| User authentication (no output) | | ~~~~~~~~~~~~~~~~~~~ | \********************************************************/ if (!defined('IN_FS')) { die('Do not access this file directly.'); } if (Req::val('logout')) { $user->logout(); Flyspray::Redirect($baseurl); } if (Req::val('user_name') != '' && Req::val('password') != '') { // Otherwise, they requested login. See if they provided the correct credentials... $username = Backend::clean_username(Req::val('user_name')); $password = Req::val('password'); // Run the username and password through the login checker if (($user_id = Flyspray::checkLogin($username, $password)) < 1) { $_SESSION['failed_login'] = Req::val('user_name'); if ($user_id === -2) { Flyspray::show_error(L('usernotexist')); } elseif ($user_id === -1) { Flyspray::show_error(23); } else { // just some extra check here so that never ever an account can get locked when it's already disabled // ... that would make it easy to get enabled $db->Query('UPDATE {users} SET login_attempts = login_attempts+1 WHERE account_enabled = 1 AND user_name = ?', array($username)); // Lock account if failed too often for a limited amount of time $db->Query('UPDATE {users} SET lock_until = ?, account_enabled = 0 WHERE login_attempts > ? AND user_name = ?', array(time() + 60 * $fs->prefs['lock_for'], LOGIN_ATTEMPTS, $username)); if ($db->AffectedRows()) { Flyspray::show_error(sprintf(L('error71'), $fs->prefs['lock_for'])); Flyspray::Redirect($baseurl); } else {
Flyspray::show_error(27); } $success = false; if ($username) { $group_in = $fs->prefs['anon_group']; $name = $user_details->name ?: $username; $success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider); } // username taken or not provided, ask for it if (!$success) { $_SESSION['oauth_token'] = serialize($token); $_SESSION['oauth_provider'] = $provider; $page->assign('provider', ucfirst($provider)); $page->assign('username', $username); $page->pushTpl('register.oauth.tpl'); return; } } if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) { Flyspray::show_error(23); // account disabled } $user = new User($user_id); // Set a couple of cookies $passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']); Flyspray::setCookie('flyspray_userid', $user->id, 0, null, null, null, true); Flyspray::setCookie('flyspray_passhash', $passweirded, 0, null, null, null, true); $_SESSION['SUCCESS'] = L('loginsuccessful'); $return_to = $_SESSION['return_to']; unset($_SESSION['return_to']); Flyspray::Redirect($return_to);