[Summary view] [Print] [Text view]

   1  <?php
   2  # MantisBT - A PHP based bugtracking system
   3  
   4  # MantisBT is free software: you can redistribute it and/or modify
   5  # it under the terms of the GNU General Public License as published by
   6  # the Free Software Foundation, either version 2 of the License, or
   7  # (at your option) any later version.
   8  #
   9  # MantisBT is distributed in the hope that it will be useful,
  10  # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  # GNU General Public License for more details.
  13  #
  14  # You should have received a copy of the GNU General Public License
  15  # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Check login then redirect to main_page.php or to login_page.php
  19   *
  20   * @package MantisBT
  21   * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  22   * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  23   * @link http://www.mantisbt.org
  24   *
  25   * @uses core.php
  26   * @uses authentication_api.php
  27   * @uses config_api.php
  28   * @uses constant_inc.php
  29   * @uses gpc_api.php
  30   * @uses print_api.php
  31   * @uses session_api.php
  32   * @uses string_api.php
  33   */
  34  
  35  /**
  36   * MantisBT Core API's
  37   */
  38  require_once ( 'core.php' );
  39  require_api( 'authentication_api.php' );
  40  require_api( 'config_api.php' );
  41  require_api( 'constant_inc.php' );
  42  require_api( 'gpc_api.php' );
  43  require_api( 'print_api.php' );
  44  require_api( 'session_api.php' );
  45  require_api( 'string_api.php' );
  46  
  47  $f_username        = gpc_get_string( 'username', '' );
  48  $f_password        = gpc_get_string( 'password', '' );
  49  $f_perm_login    = gpc_get_bool( 'perm_login' );
  50  $t_return        = string_url( string_sanitize_url( gpc_get_string( 'return', config_get( 'default_home_page' ) ) ) );
  51  $f_from            = gpc_get_string( 'from', '' );
  52  $f_secure_session = gpc_get_bool( 'secure_session', false );
  53  
  54  $f_username = auth_prepare_username($f_username);
  55  $f_password = auth_prepare_password($f_password);
  56  
  57  gpc_set_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', $f_secure_session ? '1' : '0' );
  58  
  59  if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {
  60      session_set( 'secure_session', $f_secure_session );
  61  
  62      $t_redirect_url = 'login_cookie_test.php?return=' . $t_return;
  63  
  64  } else {
  65      $t_redirect_url = 'login_page.php?return=' . $t_return .
  66          '&error=1&username=' . urlencode( $f_username ) .
  67          '&perm_login=' . ( $f_perm_login ? 1 : 0 ) .
  68          '&secure_session=' . ( $f_secure_session ? 1 : 0 );
  69  
  70      if ( HTTP_AUTH == config_get( 'login_method' ) ) {
  71          auth_http_prompt();
  72          exit;
  73      }
  74  }
  75  
  76  print_header_redirect( $t_redirect_url );