Changeset 1858 in ExiteCMS for trunk/login.php

Timestamp:

10/17/08 16:40:38 (4 years ago)

Author:

hverton

Message:

rewritten the login/logout code, all code is now located in setuser.php
added a security setting "require SSL for logins"
added a security setting "require login before site access"
fixed small date display issue in several rev. upgrade files
added alternative login methods to the full-screen login

File:

• trunk/login.php (modified) (2 diffs)

trunk/login.php

@@ -1 +1 @@
 <?php
 /*---------------------------------------------------+
-| PHP-Fusion 6 Content Management System
+| ExiteCMS Content Management System                 |
 +----------------------------------------------------+
-| Copyright © 2002 - 2006 Nick Jones
-| http://www.php-fusion.co.uk/
+| Copyright 2007 Harro "WanWizard" Verton, Exite BV  |
+| for support, please visit http://exitecms.exite.eu |
 +----------------------------------------------------+
-| Released under the terms & conditions of v2 of the
-| GNU General Public License. For details refer to
-| the included gpl.txt file or visit http://gnu.org
+| Some portions copyright 2002 - 2006 Nick Jones     |
+| http://www.php-fusion.co.uk/                       |
++----------------------------------------------------+
+| Released under the terms & conditions of v2 of the |
+| GNU General Public License. For details refer to   |
+| the included gpl.txt file or visit http://gnu.org  |
 +----------------------------------------------------*/
 require_once dirname(__FILE__)."/includes/core_functions.php";
-require_once dirname(__FILE__)."/includes/theme_functions.php";
+require_once PATH_INCLUDES."theme_functions.php";
 
 // redirect back to the homepage if already logged in
 if (iMEMBER) {
     header("Location:".BASEDIR."index.php");
+    exit;
+}
+
+// check if HTTPS if required, and if so, present.
+if ($settings['auth_ssl'] && (!isset($_SERVER['HTTPS']) || $_SERVER['HTTPS'] != "on")) {
+    header("Location:".BASEDIR."setuser.php?error=5");
+    exit;
 }
 
@@ -21 +31 @@
 $variables = array();
 
+$variables['loginerror'] = isset($loginerror) ? $loginerror : "";
+$variables['remember_me'] = isset($_SESSION['remember_me']) ? $_SESSION['remember_me'] : "no";
+$variables['login_expiry']  = (iADMIN && isset($_SESSION['login_expire'])) ? time_system2local($_SESSION['login_expire']) : "";
+
+// get which authentication to show
+$variables['auth_methods'] = explode(",",$settings['auth_type']);
+$variables['method_count'] = count($variables['auth_methods']);
+$variables['auth_state'] = array();
+foreach($variables['auth_methods'] as $key => $method) {
+    if (isset($_SESSION['box_login'.$key])) {
+        $variables['auth_state'][] = $_SESSION['box_login'.$key] == 0 ? 1 : 0;
+    } else {
+        $variables['auth_state'][] = 1;
+    }
+}
+
+// check if we need to display a registration link
+if ($settings['enable_registration']) {
+    $variables['show_reglink'] = true;
+    // get all menu items for this user
+    $linkinfo = array();
+    require_once PATH_INCLUDES."menu_include.php";
+    menu_generate_tree("", array(1,2,3), false);
+    foreach ($linkinfo as $link) {
+        if ($link['link_url'] == "/register.php") {
+            $variables['show_reglink'] = false;
+            break;
+        }
+    }
+} else {
+    $variables['show_reglink'] = false;
+}
+
+// check if we need to display links
+$variables['show_passlink'] = 1;
+
 // define the first body panel variables
 $template_panels[] = array('type' => 'body', 'name' => 'login', 'template' => 'main.login.tpl');
 $template_variables['login'] = $variables;
 
+// make sure updates to session variables are written
+session_write_close();
+
 load_templates('body', '');
 
-// close the database connection
-mysql_close();
-
-// and flush any output remaining
-ob_end_flush();
+// and clean up
+theme_cleanup();
 ?>