/WebCalendar-1.2.5/login.php
PHP | 306 lines | 236 code | 36 blank | 34 comment | 80 complexity | 284c8ca70aa7954965f008b298a4ea3e MD5 | raw file
Possible License(s): LGPL-2.1
- <?php
- /* $Id: login.php,v 1.111.2.9 2011/04/27 00:27:35 rjones6061 Exp $ */
- @session_start ();
- foreach ( $_SESSION as $key=>$value ) {
- $dummy[$key]=$value; // copy to a dummy array
- }
- if ( ! empty ( $dummy ) )
- foreach ($dummy as $key=>$value) {
- if ( substr ( $key, 0, 6 ) == 'webcal' )
- unset ( $_SESSION[$key] );
- }
- //php 4.1.0 may have issues with the above code
- unset ( $_SESSION['webcal_login'] );
- unset ( $_SESSION['webcalendar_session'] );
- require_once 'includes/classes/WebCalendar.class';
- $WebCalendar = new WebCalendar ( __FILE__ );
- include 'includes/translate.php';
- include 'includes/config.php';
- include 'includes/dbi4php.php';
- include 'includes/formvars.php';
- include 'includes/functions.php';
- $WebCalendar->initializeFirstPhase ();
- include 'includes/' . $user_inc;
- include_once 'includes/access.php';
- include 'includes/gradient.php';
- $WebCalendar->initializeSecondPhase ();
- load_global_settings ();
- // Change this to true to show "no such user" or "invalid password" on
- // login failures.
- $showLoginFailureReason = true;
- if ( ! empty ( $last_login ) ) {
- $login = '';
- }
- if ( empty ( $webcalendar_login ) ) {
- $webcalendar_login = '';
- }
- if ( $REMEMBER_LAST_LOGIN == 'Y' && empty ( $login ) ) {
- $last_login = $login = $webcalendar_login;
- }
- load_user_preferences ( 'guest' );
- $WebCalendar->setLanguage ();
- $cookie_path = str_replace ( 'login.php', '', $PHP_SELF );
- //echo "Cookie path: $cookie_path\n";
- // Look for action=logout
- $logout = false;
- $action = getGetValue ( 'action' );
- if ( ! empty ( $action ) && $action == 'logout' ) {
- $logout = true;
- $return_path = '';
- SetCookie ( 'webcalendar_login', '', 0, $cookie_path );
- SetCookie ( 'webcalendar_last_view', '', 0, $cookie_path );
- } else if ( empty ( $return_path ) ) {
- // see if a return path was set
- $return_path = get_last_view ( false );
- }
- if ( ! empty ( $return_path ) ) {
- $return_path = clean_whitespace ( $return_path );
- $url = $return_path;
- } else {
- $url = 'index.php';
- }
- // If Application Name is set to Title then get translation
- // If not, use the Admin defined Application Name
- $appStr = generate_application_name ();
- $login = getPostValue ( 'login' );
- $password = getPostValue ( 'password' );
- $remember = getPostValue ( 'remember' );
- // calculate path for cookie
- if ( empty ( $PHP_SELF ) ) {
- $PHP_SELF = $_SERVER['PHP_SELF'];
- }
- if ( $single_user == 'Y' ) {
- // No login for single-user mode
- do_redirect ( 'index.php' );
- } else if ( $use_http_auth ) {
- // There is no login page when using HTTP authorization
- do_redirect ( 'index.php' );
- } else {
- if ( ! empty ( $login ) && ! empty ( $password ) && ! $logout ) {
- if ( get_magic_quotes_gpc () ) {
- $password = stripslashes ( $password );
- $login = stripslashes ( $login );
- }
- $login = trim ( $login );
- if ( $login != addslashes ( $login ) ) {
- die_miserable_death ( 'Illegal characters in login ' .
- '<tt>' . htmlentities ( $login ) . '</tt>' );
- }
- if ( user_valid_login ( $login, $password ) ) {
- user_load_variables ( $login, '' );
- $encoded_login = encode_string ( $login . '|' . crypt($password) );
- // set login to expire in 365 days
- if ( ! empty ( $remember ) && $remember == 'yes' ) {
- SetCookie ( 'webcalendar_session', $encoded_login,
- time () + ( 24 * 3600 * 365 ), $cookie_path );
- } else {
- SetCookie ( 'webcalendar_session', $encoded_login, 0, $cookie_path );
- }
- // The cookie "webcalendar_login" is provided as a convenience to
- // other apps that may wish to find out what the last calendar
- // login was, so they can use week_ssi.php as a server-side include.
- // As such, it's not a security risk to have it un-encoded since it
- // is not used to allow logins within this app. It is used to
- // load user preferences on the login page (before anyone has
- // logged in) if $REMEMBER_LAST_LOGIN is set to "Y" (in admin.php).
- if ( ! empty ( $remember ) && $remember == 'yes' ) {
- SetCookie ( 'webcalendar_login', $login,
- time () + ( 24 * 3600 * 365 ), $cookie_path );
- } else {
- SetCookie ( 'webcalendar_login', $login, 0, $cookie_path );
- }
- if ( ! empty ( $GLOBALS['newUserUrl'] ) ) $url = $GLOBALS['newUserUrl'];
- do_redirect ( $url );
- } else {
- // Invalid login
- if ( empty ( $error ) || ! $showLoginFailureReason ) {
- $error = translate ('Invalid login', true );
- }
- activity_log ( 0, 'system', '', LOG_LOGIN_FAILURE,
- translate ( 'Username' ) . ": " . $login .
- ", IP: " . $_SERVER['REMOTE_ADDR'] );
- }
- } else {
- // No login info... just present empty login page
- //$error = "Start";
- }
- // delete current user
- SetCookie ( 'webcalendar_session', '', 0, $cookie_path );
- // In older versions the cookie path had no trailing slash and NS 4.78
- // thinks "path/" and "path" are different, so the line above does not
- // delete the "old" cookie. This prohibits the login. So we delete the
- // cookie with the trailing slash removed
- if (substr ($cookie_path, -1) == '/') {
- SetCookie ( 'webcalendar_session', '', 0, substr ($cookie_path, 0, -1) );
- }
- }
- echo send_doctype ( $appStr );
- if ( ! $logout ) { ?>
- <script type="text/javascript">
- // error check login/password
- function valid_form ( form ) {
- if ( form.login.value.length == 0 || form.password.value.length == 0 ) {
- alert ( '<?php etranslate ( 'You must enter a login and password.', true)?>' );
- return false;
- }
- return true;
- }
- function myOnLoad () {
- document.login_form.login.focus ();
- <?php
- if ( ! empty ( $login ) ) echo "document.login_form.login.select();";
- if ( ! empty ( $error ) ) {
- echo " alert ( \"$error\" );\n";
- }
- ?>
- }
- </script>
- <?php
- }
- $csscache = ( isset ( $_COOKIE['webcalendar_csscache'] ) ?
- $_COOKIE['webcalendar_csscache'] : 1 );
- echo '<link rel="stylesheet" type="text/css" href="css_cacher.php?login=__public__'
- . $csscache . '" />';
- // Print custom header (since we do not call print_header function)
- if ( ! empty ( $CUSTOM_SCRIPT ) && $CUSTOM_SCRIPT == 'Y' ) {
- echo load_template ( $login, 'S' );
- }
- ?>
- </head>
- <body id="login" <?php if ( ! $logout ) { ?>onload="myOnLoad();"<?php } ?>>
- <?php
- // Print custom header (since we do not call print_header function)
- if ( ! empty ( $CUSTOM_HEADER ) && $CUSTOM_HEADER == 'Y' ) {
- echo load_template ( $login, 'H' );
- }
- ?>
- <h2><?php echo $appStr?></h2>
- <?php
- if ( ! empty ( $error ) ) {
- echo '<span style="color:#FF0000; font-weight:bold;">' .
- translate ( 'Error' ) . ": $error</span><br />\n";
- } else {
- echo "<br />\n";
- }
- if ( $logout ) {
- echo '<p>' . translate ( 'You have been logged out.' ) . ".</p>\n";
- echo "<br /><br />\n";
- echo '<a href="login.php' .
- ( ! empty ( $return_path ) ?
- '?return_path=' . htmlentities ( $return_path ) : '' ) .
- '" class="nav">' . translate ( 'Login' ) .
- "</a><br /><br /><br />\n";
- }
- if ( ! $logout ) {
- ?>
- <form name="login_form" id="login" action="login.php" method="post"
- onsubmit="return valid_form( this )">
- <?php
- if ( ! empty ( $return_path ) ) {
- echo '<input type="hidden" name="return_path" value="' .
- htmlentities ( $return_path ) . '" />' . "\n";
- }
- ?>
- <table align="center" cellspacing="10" cellpadding="10">
- <tr><td rowspan="2">
- <img src="images/login.gif" alt="Login" /></td><td align="right">
- <label for="user"><?php etranslate ( 'Username' )?>:</label></td><td>
- <input name="login" id="user" size="15" maxlength="25"
- value="<?php if ( ! empty ( $last_login ) ) echo $last_login;?>"
- tabindex="1" />
- </td></tr>
- <tr><td class="alignright">
- <label for="password"><?php etranslate ( 'Password' )?>:</label></td><td>
- <input name="password" id="password" type="password" size="15"
- maxlength="30" tabindex="2" />
- </td></tr>
- <tr><td colspan="3" style="font-size: 10px;">
- <input type="checkbox" name="remember" id="remember" tabindex="3"
- value="yes" <?php if ( ! empty ( $remember ) && $remember == 'yes' ) {
- echo 'checked="checked"'; }?> /><label for="remember">
- <?php etranslate ( 'Save login via cookies so I dont have to login next time.' )?></label>
- </td></tr>
- <tr><td colspan="4" class="aligncenter">
- <input type="submit" value="<?php etranslate ( 'Login' )?>" tabindex="4" />
- </td></tr>
- </table>
- </form>
- <?php }
- if ( ! empty ( $PUBLIC_ACCESS ) && $PUBLIC_ACCESS == 'Y' ) { ?>
- <br /><br />
- <a class="nav" href="index.php">
- <?php etranslate ( 'Access public calendar' )?></a><br />
- <?php }
- $nulist = get_nonuser_cals ();
- for ( $i = 0, $cnt = count ( $nulist ); $i < $cnt; $i++ ) {
- if ( $nulist[$i]['cal_is_public'] == 'Y' ) {
- ?><a class="nav" href="nulogin.php?login=<?php
- echo $nulist[$i]['cal_login'] . '">' .
- translate ( 'Access' ) . ' ' . $nulist[$i]['cal_fullname'] . ' ' .
- translate ( 'calendar' );
- ?></a><br /><?php
- }
- }
- if ( $DEMO_MODE == 'Y' ) {
- // This is used on the sourceforge demo page
- echo 'Demo login: user = "demo", password = "demo"<br />';
- } ?>
- <br /><br />
- <?php if ( ! empty ( $ALLOW_SELF_REGISTRATION ) &&
- $ALLOW_SELF_REGISTRATION == 'Y' ) {
- // We can limit what domain is allowed to self register
- // $self_registration_domain should have this format "192.168.220.0:255.255.240.0";
- $valid_ip = validate_domain ();
- if ( ! empty ( $valid_ip ) ) {
- echo '<b><a href="register.php">' . translate ( 'Not yet registered? Register here!' ) .
- '</a></b><br />';
- }
- }
- ?>
- <span class="cookies"><?php etranslate ( 'cookies-note' )?></span><br />
- <hr />
- <br />
- <a href="<?php echo $PROGRAM_URL ?>" id="programname"><?php echo $PROGRAM_NAME?></a>
- <?php // Print custom trailer (since we do not call print_trailer function)
- if ( ! empty ( $CUSTOM_TRAILER ) && $CUSTOM_TRAILER == 'Y' ) {
- echo load_template ( $login, 'T' );
- }
- ?>
- </body>
- </html>