmp_user["password_temp"] = $newpass;phorum_user_save($tmp_user);// Mail the new password.$user = phorum_user_get( $uid );$maildata = array();$maildata['mailmessage'] =wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72)."\n\n".$PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n".$PHORUM["DATA"]["LANG"]["Password"] .": $newpass"."\n\n".wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72);$maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"];phorum_email_user(array( 0 => $user['email'] ), $maildata);$okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"];}}// The entered email address was not found.else {$error = $PHORUM["DATA"]["LANG"]["LostPassError"];}}// The user wants to login.else {// Check if the phorum_tmp_cookie was set. If not, the user's// browser does not support cookies.if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) {$PHORUM["use_cookies"] = false;}$username = trim($_POST["username"]);$password = trim($_POST["password"]);// Check if the login credentials are right.if (phorum_user_check_login($username, $password)) {// Destroy the temporary cookie.if(isset($_COOKIE["phorum_tmp_cookie"])){setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );}// Create an URI session id if cookies are not used..if(!$PHORUM["use_cookies"]) {$uri_session_id = md5($_POST['username'].microtime().$_POST['password']);$user = array('user_id' => $PHORUM['user']['user_id'],'sessid_st'=> $uri_session_id);phorum_user_save_simple($user);phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id);// Create cookie session(s).} else {if (!$PHORUM["DATA"]["LOGGEDIN"]) {phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false);}if($PHORUM["tight_security"]){phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true);}}// Determine the URL to redirect the user to.// If redir is a number, it is a URL constant.if(is_numeric($_POST["redir"])){$redir = phorum_get_url($_POST["redir"]);}// Redirecting to the registration or login page is a little weird,// so we just go to the list page if we came from one of those.elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) {$redir = $_POST["redir"];// By default, we redirect to the list page.} else {$redir = phorum_get_url( PHORUM_LIST_URL );}// The hook "after_login" can be used by module writers to// set a custom redirect URL.$redir =phorum_hook( "after_login", $redir );phorum_redirect_by_url($redir);exit();}// Login failed.else {$error = $PHORUM["DATA"]["LANG"]["InvalidLogin"];}}}// No data posted, so this is the first request. Here we set// a temporary cookie, so we can check if the user's browser// supports cookies.elseif($PHORUM["use_cookies"]) {setcookie( "phorum_tmp_cookie", "this will be destroyed once logged in", 0, $PHORUM["session_path"], $PHORUM["session_domain"] );}// Determine to what URL the user must be redirected after login.if (!empty( $PHORUM["args"]["redir"])) {$redir = htmlspecialchars(urldecode($PHORUM["args"]["redir"]));} elseif (!empty( $_REQUEST["redir"])) {$redir = htmlspecialchars($_REQUEST["redir"]);} elseif (!empty( $_SERVER["HTTP_REFERER"])) {$base = strtolower(phorum_get_url(PHORUM_BASE_URL));$len = strlen($base);if (strtolower(substr($_SERVER["HTTP_REFERER"],0,$len)) == $base) {$redir = htmlspecialchars($_SERVER["HTTP_REFERER"]);}}if (! isset($redir)) {$redir = phorum_get_url(PHORUM_LIST_URL);}// Setup template data.$PHORUM["DATA"]["LOGIN"]["redir"] = $redir;$PHORUM["DATA"]["URL"]["REGISTER"] = phorum_get_url( PHORUM_REGISTER_URL );$PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url( PHORUM_LOGIN_ACTION_URL );$PHORUM["DATA"]["LOGIN"]["forum_id"] = ( int )$PHORUM["forum_id"];$PHORUM["DATA"]["LOGIN"]["username"] = htmlspecialchars( $username );$PHORUM["DATA"]["ERROR"] = htmlspecialchars( $error );$PHORUM["DATA"]["OKMSG"] = htmlspecialchars( $okmsg );// Set the field to set the focus to after loading.$PHORUM["DATA"]["FOCUS_TO_ID"] = empty($username) ? "username" : "password";// Display the page.include phorum_get_template( "header" );phorum_hook( "after_header" );include phorum_get_template( $template );phorum_hook( "before_footer" );include phorum_get_template( "footer" );?>