Skip to content
This repository
Newer
Older
100644 259 lines (224 sloc) 9.267 kb
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
1 <?php
2 /**
3 *
4 * @package Icy Phoenix
5 * @version $Id$
6 * @copyright (c) 2008 Icy Phoenix
7 * @license http://opensource.org/licenses/gpl-license.php GNU Public License
8 *
9 */
10
11 define('IN_LOGIN', true);
b7a59d90 »
2010-05-17 New poll system and minor bug fixes.
12 define('IN_ICYPHOENIX', true);
06ce0f8d »
2008-09-14 Brand new version...
13 if (!defined('IP_ROOT_PATH')) define('IP_ROOT_PATH', './');
14 if (!defined('PHP_EXT')) define('PHP_EXT', substr(strrchr(__FILE__, '.'), 1));
15 include(IP_ROOT_PATH . 'common.' . PHP_EXT);
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
16 include(IP_ROOT_PATH . 'includes/auth_db.' . PHP_EXT);
17
18 if (!class_exists('ct_database'))
19 {
20 include(IP_ROOT_PATH . 'includes/ctracker/classes/class_ct_database.' . PHP_EXT);
21 $ctracker_config = new ct_database();
22 }
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
23
24 // Start session management
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
25 $user->session_begin();
d164727c »
2011-09-23 First implementation of the new permissions system in CMS.
26 $auth->acl($user->data);
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
27 $user->setup();
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
28 // End session management
29
e3f2a29d »
2011-05-15 Another milestone added... AJAX CMS should now work fine, still some …
30 // If a bot gets redirected here is almost due to an error or a wrong page management... let's output an Error 404 code
31 if (!empty($user->data['is_bot']))
32 {
33 redirect(append_sid(CMS_PAGE_ERRORS . '?code=404', true));
34 }
35
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
36 // session id check
9dea0d46 »
2008-10-30 New Icy Phoenix structure.
37 $sid = request_var('sid', '');
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
38
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
39 $redirect = request_var('redirect', '', true);
6a9e3e37 »
2011-10-12 Some fixes for Icy Phoenix 2.0 Beta 1
40 $redirect_url = (!empty($redirect) ? urldecode(str_replace(array('&amp;', '?', PHP_EXT . '&'), array('&', '&', PHP_EXT . '?'), $redirect)) : CMS_LOGIN_REDIRECT_PAGE);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
41
42 if (strstr($redirect_url, "\n") || strstr($redirect_url, "\r") || strstr($redirect_url, ';url'))
43 {
44 message_die(GENERAL_ERROR, 'Tried to redirect to potentially insecure url.');
45 }
46
47 if(isset($_POST['login']) || isset($_GET['login']) || isset($_POST['logout']) || isset($_GET['logout']))
48 {
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
49 if((isset($_POST['login']) || isset($_GET['login'])) && (!$user->data['session_logged_in'] || isset($_POST['admin'])))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
50 {
51 $username = isset($_POST['username']) ? phpbb_clean_username($_POST['username']) : '';
52 $password = isset($_POST['password']) ? $_POST['password'] : '';
53
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
54 $login_result = login_db($username, $password, false, true);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
55
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
56 if ($login_result['status'] === LOGIN_ERROR_ATTEMPTS)
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
57 {
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
58 message_die(GENERAL_MESSAGE, sprintf($lang['LOGIN_ATTEMPTS_EXCEEDED'], $config['max_login_attempts'], $config['login_reset_time']));
59 }
60
61 if ($login_result['status'] === LOGIN_SUCCESS)
62 {
2d7e806b »
2010-09-12 Some bugs fixes:
63 if(($login_result['user_row']['user_level'] != ADMIN) && !empty($config['board_disable']))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
64 {
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
65 redirect(append_sid(CMS_PAGE_FORUM, true));
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
66 }
67 else
68 {
69 // CrackerTracker v5.x
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
70 if ($config['ctracker_login_history'] == 1)
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
71 {
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
72 $ctracker_config->update_login_history($login_result['user_row']['user_id']);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
73 }
74
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
75 if ($config['ctracker_login_ip_check'] == 1)
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
76 {
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
77 $ctracker_config->set_user_ip($login_result['user_row']['user_id']);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
78 }
79 // CrackerTracker v5.x
80
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
81 $set_admin = (isset($_POST['admin'])) ? 1 : 0;
82 $persist_login = (isset($_POST['autologin'])) ? 1 : 0;
83 $viewonline = (($_POST['online_status'] == 'hidden') ? 0 : 1);
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
84
85 if (isset($_POST['online_status']) && (($_POST['online_status'] == 'hidden') || ($_POST['online_status'] == 'visible')))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
86 {
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
87 $sql = 'UPDATE ' . USERS_TABLE . ' SET user_allow_viewonline = ' . $viewonline . ' WHERE user_id = ' . $login_result['user_row']['user_id'];
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
88 $db->sql_return_on_error(true);
89 $db->sql_query($sql);
90 $db->sql_return_on_error(false);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
91 }
92
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
93 $user->session_create($login_result['user_row']['user_id'], $set_admin, $persist_login, $viewonline);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
94
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
95 if(!empty($user->session_id))
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
96 {
6a9e3e37 »
2011-10-12 Some fixes for Icy Phoenix 2.0 Beta 1
97 $redirect_url = empty($redirect_url) ? CMS_LOGIN_REDIRECT_PAGE : $redirect_url;
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
98 redirect(append_sid($redirect_url, true));
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
99 }
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
100 else
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
101 {
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
102 message_die(CRITICAL_ERROR, "Couldn't start session: login", "", __LINE__, __FILE__);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
103 }
104 }
105 }
106 else
107 {
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
108 if (($login_result['status'] === LOGIN_ERROR_USERNAME) || ($login_result['status'] === LOGIN_ERROR_PASSWORD) || ($login_result['status'] === LOGIN_ERROR_ACTIVE))
109 {
110 if ($login_result['error_msg'] === 'LOGIN_ERROR_PASSWORD')
111 {
112 // CrackerTracker v5.x
113 if (!class_exists('log_manager'))
114 {
115 include(IP_ROOT_PATH . 'includes/ctracker/classes/class_log_manager.' . PHP_EXT);
116 }
117 $logfile = new log_manager();
118 $logfile->prepare_log($login_result['user_row']['username']);
119 $logfile->write_general_logfile($config['ctracker_logsize_logins'], 4);
120 unset($logfile);
121 // CrackerTracker v5.x
122 }
123 $error_message = ($login_result['error_msg'] === 'NO_PASSWORD_SUPPLIED') ? $lang[$login_result['error_msg']] : sprintf($lang[$login_result['error_msg']], '<a href="' . append_sid(CMS_PAGE_CONTACT_US) . '">', '</a>');
124 message_die(GENERAL_MESSAGE, $error_message);
125 }
126
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
127 meta_refresh(3, (CMS_PAGE_LOGIN . '?redirect=' . htmlspecialchars($redirect_url)));
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
128
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
129 $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . CMS_PAGE_LOGIN . '?redirect=' . htmlspecialchars($redirect_url) . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid(CMS_PAGE_FORUM) . '">', '</a>');
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
130
131 message_die(GENERAL_MESSAGE, $message);
132 }
133 }
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
134 elseif((isset($_GET['logout']) || isset($_POST['logout'])) && $user->data['session_logged_in'])
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
135 {
136 // session id check
d164727c »
2011-09-23 First implementation of the new permissions system in CMS.
137 if (empty($sid) || ($sid != $user->data['session_id']))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
138 {
d164727c »
2011-09-23 First implementation of the new permissions system in CMS.
139 //message_die(GENERAL_ERROR, 'INVALID_SESSION');
140 trigger_error('INVALID_SESSION');
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
141 }
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
142 if($user->data['session_logged_in'])
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
143 {
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
144 $user->session_kill();
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
145 }
146
6a9e3e37 »
2011-10-12 Some fixes for Icy Phoenix 2.0 Beta 1
147 $redirect_url = empty($redirect_url) ? CMS_LOGIN_REDIRECT_PAGE : $redirect_url;
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
148 redirect(append_sid($redirect_url, true));
149 }
150 else
151 {
6a9e3e37 »
2011-10-12 Some fixes for Icy Phoenix 2.0 Beta 1
152 $redirect_url = empty($redirect_url) ? CMS_LOGIN_REDIRECT_PAGE : $redirect_url;
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
153 redirect(append_sid($redirect_url, true));
154 }
155 }
156 else
157 {
158 // Do a full login page dohickey if user not already logged in
06ce0f8d »
2008-09-14 Brand new version...
159 include_once(IP_ROOT_PATH . 'includes/functions_jr_admin.' . PHP_EXT);
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
160 $jr_admin_userdata = jr_admin_get_user_info($user->data['user_id']);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
161
346e7ca2 »
2011-10-02 Other bugs fixed... still some open due to the new sessions and user …
162 // Let's remove $auth->acl_get('a_') until I finish coding permissions properly... and also add/remove 'a_' when users are added/removed from administrators in ACP
163 //$is_admin = (($user->data['user_level'] == ADMIN) || $auth->acl_get('a_')) ? true : false;
164 $is_admin = ($user->data['user_level'] == ADMIN) ? true : false;
95d96a2f »
2011-09-28 Permissions system integrated in CMS, still some things to be checked…
165 $is_cms_auth = $auth->acl_get('cms_') ? true : false;
166 if (empty($is_admin) && empty($is_cms_auth))
167 {
168 $cms_mode_array = array('block_settings', 'blocks', 'layouts', 'layouts_special');
169 $cms_mode = request_var('mode', '');
170 $cms_lid = request_var('l_id', 0);
171 $cms_sid = request_var('ls_id', 0);
172 $cms_bid = request_var('b_id', 0);
173 if (in_array($cms_mode, $cms_mode_array))
174 {
175 $is_cms_auth = (!empty($cms_lid) && !empty($user->data['user_cms_auth']['cmsl_admin'][$cms_lid])) ? true : $is_cms_auth;
176 $is_cms_auth = (!empty($cms_lid) && !empty($user->data['user_cms_auth']['cmss_admin'][$cms_sid])) ? true : $is_cms_auth;
177 $is_cms_auth = (!empty($cms_lid) && !empty($user->data['user_cms_auth']['cmsb_admin'][$cms_bid])) ? true : $is_cms_auth;
178 }
179 }
180
181 if(!$user->data['session_logged_in'] || (isset($_GET['admin']) && $user->data['session_logged_in'] && (!empty($jr_admin_userdata['user_jr_admin']) || $is_admin || $is_cms_auth)))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
182 {
6fc5bc82 »
2009-02-19 Pre Beta 2 Package
183 $skip_nav_cat = true;
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
184
6a9e3e37 »
2011-10-12 Some fixes for Icy Phoenix 2.0 Beta 1
185 if(!empty($redirect_url))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
186 {
187 $forward_to = $_SERVER['QUERY_STRING'];
188
189 if(preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches))
190 {
191 $forward_to = (!empty($forward_matches[3])) ? $forward_matches[3] : $forward_matches[1];
192 $forward_match = explode('&', $forward_to);
193
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
194 if(sizeof($forward_match) > 1)
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
195 {
196 $forward_page = '';
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
197 for($i = 1; $i < sizeof($forward_match); $i++)
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
198 {
199 if(!ereg("sid=", $forward_match[$i]))
200 {
201 if($forward_page != '')
202 {
203 $forward_page .= '&';
204 }
205 $forward_page .= $forward_match[$i];
206 }
207 }
208 $forward_page = $forward_match[0] . '?' . $forward_page;
209 }
210 else
211 {
212 $forward_page = $forward_match[0];
213 }
214 }
215 }
216
09f38bc8 »
2011-03-31 Another milestone almost achieved for new Icy Phoenix version: user/s…
217 $username = ($user->data['user_id'] != ANONYMOUS) ? $user->data['username'] : '';
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
218
9dea0d46 »
2008-10-30 New Icy Phoenix structure.
219 $s_hidden_fields = '<input type="hidden" name="redirect" value="' . htmlspecialchars($forward_page) . '" />';
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
220 $s_hidden_fields .= (isset($_GET['admin'])) ? '<input type="hidden" name="admin" value="1" />' : '';
221
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
222 make_jumpbox(CMS_PAGE_VIEWFORUM);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
223 $template->assign_vars(array(
224 'USERNAME' => $username,
225
226 'L_ENTER_PASSWORD' => (isset($_GET['admin'])) ? $lang['Admin_reauthenticate'] : $lang['Enter_password'],
227 'L_SEND_PASSWORD' => $lang['Forgotten_password'],
228 'L_RESEND_ACTIVATION_EMAIL' => $lang['Resend_activation_email'],
229 'L_STATUS' => $lang['Login_Status'],
230 'L_HIDDEN' => $lang['Login_Hidden'],
231 'L_VISIBLE' => $lang['Login_Visible'],
232 'L_DEFAULT' => $lang['Login_Default'],
233
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
234 'U_SEND_PASSWORD' => append_sid(CMS_PAGE_PROFILE . '?mode=sendpassword'),
235 'U_RESEND_ACTIVATION_EMAIL' => append_sid(CMS_PAGE_PROFILE . '?mode=resend'),
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
236
237 'S_HIDDEN_FIELDS' => $s_hidden_fields
238 )
239 );
240
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
241 if (!isset($_GET['admin']) && ($config['require_activation'] == USER_ACTIVATION_SELF))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
242 {
16b048f8 »
2011-10-05 Few edits before beta release
243 $template->assign_var('S_SWITCH_RESEND_ACTIVATION_EMAIL', true);
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
244 }
245
a4ea299f »
2010-03-20 First commit with UTF-8 modifications, almost all files have been edi…
246 if (!isset($_GET['admin']))
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
247 {
248 $template->assign_block_vars('switch_login_type', array());
249 }
250
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
251 full_page_generation('login_body.tpl', $lang['Login'], '', '');
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
252 }
253 else
254 {
2d81429c »
2009-10-26 New Icy Phoenix version based on some new core functions.php
255 redirect(append_sid(CMS_PAGE_FORUM, true));
d07f25e8 »
2008-08-26 git-svn-id: http://svn.assembla.com/svn/icy_phoenix/ip/trunk@29 e0e46…
256 }
257 }
258
259 ?>
Something went wrong with that request. Please try again.