| [ Index ] |
PHP Cross Reference of MantisBT |
[Summary view] [Print] [Text view]
1 <?php 2 # MantisBT - A PHP based bugtracking system 3 4 # MantisBT is free software: you can redistribute it and/or modify 5 # it under the terms of the GNU General Public License as published by 6 # the Free Software Foundation, either version 2 of the License, or 7 # (at your option) any later version. 8 # 9 # MantisBT is distributed in the hope that it will be useful, 10 # but WITHOUT ANY WARRANTY; without even the implied warranty of 11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 # GNU General Public License for more details. 13 # 14 # You should have received a copy of the GNU General Public License 15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Login page POSTs results to login.php 19 * Check to see if the user is already logged in 20 * 21 * @package MantisBT 22 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org 23 * @copyright Copyright (C) 2002 - 2011 MantisBT Team - mantisbt-dev@lists.sourceforge.net 24 * @link http://www.mantisbt.org 25 * 26 * @uses core.php 27 * @uses authentication_api.php 28 * @uses config_api.php 29 * @uses constant_inc.php 30 * @uses current_user_api.php 31 * @uses database_api.php 32 * @uses gpc_api.php 33 * @uses html_api.php 34 * @uses lang_api.php 35 * @uses print_api.php 36 * @uses string_api.php 37 * @uses user_api.php 38 * @uses utility_api.php 39 */ 40 41 /** 42 * MantisBT Core API's 43 */ 44 require_once ( 'core.php' ); 45 require_api( 'authentication_api.php' ); 46 require_api( 'config_api.php' ); 47 require_api( 'constant_inc.php' ); 48 require_api( 'current_user_api.php' ); 49 require_api( 'database_api.php' ); 50 require_api( 'gpc_api.php' ); 51 require_api( 'html_api.php' ); 52 require_api( 'lang_api.php' ); 53 require_api( 'print_api.php' ); 54 require_api( 'string_api.php' ); 55 require_api( 'user_api.php' ); 56 require_api( 'utility_api.php' ); 57 require_css( 'login.css' ); 58 59 if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { 60 print_header_redirect( config_get( 'default_home_page' ) ); 61 } 62 63 $f_error = gpc_get_bool( 'error' ); 64 $f_cookie_error = gpc_get_bool( 'cookie_error' ); 65 $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) ); 66 $f_username = gpc_get_string( 'username', '' ); 67 $f_perm_login = gpc_get_bool( 'perm_login', false ); 68 $f_secure_session = gpc_get_bool( 'secure_session', false ); 69 $f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null ); 70 71 $t_session_validation = ( ON == config_get_global( 'session_validation' ) ); 72 73 # Check for automatic logon methods where we want the logon to just be handled by login.php 74 if ( auth_automatic_logon_bypass_form() ) { 75 $t_uri = "login.php"; 76 77 if ( ON == config_get( 'allow_anonymous_login' ) ) { 78 $t_uri = "login_anon.php"; 79 } 80 81 if ( !is_blank( $f_return ) ) { 82 $t_uri .= "?return=" . string_url( $f_return ); 83 } 84 85 print_header_redirect( $t_uri ); 86 exit; 87 } 88 89 # Determine if secure_session should default on or off? 90 # - If no errors, and no cookies set, default to on. 91 # - If no errors, but cookie is set, use the cookie value. 92 # - If errors, use the value passed in. 93 if ( $t_session_validation ) { 94 if ( !$f_error && !$f_cookie_error ) { 95 $t_default_secure_session = ( is_null( $f_secure_session_cookie ) ? true : $f_secure_session_cookie ); 96 } else { 97 $t_default_secure_session = $f_secure_session; 98 } 99 } 100 101 # Determine whether the username or password field should receive automatic focus. 102 $t_username_field_autofocus = 'autofocus'; 103 $t_password_field_autofocus = ''; 104 if ( $f_username ) { 105 $t_username_field_autofocus = ''; 106 $t_password_field_autofocus = 'autofocus'; 107 } 108 109 # Login page shouldn't be indexed by search engines 110 html_robots_noindex(); 111 112 html_page_top1(); 113 html_page_top2a(); 114 115 if( $f_error || $f_cookie_error ) { 116 echo '<div class="important-msg">'; 117 echo '<ul>'; 118 119 # Display short greeting message 120 # echo lang_get( 'login_page_info' ) . '<br />'; 121 122 # Only echo error message if error variable is set 123 if ( $f_error ) { 124 echo '<li>' . lang_get( 'login_error' ) . '</li>'; 125 } 126 if ( $f_cookie_error ) { 127 echo '<li>' . lang_get( 'login_cookies_disabled' ) . '</li>'; 128 } 129 echo '</ul>'; 130 echo '</div>'; 131 } 132 ?> 133 134 <!-- Login Form BEGIN --> 135 <div id="login-div" class="form-container"> 136 <form id="login-form" method="post" action="login.php"> 137 <fieldset> 138 <legend><span><?php echo lang_get( 'login_title' ) ?></span></legend> 139 <?php 140 if ( !is_blank( $f_return ) ) { 141 echo '<input type="hidden" name="return" value="', string_html_specialchars( $f_return ), '" />'; 142 } 143 # CSRF protection not required here - form does not result in modifications 144 echo '<ul id="login-links">'; 145 146 if ( ON == config_get( 'allow_anonymous_login' ) ) { 147 echo '<li><a href="login_anon.php?return=' . string_url( $f_return ) . '">' . lang_get( 'login_anonymously' ) . '</a></li>'; 148 } 149 150 if ( ( ON == config_get_global( 'allow_signup' ) ) && 151 ( LDAP != config_get_global( 'login_method' ) ) && 152 ( ON == config_get( 'enable_email_notification' ) ) 153 ) { 154 echo '<li><a href="signup_page.php">', lang_get( 'signup_link' ), '</a></li>'; 155 } 156 # lost password feature disabled or reset password via email disabled -> stop here! 157 if ( ( LDAP != config_get_global( 'login_method' ) ) && 158 ( ON == config_get( 'lost_password_feature' ) ) && 159 ( ON == config_get( 'send_reset_password' ) ) && 160 ( ON == config_get( 'enable_email_notification' ) ) ) { 161 echo '<li><a href="lost_pwd_page.php">', lang_get( 'lost_password_link' ), '</a></li>'; 162 } 163 ?> 164 </ul> 165 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 166 <label for="username"><span><?php echo lang_get( 'username' ) ?></span></label> 167 <span class="input"><input id="username" type="text" name="username" size="32" maxlength="<?php echo USERLEN;?>" value="<?php echo string_attribute( $f_username ); ?>" class="<?php echo $t_username_field_autofocus ?>" /></span> 168 <span class="label-style"></span> 169 </div> 170 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 171 <label for="password"><span><?php echo lang_get( 'password' ) ?></span></label> 172 <span class="input"><input id="password" type="password" name="password" size="16" maxlength="<?php echo PASSLEN;?>" class="<?php echo $t_password_field_autofocus ?>" /></span> 173 <span class="label-style"></span> 174 </div> 175 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 176 <label for="remember-login"><span><?php echo lang_get( 'save_login' ) ?></span></label> 177 <span class="input"><input id="remember-login" type="checkbox" name="perm_login" <?php echo ( $f_perm_login ? 'checked="checked" ' : '' ) ?>/></span> 178 <span class="label-style"></span> 179 </div> 180 <?php if ( $t_session_validation ) { ?> 181 <div class="field-container <?php echo helper_alternate_class_no_attribute(); ?>"> 182 <label id="secure-session-label" for="secure-session"><span><?php echo lang_get( 'secure_session' ) ?></span></label> 183 <span class="input"> 184 <input id="secure-session" type="checkbox" name="secure_session" <?php echo ( $t_default_secure_session ? 'checked="checked" ' : '' ) ?>/> 185 <span id="session-msg"><?php echo lang_get( 'secure_session_long' ); ?></span> 186 </span> 187 <span class="label-style"></span> 188 </div> 189 <?php } ?> 190 <span class="submit-button"><input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" /></span> 191 </fieldset> 192 </form> 193 </div> 194 195 <?php 196 # 197 # Do some checks to warn administrators of possible security holes. 198 # Since this is considered part of the admin-checks, the strings are not translated. 199 # 200 201 if ( config_get_global( 'admin_checks' ) == ON ) { 202 $t_warnings = array(); 203 204 # Generate a warning if administrator/root is valid. 205 $t_admin_user_id = user_get_id_by_name( 'administrator' ); 206 if ( $t_admin_user_id !== false ) { 207 if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { 208 $t_warnings[] = lang_get( 'warning_default_administrator_account_present' ); 209 } 210 } 211 212 # Check if the admin directory is available and is readable. 213 $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; 214 if ( is_dir( $t_admin_dir ) ) { 215 $t_warnings[] = lang_get( 'warning_admin_directory_present' ); 216 } 217 if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) && is_executable( $t_admin_dir ) && @file_exists( "$t_admin_dir/." ) ) { 218 # since admin directory and db_upgrade lists are available check for missing db upgrades 219 # Check for db upgrade for versions < 1.0.0 using old upgrader 220 $t_db_version = config_get( 'database_version' , 0 ); 221 # if db version is 0, we haven't moved to new installer. 222 if ( $t_db_version == 0 ) { 223 $t_upgrade_count = 0; 224 if ( db_table_exists( db_get_table( 'upgrade' ) ) ) { 225 $query = "SELECT COUNT(*) from " . db_get_table( 'upgrade' ) . ";"; 226 $result = db_query_bound( $query ); 227 if ( db_num_rows( $result ) > 0 ) { 228 $t_upgrade_count = (int)db_result( $result ); 229 } 230 } 231 232 if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates 233 234 # new config table database version is 0. 235 # old upgrade tables exist. 236 # assume user is upgrading from <1.0 and therefore needs to update to 1.x before upgrading to 1.2 237 $t_warnings[] = lang_get( 'error_database_version_out_of_date_1' ); 238 } else { 239 # old upgrade tables do not exist, yet config database_version is 0 240 $t_warnings[] = lang_get( 'error_database_no_schema_version' ); 241 } 242 } 243 244 # Check for db upgrade for versions > 1.0.0 using new installer and schema 245 require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' ); 246 $t_upgrades_reqd = count( $upgrade ) - 1; 247 248 if ( ( 0 < $t_db_version ) && 249 ( $t_db_version != $t_upgrades_reqd ) ) { 250 251 if ( $t_db_version < $t_upgrades_reqd ) { 252 $t_warnings[] = lang_get( 'error_database_version_out_of_date_2' ); 253 } else { 254 $t_warnings[] = lang_get( 'error_code_version_out_of_date' ); 255 } 256 } 257 } 258 if( count( $t_warnings ) > 0 ) { 259 echo '<div class="important-msg">'; 260 echo '<ul>'; 261 foreach( $t_warnings AS $t_warning ) { 262 echo '<li>' . $t_warning . '</li>'; 263 } 264 echo '</ul>'; 265 echo '</div>'; 266 } 267 } # if 'admin_checks' 268 269 html_page_bottom1a( __FILE__ );
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Thu Jul 28 15:48:31 2011 | Cross-referenced by PHPXref 0.7 |