function Page_Main()
{
global $Security, $Language, $UserProfile, $gsFormError;
global $Breadcrumb;
$url = substr(ew_CurrentUrl(), strrpos(ew_CurrentUrl(), "/") + 1);
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("login", "LoginPage", $url, "", "", TRUE);
$sPassword = "";
$sLastUrl = $Security->LastUrl();
// Get last URL
if ($sLastUrl == "") {
$sLastUrl = "index.php";
}
// If session expired, show session expired message
if (@$_GET["expired"] == "1") {
$this->setFailureMessage($Language->Phrase("SessionExpired"));
}
if (IsLoggingIn()) {
$this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
$sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD];
$this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE];
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
if ($bValidPwd) {
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = "";
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = "";
}
} else {
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
$Security->LoadUserLevel();
// Load user level
$this->Username = "";
// Initialize
$encrypted = FALSE;
if (isset($_POST["username"])) {
$this->Username = ew_RemoveXSS(ew_StripSlashes($_POST["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"]));
} else {
if (EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) {
$this->Username = ew_RemoveXSS(ew_StripSlashes($_GET["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_GET["type"]));
$encrypted = !empty($_GET["encrypted"]);
}
}
if ($this->Username != "") {
$bValidate = $this->ValidateForm($this->Username, $sPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
$_SESSION[EW_SESSION_USER_LOGIN_TYPE] = $this->LoginType;
// Save user login type
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username;
// Save login user name
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType;
// Save login type
// Max login attempt checking
if ($UserProfile->ExceedLoginRetry($this->Username)) {
$bValidate = FALSE;
$this->setFailureMessage(str_replace("%t", EW_USER_PROFILE_RETRY_LOCKOUT, $Language->Phrase("ExceedMaxRetry")));
}
} else {
if ($Security->IsLoggedIn()) {
if ($this->getFailureMessage() == "") {
$this->Page_Terminate($sLastUrl);
}
// Return to last accessed page
}
$bValidate = FALSE;
// Restore settings
if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) {
$this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
}
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$this->LoginType = "a";
} elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") {
$this->LoginType = "u";
} else {
$this->LoginType = "";
}
}
$bValidPwd = FALSE;
if ($bValidate) {
// Call Logging In event
$bValidate = $this->User_LoggingIn($this->Username, $sPassword);
if ($bValidate) {
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE, $encrypted);
// Manual login
if (!$bValidPwd) {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("InvalidUidPwd"));
}
// Invalid user id/password
}
} else {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("LoginCancelled"));
}
// Login cancelled
}
}
}
if ($bValidPwd) {
// Write cookies
if ($this->LoginType == "a") {
// Auto login
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME);
// Set autologin cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME);
// Set password cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} elseif ($this->LoginType == "u") {
// Remember user name
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME);
// Set remember user name cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} else {
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME);
// Clear auto login cookie
}
$this->WriteAuditTrailOnLogin($this->Username);
// Call loggedin event
$this->User_LoggedIn($this->Username);
$this->Page_Terminate($sLastUrl);
// Return to last accessed URL
} elseif ($this->Username != "" && $sPassword != "") {
// Call user login error event
$this->User_LoginError($this->Username, $sPassword);
}
}
function Page_Main()
{
global $Security, $Language, $UserProfile, $gsFormError;
global $Breadcrumb;
$Breadcrumb = new cBreadcrumb();
$Breadcrumb->Add("login", "<span id=\"ewPageCaption\">" . $Language->Phrase("LoginPage") . "</span>", ew_CurrentUrl());
$sPassword = "";
$sLastUrl = $Security->LastUrl();
// Get last URL
if ($sLastUrl == "") {
$sLastUrl = "index.php";
}
if (IsLoggingIn()) {
$this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME];
$sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD];
$this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE];
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
if ($bValidPwd) {
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = "";
$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = "";
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = "";
}
} else {
if (!$Security->IsLoggedIn()) {
$Security->AutoLogin();
}
$this->Username = "";
// Initialize
if (@$_POST["username"] != "") {
// Setup variables
$this->Username = ew_RemoveXSS(ew_StripSlashes(@$_POST["username"]));
$sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"]));
$this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"]));
}
if ($this->Username != "") {
$bValidate = $this->ValidateForm($this->Username, $sPassword);
if (!$bValidate) {
$this->setFailureMessage($gsFormError);
}
$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username;
// Save login user name
$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType;
// Save login type
} else {
if ($Security->IsLoggedIn()) {
if ($this->getFailureMessage() == "") {
$this->Page_Terminate($sLastUrl);
}
// Return to last accessed page
}
$bValidate = FALSE;
// Restore settings
if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) {
$this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']);
}
if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") {
$this->LoginType = "a";
} elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") {
$this->LoginType = "u";
} else {
$this->LoginType = "";
}
}
$bValidPwd = FALSE;
if ($bValidate) {
// Call Logging In event
$bValidate = $this->User_LoggingIn($this->Username, $sPassword);
if ($bValidate) {
$bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE);
// Manual login
if (!$bValidPwd) {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("InvalidUidPwd"));
}
// Invalid user id/password
}
} else {
if ($this->getFailureMessage() == "") {
$this->setFailureMessage($Language->Phrase("LoginCancelled"));
}
// Login cancelled
}
}
}
if ($bValidPwd) {
// Write cookies
if ($this->LoginType == "a") {
// Auto login
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME);
// Set autologin cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME);
// Set password cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} elseif ($this->LoginType == "u") {
// Remember user name
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME);
// Set remember user name cookie
setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME);
// Set user name cookie
setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME);
} else {
setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME);
// Clear auto login cookie
}
// Call loggedin event
$this->User_LoggedIn($this->Username);
$this->Page_Terminate($sLastUrl);
// Return to last accessed URL
} elseif ($this->Username != "" && $sPassword != "") {
// Call user login error event
$this->User_LoginError($this->Username, $sPassword);
}
}
