Revision 1709
Added by Dietmar about 12 years ago
| class.login.php | ||
|---|---|---|
| 4 | 4 |
* @category framework |
| 5 | 5 |
* @package backend login |
| 6 | 6 |
* @author Ryan Djurovich, WebsiteBaker Project |
| 7 |
* @copyright 2009-2011, Website Baker Org. e.V.
|
|
| 7 |
* @copyright 2009-2012, Website Baker Org. e.V.
|
|
| 8 | 8 |
* @link http://www.websitebaker2.org/ |
| 9 | 9 |
* @license http://www.gnu.org/licenses/gpl.html |
| 10 | 10 |
* @platform WebsiteBaker 2.8.x |
| ... | ... | |
| 70 | 70 |
} |
| 71 | 71 |
if($this->is_authenticated() == true) {
|
| 72 | 72 |
// User already logged-in, so redirect to default url |
| 73 |
header('Location: '.$this->url);
|
|
| 74 |
exit(); |
|
| 73 |
// header("Location: ".$this->url);
|
|
| 74 |
// exit(0); |
|
| 75 |
$this->send_header($this->url); |
|
| 75 | 76 |
} elseif($this->is_remembered() == true) {
|
| 76 | 77 |
// User has been "remembered" |
| 77 | 78 |
// Get the users password |
| ... | ... | |
| 85 | 86 |
// Check if the user exists (authenticate them) |
| 86 | 87 |
if($this->authenticate()) {
|
| 87 | 88 |
// Authentication successful |
| 88 |
header("Location: ".$this->url);
|
|
| 89 |
exit(0); |
|
| 89 |
// header("Location: ".$this->url);
|
|
| 90 |
// exit(0); |
|
| 91 |
$this->send_header($this->url); |
|
| 90 | 92 |
} else {
|
| 91 |
$this->message = $MESSAGE['LOGIN']['AUTHENTICATION_FAILED'];
|
|
| 93 |
$this->message = $MESSAGE['LOGIN_AUTHENTICATION_FAILED'];
|
|
| 92 | 94 |
$this->increase_attemps(); |
| 93 | 95 |
} |
| 94 | 96 |
} elseif($this->username == '' AND $this->password == '') {
|
| 95 |
$this->message = $MESSAGE['LOGIN']['BOTH_BLANK'];
|
|
| 97 |
$this->message = $MESSAGE['LOGIN_BOTH_BLANK'];
|
|
| 96 | 98 |
$this->display_login(); |
| 97 | 99 |
} elseif($this->username == '') {
|
| 98 |
$this->message = $MESSAGE['LOGIN']['USERNAME_BLANK'];
|
|
| 100 |
$this->message = $MESSAGE['LOGIN_USERNAME_BLANK'];
|
|
| 99 | 101 |
$this->increase_attemps(); |
| 100 | 102 |
} elseif($this->password == '') {
|
| 101 |
$this->message = $MESSAGE['LOGIN']['PASSWORD_BLANK'];
|
|
| 103 |
$this->message = $MESSAGE['LOGIN_PASSWORD_BLANK'];
|
|
| 102 | 104 |
$this->increase_attemps(); |
| 103 | 105 |
} elseif($this->username_len < $config_array['MIN_USERNAME_LEN']) {
|
| 104 |
$this->message = $MESSAGE['LOGIN']['USERNAME_TOO_SHORT'];
|
|
| 106 |
$this->message = $MESSAGE['LOGIN_USERNAME_TOO_SHORT'];
|
|
| 105 | 107 |
$this->increase_attemps(); |
| 106 | 108 |
} elseif($this->password_len < $config_array['MIN_PASSWORD_LEN']) {
|
| 107 |
$this->message = $MESSAGE['LOGIN']['PASSWORD_TOO_SHORT'];
|
|
| 109 |
$this->message = $MESSAGE['LOGIN_PASSWORD_TOO_SHORT'];
|
|
| 108 | 110 |
$this->increase_attemps(); |
| 109 | 111 |
} elseif($this->username_len > $config_array['MAX_USERNAME_LEN']) {
|
| 110 |
$this->message = $MESSAGE['LOGIN']['USERNAME_TOO_LONG'];
|
|
| 112 |
$this->message = $MESSAGE['LOGIN_USERNAME_TOO_LONG'];
|
|
| 111 | 113 |
$this->increase_attemps(); |
| 112 | 114 |
} elseif($this->password_len > $config_array['MAX_PASSWORD_LEN']) {
|
| 113 |
$this->message = $MESSAGE['LOGIN']['PASSWORD_TOO_LONG'];
|
|
| 115 |
$this->message = $MESSAGE['LOGIN_PASSWORD_TOO_LONG'];
|
|
| 114 | 116 |
$this->increase_attemps(); |
| 115 | 117 |
} else {
|
| 116 | 118 |
// Check if the user exists (authenticate them) |
| 117 | 119 |
$this->password = md5($this->password); |
| 118 | 120 |
if($this->authenticate()) {
|
| 119 | 121 |
// Authentication successful |
| 120 |
//echo $this->url;exit(); |
|
| 121 |
header("Location: ".$this->url);
|
|
| 122 |
exit(0); |
|
| 122 |
// echo $this->url;exit(); |
|
| 123 |
// header("Location: ".$this->url);
|
|
| 124 |
// exit(0); |
|
| 125 |
$this->send_header($this->url); |
|
| 123 | 126 |
} else {
|
| 124 |
$this->message = $MESSAGE['LOGIN']['AUTHENTICATION_FAILED'];
|
|
| 127 |
$this->message = $MESSAGE['LOGIN_AUTHENTICATION_FAILED'];
|
|
| 125 | 128 |
$this->increase_attemps(); |
| 126 | 129 |
} |
| 127 | 130 |
} |
| ... | ... | |
| 213 | 216 |
} |
| 214 | 217 |
} |
| 215 | 218 |
$first_group = false; |
| 216 |
}
|
|
| 219 |
} |
|
| 217 | 220 |
|
| 218 | 221 |
// Update the users table with current ip and timestamp |
| 219 | 222 |
$get_ts = time(); |
| ... | ... | |
| 238 | 241 |
} |
| 239 | 242 |
$this->display_login(); |
| 240 | 243 |
} |
| 241 |
|
|
| 242 |
// Function to set a "remembering" cookie for the user |
|
| 244 |
|
|
| 245 |
// Function to set a "remembering" cookie for the user - removed
|
|
| 243 | 246 |
function remember($user_id) {
|
| 244 | 247 |
return true; |
| 245 |
// global $database; |
|
| 246 |
// $remember_key = ''; |
|
| 247 |
// // Generate user id to append to the remember key |
|
| 248 |
// $length = 11-strlen($user_id); |
|
| 249 |
// if($length > 0) {
|
|
| 250 |
// for($i = 1; $i <= $length; $i++) {
|
|
| 251 |
// $remember_key .= '0'; |
|
| 252 |
// } |
|
| 253 |
// } |
|
| 254 |
// // Generate remember key |
|
| 255 |
// $remember_key .= $user_id.'_'; |
|
| 256 |
// $salt = "abchefghjkmnpqrstuvwxyz0123456789"; |
|
| 257 |
// srand((double)microtime()*1000000); |
|
| 258 |
// $i = 0; |
|
| 259 |
// while ($i <= 10) {
|
|
| 260 |
// $num = rand() % 33; |
|
| 261 |
// $tmp = substr($salt, $num, 1); |
|
| 262 |
// $remember_key = $remember_key . $tmp; |
|
| 263 |
// $i++; |
|
| 264 |
// } |
|
| 265 |
// $remember_key = $remember_key; |
|
| 266 |
// // Update the remember key in the db |
|
| 267 |
// // $database = new database(); |
|
| 268 |
// $database->query("UPDATE ".$this->users_table." SET remember_key = '$remember_key' WHERE user_id = '$user_id' LIMIT 1");
|
|
| 269 |
// if($database->is_error()) {
|
|
| 270 |
// return false; |
|
| 271 |
// } else {
|
|
| 272 |
// // Workout options for the cookie |
|
| 273 |
// $cookie_name = 'REMEMBER_KEY'; |
|
| 274 |
// $cookie_value = $remember_key; |
|
| 275 |
// $cookie_expire = time()+60*60*24*30; |
|
| 276 |
// // Set the cookie |
|
| 277 |
// if(setcookie($cookie_name, $cookie_value, $cookie_expire, '/')) {
|
|
| 278 |
// return true; |
|
| 279 |
// } else {
|
|
| 280 |
// return false; |
|
| 281 |
// } |
|
| 282 |
// } |
|
| 283 | 248 |
} |
| 284 |
|
|
| 285 |
// Function to check if a user has been remembered |
|
| 249 |
|
|
| 250 |
// Function to check if a user has been remembered - removed
|
|
| 286 | 251 |
function is_remembered() |
| 287 | 252 |
{
|
| 288 | 253 |
return false; |
| 289 |
// global $database; |
|
| 290 |
// // add if get_safe_remember_key not empty |
|
| 291 |
// if(isset($_COOKIE['REMEMBER_KEY']) && ($_COOKIE['REMEMBER_KEY'] != '') && ($this->get_safe_remember_key() <> '' ) ) |
|
| 292 |
// {
|
|
| 293 |
// // Check if the remember key is correct |
|
| 294 |
// // $database = new database(); |
|
| 295 |
// $sql = "SELECT `user_id` FROM `" . $this->users_table . "` WHERE `remember_key` = '"; |
|
| 296 |
// $sql .= $this->get_safe_remember_key() . "' LIMIT 1"; |
|
| 297 |
// $check_query = $database->query($sql); |
|
| 298 |
// |
|
| 299 |
// if($check_query->numRows() > 0) |
|
| 300 |
// {
|
|
| 301 |
// $check_fetch = $check_query->fetchRow(); |
|
| 302 |
// $user_id = $check_fetch['user_id']; |
|
| 303 |
// // Check the remember key prefix |
|
| 304 |
// $remember_key_prefix = ''; |
|
| 305 |
// $length = 11-strlen($user_id); |
|
| 306 |
// if($length > 0) |
|
| 307 |
// {
|
|
| 308 |
// for($i = 1; $i <= $length; $i++) |
|
| 309 |
// {
|
|
| 310 |
// $remember_key_prefix .= '0'; |
|
| 311 |
// } |
|
| 312 |
// } |
|
| 313 |
// $remember_key_prefix .= $user_id.'_'; |
|
| 314 |
// $length = strlen($remember_key_prefix); |
|
| 315 |
// if(substr($_COOKIE['REMEMBER_KEY'], 0, $length) == $remember_key_prefix) |
|
| 316 |
// {
|
|
| 317 |
// return true; |
|
| 318 |
// } else {
|
|
| 319 |
// return false; |
|
| 320 |
// } |
|
| 321 |
// } else {
|
|
| 322 |
// return false; |
|
| 323 |
// } |
|
| 324 |
// } else {
|
|
| 325 |
// return false; |
|
| 326 |
// } |
|
| 327 | 254 |
} |
| 328 | 255 |
|
| 329 | 256 |
// Display the login screen |
| 330 | 257 |
function display_login() {
|
| 331 | 258 |
// Get language vars |
| 332 |
global $MESSAGE; |
|
| 333 |
global $MENU; |
|
| 334 |
global $TEXT; |
|
| 259 |
global $MESSAGE, $MENU, $TEXT; |
|
| 335 | 260 |
// If attemps more than allowed, warn the user |
| 336 | 261 |
if($this->get_session('ATTEMPS') > $this->max_attemps) {
|
| 337 | 262 |
$this->warn(); |
| 338 | 263 |
} |
| 339 | 264 |
// Show the login form |
| 340 | 265 |
if($this->frontend != true) {
|
| 341 |
require_once(WB_PATH.'/include/phplib/template.inc'); |
|
| 266 |
//require_once(WB_PATH.'/include/phplib/template.inc');
|
|
| 342 | 267 |
// $template = new Template($this->template_dir); |
| 343 | 268 |
// Setup template object, parse vars to it, then parse it |
| 344 | 269 |
$template = new Template(dirname($this->correct_theme_source($this->template_file))); |
| ... | ... | |
| 356 | 281 |
'USERNAME_FIELDNAME' => $this->username_fieldname, |
| 357 | 282 |
'PASSWORD_FIELDNAME' => $this->password_fieldname, |
| 358 | 283 |
'MESSAGE' => $this->message, |
| 284 |
'WEBSITE_TITLE' => WEBSITE_TITLE, |
|
| 285 |
'TEXT_ADMINISTRATION' => $TEXT['ADMINISTRATION'], |
|
| 359 | 286 |
'INTERFACE_DIR_URL' => ADMIN_URL.'/interface', |
| 360 | 287 |
'MAX_USERNAME_LEN' => $this->max_username_len, |
| 361 | 288 |
'MAX_PASSWORD_LEN' => $this->max_password_len, |
| 289 |
'ADMIN_URL' => ADMIN_URL, |
|
| 362 | 290 |
'WB_URL' => WB_URL, |
| 291 |
'URL_VIEW' => WB_URL, |
|
| 363 | 292 |
'THEME_URL' => THEME_URL, |
| 364 | 293 |
'VERSION' => VERSION, |
| 294 |
'SP' => (defined('SP') ? SP : ''),
|
|
| 365 | 295 |
'REVISION' => REVISION, |
| 366 | 296 |
'LANGUAGE' => strtolower(LANGUAGE), |
| 367 | 297 |
'FORGOTTEN_DETAILS_APP' => $this->forgotten_details_app, |
| ... | ... | |
| 370 | 300 |
'TEXT_PASSWORD' => $TEXT['PASSWORD'], |
| 371 | 301 |
'TEXT_REMEMBER_ME' => $TEXT['REMEMBER_ME'], |
| 372 | 302 |
'TEXT_LOGIN' => $TEXT['LOGIN'], |
| 303 |
'TITLE_LOGOUT' => $MENU['LOGIN'], |
|
| 304 |
'TEXT_RESET' => $TEXT['RESET'], |
|
| 373 | 305 |
'TEXT_HOME' => $TEXT['HOME'], |
| 306 |
'TITLE_VIEW' => $TEXT['WEBSITE'], |
|
| 374 | 307 |
'PAGES_DIRECTORY' => PAGES_DIRECTORY, |
| 375 |
'SECTION_LOGIN' => $MENU['LOGIN'] |
|
| 308 |
'SECTION_NAME' => $MENU['LOGIN'], |
|
| 309 |
'SECTION_LOGIN' => $MENU['LOGIN'], |
|
| 310 |
'LOGIN_DISPLAY_HIDDEN' => !$this->is_authenticated() ? 'hidden' : '', |
|
| 311 |
'LOGIN_DISPLAY_NONE' => !$this->is_authenticated() ? 'none' : '', |
|
| 312 |
'LOGIN_LINK' => $_SERVER['SCRIPT_NAME'], |
|
| 313 |
'LOGIN_ICON' => 'login', |
|
| 314 |
'START_ICON' => 'blank', |
|
| 315 |
'URL_HELP' => 'http://www.websitebaker.org/', |
|
| 376 | 316 |
) |
| 377 | 317 |
); |
| 378 | 318 |
if(defined('DEFAULT_CHARSET')) {
|
| ... | ... | |
| 380 | 320 |
} else {
|
| 381 | 321 |
$charset='utf-8'; |
| 382 | 322 |
} |
| 383 |
|
|
| 384 |
$template->set_var('CHARSET', $charset);
|
|
| 385 | 323 |
|
| 324 |
$template->set_var('CHARSET', $charset);
|
|
| 325 |
|
|
| 386 | 326 |
$template->parse('main', 'mainBlock', false);
|
| 387 | 327 |
$template->pparse('output', 'page');
|
| 388 | 328 |
} |
| ... | ... | |
| 395 | 335 |
$clean_cookie = sprintf('%011d', (int) substr($_COOKIE['REMEMBER_KEY'], 0, 11)) . substr($_COOKIE['REMEMBER_KEY'], 11);
|
| 396 | 336 |
return ($clean_cookie == $_COOKIE['REMEMBER_KEY']) ? $this->add_slashes($clean_cookie) : ''; |
| 397 | 337 |
} |
| 398 |
|
|
| 338 |
|
|
| 399 | 339 |
// Warn user that they have had to many login attemps |
| 400 | 340 |
function warn() {
|
| 401 |
header('Location: '.$this->warning_url);
|
|
| 341 |
// header('Location: '.$this->warning_url);
|
|
| 342 |
$this->send_header($this->warning_url); |
|
| 402 | 343 |
exit(0); |
| 403 | 344 |
} |
| 404 |
|
|
| 345 |
|
|
| 405 | 346 |
} |
| 406 |
|
|
| 407 |
?> |
|
Also available in: Unified diff
! update folder framework class.login, admin/login, admin/skel/htt