/**
* The actualiser for logging in.
*
* @return tempcode The UI.
*/
function login_after()
{
breadcrumb_set_parents(array(array('_SELF:_SELF:misc', do_lang_tempcode('_LOGIN'))));
$username = trim(post_param('login_username'));
$feedback = $GLOBALS['FORUM_DRIVER']->forum_authorise_login($username, NULL, apply_forum_driver_md5_variant(trim(post_param('password')), $username), trim(post_param('password')));
$id = $feedback['id'];
if (!is_null($id)) {
$title = get_page_title('LOGGED_IN');
$url = enforce_sessioned_url(either_param('redirect'));
//set_session_id(get_session_id()); // Just in case something earlier set it to a pre-logged-in one Not needed
if (count($_POST) <= 4) {
require_code('site2');
assign_refresh($url, 0.0);
$post = new ocp_tempcode();
$refresh = new ocp_tempcode();
} else {
$post = build_keep_post_fields(array('redirect', 'redirect_passon'));
$redirect_passon = post_param('redirect_passon', NULL);
if (!is_null($redirect_passon)) {
$post->attach(form_input_hidden('redirect', $redirect_passon));
}
$refresh = do_template('JS_REFRESH', array('_GUID' => 'c7d2f9e7a2cc637f3cf9ac4d1cf97eca', 'FORM_NAME' => 'redir_form'));
}
decache('side_users_online');
return do_template('LOGIN_REDIRECT_SCREEN', array('_GUID' => '82e056de9150bbed185120eac3571f40', 'REFRESH' => $refresh, 'TITLE' => $title, 'TEXT' => do_lang_tempcode('_LOGIN_TEXT'), 'URL' => $url, 'POST' => $post));
} else {
get_page_title('USER_LOGIN_ERROR');
$text = $feedback['error'];
attach_message($text, 'warn');
if (get_forum_type() == 'ocf') {
require_lang('ocf');
$forgotten_link = build_url(array('page' => 'lostpassword'), get_module_zone('lostpassword'));
$extra = do_lang_tempcode('IF_FORGOTTEN_PASSWORD', escape_html($forgotten_link->evaluate()));
attach_message($extra, 'inform');
}
return $this->login_before();
}
}
/**
* Assign a page refresh to the specified URL.
*
* @param mixed Refresh to this URL (URLPATH or Tempcode URL)
* @param float Take this many times longer than a 'standard ocPortal refresh'
*/
function assign_refresh($url, $multiplier)
{
if (is_object($url)) {
$url = $url->evaluate();
}
if (strpos($url, 'keep_session') !== false) {
$url = enforce_sessioned_url($url);
}
// In case the session changed in transit (this refresh URL may well have been relayed from a much earlier point)
$special_page_type = get_param('special_page_type', 'view');
$must_show_message = $multiplier != 0.0;
// Fudge so that redirects can't count as flooding
if (get_forum_type() == 'ocf') {
require_code('ocf_groups');
$restrict_answer = ocf_get_best_group_property($GLOBALS['FORUM_DRIVER']->get_members_groups(get_member()), 'flood_control_access_secs');
if ($restrict_answer != 0) {
$restrict_setting = 'm_last_visit_time';
$GLOBALS['FORUM_DB']->query_update('f_members', array('m_last_visit_time' => time() - $restrict_answer - 1), array('id' => get_member()), '', 1);
}
}
if (!$must_show_message) {
// Preferably server is gonna redirect before page is shown. This is for accessibility reasons
if (strpos($url, chr(10)) !== false || strpos($url, chr(13)) !== false) {
log_hack_attack_and_exit('HEADER_SPLIT_HACK');
}
global $FORCE_META_REFRESH;
if ($special_page_type == 'view' && $GLOBALS['NON_PAGE_SCRIPT'] == 0 && !headers_sent() && !$FORCE_META_REFRESH) {
header('Location: ' . $url);
if (strpos($url, '#') === false) {
$GLOBALS['QUICK_REDIRECT'] = true;
}
}
}
if ($special_page_type == 'view') {
global $REFRESH_URL;
$REFRESH_URL[0] = $url;
$REFRESH_URL[1] = 2.5 * $multiplier;
}
}