Revision 2125
Added by darkviper almost 9 years ago
login_form.php | ||
---|---|---|
4 | 4 |
* @category frontend |
5 | 5 |
* @package account |
6 | 6 |
* @author WebsiteBaker Project |
7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V.
|
|
8 |
* @link http://www.websitebaker2.org/
|
|
7 |
* @copyright WebsiteBaker Org. e.V. |
|
8 |
* @link http://websitebaker.org/
|
|
9 | 9 |
* @license http://www.gnu.org/licenses/gpl.html |
10 | 10 |
* @platform WebsiteBaker 2.8.x |
11 | 11 |
* @requirements PHP 5.2.2 and higher |
... | ... | |
17 | 17 |
|
18 | 18 |
/* -------------------------------------------------------- */ |
19 | 19 |
// Must include code to stop this file being accessed directly |
20 |
if(!defined('WB_PATH')) { |
|
21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php'); |
|
22 |
throw new IllegalFileException(); |
|
20 |
if(!defined('SYSTEM_RUN')) { |
|
21 |
throw new Exception('illegal file access [account/login_form.php]'); |
|
23 | 22 |
} |
24 | 23 |
/* -------------------------------------------------------- */ |
25 | 24 |
|
26 |
// Generate username field name |
|
27 |
$username_fieldname = 'username_'; |
|
28 |
$password_fieldname = 'password_'; |
|
25 |
// Generate username field name |
|
26 |
$username_fieldname = 'username'; |
|
27 |
$password_fieldname = 'password'; |
|
28 |
if(isset($oReg->SmartLogin) && $oReg->SmartLogin == 'true') { |
|
29 |
$sTmp = '_'.substr(md5(microtime()), -8); |
|
30 |
$username_fieldname .= $sTmp; |
|
31 |
$password_fieldname .= $sTmp; |
|
32 |
} |
|
29 | 33 |
$output = ''; |
30 | 34 |
msgQueue::clear(); |
31 | 35 |
|
32 |
if(defined('SMART_LOGIN') AND SMART_LOGIN == 'true') { |
|
33 |
|
|
34 |
$temp = array_merge(range('a','z'), range(0,9)); |
|
35 |
shuffle($temp); |
|
36 |
for($i=0;$i<=7;$i++) { |
|
37 |
$username_fieldname .= $temp[$i]; |
|
38 |
$password_fieldname .= $temp[$i]; |
|
39 |
} |
|
40 |
} else { |
|
41 |
$username_fieldname = 'username'; |
|
42 |
$password_fieldname = 'password'; |
|
43 |
} |
|
44 |
|
|
45 | 36 |
$thisApp->redirect_url = (isset($thisApp->redirect_url) && ($thisApp->redirect_url!='') ? $thisApp->redirect_url : $_SESSION['HTTP_REFERER'] ); |
46 | 37 |
//$thisApp->redirect_url = ''; |
47 | 38 |
$sIncludeHeadLinkCss = ''; |
48 |
if( is_readable(WB_PATH .'/account/frontend.css')) {
|
|
49 |
$sIncludeHeadLinkCss .= '<link href="'.WB_URL.'/account/frontend.css"';
|
|
50 |
$sIncludeHeadLinkCss .= ' rel="stylesheet" type="text/css" media="screen" />'."\n";
|
|
39 |
if( is_readable($oReg->AppPath.'account/frontend.css')) {
|
|
40 |
$sIncludeHeadLinkCss .= '<link href="'.$oReg->AppUrl.'account/frontend.css"';
|
|
41 |
$sIncludeHeadLinkCss .= ' rel="stylesheet" type="text/css" media="screen" />'."\n";
|
|
51 | 42 |
} |
52 | 43 |
|
53 | 44 |
// set template file and assign module and template block |
54 |
$oTpl = new Template(dirname(__FILE__).'/htt');
|
|
55 |
$oTpl->set_file('page', 'login.htt');
|
|
56 |
$oTpl->debug = false; // false, true
|
|
57 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
45 |
$oTpl = new Template(__DIR__.'/htt');
|
|
46 |
$oTpl->set_file('page', 'login.htt');
|
|
47 |
$oTpl->debug = false;
|
|
48 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
58 | 49 |
|
59 |
$oTpl->set_block('main_block', 'message_block', 'message'); |
|
60 |
$oTpl->set_block('message', ''); |
|
61 |
|
|
50 |
$oTpl->set_block('main_block', 'message_block', 'message'); |
|
51 |
$oTpl->set_block('message', ''); |
|
52 |
// language vars |
|
53 |
$oTpl->set_var($oReg->Trans->getLangArray()); |
|
62 | 54 |
// generell vars |
63 |
$oTpl->set_var(array( |
|
64 |
'FTAN' => $wb->getFTAN(), |
|
65 |
'ACTION_URL' => WB_URL.'/account/login.php', |
|
66 |
'FORGOT_URL' => WB_URL.'/account/forgot.php', |
|
67 |
'REDIRECT_URL' => $thisApp->redirect_url, |
|
68 |
'WB_URL' => WB_URL, |
|
69 |
'THEME_URL' => THEME_URL, |
|
70 |
'TEMPLATE_URL' => TEMPLATE_DIR, |
|
71 |
'HTTP_REFERER' => $thisApp->redirect_url, |
|
72 |
'CSS_BLOCK' => $sIncludeHeadLinkCss, |
|
73 |
'MESSAGE_VALUE' => '', |
|
74 |
'ERROR_VALUE' => '', |
|
75 |
'THISAPP_MESSAGE_VALUE' => $thisApp->message, |
|
76 |
'TEXT_FORGOTTEN_DETAILS' => $TEXT['FORGOTTEN_DETAILS'], |
|
77 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
78 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
79 |
'USER_FIELDNAME' => $username_fieldname, |
|
80 |
'PASSWORD_FIELDNAME' => $password_fieldname, |
|
81 |
'TEXT_LOGIN' => $TEXT['LOGIN'], |
|
82 |
'TEXT_RESET' => $TEXT['RESET'], |
|
83 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
84 |
) |
|
85 |
); |
|
55 |
$oTpl->set_var(array( |
|
56 |
'FTAN' => $wb->getFTAN(), |
|
57 |
'ACTION_URL' => $oReg->AppUrl.'account/login.php', |
|
58 |
'FORGOT_URL' => $oReg->AppUrl.'account/forgot.php', |
|
59 |
'REDIRECT_URL' => $thisApp->redirect_url, |
|
60 |
'WB_URL' => $oReg->AppUrl, |
|
61 |
'THEME_URL' => $oReg->ThemeUrl, |
|
62 |
'TEMPLATE_URL' => $oReg->TemplateDir, |
|
63 |
'HTTP_REFERER' => $thisApp->redirect_url, |
|
64 |
'CSS_BLOCK' => $sIncludeHeadLinkCss, |
|
65 |
'MESSAGE_VALUE' => '', |
|
66 |
'ERROR_VALUE' => '', |
|
67 |
'THISAPP_MESSAGE_VALUE' => $thisApp->message, |
|
68 |
'USER_FIELDNAME' => $username_fieldname, |
|
69 |
'PASSWORD_FIELDNAME' => $password_fieldname, |
|
70 |
) |
|
71 |
); |
|
86 | 72 |
|
87 |
$oTpl->set_block('main_block', 'show_smart_login_block', 'show_smart_login');
|
|
88 |
// $oTpl->parse('show_smart_login', '');
|
|
89 |
if($username_fieldname != 'username') {
|
|
90 |
$oTpl->set_var(array(
|
|
91 |
'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'],
|
|
92 |
)
|
|
93 |
);
|
|
73 |
$oTpl->set_block('main_block', 'show_smart_login_block', 'show_smart_login');
|
|
74 |
// $oTpl->parse('show_smart_login', '');
|
|
75 |
if($username_fieldname != 'username') {
|
|
76 |
$oTpl->parse('show_smart_login', 'show_smart_login_block', true);
|
|
77 |
} else {
|
|
78 |
$oTpl->set_block('show_smart_login', '');
|
|
79 |
}
|
|
94 | 80 |
|
95 |
$oTpl->parse('show_smart_login', 'show_smart_login_block', true); |
|
96 |
} else { |
|
97 |
$oTpl->set_block('show_smart_login', ''); |
|
98 |
} |
|
81 |
//$oTpl->parse('message', 'message_block', true); |
|
82 |
$oTpl->parse('main', 'main_block', false); |
|
83 |
$output = $oTpl->finish($oTpl->parse('output', 'page')); |
|
84 |
unset($oTpl); |
|
85 |
print $output; |
|
99 | 86 |
|
100 |
//$oTpl->parse('message', 'message_block', true); |
|
101 |
$oTpl->parse('main', 'main_block', false); |
|
102 |
$output = $oTpl->finish($oTpl->parse('output', 'page')); |
|
103 |
unset($oTpl); |
|
104 |
print $output; |
|
105 |
|
Also available in: Unified diff
! /framework/class.Login.php
! /account/ ~login_form.php ~login.php
! /admin/login/index.php
fixed some possible intruder vectors and complete 2.8.4 adaption