<?php
/**
* Login page
*
* Passwords are presently cleartext. Not sure how to fix save SSL.
*
* Also, I'd like to force initial focus to the username field. Finally, some form of password reset would be nice.
*
* @author Stephen Rochelle <hide@address.com>
* @version OFFL v0.2
* @copyright Copyright (c) 2004 Stephen Rochelle. Some rights reserved.
* @package offl-ui
*/
$pageTitle = "Login";
$public=1;
$emsg = NULL;
// prevent output while header is loaded
ob_start();
require_once("offlconfig.php");
require_once($DOC_ROOT . "/lib/header.php");
if(isset($_SESSION["user_id"]))
{
?><META http-equiv="refresh" content="0; URL=<?php echo $WEB_ROOT . "/leagues.php" ?>"><?php
}
else
{
if (isset($_POST["entryType"]) && ($_POST["entryType"] == "Input"))
{
if (($_POST["userid"] == "guest") || ($_POST["userid"] == ""))
{
// this login is for browsing only.
$_SESSION["fflteam_id"] = -1;
$_SESSION["user_id"] = -1;
$_SESSION["league_id"] = NULL;
}
else
{
$auth = new OFFL_User();
$user = $auth->cryptAuth($_POST["userid"],$_POST["password"]);
if (is_null($user))
{
$emsg = "Password not accepted.";
}
else
{
$_SESSION["user_id"] = $user->getUserID();
setcookie(OFFL_COOKIE_NAME, md5($user->getUsername() . "--" . $user->getPasswordHash()), time() + 3600*24*14);
if($user->getAdmin() == 1)
{ $_SESSION["admin"] = TRUE; }
}
}
if (!isset($emsg))
{
?>
<div class="success"><p>Login Successful.</p>
<p>You are being redirected to the <a href="<?php echo $WEB_ROOT; ?>/leagues.php">main menu</a>.</p></div>
<META http-equiv="refresh" content="0; URL=<?php echo $WEB_ROOT . "/leagues.php" ?>">
<?php
}
}
// allow output now
ob_end_flush();
?>
<!-- Stuff goes here -->
<?php
if (isset($emsg))
{
?>
<p>
<div class="alert">
There has been an error trying to authenticate logon.<br>
Error Message: <?php echo $emsg ?><p>
Please try again.
</div>
<p>
<?php
}
if (isset($_GET["login"]))
{ ?>
<div class="alert">
You cannot access that page without logging in.
</div>
<?php }
?>
<script language="javascript">
function hashPassword()
{
document.forms.login.password.value = hex_md5(hex_md5(document.forms.login.userpassword.value) + document.forms.login.logintime.value);
document.forms.login.userpassword.value = ""; // oops! Almost sent this in the clear anyway!
document.forms.login.logintime.value = ""; // just in case
document.forms.login.submit();
}
function checkEnter(e)
{ //e is event object passed from function invocation
var characterCode; // literal character code will be stored in this variable
if(e && e.which)
{ //if which property of event object is supported (NN4)
e = e;
characterCode = e.which; //character code is contained in NN4's which property
}
else
{
e = event;
characterCode = e.keyCode; //character code is contained in IE's keyCode property
}
if(characterCode == 13)
{ //if generated character code is equal to ascii 13 (if enter key)
e.cancelBubble = true; // maybe cancels beep?
hashPassword(); // submit form
return false;
}
return true;
}
</script>
<form id="login" action="index.php" method="post">
<table border="0">
<tr>
<td class="normalfont">
Username:
</td>
<td class="normalfont">
<input type="text" name="userid" class="fieldfont" tabindex="1" value="<?php if (isset($_POST["userid"])) { echo $_POST["userid"]; } ?>" />
</td>
</tr>
<tr>
<td class="normalfont">
Password:
</td>
<td class="normalfont">
<input type="password" name="userpassword" class="fieldfont" tabindex="2" value="" onKeyPress="checkEnter(event)" />
</td>
</tr>
<tr>
<td>
<input type="button" name="submitBtn" value="Submit" onclick="hashPassword()" />
</td>
</tr>
</table>
<input type="hidden" name="entryType" value="Input" />
<input type="hidden" name="password" value="" />
<input type="hidden" name="logintime" value="<?php echo $_SESSION["login_time"]; ?>" />
</form>
<p>Leave the form blank to browse as a guest.</p>
<?php
}
require($DOC_ROOT . "/lib/footer.php"); ?>