Revision 2125
Added by darkviper almost 9 years ago
| login_form.php | ||
|---|---|---|
| 4 | 4 |
* @category frontend |
| 5 | 5 |
* @package account |
| 6 | 6 |
* @author WebsiteBaker Project |
| 7 |
* @copyright 2009-2012, WebsiteBaker Org. e.V.
|
|
| 8 |
* @link http://www.websitebaker2.org/
|
|
| 7 |
* @copyright WebsiteBaker Org. e.V. |
|
| 8 |
* @link http://websitebaker.org/
|
|
| 9 | 9 |
* @license http://www.gnu.org/licenses/gpl.html |
| 10 | 10 |
* @platform WebsiteBaker 2.8.x |
| 11 | 11 |
* @requirements PHP 5.2.2 and higher |
| ... | ... | |
| 17 | 17 |
|
| 18 | 18 |
/* -------------------------------------------------------- */ |
| 19 | 19 |
// Must include code to stop this file being accessed directly |
| 20 |
if(!defined('WB_PATH')) {
|
|
| 21 |
require_once(dirname(dirname(__FILE__)).'/framework/globalExceptionHandler.php'); |
|
| 22 |
throw new IllegalFileException(); |
|
| 20 |
if(!defined('SYSTEM_RUN')) {
|
|
| 21 |
throw new Exception('illegal file access [account/login_form.php]');
|
|
| 23 | 22 |
} |
| 24 | 23 |
/* -------------------------------------------------------- */ |
| 25 | 24 |
|
| 26 |
// Generate username field name |
|
| 27 |
$username_fieldname = 'username_'; |
|
| 28 |
$password_fieldname = 'password_'; |
|
| 25 |
// Generate username field name |
|
| 26 |
$username_fieldname = 'username'; |
|
| 27 |
$password_fieldname = 'password'; |
|
| 28 |
if(isset($oReg->SmartLogin) && $oReg->SmartLogin == 'true') {
|
|
| 29 |
$sTmp = '_'.substr(md5(microtime()), -8); |
|
| 30 |
$username_fieldname .= $sTmp; |
|
| 31 |
$password_fieldname .= $sTmp; |
|
| 32 |
} |
|
| 29 | 33 |
$output = ''; |
| 30 | 34 |
msgQueue::clear(); |
| 31 | 35 |
|
| 32 |
if(defined('SMART_LOGIN') AND SMART_LOGIN == 'true') {
|
|
| 33 |
|
|
| 34 |
$temp = array_merge(range('a','z'), range(0,9));
|
|
| 35 |
shuffle($temp); |
|
| 36 |
for($i=0;$i<=7;$i++) {
|
|
| 37 |
$username_fieldname .= $temp[$i]; |
|
| 38 |
$password_fieldname .= $temp[$i]; |
|
| 39 |
} |
|
| 40 |
} else {
|
|
| 41 |
$username_fieldname = 'username'; |
|
| 42 |
$password_fieldname = 'password'; |
|
| 43 |
} |
|
| 44 |
|
|
| 45 | 36 |
$thisApp->redirect_url = (isset($thisApp->redirect_url) && ($thisApp->redirect_url!='') ? $thisApp->redirect_url : $_SESSION['HTTP_REFERER'] ); |
| 46 | 37 |
//$thisApp->redirect_url = ''; |
| 47 | 38 |
$sIncludeHeadLinkCss = ''; |
| 48 |
if( is_readable(WB_PATH .'/account/frontend.css')) {
|
|
| 49 |
$sIncludeHeadLinkCss .= '<link href="'.WB_URL.'/account/frontend.css"';
|
|
| 50 |
$sIncludeHeadLinkCss .= ' rel="stylesheet" type="text/css" media="screen" />'."\n";
|
|
| 39 |
if( is_readable($oReg->AppPath.'account/frontend.css')) {
|
|
| 40 |
$sIncludeHeadLinkCss .= '<link href="'.$oReg->AppUrl.'account/frontend.css"';
|
|
| 41 |
$sIncludeHeadLinkCss .= ' rel="stylesheet" type="text/css" media="screen" />'."\n";
|
|
| 51 | 42 |
} |
| 52 | 43 |
|
| 53 | 44 |
// set template file and assign module and template block |
| 54 |
$oTpl = new Template(dirname(__FILE__).'/htt');
|
|
| 55 |
$oTpl->set_file('page', 'login.htt');
|
|
| 56 |
$oTpl->debug = false; // false, true
|
|
| 57 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
| 45 |
$oTpl = new Template(__DIR__.'/htt');
|
|
| 46 |
$oTpl->set_file('page', 'login.htt');
|
|
| 47 |
$oTpl->debug = false;
|
|
| 48 |
$oTpl->set_block('page', 'main_block', 'main');
|
|
| 58 | 49 |
|
| 59 |
$oTpl->set_block('main_block', 'message_block', 'message');
|
|
| 60 |
$oTpl->set_block('message', '');
|
|
| 61 |
|
|
| 50 |
$oTpl->set_block('main_block', 'message_block', 'message');
|
|
| 51 |
$oTpl->set_block('message', '');
|
|
| 52 |
// language vars |
|
| 53 |
$oTpl->set_var($oReg->Trans->getLangArray()); |
|
| 62 | 54 |
// generell vars |
| 63 |
$oTpl->set_var(array( |
|
| 64 |
'FTAN' => $wb->getFTAN(), |
|
| 65 |
'ACTION_URL' => WB_URL.'/account/login.php', |
|
| 66 |
'FORGOT_URL' => WB_URL.'/account/forgot.php', |
|
| 67 |
'REDIRECT_URL' => $thisApp->redirect_url, |
|
| 68 |
'WB_URL' => WB_URL, |
|
| 69 |
'THEME_URL' => THEME_URL, |
|
| 70 |
'TEMPLATE_URL' => TEMPLATE_DIR, |
|
| 71 |
'HTTP_REFERER' => $thisApp->redirect_url, |
|
| 72 |
'CSS_BLOCK' => $sIncludeHeadLinkCss, |
|
| 73 |
'MESSAGE_VALUE' => '', |
|
| 74 |
'ERROR_VALUE' => '', |
|
| 75 |
'THISAPP_MESSAGE_VALUE' => $thisApp->message, |
|
| 76 |
'TEXT_FORGOTTEN_DETAILS' => $TEXT['FORGOTTEN_DETAILS'], |
|
| 77 |
'TEXT_USERNAME' => $TEXT['USERNAME'], |
|
| 78 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
|
| 79 |
'USER_FIELDNAME' => $username_fieldname, |
|
| 80 |
'PASSWORD_FIELDNAME' => $password_fieldname, |
|
| 81 |
'TEXT_LOGIN' => $TEXT['LOGIN'], |
|
| 82 |
'TEXT_RESET' => $TEXT['RESET'], |
|
| 83 |
'TEXT_CANCEL' => $TEXT['CANCEL'], |
|
| 84 |
) |
|
| 85 |
); |
|
| 55 |
$oTpl->set_var(array( |
|
| 56 |
'FTAN' => $wb->getFTAN(), |
|
| 57 |
'ACTION_URL' => $oReg->AppUrl.'account/login.php', |
|
| 58 |
'FORGOT_URL' => $oReg->AppUrl.'account/forgot.php', |
|
| 59 |
'REDIRECT_URL' => $thisApp->redirect_url, |
|
| 60 |
'WB_URL' => $oReg->AppUrl, |
|
| 61 |
'THEME_URL' => $oReg->ThemeUrl, |
|
| 62 |
'TEMPLATE_URL' => $oReg->TemplateDir, |
|
| 63 |
'HTTP_REFERER' => $thisApp->redirect_url, |
|
| 64 |
'CSS_BLOCK' => $sIncludeHeadLinkCss, |
|
| 65 |
'MESSAGE_VALUE' => '', |
|
| 66 |
'ERROR_VALUE' => '', |
|
| 67 |
'THISAPP_MESSAGE_VALUE' => $thisApp->message, |
|
| 68 |
'USER_FIELDNAME' => $username_fieldname, |
|
| 69 |
'PASSWORD_FIELDNAME' => $password_fieldname, |
|
| 70 |
) |
|
| 71 |
); |
|
| 86 | 72 |
|
| 87 |
$oTpl->set_block('main_block', 'show_smart_login_block', 'show_smart_login');
|
|
| 88 |
// $oTpl->parse('show_smart_login', '');
|
|
| 89 |
if($username_fieldname != 'username') {
|
|
| 90 |
$oTpl->set_var(array(
|
|
| 91 |
'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'],
|
|
| 92 |
)
|
|
| 93 |
);
|
|
| 73 |
$oTpl->set_block('main_block', 'show_smart_login_block', 'show_smart_login');
|
|
| 74 |
// $oTpl->parse('show_smart_login', '');
|
|
| 75 |
if($username_fieldname != 'username') {
|
|
| 76 |
$oTpl->parse('show_smart_login', 'show_smart_login_block', true);
|
|
| 77 |
} else {
|
|
| 78 |
$oTpl->set_block('show_smart_login', '');
|
|
| 79 |
}
|
|
| 94 | 80 |
|
| 95 |
$oTpl->parse('show_smart_login', 'show_smart_login_block', true);
|
|
| 96 |
} else {
|
|
| 97 |
$oTpl->set_block('show_smart_login', '');
|
|
| 98 |
} |
|
| 81 |
//$oTpl->parse('message', 'message_block', true);
|
|
| 82 |
$oTpl->parse('main', 'main_block', false);
|
|
| 83 |
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
|
| 84 |
unset($oTpl); |
|
| 85 |
print $output; |
|
| 99 | 86 |
|
| 100 |
//$oTpl->parse('message', 'message_block', true);
|
|
| 101 |
$oTpl->parse('main', 'main_block', false);
|
|
| 102 |
$output = $oTpl->finish($oTpl->parse('output', 'page'));
|
|
| 103 |
unset($oTpl); |
|
| 104 |
print $output; |
|
| 105 |
|
|
Also available in: Unified diff
! /framework/class.Login.php
! /account/ ~login_form.php ~login.php
! /admin/login/index.php
fixed some possible intruder vectors and complete 2.8.4 adaption