You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA $Id: lcm_login.php,v 1.17 2006/03/10 18:55:48 mlutfy Exp $ */ include 'inc/inc_version.php'; // Test if LCM is installed if (!include_config_exists('inc_connect')) { header('Location: install.php'); exit; } include_lcm('inc_presentation'); include_lcm('inc_login'); global $lcm_lang_right; lcm_html_start(_T('login_title_login'), 'login'); echo get_optional_html_login(); // Site name: mandatory $site_name = _T(read_meta('site_name')); if (!$site_name) { $site_name = _T('title_software'); } // Site description: may be empty $site_desc = _T(read_meta('site_description')); echo "\n"; echo "<div align='center'>\n"; echo "<div align='center' id='login_screen'>\n\n"; echo "<h3>" . $site_name; if ($site_desc) { echo "<br /><span style='font-size: 80%; font-weight: normal;'>" . $site_desc . "</span>"; }
function auth() { global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW; global $auth_can_disconnect; global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email; global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass; global $connect_activer_imessage, $connect_activer_messagerie; global $connect_status; global $author_session, $prefs; global $clean_link; // This reloads $GLOBALS['db_ok'], just in case include_config('inc_connect'); // If there is not SQL connection, quit. if (!$GLOBALS['db_ok']) { include_lcm('inc_presentation'); lcm_html_start("Technical problem", "install"); // annoy sql_errno() echo "\n<!-- \n"; echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t"; lcm_query("SELECT count(*) from lcm_meta"); echo "\n-->\n\n"; echo "<div align='left' style='width: 600px;' class='box_error'>\n"; echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n"; echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n"; if (lcm_sql_errno()) { echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n"; } else { echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n"; } echo "</div>\n"; lcm_html_end(); return false; } // Initialise variables (avoid URL hacks) $auth_login = ""; $auth_pass = ""; $auth_pass_ok = false; $auth_can_disconnect = false; // Fetch identification data from authentication session if (isset($_COOKIE['lcm_session'])) { if (verifier_session($_COOKIE['lcm_session'])) { if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') { $auth_login = $author_session['username']; $auth_pass_ok = true; $auth_can_disconnect = true; } } } else { if ($_REQUEST['privet'] == 'yes') { // Failed login attempt: cookie failed $link = new Link("lcm_cookie.php?cookie_test_failed=yes"); $clean_link->delVar('privet'); $url = str_replace('/./', '/', $clean_link->getUrl()); $link->addVar('var_url', $url); @header("Location: " . $link->getUrl()); exit; } } // If not authenticated, ask for login / password if (!$auth_login) { $url = $clean_link->getUrl(); @header("Location: lcm_login.php?var_url=" . urlencode($url)); exit; } // // Search for the login in the authors' table // $auth_login = addslashes($auth_login); $query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'"; $result = @lcm_query($query); if ($row = lcm_fetch_array($result)) { $connect_id_auteur = $row['id_author']; $connect_nom = $row['name_first']; $connect_login = $row['username']; $connect_pass = $row['password']; $connect_status = $row['status']; $connect_activer_messagerie = "non"; //$row["messagerie"]; $connect_activer_imessage = "non "; //$row["imessage"]; // Set the users' preferences $prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']); // // Default values for some possibly unset preferences // if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) { $prefs['page_rows'] = 15; } if (!isset($prefs['theme']) || !$prefs['theme']) { $prefs['theme'] = 'green'; } if (!isset($prefs['screen']) || !$prefs['screen']) { $prefs['screen'] = 'wide'; } if (!isset($prefs['font_size']) || !$prefs['font_size']) { $prefs['font_size'] = 'medium_font'; } if (!isset($prefs['case_owner']) || !$prefs['case_owner']) { $prefs['case_owner'] = 'my'; } if (!isset($prefs['case_period']) || !$prefs['case_period']) { $prefs['case_period'] = '91'; } if (!isset($prefs['mode']) || !$prefs['mode']) { $prefs['mode'] = 'simple'; } if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) { $prefs['time_intervals'] = 'relative'; $prefs['time_intervals_notation'] = 'hours_only'; } } else { // This case is a strange possibility: the author is authentified // OK, but he does not exist in the authors table. Possible cause: // the database was restaured and the author does not exist (and // the user was authentified by another source, such as LDAP). // Note: we use to show a strange error message which would advice // to logout, but since it occurs only after db upgrade, just logout // brutally (with cookie_admin=no to forget the username). lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login); exit; } if (!$auth_pass_ok) { @header("Location: lcm_login.php?var_erreur=pass"); exit; } // [ML] Again, not sure how this is used, but we can ignore it for now // TODO (note: nouveau == new) if ($connect_status == 'nouveau') { $query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}"; $result = lcm_query($query); $connect_status = 'normal'; } // PHP sessions are started here, and stopped at logout session_start(); return true; }
function install_html_start($title = 'AUTO', $css_files = '', $dbg = '') { global $lcm_lang_rtl; if ($dbg) { lcm_log("{$dbg}: start", 'install'); } if ($title == 'AUTO') { $title = _T('install_title_installation_start'); } $css_files = $css_files ? $css_files . ",install" : "install"; lcm_html_start($title, $css_files); echo "\t<br/>\n"; echo "\t<div align='center' id='install_screen'>\n"; echo "\t\t<h1><b>{$title}</b></h1>\n"; echo "\n<!-- END install_html_start() -->\n\n"; }