}
//ab
} else {
if ($fm_stage == "auth") {
if (empty($fm_username) || empty($fm_password)) {
display_errorbox("Must specify both a username and a password.");
print_review_login_form($fm_username, $fm_password, $fm_requestid);
} else {
$dbh = open_db();
// attempt local (DB) authentication, or LDAP authentication
$userinfo = authenticate_reviewer($dbh, $fm_username, $fm_password);
if ($userinfo !== null) {
if (is_reviewer($userinfo)) {
$_SESSION['auth'] = true;
$_SESSION['username'] = $fm_username;
if (db_update_user_last_login($dbh, $fm_username) == false) {
echo "Unable to record login date/time.";
}
if (empty($fm_requestid)) {
require_once './include/display_listrequest.php';
//AB //show request list
print_requestid_form();
} else {
prepare_message_review($dbh, $fm_requestid);
}
} else {
display_errorbox("Only authorized Senate reviewers can use this site.");
print_review_login_form($fm_username, $fm_password, $fm_requestid);
}
} else {
display_errorbox("Invalid username or password.");
function process_login($login_info, $username, $password, $sitename)
{
if (is_array($login_info)) {
// if an array is returned, then login was successful
$bapi = $login_info['binding'];
$sessionID = $login_info['sessionID'];
$accountID = $login_info['accountID'];
$isAgency = $login_info['isAgency'];
if ($isAgency == true) {
print_agency_login_form($username, $password, $sitename, "", $sessionID, $login_info['accounts']);
} else {
$dbh = open_db();
if ($dbh) {
$rc = db_save_user($dbh, $username, $password, 'BRONTO', 'REQUESTER', $sitename);
if ($rc == false) {
display_warnbox("Unable to save user information (user="******",sitename=" . $sitename . ")");
}
$rc = db_save_session($dbh, $sessionID, $username, $accountID);
if ($rc == false) {
display_warnbox("Unable to save session information (id=" . $sessionID . ",user="******")");
}
if (db_update_user_last_login($dbh, $username) == false) {
echo "Unable to record login date/time.";
}
// Confirm that user information is available.
$userinfo = db_get_user($dbh, $username);
if (empty($userinfo['firstname']) || empty($userinfo['lastname']) || empty($userinfo['email'])) {
print_user_info_form($sessionID, $userinfo);
} else {
if (print_message_select_form($bapi, $sessionID) == false) {
display_errorbox("Unable to connect to Bronto API.");
print_request_login_form($username, $password, $sitename);
}
}
} else {
display_errorbox("Unable to connect to database.");
print_request_login_form($username, $password, $sitename);
}
}
} else {
if ($login_info === false) {
// if "false" was returned, then login was unsuccessful (incorrect username, password, or sitename)
display_errorbox("Invalid username, password, or sitename.");
} else {
// otherwise, "null" is returned, meaning no connectivity to Bronto API
display_errorbox("Unable to connect to the Bronto API server.");
}
print_request_login_form($username, $password, $sitename);
}
}
