exit; } $_T->printHeader(); lovd_printSideBar(); require ROOT_PATH . 'inc-lib-form.php'; // Load User class. require ROOT_PATH . 'class/object_users.php'; $_USER = new LOVD_User(); print ' <B>Administrator account details</B><BR>' . "\n" . ' <BR>' . "\n\n"; if (isset($_GET['sent'])) { lovd_errorClean(); $_USER->checkFields($_POST); if (!lovd_error()) { // Gather information and go to next page. // Prepare password... $_POST['password'] = lovd_createPasswordHash($_POST['password_1']); unset($_POST['password_1'], $_POST['password_2']); print ' Account details OK. Ready to proceed to the next step.<BR>' . "\n" . ' <BR>' . "\n\n"; lovd_printInstallForm(); $_T->printFooter(); exit; } else { // Errors, thus we must return to the form. Remove the password fields! unset($_POST['password_1'], $_POST['password_2']); } } else { // Default values. $_USER->setDefaultValues(); } if (!isset($_GET['sent'])) { print ' Please fill in the Administrator\'s account details and press \'Continue\' to continue the installation.<BR>' . "\n" . ' <BR>' . "\n\n";
// Successfully logging in! $_SESSION['auth'] = $zUser; $_AUTH =& $_SESSION['auth']; lovd_writeLog('Auth', 'AuthLogin', $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') successfully logged in using ' . $_POST['username'] . '/' . str_repeat('*', strlen($_POST['password']))); $_SESSION['last_login'] = $_AUTH['last_login']; // Protect against Session Fixation by regenarating the ID (available since 4.3.2), but only after 4.3.10 as it gives problems before that... if (!(substr(phpversion(), 0, 4) == '4.3.' && substr(phpversion(), 4) < 10)) { session_regenerate_id(); // Fix weird behaviour of session_regenerate_id() - sometimes it is not sending a new cookie. setcookie(session_name(), session_id(), ini_get('session.cookie_lifetime')); } // FIXME; This is temporary code; can be removed once the old authentication method has died out. // Regenerate the new password hash, *but only if the user has upgraded the database already*!!! if (strlen($zUser['password']) == 32 && $_STAT['version'] >= '3.0-alpha-02') { // User has logged in, so we have his password. Create salt and regenerate password hash for him. $_SESSION['auth']['password'] = lovd_createPasswordHash($_POST['password']); $_DB->query('UPDATE ' . TABLE_USERS . ' SET password = ?, password_autogen = "", phpsessid = ?, last_login = NOW(), login_attempts = 0 WHERE id = ?', array($_SESSION['auth']['password'], session_id(), $_AUTH['id'])); } else { // FIXME; if this block is removed, keep this query. $_DB->query('UPDATE ' . TABLE_USERS . ' SET password_autogen = "", phpsessid = ?, last_login = NOW(), login_attempts = 0 WHERE id = ?', array(session_id(), $_AUTH['id'])); } // Check if the user should be forced to change his/her password. if (!empty($_AUTH['password_force_change'])) { $_SESSION['password_force_change'] = true; } // Check if referer is given, check it, then forward the user. if (!empty($_POST['referer'])) { // Location is within this LOVD installation. $sLocation = $_POST['referer']; } else { // Redirect to proper location will be done somewhere else in this code.