/*
+----------------------------------------------------------------------+
| PEAR Web site version 1.0 |
+----------------------------------------------------------------------+
| Copyright (c) 2001-2005 The PHP Group |
+----------------------------------------------------------------------+
| This source file is subject to version 2.02 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available at through the world-wide-web at |
| http://www.php.net/license/2_02.txt. |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
| Authors: |
+----------------------------------------------------------------------+
$Id$
*/
date_default_timezone_set('UTC');
require_once 'pear-config.php';
require_once 'PEAR.php';
include_once 'pear-format-html.php';
include_once 'pear-auth.php';
require_once 'Validate.php';
if (!empty($_GET['logout']) && $_GET['logout'] === '1') {
auth_logout();
}
if (!empty($_COOKIE['PEAR_USER']) && !auth_verify($_COOKIE['PEAR_USER'], $_COOKIE['PEAR_PW'])) {
auth_kill_cookies();
auth_reject(null, 'Invalid username or password');
}
function auth_require()
{
global $auth_user;
$res = true;
$user = @$_COOKIE['PEAR_USER'];
$passwd = @$_COOKIE['PEAR_PW'];
if (!auth_verify($user, $passwd)) {
auth_reject();
// exits
}
$num = func_num_args();
for ($i = 0; $i < $num; $i++) {
$arg = func_get_arg($i);
$res = auth_check($arg);
if ($res === true) {
return true;
}
}
if ($res === false) {
response_header("Insufficient Privileges");
report_error("Insufficient Privileges");
response_footer();
exit;
}
return true;
}
* To figure out cookies are REALLY off, check to see if the person came
* from within the PEAR website or just submitted the login form.
*/
if (!isset($_COOKIE[session_name()]) && (strpos(@$_SERVER['HTTP_REFERER'], @$_GET['redirect']) !== false || isset($_POST['PEAR_USER']) && isset($_POST['PEAR_PW']))) {
// auth_reject(PEAR_AUTH_REALM, 'Cookies must be enabled to log in.');
}
/*
* If they're already logged in, say so.
*/
if (!empty($auth_user)) {
response_header('Login');
echo '<div class="warnings">You are already logged in.</div>';
response_footer();
exit;
}
if (isset($_POST['PEAR_USER'], $_POST['PEAR_PW']) && auth_verify(@$_POST['PEAR_USER'], @$_POST['PEAR_PW'])) {
if (!empty($_POST['PEAR_PERSIST'])) {
setcookie('REMEMBER_ME', 1, 2147483647, '/');
setcookie(session_name(), session_id(), 2147483647, '/');
} else {
$expire = 0;
setcookie('REMEMBER_ME', 0, 2147483647, '/');
setcookie(session_name(), session_id(), null, '/');
}
$_SESSION['PEAR_USER'] = $_POST['PEAR_USER'];
/*
* Update users lastlogin
*/
$query = 'UPDATE users SET lastlogin = NOW() WHERE handle = ?';
$dbh->query($query, array($_POST['PEAR_USER']));
/*
// If they're already logged in, say so.
if (isset($auth_user) && $auth_user) {
response_header('Login');
echo '<div class="warnings">You are already logged in.</div>';
response_footer();
exit;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (empty($_POST['PEAR_USER']) || empty($_POST['PEAR_PW'])) {
auth_reject(PEAR_AUTH_REALM, 'You must provide a username and a password.');
}
} else {
auth_reject(PEAR_AUTH_REALM, '');
}
$password = !empty($_POST['isMD5']) ? $_POST['PEAR_PW'] : md5($_POST['PEAR_PW']);
if (auth_verify($_POST['PEAR_USER'], $password)) {
$expire = !empty($_POST['PEAR_PERSIST']) ? 2147483647 : 0;
setcookie('PEAR_USER', $_POST['PEAR_USER'], $expire, '/');
setcookie('PEAR_PW', $password, $expire, '/');
// mark user as active if they were inactive
$dbh->query('UPDATE users SET active = 1 WHERE handle = ?', array($_POST['PEAR_USER']));
// Determine URL
if (isset($_POST['PEAR_OLDURL']) && basename($_POST['PEAR_OLDURL']) != 'login.php' && !preg_match('|://|', $_POST['PEAR_OLDURL'])) {
localRedirect($_POST['PEAR_OLDURL']);
} else {
localRedirect('/index.php');
}
exit;
}
$msg = '';
if (isset($_POST['PEAR_USER']) || isset($_POST['PEAR_PW'])) {