diff options
| author | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-08-06 16:56:14 +0000 |
|---|---|---|
| committer | Paul S. Owen <psotfx@users.sourceforge.net> | 2002-08-06 16:56:14 +0000 |
| commit | f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f (patch) | |
| tree | 0761369b34ba69cfde6aea5e6a2cdda98e293cdd /phpBB/login.php | |
| parent | 685c8b066919a02264e5b8991349c4feea097000 (diff) | |
| download | forums-f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f.tar forums-f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f.tar.gz forums-f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f.tar.bz2 forums-f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f.tar.xz forums-f8ea2a46a8910848ca00dbd3c9de5bbe7a5b925f.zip | |
Auth plug-in, say thanks to Sergey Kanareykin
git-svn-id: file:///svn/phpbb/trunk@2828 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/login.php')
| -rw-r--r-- | phpBB/login.php | 178 |
1 files changed, 51 insertions, 127 deletions
diff --git a/phpBB/login.php b/phpBB/login.php index b16d6c34a8..43681e3265 100644 --- a/phpBB/login.php +++ b/phpBB/login.php @@ -8,7 +8,6 @@ * * $Id$ * - * ***************************************************************************/ /*************************************************************************** @@ -20,12 +19,9 @@ * ***************************************************************************/ -// -// Allow people to reach login page if -// board is shut down -// define('IN_LOGIN', true); define('IN_PHPBB', true); + $phpbb_root_path = './'; include($phpbb_root_path . 'extension.inc'); include($phpbb_root_path . 'common.'.$phpEx); @@ -34,71 +30,43 @@ include($phpbb_root_path . 'common.'.$phpEx); // Set page ID for session management // $userdata = $session->start(); -$session->configure($userdata); - $acl = new auth('list', $userdata); + +$session->configure($userdata); // // End session management // // -// Configure style, language, etc. +// This appears to work for IIS5 CGI under Win2K. Uses getenv since this doesn't exist for +// ISAPI mode and therefore the normal Location redirector is used in preference // - $header_location = ( @preg_match('/Microsoft|WebSTAR|Xitami/', getenv('SERVER_SOFTWARE')) ) ? 'Refresh: 0; URL=' : 'Location: '; -if ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) ) -{ - // - // This appears to work for IIS5 CGI under Win2K. Uses getenv - // since this doesn't exist for ISAPI mode and therefore the - // normal Location redirector is used in preference - // - if ( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] ) - { - $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : 'index.'.$phpEx; +extract($HTTP_GET_VARS); +extract($HTTP_POST_VARS); - $username = ( isset($HTTP_POST_VARS['username']) ) ? $HTTP_POST_VARS['username'] : ''; - $password = ( isset($HTTP_POST_VARS['password']) ) ? $HTTP_POST_VARS['password'] : ''; +$redirect = ( isset($redirect) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : ''; - $sql = "SELECT user_id, username, user_email, user_password, user_active - FROM " . USERS_TABLE . " - WHERE username = '" . str_replace("\'", "''", $username) . "'"; - $result = $db->sql_query($sql); +// +// Do the login/logout/form/whatever +// +if ( isset($login) || isset($logout) ) +{ + if ( isset($login) && $userdata['user_id'] == ANONYMOUS ) + { + $autologin = ( !empty($autologin) ) ? true : false; - if ( $row = $db->sql_fetchrow($result) ) + // + // Is the board disabled? Are we an admin? No, then back to the index we go + // + if ( $board_config['board_disable'] && !$acl->get_acl_admin() ) { - if ( $row['user_level'] != ADMIN && $board_config['board_disable'] ) - { - header($header_location . "index.$phpEx$SID"); - exit; - } - else - { - if ( md5($password) == $row['user_password'] && $row['user_active'] ) - { - $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? md5($password) : ''; - $this_page = ( !empty($HTTP_SERVER_VARS['PHP_SELF']) ) ? $HTTP_SERVER_VARS['PHP_SELF'] : $HTTP_ENV_VARS['PHP_SELF']; - $this_page .= '&' . ( ( !empty($HTTP_SERVER_VARS['QUERY_STRING']) ) ? $HTTP_SERVER_VARS['QUERY_STRING'] : $HTTP_ENV_VARS['QUERY_STRING'] ); - $session_browser = ( !empty($HTTP_SERVER_VARS['HTTP_USER_AGENT']) ) ? $HTTP_SERVER_VARS['HTTP_USER_AGENT'] : $HTTP_ENV_VARS['HTTP_USER_AGENT']; - - $userdata = $session->create($userdata['session_id'], $row['user_id'], $autologin, $this_page, $session_browser); - - header($header_location . $redirect . $SID); - exit; - } - else - { - $template->assign_vars(array( - 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx$SID&redirect=$redirect" . '">') - ); - - $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx$SID&redirect=$redirect" . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . "index.$phpEx$SID" . '">', '</a>'); - message_die(MESSAGE, $message); - } - } + header($header_location . "index.$phpEx$SID"); + exit; } - else + + if ( new login($username, $password, $autologin) ) { $template->assign_vars(array( 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx$SID&redirect=$redirect" . '">') @@ -108,88 +76,44 @@ if ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset( message_die(MESSAGE, $message); } } - else if ( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['user_id'] != ANONYMOUS ) + else if ( $userdata['user_id'] != ANONYMOUS ) { $session->destroy($userdata); } - header($header_location . $redirect . $SID); - exit; -} -else -{ // - // Do a full login page dohickey if - // user not already logged in + // Redirect to wherever we're supposed to go ... // - if ( $userdata['user_id'] == ANONYMOUS ) - { - if ( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) ) - { - $forward_to = $HTTP_SERVER_VARS['QUERY_STRING']; - - if ( preg_match('/^redirect=(.*)$/si', $forward_to, $forward_matches) ) - { - $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1]; - - $forward_match = explode('&', $forward_to); - - if ( count($forward_match) > 1 ) - { - $forward_page = ''; - - for($i = 1; $i < count($forward_match); $i++) - { - if ( !ereg('sid=', $forward_match[$i]) ) - { - if ( $forward_page != '' ) - { - $forward_page .= '&'; - } - $forward_page .= $forward_match[$i]; - } - } - - $forward_page = $forward_match[0] . '?' . $forward_page; - } - else - { - $forward_page = $forward_match[0]; - } - } - } - else - { - $forward_page = ''; - } - - $template->assign_vars(array( - 'USERNAME' => ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '', - - 'L_ENTER_PASSWORD' => $lang['Enter_password'], - 'L_SEND_PASSWORD' => $lang['Forgotten_password'], + $redirect_url = ( $redirect ) ? preg_replace('/^.*?redirect=(.*?)&(.*?)$/', '\\1' . $SID . '&\\2', $redirect) : 'index.'.$phpEx; + header($header_location . $redirect_url); + exit; +} - 'U_SEND_PASSWORD' => "profile.$phpEx$SID&mode=sendpassword", - - 'S_HIDDEN_FIELDS' => '<input type="hidden" name="redirect" value="' . $forward_page . '" />') - ); +if ( $userdata['user_id'] == ANONYMOUS ) +{ + $template->assign_vars(array( + 'L_ENTER_PASSWORD' => $lang['Enter_password'], + 'L_SEND_PASSWORD' => $lang['Forgotten_password'], - $page_title = $lang['Login']; - include($phpbb_root_path . 'includes/page_header.'.$phpEx); + 'U_SEND_PASSWORD' => "profile.$phpEx$SID&mode=sendpassword", + + 'S_HIDDEN_FIELDS' => '<input type="hidden" name="redirect" value="' . $redirect . '" />') + ); - $template->set_filenames(array( - 'body' => 'login_body.html') - ); - make_jumpbox('viewforum.'.$phpEx, $forum_id); + $page_title = $lang['Login']; + include($phpbb_root_path . 'includes/page_header.'.$phpEx); - include($phpbb_root_path . 'includes/page_tail.'.$phpEx); - } - else - { - header($header_location . "index.$phpEx$SID"); - exit; - } + $template->set_filenames(array( + 'body' => 'login_body.html') + ); + make_jumpbox('viewforum.'.$phpEx, $forum_id); + include($phpbb_root_path . 'includes/page_tail.'.$phpEx); +} +else +{ + header($header_location . "index.$phpEx$SID"); + exit; } ?>
\ No newline at end of file |