PageRenderTime 50ms CodeModel.GetById 20ms RepoModel.GetById 0ms app.codeStats 0ms

/login.php

https://bitbucket.org/navigatecms/navigatecms
PHP | 367 lines | 300 code | 58 blank | 9 comment | 30 complexity | dc4a30fe040e40b89760247321955bc4 MD5 | raw file
Possible License(s): GPL-2.0, MIT, LGPL-2.1, BSD-3-Clause, AGPL-3.0, Apache-2.0 
    

  1. <?php

    2. 

  2. require_once('cfg/globals.php');

    3. 

  3. require_once('cfg/common.php');

    4. 

  4. 

    5. 

  5. $navigate_url = !empty($_ENV['SCRIPT_URI'])? dirname($_ENV['SCRIPT_URI']) : dirname(nvweb_self_url());

    6. 

  6. if(substr($navigate_url, -1)=='/')  $navigate_url = substr($navigate_url, 0, -1);

    7. 

  7. define('NAVIGATE_URL', $navigate_url);

    8. 

  8. 

    9. 

  9. // create database connection

    10. 

  10. $DB = new database();

    11. 

  11. if(!$DB->connect())

    12. 

  12. {

    13. 

  13. 	die(APP_NAME.' # ERROR<br /> '.$DB->get_last_error());	

    14. 

  14. }

    15. 

  15. 

    16. 

  16. if(!empty($_SESSION['APP_USER#'.APP_UNIQUE]))

    17. 

  17. {

    18. 

  18. 	session_write_close();

    19. 

  19. 	header('location: '.NAVIGATE_MAIN);

    20. 

  20. 	exit;

    21. 

  21. }

    22. 

  22. 

    23. 

  23. $user = new user();

    24. 

  24. $website = new website(); // only needed for the users log

    25. 

  25. 

    26. 

  26. if(!empty($_COOKIE['navigate-user']))

    27. 

  27. {

    28. 

  28.     $nuid = $DB->query_single('id', 'nv_users', 'cookie_hash = '.protect($_COOKIE['navigate-user']));

    29. 

  29. 

    30. 

  30.     if(!empty($nuid))

    31. 

  31.     {

    32. 

  32.         $user->load($nuid);

    33. 

  33.         $_SESSION['APP_USER#'.APP_UNIQUE] = $nuid;

    34. 

  34. 	    session_write_close();

    35. 

  35. 	    header('location: '.NAVIGATE_MAIN);

    36. 

  36. 	    exit;

    37. 

  37.     }

    38. 

  38. }

    39. 

  39. 

    40. 

  40. if(!empty($_POST['login-username']) && !empty($_POST['login-password']))

    41. 

  41. {

    42. 

  42. 	$error = !$user->authenticate($_POST['login-username'], $_POST['login-password']);

    43. 

  43. 

    44. 

  44. 	if(empty($error) && $user->blocked == '1')

    45. 

  45. 		$error = true;

    46. 

  46. 

    47. 

  47. 	if(!$error)

    48. 

  48. 	{

    49. 

  49. 		$_SESSION['APP_USER#'.APP_UNIQUE] = $user->id;

    50. 

  50. 

    51. 

  51.         if($_REQUEST['login-remember']=='1')

    52. 

  52.             $user->set_cookie();

    53. 

  53.         else

    54. 

  54.             $user->remove_cookie();

    55. 

  55. 

    56. 

  56. 		$login_request_uri = $_SESSION["login_request_uri"];

    57. 

  57. 

    58. 

  58.         $website->load(); // load first website available (needed in the users log)

    59. 

  59. 		users_log::action(0, $user->id, 'login', $user->username);

    60. 

  60. 

    61. 

  61. 		$_SESSION["login_request_uri"] = '';

    62. 

  62. 

    63. 

  63.         setcookie('navigate-session-id', session_id(), time() + 60, '/'); // 60 seconds

    64. 

  64. 

    65. 

  65. 		session_write_close();

    66. 

  66. 

    67. 

  67. 		header('location: '.NAVIGATE_MAIN.'?'.$login_request_uri);

    68. 

  68. 		exit;		

    69. 

  69. 	}

    70. 

  70. }

    71. 

  71. 

    72. 

  72. /* CHECK USER BROWSER LANGUAGE PREFERENCES */

    73. 

  73. $language_default = 'en';

    74. 

  74. 

    75. 

  75. $DB->query('SELECT code 

    76. 

  76. 			FROM nv_languages

    77. 

  77. 			WHERE nv_dictionary != ""', 'array');

    78. 

  78. 			

    79. 

  79. $languages_available = $DB->result('code');

    80. 

  80. 

    81. 

  81. $langs = array();

    82. 

  82. 

    83. 

  83. if(!empty($_COOKIE['navigate-language']))

    84. 

  84. {

    85. 

  85. 	$language_default = $_COOKIE['navigate-language'];

    86. 

  86. }

    87. 

  87. else if(isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) 

    88. 

  88. {

    89. 

  89.     preg_match_all('/([a-z]{1,8}(-[a-z]{1,8})?)\s*(;\s*q\s*=\s*(1|0\.[0-9]+))?/i', $_SERVER['HTTP_ACCEPT_LANGUAGE'], $lang_parse);

    90. 

  90. 

    91. 

  91.     if (count($lang_parse[1])) 

    92. 

  92. 	{

    93. 

  93.         $langs = array_combine($lang_parse[1], $lang_parse[4]);

    94. 

  94.         foreach ($langs as $lang => $val) 

    95. 

  95. 		{

    96. 

  96.             if ($val === '') $langs[$lang] = 1;

    97. 

  97.         }

    98. 

  98.         arsort($langs, SORT_NUMERIC);

    99. 

  99.     }

    100. 

  100. 

    101. 

  101. 	$found = false;

    102. 

  102. 	

    103. 

  103. 	foreach($langs as $language_browser => $val) 

    104. 

  104. 	{	

    105. 

  105. 		foreach($languages_available as $foo => $language_available)

    106. 

  106. 		{

    107. 

  107. 			if($language_available == $language_browser)

    108. 

  108. 			{

    109. 

  109. 				$language_default = $language_browser;	

    110. 

  110. 				$found = true;

    111. 

  111. 				break;

    112. 

  112. 			}

    113. 

  113. 		}

    114. 

  114. 		if($found) break;

    115. 

  115. 	}

    116. 

  116. }

    117. 

  117. 

    118. 

  118. /* LOAD LANGUAGE */

    119. 

  119. 

    120. 

  120. $lang = new language();

    121. 

  121. $lang->load($language_default);

    122. 

  122. 

    123. 

  123. // is a recover password request?

    124. 

  124. if($_REQUEST['action']=='forgot-password')

    125. 

  125. {

    126. 

  126.     $value = mb_strtolower(trim($_REQUEST['value']));

    127. 

  127.     // look for an existing username or e-mail in Navigate CMS users table

    128. 

  128.     $found_id = $DB->query_single(

    129. 

  129.         'id',

    130. 

  130.         'nv_users',

    131. 

  131.         ' username = '.protect($value).' OR

    132. 

  132.                  email = '.protect($value)

    133. 

  133.     );

    134. 

  134. 

    135. 

  135.     if(!$found_id)

    136. 

  136.         echo 'not_found';

    137. 

  137.     else

    138. 

  138.     {

    139. 

  139.         $user->load($found_id);

    140. 

  140.         $sent = $user->forgot_password();

    141. 

  141. 

    142. 

  142.         if(!$sent)

    143. 

  143.             echo 'not_sent';

    144. 

  144.         else

    145. 

  145.             echo 'sent';

    146. 

  146.     }

    147. 

  147. 

    148. 

  148.     core_terminate();

    149. 

  149. }

    150. 

  150. 

    151. 

  151. $layout = new layout('navigate');

    152. 

  152. 

    153. 

  153. echo $layout->doctype();

    154. 

  154. echo $layout->head();

    155. 

  155. $current_version = update::latest_installed();

    156. 

  156. 

    157. 

  157. ?>

    158. 

  158. <body>

    159. 

  159. 

    160. 

  160. <div class="navigate-top"></div>

    161. 

  161. 

    162. 

  162. <div id="navigate-status" class="ui-corner-all">

    163. 

  163. 	<div>

    164. 

  164.         <div style="float: left;">

    165. 

  165. 

    166. 

  166.         </div>

    167. 

  167.         <div style="float: right;">

    168. 

  168.             <?php echo APP_NAME;?> v<?php echo $current_version->version;?>, &copy; <?php echo date('Y');?>

    169. 

  169.         </div>    

    170. 

  170.         <div style=" clear: both; "></div>

    171. 

  171.      </div>

    172. 

  172. </div>

    173. 

  173. 

    174. 

  174. <div id="navigate-login" class="ui-corner-all" style=" border: solid 1px #ddd; top: 50%; margin-top: -150px; position: absolute; margin-left: -325px; left: 50%; padding: 4px; width: 700px; height: 350px; ">

    175. 

  175.     <form

    176. 

  176.     	name="navigate-content-form"

    177. 

  177.         action="<?php echo $_SERVER['PHP_SELF'];?>"

    178. 

  178.     	method="post" 

    179. 

  179.         enctype="multipart/form-data"

    180. 

  180.         style=" margin-left: auto; margin-right: auto; margin-top: 50px; height: 350px; ">

    181. 

  181. 

    182. 

  182.         <div style=" float: left; margin-right: 55px; margin-left: 20px; ">

    183. 

  183.             <img src="img/navigate-logo-430x200.png" width="300" height="140"  />

    184. 

  184.             <a href="http://www.navigatecms.com" style=" display: block; text-decoration: none; color: #2E476E; text-align:  center; " target="_blank">www.navigatecms.com</a>

    185. 

  185.         </div>

    186. 

  186.         <div style=" float: left; width: 288px; ">

    187. 

  187.             <div class="navigate-form-row">

    188. 

  188.                 <label style=" padding-top: 6px; margin-bottom: 6px; font-size: 15px; "><?php echo t(1, 'User');?></label>

    189. 

  189.                 <br />

    190. 

  190.                 <input type="text" value="" size="32" name="login-username" id="login-username" style=" width: 278px; font-size: 20px; " />

    191. 

  191.             </div>

    192. 

  192.             <div class="navigate-form-row">

    193. 

  193.                 <label style=" padding-top: 6px; margin-bottom: 6px; font-size: 15px; "><?php echo t(2, 'Password');?></label>

    194. 

  194.                 <br />

    195. 

  195.                 <input type="password" value="" size="32" name="login-password" id="login-password"  style=" width: 278px; font-size: 20px; " />

    196. 

  196.             </div>

    197. 

  197. 

    198. 

  198.             <div class="navigate-form-row">

    199. 

  199.                 <input type="checkbox" name="login-remember" id="login-remember" value="1" />

    200. 

  200.                 <label onclick="$('#login-remember').trigger('click');" style=" margin-left: 3px; margin-top: 2px; position: absolute; "><?php echo t(406, 'Remember me');?></label>

    201. 

  201.             </div>

    202. 

  202. 

    203. 

  203.             <div class="navigate-form-row" id="login-button" style=" margin-top: 48px; font-size: 15px; ">

    204. 

  204.                 <button style=" background: none; border: none; color: transparent; display: block; float: left; "><?php echo t(3, 'Enter');?></button>

    205. 

  205.                 <a href="#" style=" color: #2E476E; font-size: 10px; line-height: 30px; float: right; text-decoration: none;"><?php echo t(407, 'Forgot password?');?></a>

    206. 

  206.             </div>

    207. 

  207.         </div>

    208. 

  208. 

    209. 

  209.         <?php

    210. 

  210.             if(isset($error))

    211. 

  211.             {

    212. 

  212.                 ?>

    213. 

  213.                 <div class="navigate-form-row" style=" padding-top: 20px; text-align: center; display: none; ">

    214. 

  214.                     <span class="error"><img src="img/icons/silk/decline.png" width="16" height="16" align="absmiddle" /> <?php echo t(4, 'Login incorrect.');?></span>

    215. 

  215.                 </div>

    216. 

  216.                 <?php

    217. 

  217.             }

    218. 

  218.         ?>

    219. 

  219. 

    220. 

  220.     </form>

    221. 

  221. </div>

    222. 

  222. 

    223. 

  223. <div id="navigate-lost-password-dialog" style=" display: none; ">

    224. 

  224.     <form action="?" method="post">

    225. 

  225.         <div class="navigate-form-row">

    226. 

  226.             <label style=" padding-top: 6px; margin-bottom: 6px; font-size: 11px; width: auto; ">

    227. 

  227.                 <?php echo t(449, "Enter your Navigate CMS username or e-mail address");?>

    228. 

  228.             </label>

    229. 

  229.             <br />

    230. 

  230.             <input type="text" value="" size="32" name="forgot-password" id="forgot-password"  style=" width: 96%; font-size: 17px; " />

    231. 

  231.             <br />

    232. 

  232.             <div id="forgot-password-problem" class="subcomment" style=" margin-left: 0px; color: #f33; ">&nbsp;</div>

    233. 

  233.         </div>

    234. 

  234.         <div class="navigate-form-row" style=" margin-top: 20px; ">

    235. 

  235.             <button style=" background: none; border: none; color: transparent; display: block; float: left; font-size: 12px; ">

    236. 

  236.                 <?php echo t(190, 'Ok');?>

    237. 

  237.             </button>

    238. 

  238.         </div>

    239. 

  239.     </div>

    240. 

  240. </div>

    241. 

  241. 

    242. 

  242. </body>

    243. 

  243. 

    244. 

  244. <script language="javascript" type="text/javascript">

    245. 

  245. 

    246. 

  246. var NAVIGATE_APP = "<?php echo NAVIGATE_URL.'/'.NAVIGATE_MAIN;?>";

    247. 

  247. 

    248. 

  248. $(window).on('load,resize', function()

    249. 

  249. {

    250. 

  250.     $('#navigate-status').css({ 'width': $(document).width() - 18 });

    251. 

  251. });

    252. 

  252. 

    253. 

  253. $(document).ready(function()

    254. 

  254. {

    255. 

  255.     $('button').removeAttr('style').css({'font-size': '14px', 'padding-bottom': '4px'}).hide().fadeIn('slow', function()

    256. 

  256.     {

    257. 

  257.         $('.error').parent().fadeIn('slow');

    258. 

  258.     });

    259. 

  259. 

    260. 

  260.     $('input[name="login-username"]').focus();

    261. 

  261. 

    262. 

  262.     $('#navigate-lost-password-dialog form').on('submit', function(e)

    263. 

  263.     {

    264. 

  264.         $('#forgot-password-problem').html('&nbsp;');

    265. 

  265.         e.stopPropagation();

    266. 

  266.         e.preventDefault();

    267. 

  267. 

    268. 

  268.         $.post(

    269. 

  269.             'login.php',

    270. 

  270.             {

    271. 

  271.                 'action': 'forgot-password',

    272. 

  272.                 'value': $('#forgot-password').val()

    273. 

  273.             },

    274. 

  274.             function(data)

    275. 

  275.             {

    276. 

  276.                 if(data=='sent')

    277. 

  277.                 {

    278. 

  278.                     //$('#navigate-lost-password-dialog').dialog('close');

    279. 

  279.                     $('#navigate-lost-password-dialog').html('');

    280. 

  280.                     $('#navigate-lost-password-dialog').append('<div style="text-align: center; margin: 16px; "><i class="fa fa-5x fa-envelope" style="color: #BBD6F5"></i><i style="position: absolute; margin-top: 28px; margin-left: -12px; color: #2E476E;" class="fa fa-2x fa-check"></i></div>');

    281. 

  281.                     $('#navigate-lost-password-dialog').append('<div style="text-align: center; font-weight: bold; padding: 10px; "><?php echo t(454, 'An e-mail with a confirmation link has been sent to your e-mail account.', false, true); ?></div>');

    282. 

  282.                 }

    283. 

  283.                 else if(data=='not_found')

    284. 

  284.                 {

    285. 

  285.                     $('#forgot-password-problem').html("<?php echo t(453, "Couldn't find this username or e-mail address", false, true);?>");

    286. 

  286.                 }

    287. 

  287.                 else// if(data=='not_sent')

    288. 

  288.                 {

    289. 

  289.                     $('#forgot-password-problem').html("<?php echo t(452, "E-mail could not be sent; please contact the administrator", false, true);?>");

    290. 

  290.                 }

    291. 

  291.             }

    292. 

  292.         );

    293. 

  293.     });

    294. 

  294. 

    295. 

  295.     // forgot password button

    296. 

  296.     $('#login-button a').on('click', function()

    297. 

  297.     {

    298. 

  298.         $('#navigate-lost-password-dialog').dialog({

    299. 

  299.             title: "<?php echo t(407, 'Forgot password?', false, true);?>",

    300. 

  300.             modal: true,

    301. 

  301.             width: 350,

    302. 

  302.             height: 220

    303. 

  303.         });

    304. 

  304.     });

    305. 

  305. 

    306. 

  306.     $.setCookie("navigate-tinymce-scroll", '{}');

    307. 

  307. });

    308. 

  308.     

    309. 

  309. </script>

    310. 

  310. 

    311. 

  311. <?php

    312. 

  312.     // are we on a password change process?

    313. 

  313.     if($_REQUEST['action']=='password-reset')

    314. 

  314.     {

    315. 

  315.         $value = trim($_REQUEST['value']);

    316. 

  316. 

    317. 

  317.         // look for an existing username or e-mail in Navigate CMS users table

    318. 

  318.         $found_id = $DB->query_single(

    319. 

  319.             'id',

    320. 

  320.             'nv_users',

    321. 

  321.             'activation_key = '.protect($value)

    322. 

  322.         );

    323. 

  323. 

    324. 

  324.         if(!empty($found_id))

    325. 

  325.         {

    326. 

  326.             $user->load($found_id);

    327. 

  327. 

    328. 

  328.             if(!empty($_REQUEST['login-password']))

    329. 

  329.             {

    330. 

  330.                 $user->activation_key = '';

    331. 

  331.                 $user->set_password(trim($_REQUEST['login-password']));

    332. 

  332.                 $user->save();

    333. 

  333.                 ?>

    334. 

  334.                 <script language="javascript">

    335. 

  335.                     $(document).ready(function()

    336. 

  336.                     {

    337. 

  337.                         $('form:first').append('<div class="navigate-form-row" style=" padding-top: 20px; text-align: center; display: none; "></div>');

    338. 

  338.                         $('form:first').find('div:last').html('<span class="ok" style="color: #579A4D; font-weight: bold; "><img src="img/icons/silk/accept.png" width="16" height="16" align="absmiddle" /> <?php echo t(455, 'Your new password has been activated.');?></span>');

    339. 

  339.                         $('form:first').find('div:last').fadeIn('slow');

    340. 

  340.                     });

    341. 

  341.                 </script>

    342. 

  342.                 <?php

    343. 

  343.             }

    344. 

  344.             else

    345. 

  345.             {

    346. 

  346.                 ?>

    347. 

  347.                 <script language="javascript">

    348. 

  348.                     $(document).ready(function()

    349. 

  349.                     {

    350. 

  350.                         $('#login-username').parent().remove();

    351. 

  351.                         $('#login-button a').remove();

    352. 

  352.                         $('#login-remember').parent().remove();

    353. 

  353.                         $('#login-button').remove();

    354. 

  354.                         $('#navigate-lost-password-dialog').remove();

    355. 

  355.                         $('form').attr('action', $('form').attr('action') + '?action=password-reset&value=<?php echo $value;?>');

    356. 

  356.                         $('form').append('<button id="login-button" style="margin-top: 20px; font-size: 14px; "><?php echo t(34, "Save");?></button>');

    357. 

  357.                     });

    358. 

  358.                 </script>

    359. 

  359.                 <?php

    360. 

  360.             }

    361. 

  361.         }

    362. 

  362.     }

    363. 

  363. ?>

    364. 

  364. </html>

    365. 

  365. <?php

    366. 

  366. 	$DB->disconnect();

    367. 

  367. ?>
    368.