weblogin.inc.php | searchcode

/assets/snippets/weblogin/weblogin.inc.php

https://github.com/modxcms/evolution
PHP | 187 lines | 157 code | 12 blank | 18 comment | 38 complexity | dcd6a5129be12942bc143c24e8cb72c9 MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, MIT, BSD-2-Clause, Apache-2.0, BSD-3-Clause

<?php
# WebLogin 1.0
# Created By Raymond Irving 2004
#::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

defined('IN_PARSER_MODE') or die();

# load tpl
if(is_numeric($tpl)) $tpl = ($doc=$modx->getDocuments($tpl)) ? $doc['content']:"Document '$tpl' not found.";
else if($tpl)
    $tpl = (((substr(strtolower($tpl), 0, 5) == "@file") && ($chunk=file_get_contents(MODX_BASE_PATH.trim(substr($tpl, 6))))) || ($chunk=$modx->getChunk($tpl))) ? $chunk:"Chunk '$tpl' not found.";

if(!$tpl) $tpl = getWebLogintpl();

// extract declarations
$declare = webLoginExtractDeclarations($tpl);
$tpls = explode((isset($declare["separator"]) ? $declare["separator"]:"<!--tpl_separator-->"),$tpl);

if(!isset($_SESSION['webValidated'])){
    ob_start();
//    if(isset($_COOKIE[$cookieKey])) {
//        $cookieSet = 1;
//        $sitename = $_COOKIE[$cookieKey];
//        $thepasswd = substr($site_id,-5)."crypto"; // create a password based on site id
//        $rc4 = new rc4crypt;
//        $thestring = $rc4->endecrypt($thepasswd,$sitename,'de');
//        $uid = $thestring;
//    }else{
        $uid = isset($_POST['username'])? $modx->db->escape(htmlspecialchars(trim($_POST['username']), ENT_QUOTES)):'';
//    }
    ?>
    <script type="text/JavaScript">
    <!--//--><![CDATA[//><!--
        function getElementById(id){
            var o, d=document;
            if (d.layers) {o=d.layers[id];if(o) o.style=o};
            if (!o && d.getElementById) o=d.getElementById(id);
            if (!o && d.all) o = d.all[id];
            return o;
        }

        function webLoginShowForm(i){
            var a = getElementById('WebLoginLayer0');
            var b = getElementById('WebLoginLayer2');
            if(i==1 && a && b) {
                a.style.display="block";
                b.style.display="none";
                document.forms['loginreminder'].txtpwdrem.value = 0;
            }
            else if(i==2 && a && b) {
                a.style.display="none";
                b.style.display="block";
                document.forms['loginreminder'].txtpwdrem.value = 1;
            }
        };
        function webLoginCheckRemember () {
            if(document.loginfrm.rememberme.value==1) {
                document.loginfrm.rememberme.value=0;
            } else {
                document.loginfrm.rememberme.value=1;
            }
        }
        function webLoginEnter(nextfield,event) {
            if(event && event.keyCode == 13) {
                if(nextfield.name=='cmdweblogin') {
                    document.loginfrm.submit();
                    return false;
                }
                else {
                    nextfield.focus();
                    return false;
                }
            } else {
                return true;
            }
        }
    //--><!]]>
    </script>
    <?php

        // display login
        $ref = isset($_REQUEST["refurl"]) ? array("refurl" => urlencode($_REQUEST["refurl"])) : array();
        $tpl = "<div id='WebLoginLayer0' style='position:relative'>".$tpls[0]."</div>";
        $tpl.= "<div id='WebLoginLayer2' style='position:relative;display:none'>".$tpls[2]."</div>";
        $tpl = str_replace("[+action+]",preserveUrl($modx->documentIdentifier,"",$ref),$tpl);
        $tpl = str_replace("[+rememberme+]",($_POST['rememberme'] ? 1 : 0),$tpl);
        $tpl = str_replace("[+username+]",$uid,$tpl);
        $tpl = str_replace("[+checkbox+]",($_POST['rememberme'] ? "checked='checked'" : ""),$tpl);
        $tpl = str_replace("[+logintext+]",$loginText,$tpl);
        echo $tpl;
    ?>
    <script type="text/javascript">
        if (document.loginfrm) <?php echo !empty($uid) ? "document.loginfrm.password.focus()" : "document.loginfrm.username.focus()" ?>;
    </script>
    <?php
    $output .= ob_get_contents();
    ob_end_clean();
} else {
    $output= '';

    if (getenv("HTTP_CLIENT_IP")) $ip = getenv("HTTP_CLIENT_IP");
    else if(getenv("HTTP_X_FORWARDED_FOR")) $ip = getenv("HTTP_X_FORWARDED_FOR");
    else if(getenv("REMOTE_ADDR")) $ip = getenv("REMOTE_ADDR");
    else $ip = "UNKNOWN";$_SESSION['ip'] = $ip;

    $itemid = isset($_REQUEST['id']) && is_numeric($_REQUEST['id']) ? $_REQUEST['id'] : 'NULL' ;$lasthittime = time();$a = 998;

    if($a!=1) {
        $sql = "REPLACE INTO ".$modx->getFullTableName('active_users')." (internalKey, username, lasthit, action, id, ip) values(-{$_SESSION['webInternalKey']}, '{$_SESSION['webShortname']}', '{$lasthittime}', '{$a}', {$itemid}, '{$ip}')";
        $modx->db->query($sql);
    }

    // display logout
    $tpl = $tpls[1];
    $url = preserveUrl($modx->documentObject['id']);
    $url = $url.((strpos($url,"?")===false) ? "?":"&amp;")."webloginmode=lo";
    $tpl = str_replace("[+action+]",$url,$tpl);
    $tpl = str_replace("[+logouttext+]",$logoutText,$tpl);
    $output .= $tpl;
}

# Returns Default WebLogin tpl
function getWebLogintpl(){
    ob_start();
    ?>
    <!-- #declare:separator <hr> -->
    <!-- login form section-->
    <form method="post" name="loginfrm" action="[+action+]" style="margin: 0px; padding: 0px;">
    <input type="hidden" value="[+rememberme+]" name="rememberme" />
    <table border="0" cellspacing="0" cellpadding="0">
    <tr>
    <td>
    <table border="0" cellspacing="0" cellpadding="0">
      <tr>
        <td><b>User:</b></td>
        <td><input type="text" name="username" tabindex="1" onkeypress="return webLoginEnter(document.loginfrm.password);" size="8" style="width: 150px;" value="[+username+]" /></td>
      </tr>
      <tr>
        <td><b>Password:</b></td>
        <td><input type="password" name="password" tabindex="2" onkeypress="return webLoginEnter(document.loginfrm.cmdweblogin);" style="width: 150px;" value="" /></td>
      </tr>
      <tr>
        <td><label for="chkbox" style="cursor:pointer">Remember me:&nbsp; </label></td>
        <td>
        <table width="100%"  border="0" cellspacing="0" cellpadding="0">
          <tr>
            <td valign="top"><input type="checkbox" id="chkbox" name="chkbox" tabindex="4" size="1" value="" [+checkbox+] onclick="webLoginCheckRemember()" /></td>
            <td align="right">
            <input type="submit" value="[+logintext+]" name="cmdweblogin" /></td>
          </tr>
        </table>
        </td>
      </tr>
      <tr>
        <td colspan="2"><a href="#" onclick="webLoginShowForm(2);return false;">Forget Password?</a></td>
      </tr>
    </table>
    </td>
    </tr>
    </table>
    </form>
    <hr>
    <!-- log out hyperlink section -->
    <a href='[+action+]'>[+logouttext+]</a>
    <hr>
    <!-- Password reminder form section -->
    <form name="loginreminder" method="post" action="[+action+]" style="margin: 0px; padding: 0px;">
    <input type="hidden" name="txtpwdrem" value="0" />
    <table border="0">
        <tr>
          <td>Enter the email address of your account <br />below to receive your password:</td>
        </tr>
        <tr>
          <td><input type="text" name="txtwebemail" size="24" /></td>
        </tr>
        <tr>
          <td align="right"><input type="submit" value="Submit" name="cmdweblogin" />
          <input type="reset" value="Cancel" name="cmdcancel" onclick="webLoginShowForm(1);" /></td>
        </tr>
      </table>
    </form>
    <?php
    $t = ob_get_contents();
    ob_end_clean();
    return $t;
}
?>