tedkulp / cmsmadesimple-2-0 fork watch download tarball
public
Description: Git mirror of the CMS Made Simple 2.0 rewrite
Homepage: http://cmsmadesimple.org
Clone URL: git://github.com/tedkulp/cmsmadesimple-2-0.git 
A little login refactoring.

Signed-off-by: Ted Kulp <ted@cmsmadesimple.org>


git-svn-id: http://svn.cmsmadesimple.org/svn/cmsmadesimple/trunk@4437 
3d254a34-79dc-0310-9e5f-be208747d8a0
tedkulp (author)
Mon Apr 14 21:47:33 -0700 2008
commit  2e86d6ea027f078e5716872246c98381d2c90762
tree    cac7e437a6dfdfafe2cff90b8a22855007e09f42
parent  d9a0695f9532a4880b26b69db3b575ec11c55200
0
admin/login.php 
...
22
23
24
25
26
27
28
29
30
31
...
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
 
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
 
 
166
167
168
 
...
22
23
24
 
 
 
 
25
26
27
...
36
37
38
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
39
40
 
 
41
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
42
43
44
45
46
 
0
@@ -22,10 +22,6 @@ $CMS_ADMIN_PAGE=1;
0
 
0
 require_once('../include.php');
0
 
0
-$error = '';
0
-
0
-//var_dump($_REQUEST);
0
-
0
 if (isset($_SESSION['logout_user_now']))
0
 {
0
   unset($_SESSION['login_user_username']);
0
@@ -40,129 +36,11 @@ if (isset($_POST['logincancel']))
0
   //redirect(CmsConfig::get('root_url') . '/index.php', true);
0
 }
0
 
0
-$openid_enabled = CmsOpenid::is_enabled();
0
-
0
-if ($openid_enabled)
0
-{
0
-	if ((isset($_REQUEST['openid_mode']) && $_REQUEST['openid_mode'] == 'id_res') || (isset($_REQUEST['openid.mode']) && $_REQUEST['openid.mode'] == 'id_res'))
0
-	{
0
-		#See if the openid matches
0
-		if (CmsOpenid::check_authentication($_REQUEST))
0
-		{
0
-			#Now see if the checksum actually is for a user
0
-			$user = cms_orm()->user->find_by_checksum($_REQUEST['checksum']);
0
-			if ($user)
0
-			{
0
-				#Put in a new checksum so the return url from provider can't be reused
0
-				$checksum = CmsOpenid::generate_checksum();
0
-				$user->checksum = $checksum;
0
-				$user->save();
0
-
0
-				if (CmsLogin::login_by_id($user->id))
0
-				{
0
-					if (isset($_SESSION['redirect_url']))
0
-					{
0
-						$tmp = $_SESSION['redirect_url'];
0
-						unset($_SESSION['redirect_url']);
0
-						CmsResponse::redirect($tmp);
0
-					}
0
-					else
0
-					{
0
-						redirect(CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/index.php', true);
0
-					}
0
-				}
0
-				else
0
-				{
0
-					$error .= lang('authenticationfailed 3');
0
-				}
0
-			}
0
-			else
0
-			{
0
-				$error .= lang('authenticationfailed 2');
0
-			}
0
-		}
0
-		else
0
-		{
0
-			$error .= lang('authenticationfailed 1');
0
-		}
0
-	}
0
-}
0
-
0
+$redirect_url = CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/index.php';
0
 $username = '';
0
-if (isset($_POST['username'])) $username = CmsRequest::clean_value($_POST['username']);
0
-
0
 $openid = '';
0
-if (isset($_POST['openid'])) $openid = CmsRequest::clean_value($_POST['openid']);
0
-
0
-if (isset($_POST['username']) && isset($_POST['password'])) {
0
-
0
-	$password = '';
0
-	if (isset($_POST['password'])) $password = $_POST['password'];
0
-
0
-	if ($openid != '' && isset($_POST['loginsubmit']) && $openid_enabled)
0
-	{
0
-		#Cleanup the open id and find a user so we can set the checksum
0
-		#before the redirect
0
-		$clean_openid = CmsOpenid::cleanup_openid($openid);
0
-		$user = cms_orm()->user->find_by_openid($clean_openid);
0
-		
0
-		if ($user)
0
-		{
0
-			$obj = new CmsOpenid();
0
-			if ($obj->find_server(CmsOpenid::create_url($openid)))
0
-			{
0
-				#Make up a checksum and save it to the user
0
-				$checksum = CmsOpenid::generate_checksum();
0
-				$user->checksum = $checksum;
0
-				$user->save();
0
-
0
-				#All should be good.  Time to redirect out to the provider.
0
-				$obj->do_authentication(CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/login.php', $checksum);
0
-			}
0
-		}
0
-		else
0
-		{
0
-			$error .= lang('usernameincorrect');
0
-		}
0
-	}
0
-	else if ($username != '' && $password != '' && isset($_POST['loginsubmit']))
0
-	{
0
-		if (CmsLogin::login($username, $password))
0
-		{
0
-			// redirect to upgrade if db_schema it's old
0
-			$current_version = $CMS_SCHEMA_VERSION;
0
-	
0
-			$query = 'SELECT version from '.cms_db_prefix().'version';
0
-			$row = cms_db()->GetRow($query);
0
-			if ($row) $current_version = $row['version'];
0
-
0
-			if ($current_version < $CMS_SCHEMA_VERSION)
0
-			{
0
-				CmsResponse::redirect(CmsConfig::get('root_url') . '/install/upgrade.php');
0
-			}
0
-			// end of version check
0
-
0
-			if (isset($_SESSION['redirect_url']))
0
-			{
0
-				$tmp = $_SESSION['redirect_url'];
0
-				unset($_SESSION['redirect_url']);
0
-				CmsResponse::redirect($tmp);
0
-			}
0
-			else
0
-			{
0
-				redirect(CmsConfig::get('root_url') . '/' . CmsConfig::get('admin_dir') . '/index.php', true);
0
-			}
0
-		}
0
-		else
0
-		{
0
-			$error .= lang('usernameincorrect');
0
-		}
0
-	}
0
-	else
0
-	{
0
-		$error .= lang('usernameincorrect');
0
-	}
0
-}
0
+$error = '';
0
+CmsLogin::handle_login_request($redirect_url, $username, $openid, $error, true);
0
 
0
 CmsAdminTheme::start(true);
0
 
0
lib/classes/class.cms_login.php 
...
114
115
116
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
117
118
119
 
...
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
 
0
@@ -114,6 +114,133 @@ class CmsLogin extends CmsObject
0
     }
0
   }
0
   
0
+	static public function handle_login_request($redirect_url, &$username, &$openid, &$error, $check_for_upgrade = false)
0
+	{
0
+		$openid_enabled = CmsOpenid::is_enabled();
0
+
0
+		if ($openid_enabled)
0
+		{
0
+			if ((isset($_REQUEST['openid_mode']) && $_REQUEST['openid_mode'] == 'id_res') || (isset($_REQUEST['openid.mode']) && $_REQUEST['openid.mode'] == 'id_res'))
0
+			{
0
+				#See if the openid matches
0
+				if (CmsOpenid::check_authentication($_REQUEST))
0
+				{
0
+					#Now see if the checksum actually is for a user
0
+					$user = cms_orm('CmsUser')->find_by_checksum($_REQUEST['checksum']);
0
+					if ($user)
0
+					{
0
+						#Put in a new checksum so the return url from provider can't be reused
0
+						$checksum = CmsOpenid::generate_checksum();
0
+						$user->checksum = $checksum;
0
+						$user->save();
0
+
0
+						if (CmsLogin::login_by_id($user->id))
0
+						{
0
+							if (isset($_SESSION['redirect_url']))
0
+							{
0
+								$tmp = $_SESSION['redirect_url'];
0
+								unset($_SESSION['redirect_url']);
0
+								CmsResponse::redirect($tmp);
0
+							}
0
+							else
0
+							{
0
+								CmsResponse::redirect($redirect_url, true);
0
+							}
0
+						}
0
+						else
0
+						{
0
+							$error .= lang('authenticationfailed 3');
0
+						}
0
+					}
0
+					else
0
+					{
0
+						$error .= lang('authenticationfailed 2');
0
+					}
0
+				}
0
+				else
0
+				{
0
+					$error .= lang('authenticationfailed 1');
0
+				}
0
+			}
0
+		}
0
+
0
+		if (isset($_POST['username'])) $username = CmsRequest::clean_value($_POST['username']);
0
+		if (isset($_POST['openid'])) $openid = CmsRequest::clean_value($_POST['openid']);
0
+
0
+		if (isset($_POST['username']) && isset($_POST['password']))
0
+		{
0
+			$password = '';
0
+			if (isset($_POST['password'])) $password = $_POST['password'];
0
+
0
+			if ($openid != '' && isset($_POST['loginsubmit']) && $openid_enabled)
0
+			{
0
+				#Cleanup the open id and find a user so we can set the checksum
0
+				#before the redirect
0
+				$clean_openid = CmsOpenid::cleanup_openid($openid);
0
+				$user = cms_orm('CmsUser')->find_by_openid($clean_openid);
0
+
0
+				if ($user)
0
+				{
0
+					$obj = new CmsOpenid();
0
+					if ($obj->find_server(CmsOpenid::create_url($openid)))
0
+					{
0
+						#Make up a checksum and save it to the user
0
+						$checksum = CmsOpenid::generate_checksum();
0
+						$user->checksum = $checksum;
0
+						$user->save();
0
+
0
+						#All should be good.  Time to redirect out to the provider.
0
+						$obj->do_authentication(CmsRequest::get_requested_uri(), $checksum);
0
+					}
0
+				}
0
+				else
0
+				{
0
+					$error .= lang('usernameincorrect');
0
+				}
0
+			}
0
+			else if ($username != '' && $password != '' && isset($_POST['loginsubmit']))
0
+			{
0
+				if (CmsLogin::login($username, $password))
0
+				{
0
+					if ($check_for_upgrade)
0
+					{
0
+						// redirect to upgrade if db_schema it's old
0
+						$current_version = $CMS_SCHEMA_VERSION;
0
+
0
+						$query = 'SELECT version from '.cms_db_prefix().'version';
0
+						$row = cms_db()->GetRow($query);
0
+						if ($row) $current_version = $row['version'];
0
+
0
+						if ($current_version < $CMS_SCHEMA_VERSION)
0
+						{
0
+							CmsResponse::redirect(CmsConfig::get('root_url') . '/install/upgrade.php');
0
+						}
0
+						// end of version check
0
+					}
0
+
0
+					if (isset($_SESSION['redirect_url']))
0
+					{
0
+						$tmp = $_SESSION['redirect_url'];
0
+						unset($_SESSION['redirect_url']);
0
+						CmsResponse::redirect($tmp);
0
+					}
0
+					else
0
+					{
0
+						CmsResponse::redirect($redirect_url, true);
0
+					}
0
+				}
0
+				else
0
+				{
0
+					$error .= lang('usernameincorrect');
0
+				}
0
+			}
0
+			else
0
+			{
0
+				$error .= lang('usernameincorrect');
0
+			}
0
+		}
0
+	}
0
+	
0
   /**
0
    * Given the username and password, will login the user, generate the proper session 
0
    * and cookie credentials.  It will return true if the login was successful, or false if
0
lib/classes/class.cms_openid.php 
...
177
178
179
180
181
 
182
183
184
 
...
177
178
179
 
 
180
181
182
183
 
0
@@ -177,8 +177,7 @@ class CmsOpenid extends CmsObject
0
     $return_url = urlencode($return_url);
0
     $trust_root = urlencode(CmsConfig::get('root_url'));
0
     $cleaned_delegate = urlencode($this->delegate);
0
-		
0
-		CmsResponse::redirect("{$this->server}?openid.mode={$this->mode}&openid.identity={$cleaned_delegate}&openid.return_to={$return_url}&openid.trust_root={$trust_root}");
0
+		CmsResponse::redirect("{$this->server}?openid.mode={$this->mode}&openid.identity={$cleaned_delegate}&" . "openid.return_to={$return_url}&openid.trust_root={$trust_root}");
0
   }
0
   
0
   /**

Comments

    No one has commented yet.