function mystery_process_authentication() { // this function processes a user's authentication, displaying login forms, // error messages, etc. global $_MYSTERY; if (@$_SESSION['is_logged_in'] == 'yes') { return; } mystery_setup_default_session(); if (@$_REQUEST['username'] == '' || @$_REQUEST['password'] == '') { // the user didn't send a password / username, so just display the form mystery_header(); mystery_display_authentication_form(); mystery_footer(); } else { // user provided some authentication information, attempt to authenticate if (!mystery_auth($_REQUEST['username'], $_REQUEST['password'])) { // user couldn't be authenticated, display error message and login box again mystery_header(); mystery_display_user_error('You entered an invalid username or password, or cannot login from your current location. Please try again.'); mystery_display_authentication_form(); mystery_footer(); } } }
$lastloc = '/'; } if (preg_match('~/process/$~', $lastloc)) { //show error $note = '<strong>An error has occurred:</strong><br>Your session timed out and we were therefore unable to process your previous request/submission. Please resubmit your request after signing in again. Thank you.'; echo '<br>' . portal_generate_notebox($note); //remove the trailing /process/ $lastloc = preg_replace('~/process/$~', '/', $lastloc); } if (@$_SESSION['is_logged_in'] == 'yes') { mystery_redirect('/'); exit; } // attempt a login and redirect if (isset($_REQUEST['username']) && isset($_REQUEST['password'])) { if (mystery_auth($_REQUEST['username'], $_REQUEST['password'])) { if (!isset($_COOKIE['cookietest'])) { // they know their username and password but since they do not // have cookies enabled, they won't be able to use the site $login_failed = 'yes'; $login_failure_reason = 'cookie'; } else { mystery_redirect($lastloc); } } else { $login_failed = 'yes'; } } // destroy any existing sessions mystery_setup_default_session(); // display alert messages if necessary