/**
* Display the login screen.
*
* This screen should also check if PivotX is set up correctly. If it isn't, the
* user will be redirected to the Troubleshooting or Setup screen.
*
*/
function pageLogin($template = "normal")
{
global $PIVOTX;
if (!isInstalled()) {
pageSetupUser();
die;
}
$PIVOTX['template']->assign('title', __("Login"));
$PIVOTX['template']->assign('heading', __("Login"));
$template = getDefault($_POST['template'], $template);
if (isMobile()) {
$template = "mobile";
}
$form = getLoginForm($template);
// If a 'return to' is set, pass it onto the template, but only the 'path' and 'query'
// part. This means that we do NOT allow redirects to another domain!!
$returnto = getDefault($_GET['returnto'], $_POST['returnto']);
if (!empty($returnto)) {
$returnto = parse_url($returnto);
$returnto_link = $returnto['path'];
if (!empty($returnto['query'])) {
$returnto_link .= '?' . $returnto['query'];
}
$form->setvalue('returnto', $returnto_link);
}
// Get the validation result
$result = $form->validate();
$extraval = array();
if ($result != FORM_OK) {
if (isset($_GET['resetpassword']) && isset($_GET['username']) && isset($_GET['id'])) {
$form->setvalue('username', $_GET['username']);
$user = $PIVOTX['users']->getUser($_GET['username']);
if ($user && !empty($user['reset_id']) && $_GET['id'] == $user['reset_id']) {
$extraval['pass1'] = randomString(8, true);
$extraval['reset_id'] = '';
$pass = "******" . $extraval['pass1'] . "</strong>'";
$message = "<p>" . __('Your new password is %pass%.') . "</p>";
$message = str_replace('%pass%', $pass, $message);
$PIVOTX['messages']->addMessage($message);
$html = $message;
$PIVOTX['users']->updateUser($user['username'], $extraval);
$PIVOTX['events']->add('password_reset', "", $user['username']);
} else {
$PIVOTX['messages']->addMessage(__('Oops') . ' - ' . __('Password reset request failed.'));
debug('Password reset request failed - wrong id.');
}
}
$PIVOTX['template']->assign("html", $html);
$PIVOTX['template']->assign("form", $form->fetch(true));
} else {
$val = $form->getvalues();
if ($val['resetpassword'] == 1) {
$can_send_mail = true;
$user = $PIVOTX['users']->getUser($val['username']);
if ($user) {
$extraval['reset_id'] = md5($PIVOTX['config']->get('server_spam_key') . $user['password']);
$PIVOTX['users']->updateUser($user['username'], $extraval);
$link = $PIVOTX['paths']['host'] . makeAdminPageLink('login') . '&resetpassword&username='******'username']) . '&id=' . $extraval['reset_id'];
$can_send_mail = mailResetPasswordLink(array('name' => $user['username'], 'email' => $user['email'], 'reset_id' => $extraval['reset_id'], 'link' => $link));
}
if ($can_send_mail) {
// Posting this message even if an invalid username is given so
// crackers can't enumerate usernames.
$PIVOTX['messages']->addMessage(__('A link to reset your password was sent to your mailbox.'));
} else {
$PIVOTX['messages']->addMessage(__('PivotX was not able to send a mail with the reset link.'));
}
$PIVOTX['events']->add('request_password', "", $user['username']);
$PIVOTX['template']->assign("form", $form->fetch(true));
} elseif ($PIVOTX['session']->login($val['username'], $val['password'], $val['stayloggedin'])) {
// User successfully logged in... set language and go to Dashboard or 'returnto'
$currentuser = $PIVOTX['users']->getUser($PIVOTX['session']->currentUsername());
$PIVOTX['languages']->switchLanguage($currentuser['language']);
if (!empty($returnto_link)) {
header("Location: " . $returnto_link);
die;
} else {
if ($template == "normal") {
pageDashboard();
} else {
if ($template == "mobile") {
header('Location: index.php');
} else {
pageBookmarklet();
}
}
die;
}
} else {
// User couldn't be logged in
$PIVOTX['events']->add('failed_login', "", safeString($_POST['username']));
$PIVOTX['messages']->addMessage($PIVOTX['session']->getMessage());
$PIVOTX['template']->assign("form", $form->fetch(true));
}
}
// Check for warnings to display
$PIVOTX['messages']->checkWarnings();
if ($template == "normal") {
$templatename = "generic.tpl";
} else {
if ($template == "mobile") {
$templatename = "mobile/generic.tpl";
} else {
$templatename = "bookmarklet_login.tpl";
}
}
renderTemplate($templatename);
}
function sendPass()
{
global $PIVOTX;
if ($user = $this->loadUser($this->input['name'])) {
if ($user['name'] == $this->input['name']) {
$user['reset_id'] = md5($PIVOTX['config']->get('server_spam_key') . $user['pass']);
$user['pass_reset'] = randomString(10);
$this->saveUser($user);
$link = $PIVOTX['paths']['host'] . makeVisitorPageLink('reset_passwd') . '&name=' . urlencode($user['name']) . '&id=' . $user['reset_id'];
mailResetPasswordLink(array('name' => $user['name'], 'email' => $user['email'], 'reset_id' => $user['reset_id'], 'link' => $link));
}
}
// Posting this message even if an invalid username is given so
// crackers can't enumerate usernames.
$this->input['message'] = __('A link to reset your password was sent to your mailbox.');
$text = $this->showLogin();
return $text;
}
