<?php // $Revision: 1.34 $
/* vim: set expandtab ts=4 sw=4 sts=4: */
/**
* $Id: login.php,v 1.34 2004/01/18 20:55:08 madbear Exp $
*
* Copyright (c) 2003 by the NetOffice developers
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*/
$checkSession = false;
require_once('../includes/library.php');
// DEBUG
// foreach ($HTTP_POST_VARS as $k => $v) { print "<font color=blue>\$HTTP_POST_VARS[$k] => $v</font><br>"; }
// foreach ($HTTP_GET_VARS as $k => $v) { print "<font color=green>\$HTTP_GET_VARS[$k] => $v</font><br>"; }
// foreach ($HTTP_SESSION_VARS as $k => $v) { print "<font color=red>\$HTTP_SESSION_VARS[$k] => $v</font><br>"; }
// foreach ($HTTP_COOKIE_VARS as $k => $v) { print "<font color=purple>\$HTTP_COOKIE_VARS[$k] => $v</font><br>"; }
// foreach ($HTTP_SERVER_VARS as $k => $v) { print "<font color=purple>\$HTTP_SERVER_VARS[$k] => $v</font><br>"; }
if (($HTTP_GET_VARS['logout'] == 'true') and (isset($HTTP_SESSION_VARS['loginSession']))) {
// update the logs table before logout
$tmpquery1 = 'UPDATE ' . $tableCollab['logs'] . ' SET connected=NULL ';
$tmpquery1 .= 'WHERE login="' . $HTTP_SESSION_VARS['loginSession'] . '"';
connectSql($tmpquery1);
// delete the authentication cookies
setcookie('NetOfficeAuthCookie', '', time() - 86400, $base_uri);
// handle the session
$HTTP_SESSION_VARS = array(); // unset all session varables
session_unset();
_sess_mysql_destroy( session_id() ); // then destroy the session
// redirection to login page with logout message
header('Location: ../general/login.php?msg=logout');
exit;
}
$match = false;
$ssl = false;
// if (!empty($SSL_CLIENT_CERT) && !$HTTP_GET_VARS['logout'] && $HTTP_GET_VARS['loginSubmit']) {
// $auth = 'on';
// $ssl = true;
// if (function_exists('openssl_x509_read')) {
// $x509 = openssl_x509_read($SSL_CLIENT_CERT);
// $cert_array = openssl_x509_parse($x509, true);
// $subject_array = $cert_array['subject'];
// $ssl_email = $subject_array['Email'];
// openssl_x509_free($x509);
// } else {
// $ssl_email = `echo "$SSL_CLIENT_CERT" | $pathToOpenssl x509 -noout -email`;
// }
// } else {
// test blank fields in form
if ($HTTP_POST_VARS['loginSubmit']) {
if ($HTTP_POST_VARS['loginForm'] == '' and $HTTP_POST_VARS['passwordForm'] == '') {
$error = $strings['login_username'] . '<br>' . $strings['login_password'];
} else if ($HTTP_POST_VARS['loginForm'] == '') {
$error = $strings['login_username'];
} else if ($HTTP_POST_VARS['passwordForm'] == '') {
$error = $strings['login_password'];
} else {
$auth = 'on';
if ($rememberForm == 'on') {
$storePwd = get_password($HTTP_POST_VARS['passwordForm']);
$cookie_value = base64_encode(serialize(array('loginForm' => $HTTP_POST_VARS['loginForm'], 'storePwd' => $storePwd, 'loginToken' => md5($HTTP_POST_VARS['loginForm'] . $cryptKey))));
setcookie('NetOfficeAuthCookie', $cookie_value, time()+31536000, $base_uri);
} else {
setcookie('NetOfficeAuthCookie', '', time()-3600, $base_uri);
}
}
}
if ($forcedLogin == 'false') {
if (($auth == 'on') and (!$HTTP_POST_VARS['loginForm']) and (!$HTTP_POST_VARS['passwordForm'])) {
$auth = 'off';
$error = 'Detecting variables poisoning ;-)';
}
}
// }
// get cookie params
$authCookie = unserialize(base64_decode($HTTP_COOKIE_VARS['NetOfficeAuthCookie']));
$loginCookie = $authCookie['loginForm'];
$passwordCookie = $authCookie['storePwd'];
$tokenCookie = $authCookie['loginToken'];
if ($loginCookie != '' && $passwordCookie != '' && $tokenCookie != '') {
$auth = 'on';
}
if ($auth == 'on') {
$loginForm = strip_tags($HTTP_POST_VARS['loginForm']);
$passwordForm = strip_tags($HTTP_POST_VARS['passwordForm']);
if ($loginCookie != '' && $passwordCookie != '' && $tokenCookie != '') {
$loginForm = $loginCookie;
}
// query in members table (demo user not listed if demo mode false,
// to prohibit the access)
if ($demoMode != true) {
if ($ssl) {
$tmpquery = "WHERE mem.email_work = '$ssl_email' AND mem.login != 'demo' AND mem.profil != '4'";
} else {
$tmpquery = "WHERE mem.login = '$loginForm' AND mem.login != 'demo' AND mem.profil != '4'";
}
} else {
$tmpquery = "WHERE mem.login = '$loginForm' AND mem.profil != '4'";
}
$loginUser = new request();
$loginUser->openMembers($tmpquery);
$comptLoginUser = count($loginUser->mem_id);
// test if user exits
if ($comptLoginUser == '0') {
$error = $strings['invalid_login'];
setcookie('NetOfficeAuthCookie', '', time()-3600, $base_uri);
} else {
// test password
if ($loginCookie != '' && $passwordCookie != '' && $tokenCookie != '') {
if (!$ssl && $passwordCookie != $loginUser->mem_password[0]) {
$error = $strings['invalid_login'];
setcookie('NetOfficeAuthCookie', '', time()-3600, $base_uri);
} else {
// password passed, now test token
if (!$ssl && $tokenCookie != md5($loginCookie . $cryptKey)) {
$error = $strings['invalid_login'];
setcookie('NetOfficeAuthCookie', '', time()-3600, $base_uri);
} else {
$match = true;
}
}
} else {
if ((!$ssl) and (!is_password_match($loginForm, $passwordForm, $loginUser->mem_password[0]))) {
$error = $strings['invalid_login'];
} else {
$match = true;
}
}
if ($match == true) {
// encrypt password in session using the defined loginMethod from settings.php
$passwordForm = get_password($passwordForm);
// get the ip addr
$ip = SESS_REMOTE_ADDR;
// set session variables
$HTTP_SESSION_VARS['browserSession'] = $HTTP_USER_AGENT;
$HTTP_SESSION_VARS['idSession'] = $loginUser->mem_id[0];
$HTTP_SESSION_VARS['timezoneSession'] = $loginUser->mem_timezone[0];
$HTTP_SESSION_VARS['languageSession'] = $languageForm;
$HTTP_SESSION_VARS['loginSession'] = $loginForm;
$HTTP_SESSION_VARS['passwordSession'] = $passwordForm;
$HTTP_SESSION_VARS['nameSession'] = $loginUser->mem_name[0];
$HTTP_SESSION_VARS['ipSession'] = $ip;
$HTTP_SESSION_VARS['dateunixSession'] = date('U');
$HTTP_SESSION_VARS['dateSession'] = date('d-m-Y H:i:s');
$HTTP_SESSION_VARS['profilSession'] = $loginUser->mem_profil[0];
$HTTP_SESSION_VARS['logouttimeSession'] = $loginUser->mem_logout_time[0];
$HTTP_SESSION_VARS['loginToken'] = md5($loginForm . $cryptKey);
// register demo session = true in session if user = demo
if ($loginForm == 'demo') {
$demoSession = true;
$HTTP_SESSION_VARS['demoSession'] = $demoSession;
}
// insert into or update log
$tmpquery = "WHERE log.login = '$loginForm'";
$registerLog = new request();
$registerLog->openLogs($tmpquery);
$comptRegisterLog = count($registerLog->log_id);
$session = session_id();
if ($comptRegisterLog == '0') {
$tmpquery1 = 'INSERT INTO ' . $tableCollab['logs'] . "(login,password,ip,session,compt,last_visite) VALUES('$loginForm','$passwordForm','$ip','$session','1','$dateheure')";
connectSql($tmpquery1);
} else {
$HTTP_SESSION_VARS['lastvisiteSession'] = $registerLog->log_last_visite[0];
$increm = $registerLog->log_compt[0] + 1;
$tmpquery1 = 'UPDATE ' . $tableCollab['logs'] . " SET ip='$ip',session='$session',compt='$increm',last_visite='$dateheure' WHERE login = '$loginForm'";
connectSql($tmpquery1);
}
// redirect for external link to internal page
if ($HTTP_GET_VARS['url'] != '') {
if ($loginUser->mem_profil[0] == '3') {
header('Location: ../' . $HTTP_GET_VARS['url'] . '&updateProject=true');
exit;
} else {
header('Location: ../' . $HTTP_GET_VARS['url']);
exit;
}
} else if (($loginUser->mem_last_page[0] != '') and ($loginUser->mem_profil[0] != '3')) {
// redirect to selected start page
header('Location: ../' . $loginUser->mem_last_page[0]);
exit;
// } else if ($loginUser->mem_last_page[0] != '' && ($loginCookie != '' && $passwordCookie != '' && $tokenCookie != '') && $loginUser->mem_profil[0] != '3') {
// $tmpquery = 'UPDATE '.$tableCollab['members']." SET last_page='' WHERE login = '$loginForm'";
// connectSql($tmpquery);
// header('Location: ../'.$loginUser->mem_last_page[0]);
// exit;
} else {
// redirect to home or admin page (if user is administrator)
if ($loginUser->mem_profil[0] == '3') {
header('Location: ../projects_site/home.php');
exit;
} else if ($loginUser->mem_profil[0] == '0') {
header('Location: ../administration/admin.php');
exit;
} else {
header('Location: ../general/home.php');
exit;
}
}
}
}
}
if (($HTTP_GET_VARS['session'] == 'false') and ($HTTP_GET_VARS['url'] == '')) {
$error = $strings['session_false'];
}
if ($HTTP_GET_VARS['logout'] == 'true') {
$msg = 'logout';
}
if ($demoMode == true) {
$loginForm = 'demo';
$passwordForm = 'demo';
}
$notLogged = true;
$bodyCommand = 'onLoad="document.loginForm.loginForm.focus();"';
require_once('../themes/' . THEME . '/header.php');
$blockPage = new block();
$blockPage->openBreadcrumbs();
$blockPage->itemBreadcrumbs(' ');
$blockPage->closeBreadcrumbs();
if ($HTTP_GET_VARS['msg'] != '') {
require_once('../includes/messages.php');
$blockPage->messagebox($msgLabel);
}
$block1 = new block();
$block1->form = 'login';
$block1->openForm($HTTP_SERVER_VARS['REQUEST_URI']);
if ($HTTP_GET_VARS['url'] != '') {
echo '<input value="' . $HTTP_GET_VARS['url'] . '" type="hidden" name="url">';
}
if ($error != '') {
$block1->headingError($strings['errors']);
$block1->contentError($error);
}
$block1->heading('NetOffice : ' . $strings['login']);
$block1->openContent();
$block1->contentTitle($strings['please_login']);
// build lang drop list
$selectLanguage = '<select name="languageForm">';
array_multisort($langValue, SORT_ASC, SORT_STRING);
foreach ($langValue as $key => $value) {
if (file_exists('../languages/lang_' . $key . '.php')) {
if ($langDefault == $key) {
$selectLanguage .= '<option value="' . $key . '" selected>' . $value . ' (Default)</option>';
} else {
$selectLanguage .= '<option value="' . $key . '">' . $value . '</option>';
}
}
}
$selectLanguage .= '</select>';
$block1->contentRow($strings['language'], $selectLanguage);
$block1->contentRow('* ' . $strings['user_name'], '<input value="' . $loginForm . '" type="text" name="loginForm">');
$block1->contentRow('* ' . $strings['password'], '<input value="' . $passwordForm . '" type="password" name="passwordForm">');
$block1->contentRow($strings['remember_password'],'<input type="checkbox" name="rememberForm" value="on">');
$block1->contentRow('', '<input type="submit" name="loginSubmit" value="' . $strings['login'] . '"><br><br><br>' . $blockPage->buildLink('../general/sendpassword.php', $strings['forgot_pwd'], in));
$block1->closeContent();
$block1->closeForm();
require_once('../themes/' . THEME . '/footer.php');
?>