} else {
html_draw_error(gettext("No user specified."), 'admin_users.php', 'get', array('back' => gettext("Back")));
}
}
if (isset($_GET['msg']) && validate_msg($_GET['msg'])) {
$ret = "messages.php?webtag={$webtag}&msg={$_GET['msg']}";
} else {
if (isset($_POST['ret']) && strlen(trim($_POST['ret'])) > 0) {
$ret = trim($_POST['ret']);
} else {
$ret = "admin_users.php?webtag={$webtag}";
}
}
// validate the return to page
if (isset($ret) && strlen(trim($ret)) > 0) {
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", basename($ret)) < 1) {
$ret = "admin_users.php?webtag={$webtag}";
}
}
if (isset($_POST['cancel'])) {
header_redirect($ret);
}
if (isset($_POST['edit_users']) && is_array($_POST['edit_users'])) {
list($gid) = array_keys($_POST['edit_users']);
$redirect_uri = "admin_user_groups_edit_users.php?webtag={$webtag}&gid={$gid}";
$redirect_uri .= "&ret=admin_user.php%3Fwebtag%3D{$webtag}%26uid={$uid}%26ret%3D";
$redirect_uri .= rawurlencode($ret);
header_redirect($redirect_uri);
}
// Array to hold error messages
function logon_draw_form($logon_options)
{
$webtag = get_webtag();
forum_check_webtag_available($webtag);
// Make sure logon form argument is valid.
if (!is_numeric($logon_options)) {
$logon_options = LOGON_FORM_DEFAULT;
}
// Check for previously failed logon.
if (isset($_GET['logout_success']) && $_GET['logout_success'] == 'true') {
html_display_success_msg(gettext("You have successfully logged out."), '500', 'center');
} else {
if (isset($_GET['logon_failed']) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
html_display_error_msg(gettext("The username or password you supplied is not valid."), '500', 'center');
}
}
// Get the original requested page url.
$request_uri = get_request_uri();
// If the request is for logon.php then we are performing
// a normal login, otherwise potentially a failed session.
if (stristr($request_uri, 'logon.php')) {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
} else {
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"{$request_uri}\" target=\"_self\">\n";
echo " ", form_csrf_token_field(), "\n";
}
// Check for any post data that we need to include in the form.
unset($_POST['user_logon'], $_POST['user_password'], $_POST['logon'], $_POST['webtag'], $_POST['register']);
// Add any post data into the form.
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Logon"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('user_logon', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('user_password', null, 24, 32, null, 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
if (!($logon_options & LOGON_FORM_HIDE_TICKBOX) && !($logon_options & LOGON_FORM_SESSION_EXPIRED)) {
echo " <tr>\n";
echo " <td align=\"left\" colspan=\"2\"><hr class=\"bhseparatorlogon\" /></td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", form_checkbox('user_remember', 'Y', null, html_get_cookie('user_logon') && html_get_cookie('user_token')), "</td>\n";
echo " <td align=\"left\"><label for=\"user_remember\">", gettext("Remember me"), "</label></td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " <td align=\"left\"><span class=\"bhinputlogon_warning\">", gettext("Not recommended for shared computers"), "</span></td>\n";
echo " </tr>\n";
}
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo "</form>\n";
echo "<br />\n";
if (!($logon_options & LOGON_FORM_HIDE_LINKS)) {
echo "<hr class=\"bhlogonseparator\" />\n";
if (user_guest_enabled()) {
echo "<form accept-charset=\"utf-8\" name=\"guest\" action=\"logon.php?webtag={$webtag}\" method=\"post\" target=\"", html_get_top_frame_name(), "\">\n";
echo " ", form_csrf_token_field(), "\n";
echo " <p>", sprintf(gettext("Enter as a %s"), form_submit('guest_logon', gettext("Guest"))), "</p>\n";
echo "</form>\n";
}
if (isset($_GET['final_uri']) && strlen(trim($_GET['final_uri'])) > 0) {
$available_files_preg = implode("|^", array_map('preg_quote_callback', get_available_files()));
if (preg_match("/^{$available_files_preg}/u", trim($_GET['final_uri'])) > 0) {
$final_uri = href_cleanup_query_keys($_GET['final_uri']);
}
}
if (isset($final_uri)) {
$final_uri = rawurlencode($final_uri);
$register_link = rawurlencode("register.php?webtag={$webtag}&final_uri={$final_uri}");
$forgot_pw_link = rawurlencode("forgot_pw.php?webtag={$webtag}&final_uri={$final_uri}");
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri={$register_link}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>") . "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes&final_uri={$final_uri}\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri={$forgot_pw_link}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
} else {
echo "<p>", sprintf(gettext("Don't have an account? %s"), "<a href=\"index.php?webtag={$webtag}&final_uri=register.php%3Fwebtag%3D{$webtag}\" target=\"" . html_get_top_frame_name() . "\">" . gettext("Register now") . "</a>"), "</p>\n";
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Problems logging on?"), "</h2>\n";
echo "<p><a href=\"logon.php?webtag={$webtag}&delete_cookie=yes\" target=\"", html_get_top_frame_name(), "\">", gettext("Delete Cookies"), "</a></p>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&final_uri=forgot_pw.php%3Fwebtag%3D{$webtag}\" target=\"", html_get_top_frame_name(), "\">", gettext("Forgotten your password?"), "</a></p>\n";
}
echo "<hr class=\"bhlogonseparator\" />\n";
echo "<h2>", gettext("Using a mobile device?"), "</h2>\n";
echo "<p><a href=\"index.php?webtag={$webtag}&view=mobile\" target=\"", html_get_top_frame_name(), "\">", gettext("Mobile version"), "</a></p>\n";
}
}