1 rizwank 1.1 <?php
2 /***************************************************************************
3 * login.php
4 * -------------------
5 * begin : Saturday, Feb 13, 2001
6 * copyright : (C) 2001 The phpBB Group
7 * email : support@phpbb.com
8 *
9 * $Id: login.php,v 1.47.2.9 2003/01/02 15:43:59 psotfx Exp $
10 *
11 *
12 ***************************************************************************/
13
14 /***************************************************************************
15 *
16 * This program is free software; you can redistribute it and/or modify
17 * it under the terms of the GNU General Public License as published by
18 * the Free Software Foundation; either version 2 of the License, or
19 * (at your option) any later version.
20 *
21 ***************************************************************************/
22 rizwank 1.1
23 //
24 // Allow people to reach login page if
25 // board is shut down
26 //
27 define("IN_LOGIN", true);
28
29 define('IN_PHPBB', true);
30 $phpbb_root_path = './';
31 include($phpbb_root_path . 'extension.inc');
32 include($phpbb_root_path . 'common.'.$phpEx);
33
34 //
35 // Set page ID for session management
36 //
37 $userdata = session_pagestart($user_ip, PAGE_LOGIN);
38 init_userprefs($userdata);
39 //
40 // End session management
41 //
42
43 rizwank 1.1 // session id check
44 if (!empty($HTTP_POST_VARS['sid']) || !empty($HTTP_GET_VARS['sid']))
45 {
46 $sid = (!empty($HTTP_POST_VARS['sid'])) ? $HTTP_POST_VARS['sid'] : $HTTP_GET_VARS['sid'];
47 }
48 else
49 {
50 $sid = '';
51 }
52
53 if( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) || isset($HTTP_POST_VARS['logout']) || isset($HTTP_GET_VARS['logout']) )
54 {
55 if( ( isset($HTTP_POST_VARS['login']) || isset($HTTP_GET_VARS['login']) ) && !$userdata['session_logged_in'] )
56 {
57 $username = isset($HTTP_POST_VARS['username']) ? $HTTP_POST_VARS['username'] : '';
58 $password = isset($HTTP_POST_VARS['password']) ? $HTTP_POST_VARS['password'] : '';
59
60 $sql = "SELECT user_id, username, user_password, user_active, user_level
61 FROM " . USERS_TABLE . "
62 WHERE username = '" . str_replace("\'", "''", $username) . "'";
63 if ( !($result = $db->sql_query($sql)) )
64 rizwank 1.1 {
65 message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
66 }
67
68 if( $row = $db->sql_fetchrow($result) )
69 {
70 if( $row['user_level'] != ADMIN && $board_config['board_disable'] )
71 {
72 redirect(append_sid("index.$phpEx", true));
73 }
74 else
75 {
76 if( md5($password) == $row['user_password'] && $row['user_active'] )
77 {
78 $autologin = ( isset($HTTP_POST_VARS['autologin']) ) ? TRUE : 0;
79
80 $session_id = session_begin($row['user_id'], $user_ip, PAGE_INDEX, FALSE, $autologin);
81
82 if( $session_id )
83 {
84 $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
85 rizwank 1.1 redirect(append_sid($url, true));
86 }
87 else
88 {
89 message_die(CRITICAL_ERROR, "Couldn't start session : login", "", __LINE__, __FILE__);
90 }
91 }
92 else
93 {
94 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : '';
95 $redirect = str_replace("?", "&", $redirect);
96
97 $template->assign_vars(array(
98 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">')
99 );
100
101 $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
102
103 message_die(GENERAL_MESSAGE, $message);
104 }
105 }
106 rizwank 1.1 }
107 else
108 {
109 $redirect = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "";
110 $redirect = str_replace("?", "&", $redirect);
111
112 $template->assign_vars(array(
113 'META' => '<meta http-equiv="refresh" content="3;url=' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">')
114 );
115
116 $message = $lang['Error_login'] . '<br /><br />' . sprintf($lang['Click_return_login'], '<a href="' . "login.$phpEx?redirect=$redirect&sid=" . $userdata['session_id'] . '">', '</a>') . '<br /><br />' . sprintf($lang['Click_return_index'], '<a href="' . append_sid("index.$phpEx") . '">', '</a>');
117
118 message_die(GENERAL_MESSAGE, $message);
119 }
120 }
121 else if( ( isset($HTTP_GET_VARS['logout']) || isset($HTTP_POST_VARS['logout']) ) && $userdata['session_logged_in'] )
122 {
123 // session id check
124 if ($sid == '' || $sid != $userdata['session_id'])
125 {
126 message_die(GENERAL_ERROR, 'Invalid_session');
127 rizwank 1.1 }
128
129 if( $userdata['session_logged_in'] )
130 {
131 session_end($userdata['session_id'], $userdata['user_id']);
132 }
133
134 if (!empty($HTTP_POST_VARS['redirect']) || !empty($HTTP_GET_VARS['redirect']))
135 {
136 $url = (!empty($HTTP_POST_VARS['redirect'])) ? $HTTP_POST_VARS['redirect'] : $HTTP_GET_VARS['redirect'];
137 redirect(append_sid($url, true));
138 }
139 else
140 {
141 redirect(append_sid("index.$phpEx", true));
142 }
143 }
144 else
145 {
146 $url = ( !empty($HTTP_POST_VARS['redirect']) ) ? $HTTP_POST_VARS['redirect'] : "index.$phpEx";
147 redirect(append_sid($url, true));
148 rizwank 1.1 }
149 }
150 else
151 {
152 //
153 // Do a full login page dohickey if
154 // user not already logged in
155 //
156 if( !$userdata['session_logged_in'] )
157 {
158 $page_title = $lang['Login'];
159 include($phpbb_root_path . 'includes/page_header.'.$phpEx);
160
161 $template->set_filenames(array(
162 'body' => 'login_body.tpl')
163 );
164
165 if( isset($HTTP_POST_VARS['redirect']) || isset($HTTP_GET_VARS['redirect']) )
166 {
167 $forward_to = $HTTP_SERVER_VARS['QUERY_STRING'];
168
169 rizwank 1.1 if( preg_match("/^redirect=([a-z0-9\.#\/\?&=\+\-_]+)/si", $forward_to, $forward_matches) )
170 {
171 $forward_to = ( !empty($forward_matches[3]) ) ? $forward_matches[3] : $forward_matches[1];
172 $forward_match = explode('&', $forward_to);
173
174 if(count($forward_match) > 1)
175 {
176 $forward_page = '';
177
178 for($i = 1; $i < count($forward_match); $i++)
179 {
180 if( !ereg("sid=", $forward_match[$i]) )
181 {
182 if( $forward_page != '' )
183 {
184 $forward_page .= '&';
185 }
186 $forward_page .= $forward_match[$i];
187 }
188 }
189 $forward_page = $forward_match[0] . '?' . $forward_page;
190 rizwank 1.1 }
191 else
192 {
193 $forward_page = $forward_match[0];
194 }
195 }
196 }
197 else
198 {
199 $forward_page = '';
200 }
201
202 $username = ( $userdata['user_id'] != ANONYMOUS ) ? $userdata['username'] : '';
203
204 $s_hidden_fields = '<input type="hidden" name="sid" value="' . $userdata['session_id'] . '" /><input type="hidden" name="redirect" value="' . $forward_page . '" />';
205
206 make_jumpbox('viewforum.'.$phpEx, $forum_id);
207 $template->assign_vars(array(
208 'USERNAME' => $username,
209
210 'L_ENTER_PASSWORD' => $lang['Enter_password'],
211 rizwank 1.1 'L_SEND_PASSWORD' => $lang['Forgotten_password'],
212
213 'U_SEND_PASSWORD' => append_sid("profile.$phpEx?mode=sendpassword"),
214
215 'S_HIDDEN_FIELDS' => $s_hidden_fields)
216 );
217
218 $template->pparse('body');
219
220 include($phpbb_root_path . 'includes/page_tail.'.$phpEx);
221 }
222 else
223 {
224 redirect(append_sid("index.$phpEx", true));
225 }
226
227 }
228
229 ?>
|
Return to
login.php
CVS log
Up to [RizwankCVS] / geekymedia_web / phpBB2