/**
*
* authenticate user
*/
public function authenticate()
{
$errors = null;
// destroy guests if disabled
if (isset($_SESSION['simple_auth']['username']) && $_SESSION['simple_auth']['username'] == 'guest' && gatorconf::get('allow_guests') == false) {
session_destroy();
session_start();
}
// recover password 1/2 - send email
if (gatorconf::get('enable_password_recovery') && isset($_GET['recover_password']) && !empty($_GET['recover_password']) && isset($_POST['emaildata']) && !empty($_POST['emaildata'])) {
$email = filter_var(rawurldecode($_POST['emaildata']), FILTER_SANITIZE_EMAIL);
$user = gator::getUser($email, 'email');
if ($user && filter_var($email, FILTER_VALIDATE_EMAIL)) {
$generatedKey = 'otp-' . sha1(mt_rand(10000, 99999) . time());
gator::updateUser($user['username'], array('akey' => $generatedKey));
$url = gatorconf::get('base_url') . '/?otp=' . $generatedKey;
$subject = gatorconf::get('account_email_subject');
$body = gatorconf::get('account_email_text') . "\n\n" . $url;
$this->sendEmail($email, $subject, $body);
}
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
}
// recover password 1/2 - direct link enter
if (gatorconf::get('enable_password_recovery') && isset($_GET['otp']) && !empty($_GET['otp'])) {
$otp = strtolower(preg_replace("/[^a-z0-9\\-]+/i", "-", $_GET['otp']));
$user = gator::getUser($otp, 'akey');
if ($user) {
gator::updateUser($user['username'], array('akey' => ''));
$_SESSION['directlinkenter'] = 'passwordrecovery';
$this->loginUser($user);
}
sleep(2);
// flush url
header('Location: ' . gatorconf::get('base_url'));
die;
}
if (!isset($_SESSION['simple_auth']['username']) || isset($_GET["login"])) {
session_destroy();
session_start();
if (isset($_POST["submit"])) {
$user = gator::getUser($_POST['username']);
if (isset($user['permissions']) && !strstr($user['permissions'], 'r') || $user['username'] == 'guest' && gatorconf::get('allow_guests') == false) {
$errors = lang::get("Access Forbidden");
gator::writeLog('auth bad - not activated');
}
if (!isset($_POST['username']) || !isset($_POST['password']) || $_POST['username'] == '' || $_POST['password'] == '') {
$errors = lang::get("Enter username and password.");
gator::writeLog('auth bad - blank fields');
}
if (isset($user['akey']) && $user['akey'] != '' && strpos($user['akey'], 'otp-') === false) {
$errors = lang::get("Please open your email and click on the link to proceed.");
gator::writeLog('auth bad - not activated');
}
if (!$errors && $user['username'] == $_POST['username'] && gator::checkPassword($_POST['password'], $user['password'])) {
$this->loginUser($user);
}
if (!$errors) {
$errors = lang::get("Wrong username or password.");
gator::writeLog('auth bad - wrong username or password');
sleep(1);
}
}
if (!isset($_GET["login"]) && gatorconf::get('allow_guests') == true) {
$user = gator::getUser('guest');
if ($user) {
$this->loginUser($user);
}
// reload
header('Location: ' . gatorconf::get('base_url'));
die;
}
gator::display("header.php");
gator::display("login.php", array('errors' => $errors));
gator::display("footer.php");
exit;
}
}
