function mystery_process_authentication()
{
// this function processes a user's authentication, displaying login forms,
// error messages, etc.
global $_MYSTERY;
if (@$_SESSION['is_logged_in'] == 'yes') {
return;
}
mystery_setup_default_session();
if (@$_REQUEST['username'] == '' || @$_REQUEST['password'] == '') {
// the user didn't send a password / username, so just display the form
mystery_header();
mystery_display_authentication_form();
mystery_footer();
} else {
// user provided some authentication information, attempt to authenticate
if (!mystery_auth($_REQUEST['username'], $_REQUEST['password'])) {
// user couldn't be authenticated, display error message and login box again
mystery_header();
mystery_display_user_error('You entered an invalid username or password, or cannot login from your current location. Please try again.');
mystery_display_authentication_form();
mystery_footer();
}
}
}
$lastloc = '/';
}
if (preg_match('~/process/$~', $lastloc)) {
//show error
$note = '<strong>An error has occurred:</strong><br>Your session timed out and we were therefore unable to process your previous request/submission. Please resubmit your request after signing in again. Thank you.';
echo '<br>' . portal_generate_notebox($note);
//remove the trailing /process/
$lastloc = preg_replace('~/process/$~', '/', $lastloc);
}
if (@$_SESSION['is_logged_in'] == 'yes') {
mystery_redirect('/');
exit;
}
// attempt a login and redirect
if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) {
if (mystery_auth($_REQUEST['username'], $_REQUEST['password'])) {
if (!isset($_COOKIE['cookietest'])) {
// they know their username and password but since they do not
// have cookies enabled, they won't be able to use the site
$login_failed = 'yes';
$login_failure_reason = 'cookie';
} else {
mystery_redirect($lastloc);
}
} else {
$login_failed = 'yes';
}
}
// destroy any existing sessions
mystery_setup_default_session();
// display alert messages if necessary
