PageRenderTime 45ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/web/login.php

https://github.com/mysociety/hearfromyourmp
PHP | 420 lines | 309 code | 35 blank | 76 comment | 48 complexity | f0afdb681ad083d02b1b1933230c1d22 MD5 | raw file
    

  1. <?php
    2. 

  2. /*
    3. 

  3.  * login.php:
    4. 

  4.  * Identification and authentication of users.
    5. 

  5.  * 
    6. 

  6.  * The important thing here is that we mustn't leak information about whether
    7. 

  7.  * a given email address has an account or not. That means that, until we have
    8. 

  8.  * either processed a password, or have had the user click through from an
    9. 

  9.  * email token, we can't give any indication of whether the user has an account
    10. 

  10.  * or not.
    11. 

  11.  * 
    12. 

  12.  * There are a number of pages here:
    13. 

  13.  * 
    14. 

  14.  *  login
    15. 

  15.  *      Shown when the user doesn't have a cookie and login is needed. Either
    16. 

  16.  *      solicit a password or allow the user to click a button to get sent an
    17. 

  17.  *      email with a token in it. Supplied with parameters: stash, the stash
    18. 

  18.  *      key for the request which should complete once the user has logged in;
    19. 

  19.  *      email, the user's email address; and optionally name, the user's real
    20. 

  20.  *      name.
    21. 

  21.  *
    22. 

  22.  *  login-error
    23. 

  23.  *      Shown when the user enters an incorrect password or an unknown email
    24. 

  24.  *      address on the login page.
    25. 

  25.  *
    26. 

  26.  *  create-password
    27. 

  27.  *      Shown when a user logs in by means of an emailed token and has already
    28. 

  28.  *      created or signed a pledge, or posted a comment, to ask them to give a
    29. 

  29.  *      password for future logins.
    30. 

  30.  *
    31. 

  31.  *  change-name
    32. 

  32.  *      Shown when a user logs in but their name is significantly different
    33. 

  33.  *      from the name shown on their account. Gives them the options of
    34. 

  34.  *      changing the name recorded, or continuing with the old name.
    35. 

  35.  * 
    36. 

  36.  * Copyright (c) 2005 UK Citizens Online Democracy. All rights reserved.
    37. 

  37.  * Email: chris@mysociety.org; WWW: http://www.mysociety.org/
    38. 

  38.  *
    39. 

  39.  * $Id: login.php,v 1.16 2007-11-01 15:05:22 matthew Exp $
    40. 

  40.  * 
    41. 

  41.  */
    42. 

  42. 

  43. require_once '../phplib/ycml.php';
    44. 

  44. require_once '../phplib/fns.php';
    45. 

  45. require_once '../phplib/constituent.php';
    46. 

  46. require_once '../commonlib/phplib/auth.php';
    47. 

  47. require_once '../commonlib/phplib/person.php';
    48. 

  48. require_once '../commonlib/phplib/stash.php';
    49. 

  49. require_once '../commonlib/phplib/importparams.php';
    50. 

  50. 

  51. /* As a first step try to set a cookie and read it on redirect, so that we can
    52. 

  52.  * warn the user explicitly if they appear to be refusing cookies. */
    53. 

  53. if (!array_key_exists('test_cookie', $_COOKIE)) {
    54. 

  54.     if (array_key_exists('test_cookie', $_GET)) {
    55. 

  55.         page_header("Please enable cookies");
    56. 

  56.         ?>
    57. 

  57. <p>It appears that you don't have "cookies" enabled in your browser.
    58. 

  58. <strong>To continue, you must enable cookies</strong>. Please
    59. 

  59. read <a href="http://www.google.com/cookies.html">this page from Google
    60. 

  60. explaining how to do that</a>, and then click the "back" button and
    61. 

  61. try again</p>
    62. 

  62. <?
    63. 

  63.         page_footer();
    64. 

  64.         exit();
    65. 

  65.     } else {
    66. 

  66.         setcookie('test_cookie', '1', 0, '/', person_cookie_domain());
    67. 

  67.         header("Location: /login?" . $_SERVER['QUERY_STRING'] . "&test_cookie=1\n");
    68. 

  68.         exit();
    69. 

  69.     }
    70. 

  70. }
    71. 

  71. 

  72. /* Get all the parameters which we might use. */
    73. 

  73. importparams(
    74. 

  74.         array('stash',          '/^[0-9a-f]+$/',    '', null),
    75. 

  75.         array('email',          '/^[^@]+@[^@]+$/',  '', null),
    76. 

  76.         array('name',           '//',               '', null),
    77. 

  77.         array('password',       '/[^\s]/',          '', null),
    78. 

  78.         array('t',              '/^.+$/',           '', null),
    79. 

  79.         array('rememberme',     '/./',              '', false),
    80. 

  80. 

  81.         /* Buttons on login page. */
    82. 

  82.         array('LogIn',          '/^.+$/',           '', false),
    83. 

  83.         array('SendEmail',      '/^.+$/',           '', false),
    84. 

  84. 

  85.         array('SetPassword',    '/^.+$/',           '', false),
    86. 

  86.         array('NoPassword',     '/^.+$/',           '', false),
    87. 

  87. 

  88.         /* Buttons on name change page */
    89. 

  89.         array('KeepName',       '/^.+$/',            '', false),
    90. 

  90.         array('ChangeName',     '/^.+$/',            '', false)
    91. 

  91.     );
    92. 

  92. if ($q_name=='<Enter your name>') {
    93. 

  93.     $q_name=null;
    94. 

  94. }
    95. 

  95. 

  96. /* General purpose login, asks for email also. */
    97. 

  97. if (get_http_var("now")) {
    98. 

  98.     $P = person_signon(array(
    99. 

  99.                     'reason_web' => "To log into HearFromYourMP, we need to check your email address.",
    100. 

  100.                     'reason_email' => "Then you will be logged into HearFromYourMP, and can set or change your password.",
    101. 

  101.                     'reason_email_subject' => 'Log into HearFromYourMP'
    102. 

  102. 

  103.                 ));
    104. 

  104.     page_header("Logged in");
    105. 

  105.     print "You're now logged in as <strong>";
    106. 

  106.     if ($P->has_name())
    107. 

  107.         print htmlspecialchars($P->name);
    108. 

  108.     else 
    109. 

  109.         print htmlspecialchars($P->email);
    110. 

  110.     print "</strong>.  Enjoy using HearFromYourMP!";
    111. 

  111.     page_footer();
    112. 

  112.     exit;
    113. 

  113. }
    114. 

  114. 

  115. /* Do token case first because if the user isn't logged in *and* has a token
    116. 

  116.  * (unlikely but possible) the other branch would fail for lack of a stash
    117. 

  117.  * parameter. */
    118. 

  118. if (!is_null($q_t)) {
    119. 

  119.     /* Process emailed token */
    120. 

  120.     $d = auth_token_retrieve('login', $q_t);
    121. 

  121.     if (!$d)
    122. 

  122.         err("Please check the URL (i.e. the long code of letters and numbers) is copied correctly from your email, as the token $q_t was not found.");
    123. 

  123.     $P = person_get($d['email']);
    124. 

  124.     if (is_null($P)) {
    125. 

  125.         if (!$d['name']) {
    126. 

  126.             page_header('Subscribe to HearFromYourMP');
    127. 

  127.             print '<div id="errors">You do not appear to be registered. Please sign up!</div>';
    128. 

  128.             constituent_subscribe_box(array('email'=>$d['email']));
    129. 

  129.             page_footer();
    130. 

  130.             exit();
    131. 

  131.         } else {
    132. 

  132.             $P = person_get_or_create($d['email'], $d['name']);
    133. 

  133.         }
    134. 

  134.     }
    135. 

  135. 

  136.     $P->inc_numlogins();
    137. 

  137.     
    138. 

  138.     db_commit();
    139. 

  139. 

  140.     /* Now give the user their cookie. */
    141. 

  141.     set_login_cookie($P);
    142. 

  142. 

  143.     /* Recover "parameters" from token. */
    144. 

  144.     $q_h_email = htmlspecialchars($q_email = $d['email']);
    145. 

  145.     if (array_key_exists('name', $d) && !is_null($d['name'])) {
    146. 

  146.         $q_h_name = htmlspecialchars($q_name = $d['name']);
    147. 

  147.     } else {
    148. 

  148.         $q_h_name = $q_name = null;
    149. 

  149.     }
    150. 

  150.     $q_h_stash = htmlspecialchars($q_stash = $d['stash']);
    151. 

  151. 

  152.     /* If the 'direct' key exists in the token, don't do any intervening
    153. 

  153.      * pages. */
    154. 

  154.     if (!array_key_exists('direct', $d)) {
    155. 

  155.         if ($q_name && !$P->matches_name($q_name))
    156. 

  156.             $P->name($q_name);
    157. 

  157.         /* Can set this to some condition if you don't want to always offer password */
    158. 

  158.         change_password_page($P);
    159. 

  159.     }
    160. 

  160.     stash_redirect($q_stash);
    161. 

  161.     /* NOTREACHED */
    162. 

  162. }
    163. 

  163. 

  164. $P = person_if_signed_on();
    165. 

  165. if (!is_null($P)) {
    166. 

  166.     /* Person is already signed in. */
    167. 

  167.     if ($q_SetPassword)
    168. 

  168.         change_password_page($P);
    169. 

  169.     if ($q_name && !$P->matches_name($q_name))
    170. 

  170.         /* ... but they have specified a name which differs from their recorded
    171. 

  171.          * name. Change it. */
    172. 

  172.         $P->name($q_name);
    173. 

  173.     if (!is_null($q_stash))
    174. 

  174.         /* No name change, just pass them through to the page they actually
    175. 

  175.          * wanted. */
    176. 

  176.         stash_redirect($q_stash);
    177. 

  177.     else {
    178. 

  178.         err('A required parameter was missing');
    179. 

  179.     }
    180. 

  180. } elseif (is_null($q_stash)) {
    181. 

  181.     header("Location: /login?now=1");
    182. 

  182. } else {
    183. 

  183.     /* Main login page. */
    184. 

  184.     login_page();
    185. 

  185. }
    186. 

  186. 

  187. /* login_page
    188. 

  188.  * Render the login page, or respond to a button pressed on it. */
    189. 

  189. function login_page() {
    190. 

  190.     global $q_stash, $q_email, $q_name, $q_LogIn, $q_SendEmail, $q_rememberme;
    191. 

  191. 

  192.     if (is_null($q_stash)) {
    193. 

  193.         err("Required parameter was missing");
    194. 

  194.     }
    195. 

  195. 

  196.     if ($q_LogIn) {
    197. 

  197.         /* User has tried to log in. */
    198. 

  198.         if (is_null($q_email)) {
    199. 

  199.             login_form(array('email'=>'Please enter your email address.'));
    200. 

  200.             exit();
    201. 

  201.         }
    202. 

  202.         if (!validate_email($q_email)) {
    203. 

  203.             login_form(array('email'=>'Please enter a valid email address'));
    204. 

  204.             exit();
    205. 

  205.         }
    206. 

  206.         global $q_password;
    207. 

  207.         $P = person_get($q_email);
    208. 

  208.         if (is_null($P) || !$P->check_password($q_password)) {
    209. 

  209.             login_form(array('badpass'=>'Either your email or password weren\'t recognised.  Please try again.'));
    210. 

  210.             exit();
    211. 

  211.         } else {
    212. 

  212.             /* User has logged in correctly. Decide whether they are changing
    213. 

  213.              * their name. */
    214. 

  214.             set_login_cookie($P, $q_rememberme ? 28 * 24 * 3600 : null);
    215. 

  215.             if ($q_name && !$P->matches_name($q_name))
    216. 

  216.                 $P->name($q_name);
    217. 

  217.             $P->inc_numlogins();
    218. 

  218.             db_commit();
    219. 

  219.             stash_redirect($q_stash);
    220. 

  220.             /* NOTREACHED */
    221. 

  221.         }
    222. 

  222.     } elseif ($q_SendEmail) {
    223. 

  223.         /* User has asked to be sent email. */
    224. 

  224.         if (is_null($q_email)) {
    225. 

  225.             login_form(array('email'=>'Please enter your email address.'));
    226. 

  226.             exit();
    227. 

  227.         }
    228. 

  228.         if (!validate_email($q_email)) {
    229. 

  229.             login_form(array('email'=>'Please enter a valid email address'));
    230. 

  230.             exit();
    231. 

  231.         }
    232. 

  232. 

  233.         $token = auth_token_store('login', array(
    234. 

  234.                         'email' => $q_email,
    235. 

  235.                         'name' => $q_name,
    236. 

  236.                         'stash' => $q_stash,
    237. 

  237.                         'direct' => 1
    238. 

  238.                     ));
    239. 

  239.         db_commit();
    240. 

  240.         $url = OPTION_BASE_URL . "/L/$token";
    241. 

  241.         $extra = stash_get_extra($q_stash);
    242. 

  242.         $template_data = rabx_unserialise($extra);
    243. 

  243.         $template_data['url'] = $url;
    244. 

  244.         $template_data['user_name'] = $q_name ? " $q_name" : '';
    245. 

  245.         $template_data['user_email'] = $q_email;
    246. 

  246.         $to = $q_name ? array($q_email, $q_name) : $q_email;
    247. 

  247.         ycml_send_email_template($to,
    248. 

  248.             array_key_exists('template', $template_data) 
    249. 

  249.                 ?  $template_data['template'] : 'generic-confirm', 
    250. 

  250.             $template_data);
    251. 

  251.         page_header("Now check your email");
    252. 

  252.     ?>
    253. 

  253. <p id="loudmessage">
    254. 

  254. Now check your email!<br>
    255. 

  255. We've sent you an email, and you'll need to click the link in it before you can
    256. 

  256. continue
    257. 

  257. </p>
    258. 

  258. <?
    259. 

  259. 

  260.         page_footer(array('nonav' => 1));
    261. 

  261.         exit();
    262. 

  262.         /* NOTREACHED */
    263. 

  263.     } else {
    264. 

  264.         login_form();
    265. 

  265.         exit();
    266. 

  266.     }
    267. 

  267. }
    268. 

  268. 

  269. /* login_form ERRORS
    270. 

  270.  * Print the login form. ERRORS is a list of errors encountered when the form
    271. 

  271.  * was processed. */
    272. 

  272. function login_form($errors = array()) {
    273. 

  273.     /* Just render the form. */
    274. 

  274.     global $q_h_stash, $q_h_email, $q_h_name, $q_stash, $q_email, $q_name;
    275. 

  275. 

  276.     page_header('Checking your email address');
    277. 

  277. 

  278.     if (is_null($q_name))
    279. 

  279.         $q_name = $q_h_name = '';   /* shouldn't happen */
    280. 

  280. 

  281.     $extra = stash_get_extra($q_stash);
    282. 

  282.     $template_data = rabx_unserialise($extra);
    283. 

  283.     $reason = htmlspecialchars($template_data['reason_web']);
    284. 

  284. 

  285.     if (sizeof($errors)) {
    286. 

  286.         print '<div id="errors"><ul><li>';
    287. 

  287.         print join ('</li><li>', array_values($errors));
    288. 

  288.         print '</li></ul></div>';
    289. 

  289.     }
    290. 

  290. 

  291.     /* Split into two forms to avoid "do you want to remember this
    292. 

  292.      * password" prompt in, e.g., Mozilla. */
    293. 

  293. ?>
    294. 

  294. 

  295. <div class="pledge">
    296. 

  296. <form action="/login" name="login" class="login" method="POST" accept-charset="utf-8">
    297. 

  297. <input type="hidden" name="stash" value="<?=$q_h_stash?>">
    298. 

  298. <input type="hidden" name="name" id="name" value="<?=$q_h_name?>">
    299. 

  299. 

  300. <p><strong><?=$reason?></strong></p>
    301. 

  301. 

  302. <ul>
    303. 

  303. <li><p>We'll send an email to that address containing a link that logs you in.
    304. 

  304. </p></li>
    305. 

  305. 

  306. <? if (is_null($q_email) || $errors) { ?>
    307. 

  307. <li> Enter your email address: <input<? if (array_key_exists('email', $errors) || array_key_exists('badpass', $errors)) print ' class="error"' ?> type="text" size="30" name="email" id="email" value="<?=$q_h_email?>">
    308. 

  308. <? } else { ?>
    309. 

  309. <input type="hidden" name="email" value="<?=$q_h_email?>">
    310. 

  310. <? } ?>
    311. 

  311. 

  312. <input type="submit" name="SendEmail" value="Go">
    313. 

  313. 

  314. </li>
    315. 

  315. </ul>
    316. 

  316. 

  317. </form>
    318. 

  318. </div>
    319. 

  319. <?
    320. 

  320. 

  321.     page_footer();
    322. 

  322. }
    323. 

  323. 

  324. /* change_password_page PERSON
    325. 

  325.  * Show the logged-in PERSON a form to allow them to set or reset a password
    326. 

  326.  * for their account. */
    327. 

  327. function change_password_page($P) {
    328. 

  328.     global $q_stash, $q_email, $q_name, $q_SetPassword, $q_NoPassword;
    329. 

  329.     global $q_h_stash, $q_h_email, $q_h_name;
    330. 

  330. 

  331.     if (is_null($q_name))
    332. 

  332.         $q_name = $q_h_name = '';   /* shouldn't happen */
    333. 

  333. 

  334.     $error = null;
    335. 

  335.     if ($q_SetPassword) {
    336. 

  336.         global $q_pw1, $q_pw2;
    337. 

  337.         importparams(
    338. 

  338.                 array('pw1',        '/[^\s]+/',      '', null),
    339. 

  339.                 array('pw2',        '/[^\s]+/',      '', null)
    340. 

  340.             );
    341. 

  341.         if (is_null($q_pw1) || is_null($q_pw2))
    342. 

  342.             $error = _("Please type your new password twice");
    343. 

  343.         elseif (strlen($q_pw1)<5 || strlen($q_pw2)<5)
    344. 

  344.             $error = _('Your password must be at least 5 characters long');
    345. 

  345.         elseif ($q_pw1 != $q_pw2)
    346. 

  346.             $error = _("Please type the same password twice");
    347. 

  347.         else {
    348. 

  348.             $P->password($q_pw1);
    349. 

  349.             db_commit();
    350. 

  350.             return;
    351. 

  351.         }
    352. 

  352.     } else if ($q_NoPassword)
    353. 

  353.         return;
    354. 

  354. 

  355.     if ($P->has_password()) {
    356. 

  356.         page_header('Change your password');
    357. 

  357.         print <<<EOF
    358. 

  358. <p>There is a password set for your email address on HearFromYourMP. Perhaps
    359. 

  359. you've forgotten it? You can set a new password using this form:</p>
    360. 

  360. EOF;
    361. 

  361.     } else {
    362. 

  362.         page_header('Set a password');
    363. 

  363.         print <<<EOF
    364. 

  364. <p>On this page you can set a password which you can use to identify yourself
    365. 

  365. to HearFromYourMP, so that you can post comments in the future without having
    366. 

  366. to find an email from us first. You don't have to set a password if you don't want to.
    367. 

  367. </p>
    368. 

  368. EOF;
    369. 

  369.     }
    370. 

  370. 

  371.     if (!is_null($error))
    372. 

  372.         print "<div id=\"errors\"><ul><li>$error</li><ul></div>";
    373. 

  373. 

  374.     print <<<EOF
    375. 

  375. <div class="pledge">
    376. 

  376. 

  377. <p><strong>Would you like to set a HearFromYourMP password?</strong></p>
    378. 

  378. 

  379. <ul>
    380. 

  380. 

  381. <li><form action="/login" name="loginNoPassword" class="login" method="POST" accept-charset="utf-8">
    382. 

  382. <input type="hidden" name="stash" value="$q_h_stash">
    383. 

  383. <input type="hidden" name="email" value="$q_h_email">
    384. 

  384. <input type="hidden" name="name" value="$q_h_name">
    385. 

  385. No, I don't want to think of a password right now.
    386. 

  386. <input type="submit" name="NoPassword" value="Click here to continue">
    387. 

  387. <br><small>(you can set a password another time)</small>
    388. 

  388. </form></li>
    389. 

  389. 

  390. <li><form action="/login" name="loginSetPassword" class="login" method="POST" accept-charset="utf-8">
    391. 

  391. <input type="hidden" name="stash" value="$q_h_stash">
    392. 

  392. <input type="hidden" name="email" value="$q_h_email">
    393. 

  393. <input type="hidden" name="name" value="$q_h_name">
    394. 

  394. <input type="hidden" name="SetPassword" value="1">
    395. 

  395. Yes, I'd like to set a password, so I don't have to keep going back to my email.
    396. 

  396. <br>
    397. 

  397.     <strong>Password:</strong> <input type="password" name="pw1" id="pw1" size="15">
    398. 

  398.     <strong>Password (again):</strong> <input type="password" name="pw2" size="15">
    399. 

  399.     <input type="submit" name="SetPassword" value="Set password">
    400. 

  400. </form>
    401. 

  401. </li>
    402. 

  402. 

  403. </ul>
    404. 

  404. 

  405. </div>
    406. 

  406. EOF;
    407. 

  407. 

  408.     page_footer(array('nonav' => 1));
    409. 

  409.     exit();
    410. 

  410. }
    411. 

  411. 

  412. /* set_login_cookie PERSON [DURATION]
    413. 

  413.  * Set a login cookie for the given PERSON. If set, EXPIRES is the time which
    414. 

  414.  * will be set for the cookie to expire; otherwise, a session cookie is set. */
    415. 

  415. function set_login_cookie($P, $duration = null) {
    416. 

  416.     // error_log('set cookie');
    417. 

  417.     setcookie('pb_person_id', person_cookie_token($P->id(), $duration), is_null($duration) ? 0 : time() + $duration, '/', person_cookie_domain());
    418. 

  418. }
    419. 

  419. 

  420. ?>
    421. 

  421.