Changeset 1858 in ExiteCMS
- Timestamp:
- 10/17/08 16:40:38 (3 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 18 edited
-
administration/settings_security.php (modified) (1 diff)
-
administration/tools/language_pack_English.php (modified) (3 diffs)
-
administration/tools/language_pack_Nederlands.php (modified) (3 diffs)
-
administration/upgrade/rev01782.php (modified) (1 diff)
-
administration/upgrade/rev01804.php (modified) (1 diff)
-
administration/upgrade/rev01818.php (modified) (1 diff)
-
administration/upgrade/rev01858.php (added)
-
files/locales/en.main.global.php (modified) (2 diffs)
-
files/locales/en.main.setup.php (modified) (1 diff)
-
files/locales/nl.main.global.php (modified) (2 diffs)
-
files/locales/nl.main.setup.php (modified) (1 diff)
-
includes/session_functions.php (modified) (1 diff)
-
includes/templates/admin.settings_security.tpl (modified) (1 diff)
-
includes/templates/main.login.tpl (modified) (2 diffs)
-
includes/templates/main.setuser.tpl (modified) (1 diff)
-
includes/user_functions.php (modified) (3 diffs)
-
login.php (modified) (2 diffs)
-
modules/user_info_panel/templates/modules.user_info_panel.tpl (modified) (2 diffs)
-
setuser.php (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/administration/settings_security.php
r1639 r1858 80 80 $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '$login_expire' WHERE cfg_name = 'login_expire'"); 81 81 $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '$login_extended_expire' WHERE cfg_name = 'login_extended_expire'"); 82 $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".(isNum($_POST['auth_ssl']) ? $_POST['auth_ssl'] : "0")."' WHERE cfg_name = 'auth_ssl'"); 83 $result = dbquery("UPDATE ".$db_prefix."configuration SET cfg_value = '".(isNum($_POST['auth_required']) ? $_POST['auth_required'] : "0")."' WHERE cfg_name = 'auth_required'"); 82 84 } 83 85 } -
trunk/administration/tools/language_pack_English.php
r1836 r1858 1082 1082 $localestrings['573'] = "News:"; 1083 1083 $localestrings['574'] = "Downloads:"; 1084 $localestrings['575'] = "Login requires HTTPS:"; 1085 $localestrings['576'] = "Site access requires login:"; 1084 1086 $localestrings['600'] = "Albums"; 1085 1087 $localestrings['601'] = "Thumb size:"; … … 3032 3034 $localestrings['ac04'] = "Installed Modules"; 3033 3035 $localestrings['ac05'] = "Webmaster Toolbox"; 3036 $localestrings['https'] = "This website allows only logins secured by HTTPS"; 3034 3037 $localestrings['sysusr'] = "Automatic Post"; 3035 3038 $localestrings['user0'] = "Public"; … … 3743 3746 if (!defined('LP_COUNTRIES')) define('LP_COUNTRIES', "us|gb|ca|au|nz|in|za|ir|mt|hk|pr"); 3744 3747 if (!defined('LP_VERSION')) define('LP_VERSION', "7.20"); 3745 if (!defined('LP_DATE')) define('LP_DATE', "122 3543930");3748 if (!defined('LP_DATE')) define('LP_DATE', "1224253694"); 3746 3749 $lp_date = LP_DATE; 3747 3750 -
trunk/administration/tools/language_pack_Nederlands.php
r1841 r1858 1082 1082 $localestrings['573'] = "Nieuws:"; 1083 1083 $localestrings['574'] = "Downloads:"; 1084 $localestrings['575'] = "Login vereist HTTPS:"; 1085 $localestrings['576'] = "Login verplicht voor site toegang:"; 1084 1086 $localestrings['600'] = "Albums"; 1085 1087 $localestrings['601'] = "Formaat miniatuur:"; … … 3032 3034 $localestrings['ac04'] = "Optionele Modules"; 3033 3035 $localestrings['ac05'] = "Gereedschapskist"; 3036 $localestrings['https'] = "Deze website staat alleen via HTTPS beveiligde logins toe"; 3034 3037 $localestrings['sysusr'] = "Automatisch Bericht"; 3035 3038 $localestrings['user0'] = "Publiek"; … … 3743 3746 if (!defined('LP_COUNTRIES')) define('LP_COUNTRIES', "nl|be|sr|aw|an"); 3744 3747 if (!defined('LP_VERSION')) define('LP_VERSION', "7.20"); 3745 if (!defined('LP_DATE')) define('LP_DATE', "122 3544215");3748 if (!defined('LP_DATE')) define('LP_DATE', "1224253697"); 3746 3749 $lp_date = LP_DATE; 3747 3750 -
trunk/administration/upgrade/rev01782.php
r1803 r1858 22 22 // register this revision update 23 23 $revisions[] = array('revision' => $_revision, 24 'date' => mktime(18,00,0, 19,9,2008),24 'date' => mktime(18,00,0,9,19,2008), 25 25 'title' => "Required updates for ExiteCMS v7.1 rev.".$_revision, 26 26 'description' => "Database modifications for the new Photo Albums module."); -
trunk/administration/upgrade/rev01804.php
r1804 r1858 22 22 // register this revision update 23 23 $revisions[] = array('revision' => $_revision, 24 'date' => mktime(17,00,0, 4,10,2008),24 'date' => mktime(17,00,0,10,4,2008), 25 25 'title' => "Required updates for ExiteCMS v7.1 rev.".$_revision, 26 26 'description' => "Photo Albums side panels."); -
trunk/administration/upgrade/rev01818.php
r1818 r1858 22 22 // register this revision update 23 23 $revisions[] = array('revision' => $_revision, 24 'date' => mktime(23,00,0, 5,10,2008),24 'date' => mktime(23,00,0,10,5,2008), 25 25 'title' => "Required updates for ExiteCMS v7.1 rev.".$_revision, 26 26 'description' => "Moved the release to version 7.2."); -
trunk/files/locales/en.main.global.php
r1841 r1858 3 3 // locale : English 4 4 // locale name : main.global 5 // generated on : Thu Oct 9 2008, 11:18:53CEST5 // generated on : Fri Oct 17 2008, 16:28:20 CEST 6 6 // translators : ExiteCMS team,WanWizard 7 7 // ---------------------------------------------------------- … … 141 141 $locale['ac04'] = "Installed Modules"; 142 142 $locale['ac05'] = "Webmaster Toolbox"; 143 $locale['https'] = "This website allows only logins secured by HTTPS"; 143 144 $locale['sysusr'] = "Automatic Post"; 144 145 $locale['user0'] = "Public"; -
trunk/files/locales/en.main.setup.php
r1841 r1858 3 3 // locale : English 4 4 // locale name : main.setup 5 // generated on : Thu Oct 9 2008, 11:18:50CEST5 // generated on : Fri Oct 17 2008, 16:28:14 CEST 6 6 // translators : ExiteCMS team,WanWizard 7 7 // ---------------------------------------------------------- -
trunk/files/locales/nl.main.global.php
r1841 r1858 3 3 // locale : English 4 4 // locale name : main.global 5 // generated on : Thu Oct 9 2008, 11:23:35CEST5 // generated on : Fri Oct 17 2008, 16:28:17 CEST 6 6 // translators : ExiteCMS team,WanWizard 7 7 // ---------------------------------------------------------- … … 141 141 $locale['ac04'] = "Optionele Modules"; 142 142 $locale['ac05'] = "Gereedschapskist"; 143 $locale['https'] = "Deze website staat alleen via HTTPS beveiligde logins toe"; 143 144 $locale['sysusr'] = "Automatisch Bericht"; 144 145 $locale['user0'] = "Publiek"; -
trunk/files/locales/nl.main.setup.php
r1841 r1858 3 3 // locale : English 4 4 // locale name : main.setup 5 // generated on : Thu Oct 9 2008, 11:23:35CEST5 // generated on : Fri Oct 17 2008, 16:28:17 CEST 6 6 // translators : ExiteCMS team,WanWizard 7 7 // ---------------------------------------------------------- -
trunk/includes/session_functions.php
r1853 r1858 55 55 56 56 // store the last_url cookie if found 57 if (isset($_COOKIE['last_url']) && isURL($_COOKIE['last_url'])) {57 if (isset($_COOKIE['last_url']) && (isURL($_COOKIE['last_url']) || isURL($settings['siteurl'].$_COOKIE['last_url'])) && $_COOKIE['last_url'] != BASEDIR."setuser.php?login=yes") { 58 58 $_SESSION['last_url'] = stripinput($_COOKIE['last_url']); 59 59 } -
trunk/includes/templates/admin.settings_security.tpl
r1639 r1858 102 102 </tr> 103 103 <tr> 104 <td width='50%' class='tbl'> 105 {$locale.575} 106 </td> 107 <td width='50%' class='tbl'> 108 <select name='auth_ssl' class='textbox'> 109 <option value='0'{if $settings2.auth_ssl == "0"} selected="selected"{/if}>{$locale.509}</option> 110 <option value='1'{if $settings2.auth_ssl == "1"} selected="selected"{/if}>{$locale.508}</option> 111 </select> 112 </td> 113 </tr> 114 <tr> 115 <td width='50%' class='tbl'> 116 {$locale.576} 117 </td> 118 <td width='50%' class='tbl'> 119 <select name='auth_required' class='textbox'> 120 <option value='0'{if $settings2.auth_required == "0"} selected="selected"{/if}>{$locale.509}</option> 121 <option value='1'{if $settings2.auth_required == "1"} selected="selected"{/if}>{$locale.508}</option> 122 </select> 123 </td> 124 </tr> 125 <tr> 104 126 <td align='center' colspan='2' class='tbl'> 105 127 <hr /> -
trunk/includes/templates/main.login.tpl
r929 r1858 9 9 {* Revision History: *} 10 10 {* 2007-07-09 - WW - Initial version *} 11 {* 2008-10-17 - WW - Rewritten to support OpenId etc. *} 11 12 {* *} 12 13 {****************************************************************************} … … 15 16 {* *} 16 17 {****************************************************************************} 17 <!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'> 18 <html> 19 <head> 20 <title>{$settings.sitename}</title> 21 <meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'> 22 {include file='_stylesheets.tpl'} 23 </head> 24 <body class='tbl2'> 25 26 <table width='100%' height='100%'> 27 <tr> 28 <td> 29 30 <table align='center' cellpadding='0' cellspacing='1' width='500' class='tbl-border'> 31 <tr> 32 <td class='tbl1' style='font-size:11px'> 33 <center> 34 <br /> 35 <img src='{$smarty.const.THEME}images/{$settings.sitebanner}' alt='{$settings.sitename}'><br /><br /> 36 <form name='loginform' method='post' action='{$smarty.const.FUSION_SELF}'> 37 {$locale.061}<br /><input type='text' name='user_name' class='textbox' style='width:100px' /><br /> 38 {$locale.062}<br /><input type='password' name='user_pass' class='textbox' style='width:100px' /><br /> 39 <br /> 40 <input type='checkbox' name='remember_me' value='y' title='{$locale.063}' style='vertical-align:middle;'{if $remember_me|default:"no" == "yes"} checked{/if}/> 41 <input type='submit' name='login' value='{$locale.064}' class='button' /> 42 <input type='hidden' name='javascript_check' value='n' /> 43 <br /><br /> 44 </form> 45 </center> 46 </td> 47 </tr> 48 </table> 49 50 </td> 51 </tr> 52 </table> 53 54 </body> 18 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> 19 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="{$settings.locale_code|truncate:2:""}" lang="{$settings.locale_code|truncate:2:""}" dir="{$smarty.const.LOCALEDIR}"> 20 <head> 21 <title>{$settings.sitename}{if defined('PAGETITLE')} - {$smarty.const.PAGETITLE}{/if}</title> 22 <meta http-equiv='Content-Type' content='text/html; charset={$settings.charset}' /> 23 <meta http-equiv='Content-Language' content='{$settings.locale_code|truncate:2:""}' /> 24 <meta http-equiv='refresh' content='{$refresh}; url={$url}'> 25 <link href="{$smarty.const.THEME}exitecms__0001.css" rel="stylesheet" type="text/css" /> 26 </head> 27 <body class='body'> 28 <div class='splashscreen-h'> 29 <div class='splashscreen-v' style='height:350px;vertical-align:center;'> 30 <table align='center' cellpadding='0' cellspacing='1' width='500'> 31 <tr> 32 <td class='tbl1' align='center'> 33 <form name='loginform1' method='post' action='{$smarty.const.BASEDIR}setuser.php?login=yes'> 34 <img src='{$smarty.const.THEME}images/{$settings.sitebanner}' alt='{$settings.sitename}' style='width:480px;margin:5px;'/> 35 {foreach from=$auth_methods item=method key=i} 36 {if $method_count > 1} 37 {if $method == "ldap"} 38 <div class='side-label'> 39 {$locale.069} {$method|upper} {$locale.061}: 40 </div> 41 <div id='box_login{$i}' name='login{$i}' style='display:{if $auth_state.$i}block{else}none{/if};'> 42 {elseif $method == "ad"} 43 <div class='side-label'> 44 {$locale.069} {$method|upper} {$locale.061}: 45 </div> 46 <div id='box_login{$i}' name='login{$i}' style='display:{if $auth_state.$i}block{else}none{/if};'> 47 {elseif $method == "local"} 48 <div class='side-label'> 49 {$locale.069} {$locale.061}: 50 </div> 51 <div id='box_login{$i}' name='login{$i}' style='display:{if $auth_state.$i}block{else}none{/if};'> 52 {elseif $method == "openid"} 53 <div class='side-label'> 54 {$locale.069} {$locale.067}: 55 </div> 56 <div id='box_login{$i}' name='login{$i}' style='display:{if $auth_state.$i}block{else}none{/if};'> 57 {/if} 58 {/if} 59 <div style='padding:5px;'> 60 {if $method == "ldap"} 61 {$locale.061}: <input type='text' name='ldap_name' class='textbox' style='width:145px' /> 62 63 {$locale.062}: <input type='password' name='ldap_pass' class='textbox' style='width:145px' /><br /> 64 {elseif $method == "ad"} 65 {$locale.061}: <input type='text' name='ad_name' class='textbox' style='width:145px' /> 66 67 {$locale.062}: <input type='password' name='ad_pass' class='textbox' style='width:145px' /><br /> 68 {elseif $method == "local"} 69 {$locale.061}: <input type='text' name='user_name' class='textbox' style='width:145px' /> 70 71 {$locale.062}: <input type='password' name='user_pass' class='textbox' style='width:145px' /><br /> 72 {elseif $method == "openid"} 73 <input type='text' name='user_openid_url' class='textbox' style='width:128px;background: url({$smarty.const.IMAGES}openid_small_logo.gif) no-repeat; padding-left: 18px;' /> 74 75 <span class='small' style='font-size:90%;'> <a href="http://{$settings.locale_code}.wikipedia.org/wiki/OpenID" target="_blank">{$locale.068}</a></span><br /> 76 {/if} 77 </div> 78 {if $method_count > 1} 79 </div> 80 {/if} 81 {/foreach} 82 <hr /> 83 <div style='text-align:center'> 84 <input type='checkbox' name='remember_me' value='yes' title='{$locale.063}' style='vertical-align:middle;'{if $remember_me|default:"no" == "yes"} checked="checked"{/if}/> 85 <input type='submit' name='login' value='{$locale.064}' class='button' /><br /> 86 <input type='hidden' name='javascript_check' value='n' /> 87 </div> 88 </form> 89 {literal} 90 <script type='text/javascript'> 91 /* <![CDATA[ */ 92 if (document.loginform1.javascript_check.value == 'n') 93 { 94 document.loginform1.javascript_check.value = 'y'; 95 } 96 /* ]]> */ 97 </script> 98 {/literal} 99 {if $show_reglink || $show_passlink} 100 <hr /> 101 {/if} 102 {if $show_reglink}{$settings.siteurl|string_format:$locale.065}<br /><br />{/if} 103 {if $show_passlink}{$settings.siteurl|string_format:$locale.066}{/if} 104 </td> 105 </tr> 106 </table> 107 </div> 108 </div> 109 </body> 55 110 </html> 56 111 {***************************************************************************} -
trunk/includes/templates/main.setuser.tpl
r1802 r1858 39 39 {$message.line3|default:""}<br /> 40 40 {$message.line4|default:""}<br /> 41 <br /> 42 {$locale.183} 43 <br /> 44 {if $error != 0}[ <a href='{$url}'>{$locale.184}</a> ]{/if} 45 <br /><br /> 41 {if $refresh < 99999} 42 <br /> 43 {$locale.183} 44 <br /> 45 {if $refresh > 1}[ <a href='{$url}'>{$locale.184}</a> ]{/if} 46 <br /><br /> 47 {/if} 46 48 </center> 47 49 </div> -
trunk/includes/user_functions.php
r1840 r1858 56 56 } 57 57 58 // Check if a user wants to logging in 59 if (isset($_POST['login'])) { 60 $auth_result = false; 61 $auth_methods = isset($settings['auth_type']) ? explode(",",$settings['auth_type'].",") : array('local'); 62 foreach($auth_methods as $auth_method) { 63 switch($auth_method) { 64 case "local": 65 // authentication against the local user database 66 if (!empty($_POST['user_name']) && !empty($_POST['user_pass'])) { 67 $auth_result = auth_local($_POST['user_name'], $_POST['user_pass']); 68 } 69 break; 70 case "ldap": 71 break; 72 case "ad": 73 break; 74 case "openid": 75 // authentication against an openid provider 76 if (!empty($_POST['user_openid_url'])) { 77 $auth_result = auth_openid($_POST['user_openid_url']); 78 } 79 break; 80 case "default": 81 // empty or unknown entry, ignore 82 break; 83 } 84 } 85 // check the result of the authentication attempt, and process it 86 if (is_array($auth_result)) { 87 switch($auth_result[0]) { 88 case "redirect": 89 redirect($auth_result[1], $auth_result[2]); 90 exit; 91 default: 92 // unknown result code 93 _debug($auth_result); 94 terminate("unknown result code from an authentication module!"); 95 } 96 } 97 } 98 99 // if not in the process of posting a form, did the login session expired? 58 // if not in the process of posting a form, did the login session expire? 100 59 if (count($_POST)==0 && !empty($_SESSION['login_expire']) && $_SESSION['login_expire'] < time()) { 101 60 // clear the login info from the session … … 164 123 } 165 124 } else { 125 // is login required? 126 if ($settings['auth_required'] && FUSION_SELF != "login.php" && FUSION_SELF != "setuser.php") { 127 redirect(BASEDIR."login.php", "script"); 128 exit; 129 } 166 130 define("PATH_THEME", PATH_THEMES.$settings['theme']."/"); 167 131 define("THEME", THEMES.$settings['theme']."/"); … … 275 239 // deny all non-webmasters access to the site 276 240 redirect(BASEDIR.'maintenance.php?reason='.$settings['maintenance']); 277 }278 }279 280 281 /*---------------------------------------------------+282 | User authentication functions |283 +----------------------------------------------------*/284 285 // authentication against the local user database286 function auth_local($userid, $password) {287 global $db_prefix;288 289 // check and validate the given userid and pasword290 $user_pass = md5(md5($password));291 $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($userid));292 293 // check if we have a user record for this userid and password294 $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='".$user_pass."'");295 if (dbrows($result) == 0) {296 // not found, display an error message297 return array("redirect", BASEDIR."setuser.php?error=3", "script");298 } else {299 // found, get the record and do some more validation300 $ret = auth_user_validate(dbarray($result));301 return $ret;302 }303 }304 305 // authentication against an LDAP server306 function auth_ldap($userid, $password) {307 return array('auth_ldap not defined yet!');308 }309 310 // authentication against an Active Directory server311 function auth_ad($userid, $password) {312 return array('auth_ad not defined yet!');313 }314 315 // authentication using an OpenID316 function auth_openid($openid_url) {317 global $settings;318 319 // check if the URL is valid320 if (isURL($openid_url)) {321 require_once(PATH_INCLUDES."class.openid.php");322 $openid = new SimpleOpenID;323 $openid->SetIdentity($openid_url);324 $openid->SetApprovedURL($settings['siteurl']."setuser.php");325 $openid->SetTrustRoot($settings['siteurl']);326 $server_url = $openid->GetOpenIDServer();327 if ($server_url) {328 return array("redirect", $openid->GetRedirectURL() , "script");329 }330 } else {331 // for now...332 return false;333 }334 }335 336 // further validation on the userid found337 function auth_user_validate($userrecord) {338 339 // if the account is suspended, check for an expiry date340 if ($userrecord['user_status'] == 1 && $userrecord['user_ban_expire'] > 0 && $userrecord['user_ban_expire'] < time() ) {341 // if this user's email address is marked as bad, reset the countdown counter342 $userrecord['user_bad_email'] = $userrecord['user_bad_email'] == 0 ? 0 : time();343 // reset the user status and the expiry date344 $result = dbquery("UPDATE ".$db_prefix."users SET user_status='0', user_ban_expire='0', user_bad_email = '".$userrecord['user_bad_email']."' WHERE user_id='".$userrecord['user_id']."'");345 $userrecord['user_status'] = 0;346 }347 if ($userrecord['user_status'] == 0) {348 header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'");349 // set the 'remember me' status value350 $_SESSION['remember_me'] = isset($_POST['remember_me']) ? "yes" : "no";351 $_SESSION['userinfo'] = $userrecord['user_id'].".".$userrecord['user_password'];352 // login expiry defined?353 if ($settings['login_expire']) {354 if (isset($_POST['remember_me']) && $_POST['remember_me'] == "yes") {355 $_SESSION['login_expire'] = time() + $settings['login_extended_expire'];356 } else {357 $_SESSION['login_expire'] = time() + $settings['login_expire'];358 }359 } else {360 $_SESSION['login_expire'] = mktime(0,0,0,1,1,2038); // do not expire361 }362 return array("redirect", BASEDIR."setuser.php?user=".$userrecord['user_name'], "script");363 } elseif ($userrecord['user_status'] == 1) {364 return array("redirect", BASEDIR."setuser.php?user_id=".$userrecord['user_id']."&error=1", "script");365 } elseif ($userrecord['user_status'] == 2) {366 return array("redirect", BASEDIR."setuser.php?error=2", "script");367 241 } 368 242 } -
trunk/login.php
r1765 r1858 1 1 <?php 2 2 /*---------------------------------------------------+ 3 | PHP-Fusion 6 Content Management System3 | ExiteCMS Content Management System | 4 4 +----------------------------------------------------+ 5 | Copyright © 2002 - 2006 Nick Jones6 | http://www.php-fusion.co.uk/5 | Copyright 2007 Harro "WanWizard" Verton, Exite BV | 6 | for support, please visit http://exitecms.exite.eu | 7 7 +----------------------------------------------------+ 8 | Released under the terms & conditions of v2 of the 9 | GNU General Public License. For details refer to 10 | the included gpl.txt file or visit http://gnu.org 8 | Some portions copyright 2002 - 2006 Nick Jones | 9 | http://www.php-fusion.co.uk/ | 10 +----------------------------------------------------+ 11 | Released under the terms & conditions of v2 of the | 12 | GNU General Public License. For details refer to | 13 | the included gpl.txt file or visit http://gnu.org | 11 14 +----------------------------------------------------*/ 12 15 require_once dirname(__FILE__)."/includes/core_functions.php"; 13 require_once dirname(__FILE__)."/includes/theme_functions.php";16 require_once PATH_INCLUDES."theme_functions.php"; 14 17 15 18 // redirect back to the homepage if already logged in 16 19 if (iMEMBER) { 17 20 header("Location:".BASEDIR."index.php"); 21 exit; 22 } 23 24 // check if HTTPS if required, and if so, present. 25 if ($settings['auth_ssl'] && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")) { 26 header("Location:".BASEDIR."setuser.php?error=5"); 27 exit; 18 28 } 19 29 … … 21 31 $variables = array(); 22 32 33 $variables['loginerror'] = isset($loginerror) ? $loginerror : ""; 34 $variables['remember_me'] = isset($_SESSION['remember_me']) ? $_SESSION['remember_me'] : "no"; 35 $variables['login_expiry'] = (iADMIN && isset($_SESSION['login_expire'])) ? time_system2local($_SESSION['login_expire']) : ""; 36 37 // get which authentication to show 38 $variables['auth_methods'] = explode(",",$settings['auth_type']); 39 $variables['method_count'] = count($variables['auth_methods']); 40 $variables['auth_state'] = array(); 41 foreach($variables['auth_methods'] as $key => $method) { 42 if (isset($_SESSION['box_login'.$key])) { 43 $variables['auth_state'][] = $_SESSION['box_login'.$key] == 0 ? 1 : 0; 44 } else { 45 $variables['auth_state'][] = 1; 46 } 47 } 48 49 // check if we need to display a registration link 50 if ($settings['enable_registration']) { 51 $variables['show_reglink'] = true; 52 // get all menu items for this user 53 $linkinfo = array(); 54 require_once PATH_INCLUDES."menu_include.php"; 55 menu_generate_tree("", array(1,2,3), false); 56 foreach ($linkinfo as $link) { 57 if ($link['link_url'] == "/register.php") { 58 $variables['show_reglink'] = false; 59 break; 60 } 61 } 62 } else { 63 $variables['show_reglink'] = false; 64 } 65 66 // check if we need to display links 67 $variables['show_passlink'] = 1; 68 23 69 // define the first body panel variables 24 70 $template_panels[] = array('type' => 'body', 'name' => 'login', 'template' => 'main.login.tpl'); 25 71 $template_variables['login'] = $variables; 26 72 73 // make sure updates to session variables are written 74 session_write_close(); 75 27 76 load_templates('body', ''); 28 77 29 // close the database connection 30 mysql_close(); 31 32 // and flush any output remaining 33 ob_end_flush(); 78 // and clean up 79 theme_cleanup(); 34 80 ?> -
trunk/modules/user_info_panel/templates/modules.user_info_panel.tpl
r1844 r1858 55 55 </div> 56 56 </div> 57 {else} 57 {include file="_closeside_x.tpl"} 58 {elseif $settings.auth_ssl == 0 || $_SERVER.HTTPS|default:"" == "on"} 58 59 {include file="_openside.tpl" name=$_name title=$locale.060 state=$_state style=$_style} 59 60 <div style='text-align:center'> 60 61 {$loginerror|default:""} 61 62 </div> 62 <form name='loginform1' method='post' action='{$smarty.const. FUSION_SELF}'>63 <form name='loginform1' method='post' action='{$smarty.const.BASEDIR}setuser.php?login=yes'> 63 64 {foreach from=$auth_methods item=method key=i} 64 65 {if $method_count > 1} … … 138 139 {if $show_reglink}{$settings.siteurl|string_format:$locale.065}<br /><br />{/if} 139 140 {if $show_passlink}{$settings.siteurl|string_format:$locale.066}{/if} 140 {/if}141 {if $smarty.const.iMEMBER|default:false}142 {include file="_closeside_x.tpl"}143 {else}144 141 {include file="_closeside.tpl"} 145 142 {/if} -
trunk/setuser.php
r1853 r1858 3 3 | ExiteCMS Content Management System | 4 4 +----------------------------------------------------+ 5 | Copyright 200 7Harro "WanWizard" Verton, Exite BV |5 | Copyright 2008 Harro "WanWizard" Verton, Exite BV | 6 6 | for support, please visit http://exitecms.exite.eu | 7 7 +----------------------------------------------------+ … … 14 14 +----------------------------------------------------*/ 15 15 require_once dirname(__FILE__)."/includes/core_functions.php"; 16 require_once dirname(__FILE__)."/includes/theme_functions.php"; 16 require_once PATH_INCLUDES."theme_functions.php"; 17 18 /*---------------------------------------------------+ 19 | User authentication functions | 20 +----------------------------------------------------*/ 21 22 // authentication against the local user database 23 function auth_local($userid, $password) { 24 global $db_prefix; 25 26 // check and validate the given userid and pasword 27 $user_pass = md5(md5($password)); 28 $user_name = preg_replace(array("/\=/","/\#/","/\sOR\s/"), "", stripinput($userid)); 29 30 // check if we have a user record for this userid and password 31 $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_name='$user_name' AND user_password='".$user_pass."'"); 32 if (dbrows($result) == 0) { 33 // not found, display an error message 34 return 3; 35 } else { 36 // found, get the record and do some more validation 37 $ret = auth_user_validate(dbarray($result)); 38 return $ret; 39 } 40 } 41 42 // authentication against an LDAP server 43 function auth_ldap($userid, $password) { 44 terminate('auth_ldap not defined yet!'); 45 } 46 47 // authentication against an Active Directory server 48 function auth_ad($userid, $password) { 49 terminate('auth_ad not defined yet!'); 50 } 51 52 // authentication using an OpenID 53 function auth_openid($openid_url) { 54 global $settings; 55 56 // check if the URL is valid 57 if (isURL($openid_url)) { 58 require_once(PATH_INCLUDES."class.openid.php"); 59 $openid = new SimpleOpenID; 60 $openid->SetIdentity($openid_url); 61 $openid->SetApprovedURL($settings['siteurl']."setuser.php"); 62 $openid->SetTrustRoot($settings['siteurl']); 63 $server_url = $openid->GetOpenIDServer(); 64 if ($server_url) { 65 redirect($openid->GetRedirectURL() , "script"); 66 exit; 67 } 68 } else { 69 // for now... 70 return 0; 71 } 72 } 73 74 // further validation on the userid found 75 function auth_user_validate($userrecord) { 76 global $settings; 77 78 // if the account is suspended, check for an expiry date 79 if ($userrecord['user_status'] == 1 && $userrecord['user_ban_expire'] > 0 && $userrecord['user_ban_expire'] < time() ) { 80 // if this user's email address is marked as bad, reset the countdown counter 81 $userrecord['user_bad_email'] = $userrecord['user_bad_email'] == 0 ? 0 : time(); 82 // reset the user status and the expiry date 83 $result = dbquery("UPDATE ".$db_prefix."users SET user_status='0', user_ban_expire='0', user_bad_email = '".$userrecord['user_bad_email']."' WHERE user_id='".$userrecord['user_id']."'"); 84 $userrecord['user_status'] = 0; 85 } 86 if ($userrecord['user_status'] == 0) { 87 header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'"); 88 // set the 'remember me' status value 89 $_SESSION['remember_me'] = isset($_POST['remember_me']) ? "yes" : "no"; 90 $_SESSION['userinfo'] = $userrecord['user_id'].".".$userrecord['user_password']; 91 // login expiry defined? 92 if ($settings['login_expire']) { 93 if (isset($_POST['remember_me']) && $_POST['remember_me'] == "yes") { 94 $_SESSION['login_expire'] = time() + $settings['login_extended_expire']; 95 } else { 96 $_SESSION['login_expire'] = time() + $settings['login_expire']; 97 } 98 } else { 99 $_SESSION['login_expire'] = mktime(0,0,0,1,1,2038); // do not expire 100 } 101 return 4; 102 } elseif ($userrecord['user_status'] == 1) { 103 return 1; 104 } elseif ($userrecord['user_status'] == 2) { 105 return 2; 106 } else { 107 return 0; 108 } 109 } 110 111 112 /*---------------------------------------------------+ 113 | Main code | 114 +----------------------------------------------------*/ 115 17 116 // temp storage for template variables 18 117 $variables = array(); 118 119 // array to store the lines of the setuser message 120 $message = array(); 121 122 // make sure the error variable has a value 123 if (!isset($error) || !isNum($error)) $error = 0; 19 124 20 125 // set the redirect url (set in theme_cleanup), butnot when in maintenance! … … 29 134 } 30 135 31 // array to store the lines of the setuser message 32 $message = array(); 33 34 // make sure the error parameter has a value 35 if (!isset($error) || !isNum($error)) $error = 0; 36 37 if (isset($_REQUEST['logout']) && $_REQUEST['logout'] == "yes") { 136 if (isset($_GET['logout']) && $_GET['logout'] == "yes") { 137 138 // process the logout request 139 38 140 header("P3P: CP='NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM'"); 39 141 // make sure the user info is erased from the session … … 45 147 $message['line2'] = "<b>".$locale['192'].$userdata['user_name']."</b>"; 46 148 } 149 150 } elseif (isset($_GET['login']) && $_GET['login'] == "yes") { 151 152 // process the login request 153 $auth_methods = isset($settings['auth_type']) ? explode(",",$settings['auth_type'].",") : array('local'); 154 foreach($auth_methods as $auth_method) { 155 switch($auth_method) { 156 case "local": 157 // authentication against the local user database 158 if (!empty($_POST['user_name']) && !empty($_POST['user_pass'])) { 159 $error = auth_local($_POST['user_name'], $_POST['user_pass']); 160 } 161 break; 162 case "ldap": 163 break; 164 case "ad": 165 break; 166 case "openid": 167 // authentication against an openid provider 168 if (!empty($_POST['user_openid_url'])) { 169 $error = auth_openid($_POST['user_openid_url']); 170 } 171 break; 172 case "default": 173 // empty or unknown entry, ignore 174 break; 175 } 176 } 177 47 178 } else { 48 if ($error == 1) { 179 180 if (isset($_GET['openid_mode'])) { 181 // handle openid login 182 require_once(PATH_INCLUDES."class.openid.php"); 183 $openid = new SimpleOpenID; 184 $openid->SetIdentity(urldecode($_GET['openid_identity'])); 185 if ($openid->ValidateWithServer()) { 186 $openid_url = strtolower($openid->OpenID_Standarize($_GET['openid_identity'])); 187 $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_openid_url='".$openid_url."'"); 188 if (dbrows($result) != 0) { 189 // found, get the record and do some more validation 190 $error = auth_user_validate(dbarray($result)); 191 } else { 192 $message['line2'] = "<b>".$locale['196']."</b>"; 193 } 194 } else { 195 trigger_error($openid->GetError()); 196 exit; 197 } 198 } 199 200 } 201 202 // check the result of the authentication attempt, and process it 203 switch($error) { 204 case 0: 205 // 206 $refresh = 1; 207 break; 208 case 1: 49 209 $message['line1'] = "<b>".$locale['194']."</b>"; 50 210 $data = dbarray(dbquery("SELECT user_ban_reason, user_ban_expire FROM ".$db_prefix."users WHERE user_id='$user_id'")); … … 53 213 if ($data['user_ban_expire'] > 0) $message['line4'] = "<b>".$locale['181']." ".showdate('forumdate', $data['user_ban_expire'])."</b>"; 54 214 } 55 } elseif ($error == 2) { 215 $refresh = 10; 216 break; 217 case 2: 56 218 $message['line2'] = "<b>".$locale['195']."</b>"; 57 } elseif ($error == 3) { 219 $refresh = 10; 220 break; 221 case 3: 58 222 $message['line2'] = "<b>".$locale['196']."</b>"; 59 } else { 60 if (isset($_GET['openid_mode'])) { 61 // handle openid login 62 require_once(PATH_INCLUDES."class.openid.php"); 63 $openid = new SimpleOpenID; 64 $openid->SetIdentity(urldecode($_GET['openid_identity'])); 65 if ($openid->ValidateWithServer()) { 66 $openid_url = strtolower($openid->OpenID_Standarize($_GET['openid_identity'])); 67 $result = dbquery("SELECT * FROM ".$db_prefix."users WHERE user_openid_url='".$openid_url."'"); 68 if (dbrows($result) != 0) { 69 // found, get the record and do some more validation 70 $res = auth_user_validate(dbarray($result)); 71 if (!is_array($res)) { 72 $message['line2'] = "<b>Internal error: Invalid auth_user_validate() return code!</b>"; 73 } 74 } else { 75 $message['line2'] = "<b>".$locale['196']."</b>"; 76 } 77 } else { 78 trigger_error($openid->GetError()); 79 exit; 80 } 81 } 223 $refresh = 10; 224 break; 225 case 4: 82 226 if (isset($_SESSION['userinfo'])) { 83 // handle local login227 // now that we have user info, finish the login validation 84 228 $userinfo_vars = explode(".", $_SESSION['userinfo']); 85 229 $user_pass = (preg_match("/^[0-9a-z]{32}$/", $userinfo_vars['1']) ? $userinfo_vars['1'] : ""); … … 92 236 $result = dbquery("DELETE FROM ".$db_prefix."online WHERE online_user='0' AND online_ip='".USER_IP."'"); 93 237 $message['line2'] = "<b>".$locale['193'].$data['user_name']."</b>"; 238 $refresh = 1; 94 239 } else { 95 240 $message['line2'] = "<b>".$locale['196']."</b>"; 241 $refresh = 10; 96 242 } 97 243 } else { 98 244 $message['line2'] = "<b>SESSION ERROR. Please report this to the Webmaster</b>"; 99 } 100 } 245 $refresh = 99999; 246 } 247 break; 248 case 5: 249 $message['line2'] = "<b>".$locale['https']."</b>"; 250 $refresh = 99999; 251 break; 252 default: 253 // unknown result code 254 _debug($error); 255 terminate("unknown result code from an authentication module!"); 256 break; 101 257 } 102 258 … … 106 262 // auto-redirect counter (in seconds) 107 263 $variables['error'] = $error; 108 $variables['refresh'] = $error==0 ? 1: 10;264 $variables['refresh'] = isset($refresh) ? $refresh : 10; 109 265 110 266 // define the first body panel variables
Note: See TracChangeset
for help on using the changeset viewer.
