function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $url = substr(ew_CurrentUrl(), strrpos(ew_CurrentUrl(), "/") + 1); $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "LoginPage", $url, "", "", TRUE); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } // If session expired, show session expired message if (@$_GET["expired"] == "1") { $this->setFailureMessage($Language->Phrase("SessionExpired")); } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $Security->LoadUserLevel(); // Load user level $this->Username = ""; // Initialize $encrypted = FALSE; if (isset($_POST["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } else { if (EW_ALLOW_LOGIN_BY_URL && isset($_GET["username"])) { $this->Username = ew_RemoveXSS(ew_StripSlashes($_GET["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_GET["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_GET["type"])); $encrypted = !empty($_GET["encrypted"]); } } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_LOGIN_TYPE] = $this->LoginType; // Save user login type $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type // Max login attempt checking if ($UserProfile->ExceedLoginRetry($this->Username)) { $bValidate = FALSE; $this->setFailureMessage(str_replace("%t", EW_USER_PROFILE_RETRY_LOCKOUT, $Language->Phrase("ExceedMaxRetry"))); } } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE, $encrypted); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } $this->WriteAuditTrailOnLogin($this->Username); // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }
function Page_Main() { global $Security, $Language, $UserProfile, $gsFormError; global $Breadcrumb; $Breadcrumb = new cBreadcrumb(); $Breadcrumb->Add("login", "<span id=\"ewPageCaption\">" . $Language->Phrase("LoginPage") . "</span>", ew_CurrentUrl()); $sPassword = ""; $sLastUrl = $Security->LastUrl(); // Get last URL if ($sLastUrl == "") { $sLastUrl = "index.php"; } if (IsLoggingIn()) { $this->Username = @$_SESSION[EW_SESSION_USER_PROFILE_USER_NAME]; $sPassword = @$_SESSION[EW_SESSION_USER_PROFILE_PASSWORD]; $this->LoginType = @$_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE]; $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); if ($bValidPwd) { $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = ""; $_SESSION[EW_SESSION_USER_PROFILE_PASSWORD] = ""; $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = ""; } } else { if (!$Security->IsLoggedIn()) { $Security->AutoLogin(); } $this->Username = ""; // Initialize if (@$_POST["username"] != "") { // Setup variables $this->Username = ew_RemoveXSS(ew_StripSlashes(@$_POST["username"])); $sPassword = ew_RemoveXSS(ew_StripSlashes(@$_POST["password"])); $this->LoginType = strtolower(ew_RemoveXSS(@$_POST["type"])); } if ($this->Username != "") { $bValidate = $this->ValidateForm($this->Username, $sPassword); if (!$bValidate) { $this->setFailureMessage($gsFormError); } $_SESSION[EW_SESSION_USER_PROFILE_USER_NAME] = $this->Username; // Save login user name $_SESSION[EW_SESSION_USER_PROFILE_LOGIN_TYPE] = $this->LoginType; // Save login type } else { if ($Security->IsLoggedIn()) { if ($this->getFailureMessage() == "") { $this->Page_Terminate($sLastUrl); } // Return to last accessed page } $bValidate = FALSE; // Restore settings if (@$_COOKIE[EW_PROJECT_NAME]['Checksum'] == strval(crc32(md5(EW_RANDOM_KEY)))) { $this->Username = ew_Decrypt(@$_COOKIE[EW_PROJECT_NAME]['Username']); } if (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "autologin") { $this->LoginType = "a"; } elseif (@$_COOKIE[EW_PROJECT_NAME]['AutoLogin'] == "rememberusername") { $this->LoginType = "u"; } else { $this->LoginType = ""; } } $bValidPwd = FALSE; if ($bValidate) { // Call Logging In event $bValidate = $this->User_LoggingIn($this->Username, $sPassword); if ($bValidate) { $bValidPwd = $Security->ValidateUser($this->Username, $sPassword, FALSE); // Manual login if (!$bValidPwd) { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("InvalidUidPwd")); } // Invalid user id/password } } else { if ($this->getFailureMessage() == "") { $this->setFailureMessage($Language->Phrase("LoginCancelled")); } // Login cancelled } } } if ($bValidPwd) { // Write cookies if ($this->LoginType == "a") { // Auto login setcookie(EW_PROJECT_NAME . '[AutoLogin]', "autologin", EW_COOKIE_EXPIRY_TIME); // Set autologin cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Password]', ew_Encrypt($sPassword), EW_COOKIE_EXPIRY_TIME); // Set password cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } elseif ($this->LoginType == "u") { // Remember user name setcookie(EW_PROJECT_NAME . '[AutoLogin]', "rememberusername", EW_COOKIE_EXPIRY_TIME); // Set remember user name cookie setcookie(EW_PROJECT_NAME . '[Username]', ew_Encrypt($this->Username), EW_COOKIE_EXPIRY_TIME); // Set user name cookie setcookie(EW_PROJECT_NAME . '[Checksum]', crc32(md5(EW_RANDOM_KEY)), EW_COOKIE_EXPIRY_TIME); } else { setcookie(EW_PROJECT_NAME . '[AutoLogin]', "", EW_COOKIE_EXPIRY_TIME); // Clear auto login cookie } // Call loggedin event $this->User_LoggedIn($this->Username); $this->Page_Terminate($sLastUrl); // Return to last accessed URL } elseif ($this->Username != "" && $sPassword != "") { // Call user login error event $this->User_LoginError($this->Username, $sPassword); } }