| [ Index ] |
|
Code source de Phorum 5.1.25 |
1 <?php 2 3 //////////////////////////////////////////////////////////////////////////////// 4 // // 5 // Copyright (C) 2006 Phorum Development Team // 6 // http://www.phorum.org // 7 // // 8 // This program is free software. You can redistribute it and/or modify // 9 // it under the terms of either the current Phorum License (viewable at // 10 // phorum.org) or the Phorum License that was distributed with this file // 11 // // 12 // This program is distributed in the hope that it will be useful, // 13 // but WITHOUT ANY WARRANTY, without even the implied warranty of // 14 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. // 15 // // 16 // You should have received a copy of the Phorum License // 17 // along with this program. // 18 //////////////////////////////////////////////////////////////////////////////// 19 define('phorum_page','login'); 20 21 include_once ( "./common.php" ); 22 include_once ( "./include/users.php" ); 23 include_once ( "./include/email_functions.php" ); 24 25 // ---------------------------------------------------------------------------- 26 // Handle logout 27 // ---------------------------------------------------------------------------- 28 29 if ($PHORUM['DATA']['LOGGEDIN'] && !empty($PHORUM["args"]["logout"])) { 30 31 phorum_hook( "before_logout", "" ); 32 33 // killing long-term cookie 34 phorum_user_clear_session(PHORUM_SESSION_LONG_TERM); 35 // killing short-term (write) cookie 36 phorum_user_clear_session(PHORUM_SESSION_SHORT_TERM); 37 38 // reset the sessid if not using cookies 39 if(!$PHORUM['use_cookies']) { 40 41 $new_sessid=md5($_POST['username'].microtime().$_POST['password']); 42 43 $user=array( 44 'user_id'=>$PHORUM['user']['user_id'], 45 'sessid_st'=>$new_sessid 46 ); 47 phorum_user_save_simple($user); 48 } 49 50 51 // Determine the URL to redirect the user to. The hook "after_logout" 52 // can be used by module writers to set a custom redirect URL. 53 if (isset($_SERVER["HTTP_REFERER"]) && !empty($_SERVER['HTTP_REFERER'])) { 54 $url = $_SERVER["HTTP_REFERER"]; 55 } else { 56 $url = phorum_get_url(PHORUM_LIST_URL); 57 } 58 59 // Strip the session id from the URL in case URI auth is in use. 60 if (stristr($url, PHORUM_SESSION_LONG_TERM)){ 61 $url = str_replace(PHORUM_SESSION_LONG_TERM."=".urlencode($PHORUM["args"][PHORUM_SESSION_LONG_TERM]), "", $url); 62 } 63 64 $url = phorum_hook("after_logout", $url); 65 66 phorum_redirect_by_url($url); 67 exit(); 68 } 69 70 // ---------------------------------------------------------------------------- 71 // Handle login and password reminder 72 // ---------------------------------------------------------------------------- 73 74 // Set all our URLs. 75 phorum_build_common_urls(); 76 77 $template = "login"; 78 $error = ""; 79 $okmsg = ""; 80 $username = ""; 81 82 // Handle posted form data. 83 if (count($_POST) > 0) { 84 85 // The user wants to retrieve a new password. 86 if (isset($_POST["lostpass"])) { 87 88 // Trim the email address. 89 $_POST["lostpass"] = trim($_POST["lostpass"]); 90 91 // Did the user enter an email address? 92 if (empty($_POST["lostpass"])) { 93 $error = $PHORUM["DATA"]["LANG"]["LostPassError"]; 94 } 95 96 // Is the email address available in the database? 97 elseif ($uid = phorum_user_check_email($_POST["lostpass"])) { 98 99 // An existing user id was found for the entered email 100 // address. Retrieve the user. 101 $user = phorum_user_get($uid); 102 103 $tmp_user=array(); 104 105 // User registration not yet approved by a moderator. 106 if($user["active"] == PHORUM_USER_PENDING_MOD) { 107 $template = "message"; 108 $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyMod"]; 109 // User registration still need email verification. 110 } elseif ($user["active"] == PHORUM_USER_PENDING_EMAIL || 111 $user["active"] == PHORUM_USER_PENDING_BOTH) { 112 113 // Generate and store a new email confirmation code. 114 $tmp_user["user_id"] = $uid; 115 $tmp_user["password_temp"] = substr(md5(microtime()), 0, 8); 116 phorum_user_save( $tmp_user ); 117 118 // Mail the new confirmation code to the user. 119 $verify_url = phorum_get_url(PHORUM_REGISTER_URL, "approve=".$tmp_user["password_temp"]."$uid"); 120 $maildata["mailsubject"] = $PHORUM["DATA"]["LANG"]["VerifyRegEmailSubject"]; 121 $maildata["mailmessage"] = 122 wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody1"],72). 123 "\n\n$verify_url\n\n". 124 wordwrap($PHORUM["DATA"]["LANG"]["VerifyRegEmailBody2"],72); 125 phorum_email_user(array($user["email"]), $maildata); 126 127 $PHORUM["DATA"]["MESSAGE"] = $PHORUM["DATA"]["LANG"]["RegVerifyEmail"]; 128 $template="message"; 129 130 // The user is active. 131 } else { 132 133 // Generate and store a new password for the user. 134 include_once ( "./include/profile_functions.php" ); 135 $newpass = phorum_gen_password(); 136 $tmp_user["user_id"] = $uid; 137 $tmp_user["password_temp"] = $newpass; 138 phorum_user_save($tmp_user); 139 140 // Mail the new password. 141 $user = phorum_user_get( $uid ); 142 $maildata = array(); 143 $maildata['mailmessage'] = 144 wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody1"],72). 145 "\n\n". 146 $PHORUM["DATA"]["LANG"]["Username"] .": $user[username]\n". 147 $PHORUM["DATA"]["LANG"]["Password"] .": $newpass". 148 "\n\n". 149 wordwrap($PHORUM["DATA"]["LANG"]["LostPassEmailBody2"],72); 150 $maildata['mailsubject'] = $PHORUM["DATA"]["LANG"]["LostPassEmailSubject"]; 151 phorum_email_user(array( 0 => $user['email'] ), $maildata); 152 153 $okmsg = $PHORUM["DATA"]["LANG"]["LostPassSent"]; 154 155 } 156 } 157 158 // The entered email address was not found. 159 else { 160 $error = $PHORUM["DATA"]["LANG"]["LostPassError"]; 161 } 162 } 163 164 // The user wants to login. 165 else { 166 167 // Check if the phorum_tmp_cookie was set. If not, the user's 168 // browser does not support cookies. 169 if($PHORUM["use_cookies"] && !isset($_COOKIE["phorum_tmp_cookie"])) { 170 $PHORUM["use_cookies"] = false; 171 } 172 173 $username = trim($_POST["username"]); 174 $password = trim($_POST["password"]); 175 176 // Check if the login credentials are right. 177 if (phorum_user_check_login($username, $password)) { 178 179 // Destroy the temporary cookie. 180 if(isset($_COOKIE["phorum_tmp_cookie"])){ 181 setcookie( "phorum_tmp_cookie", "", 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); 182 } 183 184 // Create an URI session id if cookies are not used.. 185 if(!$PHORUM["use_cookies"]) { 186 $uri_session_id = md5($_POST['username'].microtime().$_POST['password']); 187 $user = array( 188 'user_id' => $PHORUM['user']['user_id'], 189 'sessid_st'=> $uri_session_id 190 ); 191 phorum_user_save_simple($user); 192 phorum_user_create_session(PHORUM_SESSION_LONG_TERM,true,$uri_session_id); 193 // Create cookie session(s). 194 } else { 195 if (!$PHORUM["DATA"]["LOGGEDIN"]) { 196 phorum_user_create_session(PHORUM_SESSION_LONG_TERM, false); 197 } 198 if($PHORUM["tight_security"]){ 199 phorum_user_create_session(PHORUM_SESSION_SHORT_TERM, true); 200 } 201 } 202 203 // Determine the URL to redirect the user to. 204 // If redir is a number, it is a URL constant. 205 if(is_numeric($_POST["redir"])){ 206 $redir = phorum_get_url($_POST["redir"]); 207 } 208 209 // Redirecting to the registration or login page is a little weird, 210 // so we just go to the list page if we came from one of those. 211 elseif (isset($PHORUM['use_cookies']) && $PHORUM["use_cookies"] && !strstr($_POST["redir"], "register." . PHORUM_FILE_EXTENSION) && !strstr($_POST["redir"], "login." . PHORUM_FILE_EXTENSION)) { 212 $redir = $_POST["redir"]; 213 214 // By default, we redirect to the list page. 215 } else { 216 $redir = phorum_get_url( PHORUM_LIST_URL ); 217 } 218 219 // The hook "after_login" can be used by module writers to 220 // set a custom redirect URL. 221 $redir =phorum_hook( "after_login", $redir ); 222 223 phorum_redirect_by_url($redir); 224 exit(); 225 } 226 227 // Login failed. 228 else { 229 phorum_hook("failed_login", array( 230 "username" => $username, 231 "password" => $password, 232 "location" => "forum" 233 )); 234 $error = $PHORUM["DATA"]["LANG"]["InvalidLogin"]; 235 } 236 } 237 } 238 239 // No data posted, so this is the first request. Here we set 240 // a temporary cookie, so we can check if the user's browser 241 // supports cookies. 242 elseif($PHORUM["use_cookies"]) { 243 setcookie( "phorum_tmp_cookie", "this will be destroyed once logged in", 0, $PHORUM["session_path"], $PHORUM["session_domain"] ); 244 } 245 246 // Determine to what URL the user must be redirected after login. 247 if (!empty( $PHORUM["args"]["redir"])) { 248 $redir = htmlspecialchars(urldecode($PHORUM["args"]["redir"])); 249 } elseif (!empty( $_REQUEST["redir"])) { 250 $redir = htmlspecialchars($_REQUEST["redir"]); 251 } elseif (!empty( $_SERVER["HTTP_REFERER"])) { 252 $base = strtolower(phorum_get_url(PHORUM_BASE_URL)); 253 $len = strlen($base); 254 if (strtolower(substr($_SERVER["HTTP_REFERER"],0,$len)) == $base) { 255 $redir = htmlspecialchars($_SERVER["HTTP_REFERER"]); 256 } 257 } 258 if (! isset($redir)) { 259 $redir = phorum_get_url(PHORUM_LIST_URL); 260 } 261 262 // Setup template data. 263 $PHORUM["DATA"]["LOGIN"]["redir"] = $redir; 264 $PHORUM["DATA"]["URL"]["REGISTER"] = phorum_get_url( PHORUM_REGISTER_URL ); 265 $PHORUM["DATA"]["URL"]["ACTION"] = phorum_get_url( PHORUM_LOGIN_ACTION_URL ); 266 $PHORUM["DATA"]["LOGIN"]["forum_id"] = ( int )$PHORUM["forum_id"]; 267 $PHORUM["DATA"]["LOGIN"]["username"] = htmlspecialchars( $username ); 268 $PHORUM["DATA"]["ERROR"] = htmlspecialchars( $error ); 269 $PHORUM["DATA"]["OKMSG"] = htmlspecialchars( $okmsg ); 270 271 // Set the field to set the focus to after loading. 272 $PHORUM["DATA"]["FOCUS_TO_ID"] = empty($username) ? "username" : "password"; 273 274 // Display the page. 275 include phorum_get_template( "header" ); 276 phorum_hook( "after_header" ); 277 include phorum_get_template( $template ); 278 phorum_hook( "before_footer" ); 279 include phorum_get_template( "footer" ); 280 281 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Thu Nov 29 12:22:27 2007 | par Balluche grâce à PHPXref 0.7 |
|
|