} $success = "no"; $introtext = "\n<br />" . _("Please enter your <strong>credentials</strong> to proceed.") . "</p>"; $login_form = "<div align=\"center\">\n\n\n<form action=\"login.php\" method=\"post\" style=\"font-size: 1em;\">\n\n<input type=\"hidden\" name=\"thecount\" value=\"" . $postvar_thecount . "\" />\n<table cellpadding=\"7\" cellspacing=\"0\" border=\"0\" class=\"striped_data\">\n\n<tr>\n\n<td valign=\"top\" class=\"odd\"><strong>" . _("Login") . "</strong></td>\n\n<td valign=\"top\" class=\"odd\" align=\"left\"><input name=\"username\" type=\"text\" value=\"{$postvar_username}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\"><strong>" . _("Password") . "</strong></td>\n\n<td valign=\"top\" class=\"even\" align=\"left\"><input name=\"password\" type=\"password\" value=\"{$postvar_password}\" size=\"20\" /></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"odd\" colspan=\"2\"><div align=\"center\"><input class=\"button\" type=\"submit\" value=\"login\" /></div></td>\n\n</tr>\n\n<tr>\n\n<td valign=\"top\" class=\"even\" colspan=\"2\"><div align=\"right\"><a href=\"forgotpassword.php\">" . _("Forgot Password") . "</a></div></td>\n\n</tr>\n\n</table>\n\n</form>\n\n</div>\n"; if ($postvar_username != "" and isset($postvar_password)) { // just to try to be nice, try appending the defined (in config.php) campus ending (@yourcollege.edu) // if the login lacks one $pos = strpos($postvar_username, "@"); if ($pos === false) { $postvar_username = $postvar_username . $email_key; } // try this against the db // Note that passwords are hashed in the database $emailAdd = $postvar_username; $password = md5($postvar_password); $checker = isCool($emailAdd, $password); if ($checker == "success") { if (isset($_SESSION["desired_page"])) { $loc = $_SESSION["desired_page"]; header("location:{$loc}"); exit; } else { header("location:index.php"); exit; } } else { // Bad credentials, try again. Only 3 tries before you get bumped $introtext = "<p align=\"center\"><strong>" . _("Please check your email and password and try again. (Note that login attempts are logged.)") . "</strong></p><br />"; $success = "no"; } //print $checker;
use SubjectsPlus\Control\DBConnector; use SubjectsPlus\Control\BuildNav; use SubjectsPlus\Control\Querier; //added in order to redirect to proper page if config file doesn't exist or if only placeholder if (!file_exists(dirname(__FILE__) . '/config.php') || filesize(dirname(__FILE__) . '/config.php') < 10) { $lstrURL = getControlURL(); if (!file_exists(dirname(__FILE__) . '/config-default.php')) { header("location:{$lstrURL}includes/configErrorPage.php?error=nobasefile"); exit; } header("location:{$lstrURL}includes/configErrorPage.php?error=nofile"); exit; } require_once dirname(__FILE__) . "/config.php"; if ((isset($use_shibboleth) && $use_shibboleth) == TRUE) { isCool($_SERVER['mail'], "", true); } else { $db = new Querier(); // start our session session_start(); } //Initialise CSRFGuard library //csrfProtector::init(); //print_r($_SESSION); //added in order to redirect to proper page if cannot connect to database. Only check if $tryDB variable doesn't exists and says no /* if( !isset($tryDB) || $tryDB != 'no') { try { @$dbc = new DBConnector($uname, $pword, $dbName_SPlus, $hname); } catch (Exception $e) {