function install_step_4() { global $lcm_lang_left, $lcm_lang_right; install_html_start('AUTO', '', 4); echo "<h3><small>" . _T('install_step_four') . "</small> " . _T('install_title_admin_account') . "</h3>\n"; include_config('inc_connect_install'); echo '<p class="simple_text" align="center">' . _T('install_info_new_account_1') . '<br />' . _T('warning_field_mandatory_all') . ' ' . lcm_help('install_personal') . "</p>\n"; if (isset($_SESSION['errors'])) { echo show_all_errors($_SESSION['errors']); } echo "<form action='install.php' method='post'>\n"; echo "<input type='hidden' name='step' value='5' />\n"; // Your contact information echo "<fieldset class=\"fs_box\">\n"; echo "<p><b>" . _T('info_your_contact_information') . "</b></p>\n"; // [ML] Altough not most problematic, could be better. But if someone // fixes here, please fix lcm_pass.php also (function print_registration_form()) $name_first = _session('name_first'); echo "<table border='0' cellpadding='0' cellspacing='5' width='80%'><tr>\n"; echo "<td>\n\t\t\t<strong><label for='name_first'>" . f_err_star('name_first') . _T('person_input_name_first') . "</label></strong><br />\n\t\t\t<input type='text' style='width: 100%;' id='name_first' name='name_first' value='{$name_first}' size='15' class='txt_lmnt' />\n\t\t</td>\n"; $name_last = _session('name_last'); echo "<td>\n\t\t\t<strong><label for='name_last'>" . f_err_star('name_last') . _T('person_input_name_last') . "</label></strong><br />\n\t\t\t<input style='width: 100%;' type='text' id='name_last' name='name_last' value='{$name_last}' size='15' class='txt_lmnt' />\n\t\t</td>\n"; echo "</tr>\n"; echo "<tr>\n"; echo "<td colspan='2'>"; $email = _session('email'); echo "<b><label for='email'>" . f_err_star('email') . _T('input_email') . "</label></b><br />\n"; echo "<input style='width: 100%;' type='text' id='email' name='email' value=\"{$email}\" size='40' class='txt_lmnt' />\n"; echo "</td>\n"; echo "</tr>\n"; echo "</table>\n\n"; // Identifiers echo "<p><b>" . _T('input_connection_identifiers') . "</b></p>\n"; $username = _session('username'); $password = _session('password'); $password_confirm = _session('password_confirm'); echo "<table border='0' cellpadding='0' cellspacing='5' width='80%'>\n"; echo "<tr>\n"; echo "<td>"; echo "<b><label for='username'>" . f_err_star('username') . _T('authoredit_input_username') . "</label></b> \n"; echo "<small>" . _T('info_more_than_three') . "</small><br />\n"; echo "<input style='width: 100%;' type='text' id='username' name='username' value='{$username}' size='40' class='txt_lmnt' />\n"; echo "</td>\n"; echo "</tr><tr>\n"; echo "<td>"; echo "<b><label for='password'>" . f_err_star('password') . _T('authorconf_input_password') . "</label></b> \n"; echo "<small>" . _T('info_more_than_five') . "</small><br />\n"; echo "<input style='width: 100%;' type='password' id='password' name='password' value='{$password}' size='40' class='txt_lmnt' />\n"; echo "</td>\n"; echo "</tr><tr>\n"; echo "<td>"; echo "<b><label for='password_confirm'>" . f_err_star('password') . _T('authorconf_input_password_confirm') . "</label></b> \n"; echo "<input style='width: 100%;' type='password' id='password_confirm' name='password_confirm' value='{$password_confirm}' size='40' class='txt_lmnt' />\n"; echo "</td>\n"; echo "</tr>\n"; echo "</table>\n"; // Offer to subscribe to the news/announcements mailing-list if (server_can_send_email()) { echo "<p align=\"{$lcm_lang_left}\">" . f_err_star('getnews') . get_yes_no('getnews', _session('getnews')) . '<label for="getnews">' . _T('install_info_subscribe_to_news_list') . '</label>' . "</p>\n"; } echo "</fieldset>\n\n"; echo "<br /><div align=\"{$lcm_lang_right}\">" . "<button type='submit' name='validate'>" . _T('button_next') . " >></button> " . "</div>\n"; echo "</form>"; install_html_end(); $_SESSION['errors'] = array(); $_SESSION['form_data'] = array(); }
function show_login($cible, $prive = 'prive', $message_login = '') { $error = ''; $login = _request('var_login'); $logout = _request('var_logout'); // If the cookie fails, inc_auth tried to redirect to lcm_cookie who // then tried to put a cookie. If it is not there, it is "cookie failed" // who is there, and it's probably a bookmark on privet=yes and not // a cookie failure. $cookie_failed = ""; if (_request('var_cookie_failed')) { $cookie_failed = $_COOKIE['lcm_session'] != 'cookie_test_failed'; } global $author_session; global $lcm_session; global $clean_link; if (!$cible) { // cible = destination $cible = new Link(_request('var_url', 'index.php')); } $cible->delVar('var_erreur'); $cible->delVar('var_url'); $cible->delVar('var_cookie_failed'); $clean_link->delVar('var_erreur'); $clean_link->delVar('var_login'); $clean_link->delVar('var_cookie_failed'); $url = $cible->getUrl(); // This populates the $author_session variable include_lcm('inc_session'); verifier_visiteur(); if ($author_session and !$logout and ($author_session['status'] == 'admin' or $author_session['status'] == 'normal')) { if ($url != $GLOBALS['clean_link']->getUrl()) { lcm_header("Location: " . $cible->getUrlForHeader()); } // [ML] This is making problems for no reason, we use login only // for one mecanism (entering the system). // echo "<a href='$url'>"._T('login_this_way')."</a>\n"; echo "<a class='content_link' href='index.php'>" . _T('login_this_way') . "</a>\n"; return; } if (_request('var_erreur') == 'pass') { $error = _T('login_password_incorrect'); } // The login is memorized in the cookie for a possible future admin login if (!$login && isset($_COOKIE['lcm_admin'])) { if (preg_match("/^@(.*)\$/", $_COOKIE['lcm_admin'], $regs)) { $login = $regs[1]; } } else { if ($login == '-1') { $login = ''; } } // other sources for authentication $flag_autres_sources = isset($GLOBALS['ldap_present']) ? $GLOBALS['ldap_present'] : ''; // What informations to pass? if ($login) { $status_login = 0; // unknown status $login = clean_input($login); $query = "SELECT id_author, status, password, prefs, alea_actuel, alea_futur \n\t\t\t\t\tFROM lcm_author \n\t\t\t\t\tWHERE username='******'"; $result = lcm_query($query); if ($row = lcm_fetch_array($result)) { if ($row['status'] == 'trash' or $row['password'] == '') { $status_login = -1; // deny } else { $status_login = 1; // known login // Which infos to pass for the javascript ? $id_author = $row['id_author']; $alea_actuel = $row['alea_actuel']; // for MD5 $alea_futur = $row['alea_futur']; // Button for lenght of connection if ($row['prefs']) { $prefs = unserialize($row['prefs']); $rester_checked = $prefs['cnx'] == 'perma' ? ' checked=\'checked\'' : ''; } } } // Unknown login (except LDAP) or refused if ($status_login == -1 or $status_login == 0 and !$flag_autres_sources) { $error = _T('login_identifier_unknown', array('login' => htmlspecialchars(clean_output($login)))); $login = ''; // [ML] Not sure why this was here, but headers are already sent // therefore it causes an error message (which is not shown, but // might make a mess, knowing how PHP runs differently everywhere..) // @lcm_setcookie('lcm_admin', '', time() - 3600); } } // Javascript for the focus if ($login) { $js_focus = 'document.form_login.session_password.focus();'; } else { $js_focus = 'document.form_login.var_login.focus();'; } // [ML] we should probably add a help link here, since tech, but let's see // how many users complain first, since this should affect only tech users if ($cookie_failed == "yes") { $error = _T('login_warning_cookie'); } echo open_login(); // [ML] Looks like there is no reason why to use $clean_link (defined in inc_version.php) // It would cause very strange bugs when the "feed_globals()" were removed from inc_version // and in the end, well, it looks rather useless. // // Strange bugs were caused because $action would be "./" and therefore it // would call index.php -> listcases.php -> includes inc_auth.php who then // calls auth(), who redirects to the login page. $action = $clean_link->getUrl(); // $action = "lcm_login.php"; if ($login) { // Shows the login form, including the MD5 javascript $flag_challenge_md5 = true; if ($flag_challenge_md5) { echo '<script type="text/javascript" src="inc/md5.js"></script>'; } echo "\n"; echo '<form name="form_login" action="lcm_cookie.php" method="post"'; if ($flag_challenge_md5) { echo " onsubmit='if (this.session_password.value) {\n\t\t\t\tthis.session_password_md5.value = calcMD5(\"{$alea_actuel}\" + this.session_password.value);\n\t\t\t\tthis.next_session_password_md5.value = calcMD5(\"{$alea_futur}\" + this.session_password.value);\n\t\t\t\tthis.session_password.value = \"\"; }'"; } echo ">\n"; echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>\n"; if ($error) { echo "<div style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></div><br />\n"; } if ($flag_challenge_md5) { // This is printed with javascript so that it is hidden from navigators not // using JS, since they will see the username field anyway. echo "<script type=\"text/javascript\"><!--\n" . "document.write('" . addslashes(_T('login_login')) . " <b>{$login}</b><br/>" . "<font size=\\'2\\'><a href=\\'lcm_cookie.php?cookie_admin=no&url=" . rawurlencode($action) . "\\' class=\\'link_btn\\'>" . _T('login_other_identifier') . "</a></font>');\n" . "//--></script>\n"; // If javascript is active, we pass the login in the hidden field echo "<input type='hidden' name='session_login_hidden' value='{$login}' />"; // If javascript is not active, the login is still modifiable // (since the challenge is not used) echo "<noscript>"; } echo "\t<label for='session_login'><b>" . _T('login_login') . "</b> (" . _T('login_info_login') . ")<br /></label>"; echo "\t<input type='text' name='session_login' id='session_login' class='forml' value=\"{$login}\" size='40' />\n"; if ($flag_challenge_md5) { echo "</noscript>\n"; } echo "\t<p />\n"; echo "\t<label for='session_password'><b>" . _T('login_password') . "</b><br /></label>"; echo "\t<input type='password' name='session_password' id='session_password' class='forml' value=\"\" size='40' />\n"; echo "\t<input type='hidden' name='essai_login' value='oui' />\n"; echo "\t<br /> <input type='checkbox' name='session_remember' value='yes' id='session_remember'{$rester_checked} /> "; echo "\t<label for='session_remember'>" . _T('login_remain_logged_on') . "</label>"; echo "\t<input type='hidden' name='url' value='{$url}' />\n"; echo "\t<input type='hidden' name='session_password_md5' value='' />\n"; echo "\t<input type='hidden' name='next_session_password_md5' value='' />\n"; echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n"; echo "</div>"; echo "</form>"; } else { // Ask only for the login/username $action = quote_amp($action); echo "<form name='form_login' action='{$action}' method='post'>\n"; echo "<div class='main_login_box' style='text-align:" . $GLOBALS["lcm_lang_left"] . ";'>"; if ($error) { echo "<span style='color:red;'><b>" . _T('login_access_denied') . " {$error}</b></span><p />"; } echo "<label><b>" . _T('login_login') . '</b> (' . _T('login_info_login') . ')' . "<br /></label>"; echo "<input type='text' name='var_login' class='forml' value=\"\" size='40' />\n"; echo "<input type='hidden' name='var_url' value='{$url}' />\n"; echo "<div align='right'><input class='button_login' type='submit' value='" . _T('button_validate') . "' /></div>\n"; echo "</div>"; echo "</form>"; } // Focus management echo "<script type=\"text/javascript\"><!--\n" . $js_focus . "\n//--></script>\n"; // Start the login footer echo "<div align='left' style='font-size: 12px;' >"; echo "<div class='lang_combo_box'>" . menu_languages() . "</div>\n"; // button for "forgotten password" include_lcm('inc_mail'); if (server_can_send_email()) { echo '<a href="lcm_pass.php?pass_forgotten=yes" target="lcm_pass" onclick="' . "javascript:window.open(this.href, 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=280'); return false;\" class=\"link_btn\">" . _T('login_password_forgotten') . '</a>'; } $register_popup = 'href="lcm_pass.php?register=yes" target="lcm_pass" ' . ' onclick="' . "javascript:window.open('lcm_pass.php?register=yes', 'lcm_pass', 'scrollbars=yes, resizable=yes, width=640, height=500'); return false;\""; $open_subscription = read_meta("site_open_subscription"); if ($open_subscription == 'yes' || $open_subscription == 'moderated') { echo " <a {$register_popup} class=\"link_btn\">" . _T('login_register') . '</a>'; } echo "</div>\n"; echo close_login(); }