0) && !($config['cookie_expire'] == 0) && !($config['cookie_expire'] == '0:') && !($config['cookie_expire'] == '0:0') )
{
$enable_autologin = TRUE;
}
/**
*
* Anti-bot verification image
*
* Verify gd extension is loaded
* Verify "convert" exists (part of ImageMagick)
* Verify TTF for image exists
*
* disable image if any condition is met
*
**/
$graphic_ary = array(1,3);
if ( in_array($config['security_graphic'],$graphic_ary) )
{
/**
*
* Start session, setup user env
*
**/
if ( empty($user->data) )
{
$user->session_begin();
$user->setup();
}
if ( isset($config['enable_convert']) && $user->style['sc_graphic']['font'] && @file_exists($user->style['sc_graphic']['font']) && extension_loaded('gd') )
{
$display_graphic = TRUE;
if ( isset($_GET['confirm_id']) && !empty($_GET['confirm_id']) )
{
security_graphic(htmlspecialchars($_GET['confirm_id']));
exit;
}
}
}
/**
*
* Check and set text parameters
*
*/
$params = array(
'login' => 'login',
'password' => 'password',
'code' => 'code',
'confirm_id' => 'confirm_id',
'autologin' => 'autologin',
'sqr' => 'sqr'
);
while( list($var,$param) = @each($params) )
{
if ( !empty($_POST[$param]) )
{
$$var = is_integer($_POST[$param]) ? (int)$_POST[$param]: htmlspecialchars($_POST[$param]);
}
else
{
unset($$var);
}
}
/**
*
* Log user in, make checks, blah blah blah
* Please let me know if you make any code changes which
* happens to improve security, etc..
*
**/
if ( isset($_POST) && isset($_POST['submit']) )
{
list(,$domain) = preg_split('/@/',$login);
unset($login_failed);
if ( (empty($login) || empty($password)) )
{
$login_failed = LOGIN_EMPTY;
}
else if ( !empty($login) && !empty($password) )
{
if ( isset($display_graphic) )
{
if ( !isset($code) )
{
$login_failed = CODE_EMPTY;
}
else if ( !isset($confirm_id) )
{
$login_failed = CODE_INVALID;
}
else
{
$sql = sprintf("SELECT code
FROM %s
WHERE confirm_id = '%s'
AND token = '%s'",
CONFIRM_TABLE,$confirm_id,$user->data['token']);
if ( !($result = $db->sql_query($sql)) )
{
report_error(GENERAL_ERROR,'Error 27601: '.sprintf(_('Unable to query: %s'),CONFIRM_TABLE),$sql, __FILE__,__LINE__);
}
if ( $row = $db->sql_fetchrow($result) )
{
$db->sql_freeresult($result);
if ( !($row['code'] == $code) )
{
$login_failed = CODE_INVALID;
}
}
}
}
if ( !isset($login_failed) )
{
if ( isset($domain) && !empty($domain) )
{
$sql = sprintf("SELECT user_id, domain_id, password, active
FROM %s
WHERE %s = '%s'",
USERS_TABLE,USERS_USER,$login);
}
else
{
$sql = sprintf("SELECT %s FROM %s WHERE destination = '%s'",TRANSPORT_DOMAIN,TRANSPORT_TABLE,LOCAL);
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$user_extends_domain = sprintf('%s@%s',$login,$row['domain']);
$db->sql_freeresult();
unset($sql,$result,$row);
$sql = sprintf("SELECT user_id, domain_id, password, active
FROM %1\$s
WHERE (%2\$s = '%3\$s' AND user_level = '%4\$d')
OR (%2\$s = '%5\$s')",
USERS_TABLE,USERS_USER,$login,ROOT,$user_extends_domain);
}
if ( !($result = $db->sql_query($sql)) )
{
report_error(GENERAL_ERROR,'Error 2820: '.sprintf(_('Unable to query: %s'),USERS_TABLE),$sql,__FILE__,__LINE__);
}
if ( !($row = $db->sql_fetchrow($result)) )
{
$login_failed = LOGIN_INVALID;
}
$user_count = get_count(USERS_TABLE,'user_id','WHERE domain_id <> 0');
$domaindata = get_domain_data($row['domain_id']);
$password = $password;
$db_salt = $db_password = $row['password'];
// if ( !($row['domain_id'] == DISABLE) )
{
if (!($row['domain_id'] == DISABLE) and (($user_count > 0) && !($domaindata['active'] == ENABLE)) )
{
$login_failed = DOMAIN_DISABLED;
}
else if ( !($row['active'] == ENABLE) )
{
$login_failed = USER_DISABLED;
}
else if ( !(crypt_password($password,$db_salt) === $db_password) )
{
$login_failed = LOGIN_INVALID;
}
}
if ( !isset($login_failed) )
{
/**
*
* Clean up confirm table
*
**/
$sql = sprintf("DELETE FROM %s
WHERE token = '%s'",
CONFIRM_TABLE,$user->data['token']);
if ( !$db->sql_query($sql) )
{
report_error(GENERAL_ERROR,'Error 2821: '.sprintf(_('Unable to query: %s'),CONFIRM_TABLE),$sql,__LINE__,__FILE__);
}
clean_confirm_table();
$user->session_create($row['user_id'],$user_ip,$autologin);
redirect(append_sid(sprintf('index.%s',$ext)));
exit;
}
}
}
}
/**
*
* Start session, setup user env
*
**/
if ( empty($user->data) )
{
$user->session_begin();
$user->setup();
}
/**
*
* Log user out
*
**/
if ( isset($_GET['logout']) && $_GET['logout'] == TRUE )
{
$user->session_kill($user->data['session_id'],$user->data['user_id']);
end_transaction(GENERAL_MESSAGE,_('Your session has been terminated'),append_sid(sprintf('index.%s',$ext)),'logout');
exit;
}
/**
*
* Redirect to index if user is already logged in
*
**/
if ( $user->data['logged_in'] )
{
$this_redirect = sprintf('index.%s',$ext);
redirect(append_sid($this_redirect));
}
/**
*
* Begin page setup
*
**/
page_header();
$template->set_filenames(array(
'login' => 'login.html')
);
if ( isset($enable_autologin) )
{
$template->assign_block_vars('autologin_checkbox',array(
'L_AUTOLOGIN' => _('Remember Me'),
'L_AUTOLOGINEXPLAIN' => sprintf(_('Select this option only if you %sDO NOT%s share this computer (cookies must be enabled).'),'',''))
);
}
if ( isset($sqr) )
{
$login_failed = SQ_REDIRECT;
}
if ( isset($login_failed) )
{
switch ( $login_failed )
{
case SQ_REDIRECT:
$error = _('To administer your account,
you must re-authenticate yourself.');
break;
case LOGIN_EMPTY:
$error = _('Account login or password empty');
break;
case LOGIN_INVALID:
$error = _('Invalid account login or password');
break;
case CODE_EMPTY:
$error = _('Security code cannot be left blank');
break;
case CODE_INVALID:
$error = _('Security codes did not match');
break;
case DOMAIN_DISABLED:
$error = _('Domain is currenly disabled');
break;
case USER_DISABLED:
$error = _('Account is currently disabled');
break;
default:
break;
}
$template->assign_block_vars('login_error',array(
'L_LOGINERROR' => sprintf('* %s *',$error))
);
}
if ( isset($display_graphic) )
{
$confirm_id = md5(uniqid($user_ip));
$sql = sprintf("INSERT INTO %s
(confirm_id, token, code, time)
VALUES ('%s', '%s', '%s', '%d')",
CONFIRM_TABLE,$confirm_id,$user->data['token'],generate_code(),$config['current_time']);
if ( !$db->sql_query($sql) )
{
report_error(GENERAL_ERROR,'Error 28201: '.sprintf(_('Unable to query: %s'),CONFIRM_TABLE),$sql, __FILE__,__LINE__);
}
$template->assign_block_vars('display_security_graphic',array(
'CONFIRMID' => $confirm_id,
'L_GFX' => _('Security Code'),
'L_GFXEXPLAIN' => _('Enter the characters exactly as you see them. Click here for a new code.'))
);
}
$template->assign_vars(array(
'BACKGROUNDTOP' => $user->style['login_logo_top'],
'BACKGROUNDLEFT' => $user->style['login_logo_left'],
'VERSION' => defined('CANIDATE_VERSION') ? sprintf("%s_%s",$config['version'],CANIDATE_VERSION) : $config['version'],
'L_ACCOUNTLOGIN' => _('Account Login'),
'L_PASSWORD' => _('Password'),
'L_LOGIN' => _('Login'),
'U_FORM' => append_sid(sprintf('login.%s',$ext)))
);
$template->display('login');
$template->destroy();
page_footer();
?>