} //ab } else { if ($fm_stage == "auth") { if (empty($fm_username) || empty($fm_password)) { display_errorbox("Must specify both a username and a password."); print_review_login_form($fm_username, $fm_password, $fm_requestid); } else { $dbh = open_db(); // attempt local (DB) authentication, or LDAP authentication $userinfo = authenticate_reviewer($dbh, $fm_username, $fm_password); if ($userinfo !== null) { if (is_reviewer($userinfo)) { $_SESSION['auth'] = true; $_SESSION['username'] = $fm_username; if (db_update_user_last_login($dbh, $fm_username) == false) { echo "Unable to record login date/time."; } if (empty($fm_requestid)) { require_once './include/display_listrequest.php'; //AB //show request list print_requestid_form(); } else { prepare_message_review($dbh, $fm_requestid); } } else { display_errorbox("Only authorized Senate reviewers can use this site."); print_review_login_form($fm_username, $fm_password, $fm_requestid); } } else { display_errorbox("Invalid username or password.");
function process_login($login_info, $username, $password, $sitename) { if (is_array($login_info)) { // if an array is returned, then login was successful $bapi = $login_info['binding']; $sessionID = $login_info['sessionID']; $accountID = $login_info['accountID']; $isAgency = $login_info['isAgency']; if ($isAgency == true) { print_agency_login_form($username, $password, $sitename, "", $sessionID, $login_info['accounts']); } else { $dbh = open_db(); if ($dbh) { $rc = db_save_user($dbh, $username, $password, 'BRONTO', 'REQUESTER', $sitename); if ($rc == false) { display_warnbox("Unable to save user information (user="******",sitename=" . $sitename . ")"); } $rc = db_save_session($dbh, $sessionID, $username, $accountID); if ($rc == false) { display_warnbox("Unable to save session information (id=" . $sessionID . ",user="******")"); } if (db_update_user_last_login($dbh, $username) == false) { echo "Unable to record login date/time."; } // Confirm that user information is available. $userinfo = db_get_user($dbh, $username); if (empty($userinfo['firstname']) || empty($userinfo['lastname']) || empty($userinfo['email'])) { print_user_info_form($sessionID, $userinfo); } else { if (print_message_select_form($bapi, $sessionID) == false) { display_errorbox("Unable to connect to Bronto API."); print_request_login_form($username, $password, $sitename); } } } else { display_errorbox("Unable to connect to database."); print_request_login_form($username, $password, $sitename); } } } else { if ($login_info === false) { // if "false" was returned, then login was unsuccessful (incorrect username, password, or sitename) display_errorbox("Invalid username, password, or sitename."); } else { // otherwise, "null" is returned, meaning no connectivity to Bronto API display_errorbox("Unable to connect to the Bronto API server."); } print_request_login_form($username, $password, $sitename); } }