}
$success = "no";
$introtext = "\n<br />" . _("Please enter your <strong>credentials</strong> to proceed.") . "</p>";
$login_form = "<div align=\"center\">\n\n\n<form action=\"login.php\" method=\"post\" style=\"font-size: 1em;\">\n\n<input type=\"hidden\" name=\"thecount\" value=\"" . $postvar_thecount . "\" />\n<table cellpadding=\"7\" cellspacing=\"0\" border=\"0\" class=\"striped_data\">\n\n<tr>\n\n<td valign=\"top\" class=\"odd\"><strong>" . _("Login") . "</strong></td>\n\n<td valign=\"top\" class=\"odd\" align=\"left\"><input name=\"username\" type=\"text\" value=\"{$postvar_username}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\"><strong>" . _("Password") . "</strong></td>\n\n<td valign=\"top\" class=\"even\" align=\"left\"><input name=\"password\" type=\"password\" value=\"{$postvar_password}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"odd\" colspan=\"2\"><div align=\"center\"><input class=\"button\" type=\"submit\" value=\"login\" /></div></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\" colspan=\"2\"><div align=\"right\"><a href=\"forgotpassword.php\">" . _("Forgot Password") . "</a></div></td>\n\n</tr>\n\n</table>\n\n</form>\n\n</div>\n";
if ($postvar_username != "" and isset($postvar_password)) {
// just to try to be nice, try appending the defined (in config.php) campus ending (@yourcollege.edu)
// if the login lacks one
$pos = strpos($postvar_username, "@");
if ($pos === false) {
$postvar_username = $postvar_username . $email_key;
}
// try this against the db
// Note that passwords are hashed in the database
$emailAdd = $postvar_username;
$password = md5($postvar_password);
$checker = isCool($emailAdd, $password);
if ($checker == "success") {
if (isset($_SESSION["desired_page"])) {
$loc = $_SESSION["desired_page"];
header("location:{$loc}");
exit;
} else {
header("location:index.php");
exit;
}
} else {
// Bad credentials, try again. Only 3 tries before you get bumped
$introtext = "<p align=\"center\"><strong>" . _("Please check your email and password and try again. (Note that login attempts are logged.)") . "</strong></p><br />";
$success = "no";
}
//print $checker;
use SubjectsPlus\Control\DBConnector;
use SubjectsPlus\Control\BuildNav;
use SubjectsPlus\Control\Querier;
//added in order to redirect to proper page if config file doesn't exist or if only placeholder
if (!file_exists(dirname(__FILE__) . '/config.php') || filesize(dirname(__FILE__) . '/config.php') < 10) {
$lstrURL = getControlURL();
if (!file_exists(dirname(__FILE__) . '/config-default.php')) {
header("location:{$lstrURL}includes/configErrorPage.php?error=nobasefile");
exit;
}
header("location:{$lstrURL}includes/configErrorPage.php?error=nofile");
exit;
}
require_once dirname(__FILE__) . "/config.php";
if ((isset($use_shibboleth) && $use_shibboleth) == TRUE) {
isCool($_SERVER['mail'], "", true);
} else {
$db = new Querier();
// start our session
session_start();
}
//Initialise CSRFGuard library
//csrfProtector::init();
//print_r($_SESSION);
//added in order to redirect to proper page if cannot connect to database. Only check if $tryDB variable doesn't exists and says no
/*
if( !isset($tryDB) || $tryDB != 'no')
{
try {
@$dbc = new DBConnector($uname, $pword, $dbName_SPlus, $hname);
} catch (Exception $e) {
