exit;
}
$_T->printHeader();
lovd_printSideBar();
require ROOT_PATH . 'inc-lib-form.php';
// Load User class.
require ROOT_PATH . 'class/object_users.php';
$_USER = new LOVD_User();
print ' <B>Administrator account details</B><BR>' . "\n" . ' <BR>' . "\n\n";
if (isset($_GET['sent'])) {
lovd_errorClean();
$_USER->checkFields($_POST);
if (!lovd_error()) {
// Gather information and go to next page.
// Prepare password...
$_POST['password'] = lovd_createPasswordHash($_POST['password_1']);
unset($_POST['password_1'], $_POST['password_2']);
print ' Account details OK. Ready to proceed to the next step.<BR>' . "\n" . ' <BR>' . "\n\n";
lovd_printInstallForm();
$_T->printFooter();
exit;
} else {
// Errors, thus we must return to the form. Remove the password fields!
unset($_POST['password_1'], $_POST['password_2']);
}
} else {
// Default values.
$_USER->setDefaultValues();
}
if (!isset($_GET['sent'])) {
print ' Please fill in the Administrator\'s account details and press \'Continue\' to continue the installation.<BR>' . "\n" . ' <BR>' . "\n\n";
// Successfully logging in!
$_SESSION['auth'] = $zUser;
$_AUTH =& $_SESSION['auth'];
lovd_writeLog('Auth', 'AuthLogin', $_SERVER['REMOTE_ADDR'] . ' (' . gethostbyaddr($_SERVER['REMOTE_ADDR']) . ') successfully logged in using ' . $_POST['username'] . '/' . str_repeat('*', strlen($_POST['password'])));
$_SESSION['last_login'] = $_AUTH['last_login'];
// Protect against Session Fixation by regenarating the ID (available since 4.3.2), but only after 4.3.10 as it gives problems before that...
if (!(substr(phpversion(), 0, 4) == '4.3.' && substr(phpversion(), 4) < 10)) {
session_regenerate_id();
// Fix weird behaviour of session_regenerate_id() - sometimes it is not sending a new cookie.
setcookie(session_name(), session_id(), ini_get('session.cookie_lifetime'));
}
// FIXME; This is temporary code; can be removed once the old authentication method has died out.
// Regenerate the new password hash, *but only if the user has upgraded the database already*!!!
if (strlen($zUser['password']) == 32 && $_STAT['version'] >= '3.0-alpha-02') {
// User has logged in, so we have his password. Create salt and regenerate password hash for him.
$_SESSION['auth']['password'] = lovd_createPasswordHash($_POST['password']);
$_DB->query('UPDATE ' . TABLE_USERS . ' SET password = ?, password_autogen = "", phpsessid = ?, last_login = NOW(), login_attempts = 0 WHERE id = ?', array($_SESSION['auth']['password'], session_id(), $_AUTH['id']));
} else {
// FIXME; if this block is removed, keep this query.
$_DB->query('UPDATE ' . TABLE_USERS . ' SET password_autogen = "", phpsessid = ?, last_login = NOW(), login_attempts = 0 WHERE id = ?', array(session_id(), $_AUTH['id']));
}
// Check if the user should be forced to change his/her password.
if (!empty($_AUTH['password_force_change'])) {
$_SESSION['password_force_change'] = true;
}
// Check if referer is given, check it, then forward the user.
if (!empty($_POST['referer'])) {
// Location is within this LOVD installation.
$sLocation = $_POST['referer'];
} else {
// Redirect to proper location will be done somewhere else in this code.
