diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-14 14:45:26 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-07-14 14:45:26 +0000 |
| commit | 4bc4397f4a71972555f55e6e5d6e1aa87efb1428 (patch) | |
| tree | fa6bb402fd18347b664e825421f8e3aa31147d7a /phpBB/login.php | |
| parent | d03de47b51173dac761e4fdf6e7004661a5565ac (diff) | |
| download | forums-4bc4397f4a71972555f55e6e5d6e1aa87efb1428.tar forums-4bc4397f4a71972555f55e6e5d6e1aa87efb1428.tar.gz forums-4bc4397f4a71972555f55e6e5d6e1aa87efb1428.tar.bz2 forums-4bc4397f4a71972555f55e6e5d6e1aa87efb1428.tar.xz forums-4bc4397f4a71972555f55e6e5d6e1aa87efb1428.zip | |
Updates for permissions, sessions, lots of things ... note that _many_ things _do_not_work_ now ... I'm commiting them to stop people complaining about my holding on to everything :) There is _no_ update script at present for all these changes, you'll have to work out what's needed yourselves till I finish various things
git-svn-id: file:///svn/phpbb/trunk@2673 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/login.php')
| -rw-r--r-- | phpBB/login.php | 145 |
1 files changed, 55 insertions, 90 deletions
diff --git a/phpBB/login.php b/phpBB/login.php index c37c9954b9..425d934fcb 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -24,8 +24,7 @@ // Allow people to reach login page if // board is shut down // -define("IN_LOGIN", true); - +define('IN_LOGIN', true); define('IN_PHPBB', true); $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); @@ -34,75 +33,66 @@ include($phpbb_root_path . 'common.'.$phpEx); // // Set page ID for session management // -$userdata = session_pagestart($user_ip, PAGE_LOGIN); -init_userprefs($userdata); +$userdata = $session->start(); // // End session management // +// +// Configure style, language, etc. +// +$session->configure($userdata); + $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; -if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) +if ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) { // // This appears to work for IIS5 CGI under Win2K. Uses getenv // since this doesn't exist for ISAPI mode and therefore the // normal Location redirector is used in preference // - if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) + if ( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) { - $username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : ''; - $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : ''; + $username = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ''; + $password = ( isset($HTTP_POST_VARS['password']) ) ? $HTTP_POST_VARS['password'] : ''; - $sql = "SELECT user_id, username, user_password, user_active, user_level + $sql = "SELECT user_id, username, user_email, user_password, user_active, user_level FROM " . USERS_TABLE . " WHERE username = '" . str_replace("\'", "''", $username) . "'"; - if ( !($result = $db->sql_query($sql)) ) - { - message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql); - } + $result = $db->sql_query($sql); - if( $row = $db->sql_fetchrow($result) ) + if ( $row = $db->sql_fetchrow($result) ) { - if( $row['user_level'] != ADMIN && $board_config['board_disable'] ) + if ( $row['user_level'] != ADMIN && $board_config['board_disable'] ) { - header($header_location . append_sid("index.$phpEx", true)); + header($header_location . "index.$phpEx$SID"); + exit; } else { - if( md5($password) == $row['user_password'] && $row['user_active'] ) + if ( md5($password) == $row['user_password'] && $row['user_active'] ) { - $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0; + $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? md5($password) : ''; + $this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; + $this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); + $session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; - $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin); + $userdata = $session->create($userdata['session_id'], $row['user_id'], $autologin, $this_page, $session_browser); - if( $session_id ) - { - if( !empty($HTTP_POST_VARS['redirect']) ) - { - header($header_location . append_sid($HTTP_POST_VARS['redirect'], true)); - } - else - { - header($header_location . append_sid("index.$phpEx", true)); - } - } - else - { - message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__); - } + header($header_location . $HTTP_POST_VARS['redirect']); + exit; } else { $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : ''; $template->assign_vars(array( - 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">') + 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx$SID&redirect=$redirect" . '">') ); - $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . append_sid("login.$phpEx?redirect=$redirect") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); - - message_die(GENERAL_MESSAGE, $message); + $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx$SID&redirect=$redirect" . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . "index.$phpEx$SID" . '">', '</a>'); + message_die(MESSAGE, $message); } } } @@ -111,41 +101,21 @@ if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($ $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : ""; $template->assign_vars(array( - 'META' => '<meta http-equiv="refresh" content="3;url=' . append_sid("login.$phpEx?redirect=$redirect") . '">') + 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx$SID&redirect=$redirect" . '">') ); - $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . append_sid("login.$phpEx?redirect=$redirect") . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>'); - - message_die(GENERAL_MESSAGE, $message); - } - } - else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] ) - { - if( $userdata['session_logged_in'] ) - { - session_end($userdata['session_id'], $userdata['user_id']); - } - - if( !empty($HTTP_POST_VARS['redirect']) ) - { - header($header_location . append_sid($HTTP_POST_VARS['redirect'], true)); - } - else - { - header($header_location . append_sid("index.$phpEx", true)); + $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx$SID&redirect=$redirect" . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . "index.$phpEx$SID" . '">', '</a>'); + message_die(MESSAGE, $message); } } - else + else if ( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['user_id'] != ANONYMOUS ) { - if( !empty($HTTP_POST_VARS['redirect']) ) - { - header($header_location . append_sid($HTTP_POST_VARS['redirect'], true)); - } - else - { - header($header_location . append_sid("index.$phpEx", true)); - } + $session->destroy($userdata); } + + $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx$SID"; + header($header_location . $redirect); + exit; } else { @@ -153,34 +123,27 @@ else // Do a full login page dohickey if // user not already logged in // - if( !$userdata['session_logged_in'] ) + if ( $userdata['user_id'] == ANONYMOUS ) { - $page_title = $lang['Login']; - include($phpbb_root_path . 'includes/page_header.'.$phpEx); - - $template->set_filenames(array( - 'body' => 'login_body.tpl') - ); - - if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) + if ( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) { $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; - if( preg_match("/^redirect=(.*)$/si", $forward_to, $forward_matches) ) + if ( preg_match('/^redirect=(.*)$/si', $forward_to, $forward_matches) ) { $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; $forward_match = explode('&', $forward_to); - if(count($forward_match) > 1) + if ( count($forward_match) > 1 ) { $forward_page = ''; for($i = 1; $i < count($forward_match); $i++) { - if( !ereg("sid=", $forward_match[$i]) ) + if ( !ereg('sid=', $forward_match[$i]) ) { - if( $forward_page != '' ) + if ( $forward_page != '' ) { $forward_page .= '&'; } @@ -201,29 +164,31 @@ else $forward_page = ''; } - $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : ''; - - $s_hidden_fields = '<input type="hidden" name="redirect" value="' . $forward_page . '" />'; - - make_jumpbox('viewforum.'.$phpEx, $forum_id); $template->assign_vars(array( - 'USERNAME' => $username, + 'USERNAME' => ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '', 'L_ENTER_PASSWORD' => $lang['Enter_password'], 'L_SEND_PASSWORD' => $lang['Forgotten_password'], - 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"), + 'U_SEND_PASSWORD' => "profile.$phpEx$SID&mode=sendpassword", - 'S_HIDDEN_FIELDS' => $s_hidden_fields) + 'S_HIDDEN_FIELDS' => '<input type="hidden" name="redirect" value="' . $forward_page . '" />') ); - $template->pparse('body'); + $page_title = $lang['Login']; + include($phpbb_root_path . 'includes/page_header.'.$phpEx); + + $template->set_filenames(array( + 'body' => 'login_body.html') + ); + make_jumpbox('viewforum.'.$phpEx, $forum_id); include($phpbb_root_path . 'includes/page_tail.'.$phpEx); } else { - header($header_location . append_sid("index.$phpEx", true)); + header($header_location . "index.$phpEx$SID"); + exit; } } |