function install_step_4()
{
global $lcm_lang_left, $lcm_lang_right;
install_html_start('AUTO', '', 4);
echo "<h3><small>" . _T('install_step_four') . "</small> " . _T('install_title_admin_account') . "</h3>\n";
include_config('inc_connect_install');
echo '<p class="simple_text" align="center">' . _T('install_info_new_account_1') . '<br />' . _T('warning_field_mandatory_all') . ' ' . lcm_help('install_personal') . "</p>\n";
if (isset($_SESSION['errors'])) {
echo show_all_errors($_SESSION['errors']);
}
echo "<form action='install.php' method='post'>\n";
echo "<input type='hidden' name='step' value='5' />\n";
// Your contact information
echo "<fieldset class=\"fs_box\">\n";
echo "<p><b>" . _T('info_your_contact_information') . "</b></p>\n";
// [ML] Altough not most problematic, could be better. But if someone
// fixes here, please fix lcm_pass.php also (function print_registration_form())
$name_first = _session('name_first');
echo "<table border='0' cellpadding='0' cellspacing='5' width='80%'><tr>\n";
echo "<td>\n\t\t\t<strong><label for='name_first'>" . f_err_star('name_first') . _T('person_input_name_first') . "</label></strong><br />\n\t\t\t<input type='text' style='width: 100%;' id='name_first' name='name_first' value='{$name_first}' size='15' class='txt_lmnt' />\n\t\t</td>\n";
$name_last = _session('name_last');
echo "<td>\n\t\t\t<strong><label for='name_last'>" . f_err_star('name_last') . _T('person_input_name_last') . "</label></strong><br />\n\t\t\t<input style='width: 100%;' type='text' id='name_last' name='name_last' value='{$name_last}' size='15' class='txt_lmnt' />\n\t\t</td>\n";
echo "</tr>\n";
echo "<tr>\n";
echo "<td colspan='2'>";
$email = _session('email');
echo "<b><label for='email'>" . f_err_star('email') . _T('input_email') . "</label></b><br />\n";
echo "<input style='width: 100%;' type='text' id='email' name='email' value=\"{$email}\" size='40' class='txt_lmnt' />\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n\n";
// Identifiers
echo "<p><b>" . _T('input_connection_identifiers') . "</b></p>\n";
$username = _session('username');
$password = _session('password');
$password_confirm = _session('password_confirm');
echo "<table border='0' cellpadding='0' cellspacing='5' width='80%'>\n";
echo "<tr>\n";
echo "<td>";
echo "<b><label for='username'>" . f_err_star('username') . _T('authoredit_input_username') . "</label></b> \n";
echo "<small>" . _T('info_more_than_three') . "</small><br />\n";
echo "<input style='width: 100%;' type='text' id='username' name='username' value='{$username}' size='40' class='txt_lmnt' />\n";
echo "</td>\n";
echo "</tr><tr>\n";
echo "<td>";
echo "<b><label for='password'>" . f_err_star('password') . _T('authorconf_input_password') . "</label></b> \n";
echo "<small>" . _T('info_more_than_five') . "</small><br />\n";
echo "<input style='width: 100%;' type='password' id='password' name='password' value='{$password}' size='40' class='txt_lmnt' />\n";
echo "</td>\n";
echo "</tr><tr>\n";
echo "<td>";
echo "<b><label for='password_confirm'>" . f_err_star('password') . _T('authorconf_input_password_confirm') . "</label></b> \n";
echo "<input style='width: 100%;' type='password' id='password_confirm' name='password_confirm' value='{$password_confirm}' size='40' class='txt_lmnt' />\n";
echo "</td>\n";
echo "</tr>\n";
echo "</table>\n";
// Offer to subscribe to the news/announcements mailing-list
if (server_can_send_email()) {
echo "<p align=\"{$lcm_lang_left}\">" . f_err_star('getnews') . get_yes_no('getnews', _session('getnews')) . '<label for="getnews">' . _T('install_info_subscribe_to_news_list') . '</label>' . "</p>\n";
}
echo "</fieldset>\n\n";
echo "<br /><div align=\"{$lcm_lang_right}\">" . "<button type='submit' name='validate'>" . _T('button_next') . " >></button> " . "</div>\n";
echo "</form>";
install_html_end();
$_SESSION['errors'] = array();
$_SESSION['form_data'] = array();
}
function show_login($cible, $prive = 'prive', $message_login = '')
{
$error = '';
$login = _request('var_login');
$logout = _request('var_logout');
// If the cookie fails, inc_auth tried to redirect to lcm_cookie who
// then tried to put a cookie. If it is not there, it is "cookie failed"
// who is there, and it's probably a bookmark on privet=yes and not
// a cookie failure.
$cookie_failed = "";
if (_request('var_cookie_failed')) {
$cookie_failed = $_COOKIE['lcm_session'] != 'cookie_test_failed';
}
global $author_session;
global $lcm_session;
global $clean_link;
if (!$cible) {
// cible = destination
$cible = new Link(_request('var_url', 'index.php'));
}
$cible->delVar('var_erreur');
$cible->delVar('var_url');
$cible->delVar('var_cookie_failed');
$clean_link->delVar('var_erreur');
$clean_link->delVar('var_login');
$clean_link->delVar('var_cookie_failed');
$url = $cible->getUrl();
// This populates the $author_session variable
include_lcm('inc_session');
verifier_visiteur();
if ($author_session and !$logout and ($author_session['status'] == 'admin' or $author_session['status'] == 'normal')) {
if ($url != $GLOBALS['clean_link']->getUrl()) {
lcm_header("Location: " . $cible->getUrlForHeader());
}
// [ML] This is making problems for no reason, we use login only
// for one mecanism (entering the system).
// echo "<a href='$url'>"._T('login_this_way')."</a>\n";
echo "<a class='content_link' href='index.php'>" . _T('login_this_way') . "</a>\n";
return;
}
if (_request('var_erreur') == 'pass') {
$error = _T('login_password_incorrect');
}
// The login is memorized in the cookie for a possible future admin login
if (!$login && isset($_COOKIE['lcm_admin'])) {
if (preg_match("/^@(.*)\$/", $_COOKIE['lcm_admin'], $regs)) {
$login = $regs[1];
}
} else {
if ($login == '-1') {
$login = '';
}
}
// other sources for authentication
$flag_autres_sources = isset($GLOBALS['ldap_present']) ? $GLOBALS['ldap_present'] : '';
// What informations to pass?
if ($login) {
$status_login = 0;
// unknown status
$login = clean_input($login);
$query = "SELECT id_author, status, password, prefs, alea_actuel, alea_futur \n\t\t\t\t\tFROM lcm_author \n\t\t\t\t\tWHERE username='******'";
$result = lcm_query($query);
if ($row = lcm_fetch_array($result)) {
if ($row['status'] == 'trash' or $row['password'] == '') {
$status_login = -1;
// deny
} else {
$status_login = 1;
// known login
// Which infos to pass for the javascript ?
$id_author = $row['id_author'];
$alea_actuel = $row['alea_actuel'];
// for MD5
$alea_futur = $row['alea_futur'];
// Button for lenght of connection
if ($row['prefs']) {
$prefs = unserialize($row['prefs']);
$rester_checked = $prefs['cnx'] == 'perma' ? ' checked=\'checked\'' : '';
}
}
}
// Unknown login (except LDAP) or refused
if ($status_login == -1 or $status_login == 0 and !$flag_autres_sources) {
$error = _T('login_identifier_unknown', array('login' => htmlspecialchars(clean_output($login))));
$login = '';
// [ML] Not sure why this was here, but headers are already sent
// therefore it causes an error message (which is not shown, but
// might make a mess, knowing how PHP runs differently everywhere..)
// @lcm_setcookie('lcm_admin', '', time() - 3600);
}
}
// Javascript for the focus
if ($login) {
$js_focus = 'document.form_login.session_password.focus();';
} else {
$js_focus = 'document.form_login.var_login.focus();';
}
// [ML] we should probably add a help link here, since tech, but let's see
// how many users complain first, since this should affect only tech users
if ($cookie_failed == "yes") {
$error = _T('login_warning_cookie');
}
echo open_login();
// [ML] Looks like there is no reason why to use $clean_link (defined in inc_version.php)
// It would cause very strange bugs when the "feed_globals()" were removed from inc_version
// and in the end, well, it looks rather useless.
//
// Strange bugs were caused because $action would be "./" and therefore it
// would call index.php -> listcases.php -> includes inc_auth.php who then
// calls auth(), who redirects to the login page.
$action = $clean_link->getUrl();
// $action = "lcm_login.php";
if ($login) {
// Shows the login form, including the MD5 javascript
$flag_challenge_md5 = true;
if ($flag_challenge_md5) {
echo '<script type="text/javascript" src="inc/md5.js"></script>';
}
echo "\n";
echo '<form name="form_login" action="lcm_cookie.php" method="post"';
if ($flag_challenge_md5) {
echo " onsubmit='if (this.session_password.value) {\n\t\t\t\tthis.session_password_md5.value = calcMD5(\"{$alea_actuel}\" + this.session_password.value);\n\t\t\t\tthis.next_session_password_md5.value = calcMD5(\"{$alea_futur}\" + this.session_password.value);\n\t\t\t\tthis.session_password.value = \"\"; }'";
}
echo ">\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>\n";
if ($error) {
echo "<div style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></div><br />\n";
}
if ($flag_challenge_md5) {
// This is printed with javascript so that it is hidden from navigators not
// using JS, since they will see the username field anyway.
echo "<script type=\"text/javascript\"><!--\n" . "document.write('" . addslashes(_T('login_login')) . " <b>{$login}</b><br/>" . "<font size=\\'2\\'><a href=\\'lcm_cookie.php?cookie_admin=no&url=" . rawurlencode($action) . "\\' class=\\'link_btn\\'>" . _T('login_other_identifier') . "</a></font>');\n" . "//--></script>\n";
// If javascript is active, we pass the login in the hidden field
echo "<input type='hidden' name='session_login_hidden' value='{$login}' />";
// If javascript is not active, the login is still modifiable
// (since the challenge is not used)
echo "<noscript>";
}
echo "\t<label for='session_login'><b>" . _T('login_login') . "</b> (" . _T('login_info_login') . ")<br /></label>";
echo "\t<input type='text' name='session_login' id='session_login' class='forml' value=\"{$login}\" size='40' />\n";
if ($flag_challenge_md5) {
echo "</noscript>\n";
}
echo "\t<p />\n";
echo "\t<label for='session_password'><b>" . _T('login_password') . "</b><br /></label>";
echo "\t<input type='password' name='session_password' id='session_password' class='forml' value=\"\" size='40' />\n";
echo "\t<input type='hidden' name='essai_login' value='oui' />\n";
echo "\t<br /> <input type='checkbox' name='session_remember' value='yes' id='session_remember'{$rester_checked} /> ";
echo "\t<label for='session_remember'>" . _T('login_remain_logged_on') . "</label>";
echo "\t<input type='hidden' name='url' value='{$url}' />\n";
echo "\t<input type='hidden' name='session_password_md5' value='' />\n";
echo "\t<input type='hidden' name='next_session_password_md5' value='' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
} else {
// Ask only for the login/username
$action = quote_amp($action);
echo "<form name='form_login' action='{$action}' method='post'>\n";
echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>";
if ($error) {
echo "<span style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></span><p />";
}
echo "<label><b>" . _T('login_login') . '</b> (' . _T('login_info_login') . ')' . "<br /></label>";
echo "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n";
echo "<input type='hidden' name='var_url' value='{$url}' />\n";
echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n";
echo "</div>";
echo "</form>";
}
// Focus management
echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n";
// Start the login footer
echo "<div align='left' style='font-size: 12px;' >";
echo "<div class='lang_combo_box'>" . menu_languages() . "</div>\n";
// button for "forgotten password"
include_lcm('inc_mail');
if (server_can_send_email()) {
echo '<a href="lcm_pass.php?pass_forgotten=yes" target="lcm_pass" onclick="' . "javascript:window.open(this.href, 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=280'); return false;\" class=\"link_btn\">" . _T('login_password_forgotten') . '</a>';
}
$register_popup = 'href="lcm_pass.php?register=yes" target="lcm_pass" ' . ' onclick="' . "javascript:window.open('lcm_pass.php?register=yes', 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=500'); return false;\"";
$open_subscription = read_meta("site_open_subscription");
if ($open_subscription == 'yes' || $open_subscription == 'moderated') {
echo " <a {$register_popup} class=\"link_btn\">" . _T('login_register') . '</a>';
}
echo "</div>\n";
echo close_login();
}
