case 'sendmail': if ($staff = Staff::lookup($_POST['userid'])) { if (!$staff->hasPassword()) { $msg = 'Unable to reset password. Contact your administrator'; } elseif (!$staff->sendResetEmail()) { $tpl = 'pwreset.sent.php'; } } else { $msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']); } break; case 'newpasswd': // TODO: Compare passwords $tpl = 'pwreset.login.php'; $errors = array(); if ($staff = StaffAuthenticationBackend::processSignOn($errors)) { $info = array('page' => 'index.php'); Http::redirect($info['page']); } elseif (isset($errors['msg'])) { $msg = $errors['msg']; } break; } } elseif ($_GET['token']) { $msg = 'Please enter your username or email'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) { // TODO: Detect staff confirmation (for welcome email) $tpl = 'pwreset.login.php'; } else { header('Location: index.php');
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php'; $show_reset = false; if ($_POST) { // Lookup support backends for this staff $username = trim($_POST['userid']); if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) { session_write_close(); Http::redirect($dest); require_once 'index.php'; //Just incase header is messed up. exit; } $msg = $errors['err'] ? $errors['err'] : 'Invalid login'; $show_reset = true; } elseif ($_GET['do']) { switch ($_GET['do']) { case 'ext': // Lookup external backend if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk'])) { $bk->triggerAuth(); } } Http::redirect('login.php'); } elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) { if (($user = StaffAuthenticationBackend::processSignOn($errors, false)) && $user instanceof StaffSession) { @header("Location: {$dest}"); } } define("OSTSCPINC", TRUE); //Make includes happy! include_once INCLUDE_DIR . 'staff/login.tpl.php';
if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) { session_write_close(); Http::redirect($dest); require_once('index.php'); //Just incase header is messed up. exit; } $msg = $errors['err']?$errors['err']:__('Invalid login'); $show_reset = true; } elseif ($_GET['do']) { switch ($_GET['do']) { case 'ext': // Lookup external backend if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk'])) $bk->triggerAuth(); } Http::redirect('login.php'); } // Consider single sign-on authentication backends elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) { if (($user = StaffAuthenticationBackend::processSignOn($errors, false)) && ($user instanceof StaffSession)) @header("Location: $dest"); } define("OSTSCPINC",TRUE); //Make includes happy! include_once(INCLUDE_DIR.'staff/login.tpl.php'); ?>