Savane PHP Frontend Developer Reference: login.php Source File

00001 <?php
00002 # This file is part of the Savane project
00003 # <http://gna.org/projects/savane/>
00004 #
00005 # $Id: login.php 5441 2006-02-19 13:53:40Z toddy $
00006 #
00007 #  Copyright 1999-2000 (c) The SourceForge Crew
00008 #  Copyright 2000-2003 (c) Free Software Foundation
00009 #
00010 #  Copyright 2003-2006 (c) Mathieu Roy <yeupou--gnu.org>
00011 #
00012 # The Savane project is free software; you can redistribute it and/or
00013 # modify it under the terms of the GNU General Public License
00014 # as published by the Free Software Foundation; either version 2
00015 # of the License, or (at your option) any later version.
00016 #
00017 # The Savane project is distributed in the hope that it will be useful,
00018 # but WITHOUT ANY WARRANTY; without even the implied warranty of
00019 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00020 # GNU General Public License for more details.
00021 #
00022 # You should have received a copy of the GNU General Public License
00023 # along with the Savane project; if not, write to the Free Software
00024 # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
00025 
00026 Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
00027 Header( "Cache-Control: no-cache");
00028 Header( "Cache-Control: must-revalidate");
00029 
00030 require '../include/pre.php';
00031 require '../include/account.php';
00032 
00033 
00034 if ($GLOBALS['sys_https_host'] != "" && !session_issecure())
00035 {
00036   #force use of SSL for login
00037   header('Location: '.$GLOBALS['sys_https_url'].$GLOBALS['sys_home'].'account/login.php?uri='.$uri);
00038 }
00039 
00040 ###### first check for valid login, if so, redirect
00041 
00042 # Prevent xss when displaying the login name
00043 $form_loginname = htmlspecialchars($form_loginname);
00044 
00045 if ($login)
00046 {
00047   # If we come from brother, it means that passwd is encrypted
00048   $crypted_pw = $from_brother;
00049   $success=session_login_valid($form_loginname,$form_pw,0,$cookie_for_a_year,$crypted_pw, $stay_in_ssl);
00050   if ($success)
00051     {
00052       # Set up the theme, if the user has selected any in the user
00053       # preferences -- but give priority to a cookie, if set.
00054       if (!isset($HTTP_COOKIE_VARS['SV_THEME']))
00055         {
00056           $theme_result = user_get_result_set(user_getid());
00057           $theme = db_result($theme_result, 0, 'theme');
00058           if (strlen($theme) > 0)
00059             {
00060               setcookie('SV_THEME', $theme, time() + 60*60*24,
00061                 $GLOBALS['sys_home'], $GLOBALS['sys_default_domain']);
00062             }
00063         }
00064 
00065       # Optionally stay in SSL mode
00066       if ($GLOBALS['sys_https_host'] != "" && $stay_in_ssl)
00067         { $http = "https"; }
00068       else
00069         { $http = "http"; }
00070 
00071       # If a brother server exists, login there too, if we are not
00072       # already coming from there
00073       if ($GLOBALS['sys_brother_domain'] && $brotherhood)
00074         {
00075           if (!$from_brother)
00076             {
00077               # Go there saying hello to your brother
00078               # First, crypt the password.
00079               # (Normally, users shouldn't use this feature
00080               # unless they ever login at brother site).
00081               $form_pw=crypt(md5($form_pw));
00082               header ("Location: ".$http."://".$GLOBALS['sys_brother_domain'].$GLOBALS['sys_home']."/account/login.php?form_loginname=$form_loginname&form_pw=$form_pw&cookie_for_a_year=$cookie_for_a_year&from_brother=1&login=1&stay_in_ssl=$stay_in_ssl&brotherhood=1&uri=".urlencode($uri));
00083               exit;
00084             }
00085           else
00086             {
00087               # We return to our brother 'my', where we login originally,
00088               # unless we are request to go to an uri
00089               if (!$uri) 
00090                 {            
00091                  header ("Location: ".$http."://".$GLOBALS['sys_brother_domain'].$GLOBALS['sys_home']."my/");
00092                 }
00093               else
00094                 {
00095                  header ("Location: ".$http."://".$GLOBALS['sys_brother_domain'].$uri);
00096                 }
00097               exit;
00098             }
00099         }
00100       else
00101         {
00102           # If No brother server exists, just go to 'my' page 
00103           # unless we are request to go to an uri
00104           if (!$uri) 
00105            {  
00106               header ("Location: ".$http."://".$GLOBALS['sys_default_domain'].$GLOBALS['sys_home']."my/");
00107            }
00108           else
00109            {
00110               header ("Location: ".$http."://".$GLOBALS['sys_default_domain'].$uri);
00111            }
00112           exit;
00113         }
00114 
00115     }
00116 }
00117 
00118 if ($session_hash)
00119 {
00120    # Nuke their old session securely. 
00121    session_cookie('session_hash','');
00122    db_query("DELETE FROM session WHERE session_hash='$session_hash' AND user='$user_id'");
00123 }
00124 
00125 site_header(array('title'=>_("Login")));
00126 
00127 if ($login && !$success)
00128 {
00129 
00130   if ("Account Pending" == $feedback)
00131     {
00132 
00133       echo '<h3>'._("Pending Account").'</h3>';
00134       echo '<p>'._("Your account is currently pending your email confirmation. Visiting the link sent to you in this email will activate your account.").'</p>';
00135       echo '<p>'._("If you need this email resent, please click below and a confirmation email will be sent to the email address you provided in registration.").'</p>';
00136       echo '<p><a href="pending-resend.php?form_user='.$form_loginname.'">['._("Resend Confirmation Email").']</a></p>';
00137 
00138     }
00139   else
00140     {
00141       # print helpful error message
00142       print '<div class="splitright"><div class="boxitem">';
00143       print '<div class="warn">'._("Troubleshooting:").'</div></div><ul class="boxli">'.
00144         '<li class="boxitemalt">'._("Is the \"Caps Lock\" or \"A\" light on your keyboard on?").'<br />'._("If so, hit \"Caps Lock\" key before trying again.").'</li>'.
00145         '<li class="boxitem">'._("Did you forget or misspell your password?").'<br />'.utils_link('lostpw.php', _("You can recover your password using the lost password form.")).'</li>'.
00146         '<li class="boxitemalt">'._("Still having trouble?").'<br />'.utils_link($GLOBALS['sys_home'].'support/?group='.$GLOBALS['sys_unix_group_name'],  _("Fill a support request.")).'</li>';
00147       print '</ul></div>';
00148     }
00149 
00150 }
00151 
00152 if (session_issecure())
00153 {
00154   echo '<p class="warn">'._("Cookies must be enabled past this point.").'</p>';
00155   echo '<p>'._("You will be connected with an SSL server and your password will not be visible to other users.").'</p>';
00156 }
00157 
00158 echo '<form action="'.$GLOBALS['sys_https_url'].$GLOBALS['sys_home'].'account/login.php" method="post">';
00159 echo '<input type="hidden" name="uri" value="'.$uri.'" />';
00160 
00161 echo '<p><span class="preinput">'._("Login Name:").'</span><br />&nbsp;&nbsp;';
00162 echo '<input type="text" name="form_loginname" value="'.$form_loginname.'" /></p>';
00163 
00164 echo '<p><span class="preinput">'._("Password:").'</span><br />&nbsp;&nbsp;';
00165 echo '<input type="password" name="form_pw" /></p>';
00166 
00167 if (session_issecure())
00168 {
00169   print '<p><input type="checkbox" name="stay_in_ssl" value="1" checked="checked" /><span class="preinput">';
00170   print _("Stay in SSL mode after login")."</span><br />\n";
00171   print '<span class="text">'._("Lynx, Emacs w3 and Microsoft Internet Explorer users will have intermittent SSL problems, so they should leave SSL after login. Gecko-based browser (Mozilla, Galeon, Netscape...) and Konqueror users should stay in SSL mode permanently for maximum security.").'</span></p>';
00172 }
00173 else
00174 {
00175   print '<p class="warn"><input type="hidden" name="stay_in_ssl" value="0" />';
00176   print _("This server does not use SSL, so the password you sent may be viewed by other people. Do not use any important passwords.").'</p>';
00177 }
00178 
00179 print '<p><input type="checkbox" name="cookie_for_a_year" value="1" /><span class="preinput">'._("Remember me").'</span><br />';
00180 print '<span class="text">'._("For a year, your login information will be stored in a cookie. Use this only if you are using your own computer.").'</span>';
00181 
00182 if ($GLOBALS['sys_brother_domain'])
00183 {
00184   print '<p><input type="checkbox" name="brotherhood" value="1" checked="checked" /><span class="preinput">';
00185   printf (_("Login also in %s").'</span><br />', $GLOBALS['sys_brother_domain']);
00186   print '<span class="text">';
00187   printf (_("Do not use this if you are using kerberos. Do not use this until you already successfully logged in on %s, the result would be unpredictable."), $GLOBALS['sys_brother_domain']);
00188   print '</span>';
00189 }
00190 
00191 print '<div class="center"><input type="submit" name="login" value="'._("Login").'" /></div>';
00192 print '</form>';
00193 
00194 $HTML->footer(array());
00195 
00196 ?>