Пример #1
0
  | User authentication (no output)                        |
  | ~~~~~~~~~~~~~~~~~~~                                    |
  \********************************************************/
if (!defined('IN_FS')) {
    die('Do not access this file directly.');
}
if (Req::val('logout')) {
    $user->logout();
    Flyspray::Redirect($baseurl);
}
if (Req::val('user_name') != '' && Req::val('password') != '') {
    // Otherwise, they requested login.  See if they provided the correct credentials...
    $username = Backend::clean_username(Req::val('user_name'));
    $password = Req::val('password');
    // Run the username and password through the login checker
    if (($user_id = Flyspray::checkLogin($username, $password)) < 1) {
        $_SESSION['failed_login'] = Req::val('user_name');
        if ($user_id === -2) {
            Flyspray::show_error(L('usernotexist'));
        } elseif ($user_id === -1) {
            Flyspray::show_error(23);
        } else {
            // just some extra check here so that never ever an account can get locked when it's already disabled
            // ... that would make it easy to get enabled
            $db->Query('UPDATE {users} SET login_attempts = login_attempts+1 WHERE account_enabled = 1 AND user_name = ?', array($username));
            // Lock account if failed too often for a limited amount of time
            $db->Query('UPDATE {users} SET lock_until = ?, account_enabled = 0 WHERE login_attempts > ? AND user_name = ?', array(time() + 60 * $fs->prefs['lock_for'], LOGIN_ATTEMPTS, $username));
            if ($db->AffectedRows()) {
                Flyspray::show_error(sprintf(L('error71'), $fs->prefs['lock_for']));
                Flyspray::Redirect($baseurl);
            } else {
Пример #2
0
        Flyspray::show_error(27);
    }
    $success = false;
    if ($username) {
        $group_in = $fs->prefs['anon_group'];
        $name = $user_details->name ?: $username;
        $success = Backend::create_user($username, null, $name, '', $user_details->email, 0, 0, $group_in, 1, $uid, $provider);
    }
    // username taken or not provided, ask for it
    if (!$success) {
        $_SESSION['oauth_token'] = serialize($token);
        $_SESSION['oauth_provider'] = $provider;
        $page->assign('provider', ucfirst($provider));
        $page->assign('username', $username);
        $page->pushTpl('register.oauth.tpl');
        return;
    }
}
if (($user_id = Flyspray::checkLogin($user_details->email, null, 'oauth')) < 1) {
    Flyspray::show_error(23);
    // account disabled
}
$user = new User($user_id);
// Set a couple of cookies
$passweirded = crypt($user->infos['user_pass'], $conf['general']['cookiesalt']);
Flyspray::setCookie('flyspray_userid', $user->id, 0, null, null, null, true);
Flyspray::setCookie('flyspray_passhash', $passweirded, 0, null, null, null, true);
$_SESSION['SUCCESS'] = L('loginsuccessful');
$return_to = $_SESSION['return_to'];
unset($_SESSION['return_to']);
Flyspray::Redirect($return_to);