case 'sendmail':
if ($staff = Staff::lookup($_POST['userid'])) {
if (!$staff->hasPassword()) {
$msg = 'Unable to reset password. Contact your administrator';
} elseif (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}
} else {
$msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']);
}
break;
case 'newpasswd':
// TODO: Compare passwords
$tpl = 'pwreset.login.php';
$errors = array();
if ($staff = StaffAuthenticationBackend::processSignOn($errors)) {
$info = array('page' => 'index.php');
Http::redirect($info['page']);
} elseif (isset($errors['msg'])) {
$msg = $errors['msg'];
}
break;
}
} elseif ($_GET['token']) {
$msg = 'Please enter your username or email';
$_config = new Config('pwreset');
if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) {
// TODO: Detect staff confirmation (for welcome email)
$tpl = 'pwreset.login.php';
} else {
header('Location: index.php');
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php';
$show_reset = false;
if ($_POST) {
// Lookup support backends for this staff
$username = trim($_POST['userid']);
if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) {
session_write_close();
Http::redirect($dest);
require_once 'index.php';
//Just incase header is messed up.
exit;
}
$msg = $errors['err'] ? $errors['err'] : 'Invalid login';
$show_reset = true;
} elseif ($_GET['do']) {
switch ($_GET['do']) {
case 'ext':
// Lookup external backend
if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk'])) {
$bk->triggerAuth();
}
}
Http::redirect('login.php');
} elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
if (($user = StaffAuthenticationBackend::processSignOn($errors, false)) && $user instanceof StaffSession) {
@header("Location: {$dest}");
}
}
define("OSTSCPINC", TRUE);
//Make includes happy!
include_once INCLUDE_DIR . 'staff/login.tpl.php';
if ($user = StaffAuthenticationBackend::process($username,
$_POST['passwd'], $errors)) {
session_write_close();
Http::redirect($dest);
require_once('index.php'); //Just incase header is messed up.
exit;
}
$msg = $errors['err']?$errors['err']:__('Invalid login');
$show_reset = true;
}
elseif ($_GET['do']) {
switch ($_GET['do']) {
case 'ext':
// Lookup external backend
if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk']))
$bk->triggerAuth();
}
Http::redirect('login.php');
}
// Consider single sign-on authentication backends
elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
if (($user = StaffAuthenticationBackend::processSignOn($errors, false))
&& ($user instanceof StaffSession))
@header("Location: $dest");
}
define("OSTSCPINC",TRUE); //Make includes happy!
include_once(INCLUDE_DIR.'staff/login.tpl.php');
?>
