function logon_perform()
{
// Check to see if the user is logging in as a guest or a normal user.
if (isset($_POST['guest_logon'])) {
// Check the Guest account is enabled.
if (!user_guest_enabled()) {
return false;
}
// Initialise Guest user session.
session::start(0);
// Generate new CSRF token
session::refresh_csrf_token();
// Update the visitor log
session::update_visitor_log(0, true);
// Success
return true;
} else {
if (isset($_POST['user_logon']) && isset($_POST['user_password'])) {
// Extract the submitted username
$user_logon = $_POST['user_logon'];
// Extract the submitted password
$user_password = $_POST['user_password'];
// Try and login the user.
if (($uid = user_logon($user_logon, $user_password)) !== false) {
// Initialise a user session.
session::start($uid);
// Generate new CSRF token
session::refresh_csrf_token();
// Update User's last forum visit
forum_update_last_visit($uid);
// Update the visitor log
session::update_visitor_log($uid, true);
// Check if we should save a token to allow auto logon,
if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') {
// Get a token for the entered password.
$user_token = user_generate_token($uid);
// Set a cookie with the logon and the token.
html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS);
html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS);
} else {
// Remove the cookie.
html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS);
html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS);
}
// Success
return true;
}
}
}
// Failed
return false;
}
function logon_perform()
{
$webtag = get_webtag();
// Check to see if the user is logging in as a guest or a normal user.
if (isset($_POST['guest_logon'])) {
// Check the Guest account is enabled.
if (!user_guest_enabled()) {
return false;
}
// Initialise Guest user session.
session::create(0);
// Success
return true;
} else {
if (isset($_POST['user_logon']) && isset($_POST['user_password'])) {
// Extract the submitted username
$user_logon = $_POST['user_logon'];
// Extract the submitted password
$user_password = $_POST['user_password'];
// Try and login the user.
if ($uid = user_logon($user_logon, $user_password)) {
// Initialise a user session.
session::create($uid);
// Check if we should save a token to allow auto logon,
if (isset($_POST['user_remember']) && $_POST['user_remember'] == 'Y') {
// Get a token for the entered password.
$user_token = user_generate_token($uid);
// Set a cookie with the logon and the token.
html_set_cookie('user_logon', $user_logon, time() + YEAR_IN_SECONDS);
html_set_cookie('user_token', $user_token, time() + YEAR_IN_SECONDS);
} else {
// Remove the cookie.
html_set_cookie('user_logon', '', time() - YEAR_IN_SECONDS);
html_set_cookie('user_token', '', time() - YEAR_IN_SECONDS);
}
// Success
return true;
}
}
}
// Failed
return false;
}
function admin_check_credentials()
{
$webtag = get_webtag();
if (($admin_timeout = session::get_value('ADMIN_TIMEOUT')) && $admin_timeout > time()) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
}
if (isset($_POST['admin_logon']) && isset($_POST['admin_password'])) {
$admin_logon = $_POST['admin_logon'];
$admin_password = $_POST['admin_password'];
if (($admin_uid = user_logon($admin_logon, $admin_password)) && $admin_uid == session::get_value('UID')) {
session::set_value('ADMIN_TIMEOUT', time() + HOUR_IN_SECONDS);
return true;
} else {
html_display_error_msg(gettext("The username or password you supplied are not valid."), '500', 'center');
}
}
html_draw_top();
if (isset($error_message) && strlen(trim($error_message)) > 0) {
html_display_error_msg($error_message, '500', 'center');
}
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
html_display_warning_msg(gettext('To save any changes you must re-authenticate yourself'), '500', 'center');
} else {
html_display_warning_msg(gettext('To access the Admin area you must re-authenticate yourself'), '500', 'center');
}
echo "<div align=\"center\">\n";
echo " <form accept-charset=\"utf-8\" name=\"logonform\" method=\"post\" action=\"", get_request_uri(), "\" target=\"_self\" autocomplete=\"off\">\n";
if (isset($_POST) && is_array($_POST) && sizeof($_POST) > 0) {
echo form_input_hidden_array($_POST);
}
echo " ", form_input_hidden('webtag', htmlentities_array($webtag)), "\n";
echo " <br />\n";
echo " <table cellpadding=\"0\" cellspacing=\"0\" width=\"325\">\n";
echo " <tr>\n";
echo " <td align=\"left\">\n";
echo " <table class=\"box\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"posthead\">\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"left\" class=\"subhead\">", gettext("Please enter your password"), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " <table class=\"posthead\" width=\"100%\">\n";
echo " <tr>\n";
echo " <td align=\"center\">\n";
echo " <table class=\"posthead\" width=\"95%\">\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Username"), ":</td>\n";
echo " <td align=\"left\">", form_input_text('admin_logon', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"right\" width=\"90\">", gettext("Password"), ":</td>\n";
echo " <td align=\"left\">", form_input_password('admin_password', '', 24, 32, '', 'bhinputlogon'), "</td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"left\"> </td>\n";
echo " </tr>\n";
echo " <tr>\n";
echo " <td align=\"center\" colspan=\"2\">", form_submit('logon', gettext("Logon")), "</td>\n";
echo " </tr>\n";
echo " </table>\n";
echo " </form>\n";
echo "</div>\n";
html_draw_bottom();
exit;
}
function user_controller()
{
global $session, $action, $format, $allowusersregister;
$output['content'] = "";
$output['message'] = "";
//--------------------------------------------------------------------------
// Login user (PUBLIC ACTION)
// http://yoursite/emoncms/user/login?name=john&pass=test
//--------------------------------------------------------------------------
if ($action == 'login') {
if (isset($_POST['name']) && isset($_POST['pass']) && ($_POST['name'] && $_POST['pass'])) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST['name']);
// filter out all except for alphanumeric white space and dash
$username = db_real_escape_string($username);
$password = db_real_escape_string($_POST['pass']);
$result = user_logon($username, $password);
if ($result == 0) {
$output['message'] = _('Invalid username or password');
$output['content'] = view("user/login_block.php", array());
} else {
$output['message'] = _('Welcome, you are now logged in');
if ($format == 'html') {
header('Location: ../dashboard/list');
}
}
} else {
$output['content'] = view('user/login_block.php', array());
}
} elseif ($action == 'create' && $allowusersregister) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST["name"]);
// filter out all except for alphanumeric white space and dash
$username = db_real_escape_string($username);
$password = db_real_escape_string($_POST["pass"]);
// New option to return apikey on register - for use with drupal auth integration
if ($_GET['returnapikey'] == true) {
$returnapikey = true;
} else {
$returnapikey = false;
}
if (get_user_id($username) != 0) {
$output['message'] = _("Sorry username already exists");
} elseif (strlen($username) < 4 || strlen($username) > 30) {
$output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>";
} elseif (strlen($password) < 4 || strlen($password) > 30) {
$output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>";
} else {
$user = create_user($username, $password);
if (!$returnapikey) {
$result = user_logon($username, $password);
$output['message'] = _("Your new account has been created");
} else {
$output['message'] = $user['readapikey'];
}
if ($format == 'html') {
header("Location: ../dashboard/list");
}
if ($_SESSION['write']) {
create_user_statistics($_SESSION['userid']);
}
}
} elseif ($action == 'changepass' && $_SESSION['write']) {
$oldpass = db_real_escape_string($_POST['oldpass']);
$newpass = db_real_escape_string($_POST['newpass']);
if (strlen($newpass) < 4 || strlen($newpass) > 30) {
$output['message'] = _("Please enter a password that is 4 to 30 characters long") . "<br/>";
} elseif (change_password($_SESSION['userid'], $oldpass, $newpass)) {
$output['message'] = _("Your password has been changed");
} else {
$output['message'] = _("Invalid password");
}
} elseif ($action == 'changedetails' && $_SESSION['write']) {
$username = preg_replace('/[^\\w\\s-.]/', '', $_POST["username"]);
$username = db_real_escape_string($username);
$email = preg_replace('/[^\\w\\s-.@]/', '', $_POST["email"]);
$email = db_real_escape_string($email);
$id = get_user_id($username);
if ($id && $id != $_SESSION['userid']) {
$output['message'] = _("Sorry username already exists");
} elseif (strlen($username) < 4 || strlen($username) > 30) {
$output['message'] = _("Please enter a username that is 4 to 30 characters long") . "<br/>";
} elseif (!$email) {
$output['message'] = _("No email address present") . "<br/>";
} else {
set_user_username($_SESSION['userid'], $username);
set_user_email($_SESSION['userid'], $email);
}
} elseif ($action == 'newapiread' && $session['write']) {
$apikey_read = md5(uniqid(mt_rand(), true));
set_apikey_read($session['userid'], $apikey_read);
$output['message'] = _("New read apikey: ") . $apikey_read;
if ($format == 'html') {
header("Location: view");
}
} elseif ($action == 'newapiwrite' && $session['write']) {
$apikey_write = md5(uniqid(mt_rand(), true));
set_apikey_write($session['userid'], $apikey_write);
$output['message'] = _("New write apikey: ") . $apikey_write;
if ($format == 'html') {
header("Location: view");
}
} elseif ($action == 'logout' && $session['read']) {
if ($_POST['CSRF_token'] == $_SESSION['CSRF_token']) {
user_logout();
$output['message'] = _("You are logged out");
} else {
reset_CSRF_token();
$output['message'] = _("Invalid token");
}
if ($format == 'html') {
header("Location: ../");
}
} elseif ($action == 'getapiread' && $session['read']) {
$apikey_read = get_apikey_read($session['userid']);
$output = $apikey_read;
} elseif ($action == 'getapiwrite' && $session['write']) {
$apikey_write = get_apikey_write($session['userid']);
$output = $apikey_write;
} elseif ($action == 'view' && $session['write']) {
$user = get_user($session['userid']);
$stats = get_statistics($session['userid']);
if ($format == 'json') {
$output['content'] = json_encode($user);
}
if ($format == 'html') {
$output['content'] = view("user_view.php", array('user' => $user, 'stats' => $stats));
}
} elseif ($action == 'setlang' && $session['write']) {
// Store userlang in database
set_user_lang($session['userid'], $_GET['lang']);
// Reload the page
if ($format == 'html') {
header("Location: view");
}
}
return $output;
}
