Location: PHPKode > projects > Saurus CMS > classes/login_html.inc.php
<?php
/**
 * This source file is is part of Saurus CMS content management software.
 * It is licensed under MPL 1.1 (http://www.opensource.org/licenses/mozilla1.1.php).
 * Copyright (C) 2000-2010 Saurused Ltd (http://www.saurus.info/).
 * Redistribution of this file must retain the above copyright notice.
 * 
 * Please note that the original authors never thought this would turn out
 * such a great piece of software when the work started using Perl in year 2000.
 * Due to organic growth, you may find parts of the software being
 * a bit (well maybe more than a bit) old fashioned and here's where you can help.
 * Good luck and keep your open source minds open!
 * 
 * @package		SaurusCMS
 * @copyright	2000-2010 Saurused Ltd (http://www.saurus.info/)
 * @license		Mozilla Public License 1.1 (http://www.opensource.org/licenses/mozilla1.1.php)
 * 
 */


/**
 * Login forms, required browser, etc html printing functions;
 * Usually an entire page html is printed to output.
 * 
 */

############################
# FUNCTION admin_login_form
/**
 * admin_login_form
 * 
 * prints admin-area login page html
 *
 * 
 * @package CMS
 * 
 * usage:	include_once($class_path."login_html.inc.php");
 *			admin_login_form(array("site" => $this, "auth_error" => 1));
 */
function admin_login_form() {
	$args = func_get_arg(0);
	$site = &$args['site']; # pointer to site instance
	$auth_error = $args['auth_error']; # 1/0, 1 kui sisselogimine ebaõnnestus, 2 kui kasutaja lukustatud

	##### if auth_error parameter not provided, try to find out it: 
	if($site->fdat["op"] == 'login' && $site->fdat["url"]){
		# POOLELI
	}

	#################
	# language selectbox data
	$sql = "select distinct keel.keel_id, keel.keel_id as keel, keel.nimi, keel.on_default_admin from keel left join sys_sonad on keel.keel_id = sys_sonad.keel where sys_sonad.keel is not null and keel.keel_id < 500 order by keel.nimi";
	$sth = new SQL($sql);
	$site->debug->msg($sth->debug->get_msgs());	
	$lang_count = $sth->rows;
	####### loop over in use languages
	while ($lang = $sth->fetch()) {
		$reserv_output .= "<option value=\"".$lang['keel']."\" ".($lang['on_default_admin'] ? 'selected':'').">".$lang['nimi']."</option>\n";

		# ARVUTA TÕLGITUD sõnade arv:  nii, et kui näiteks teed somaalia keele saiti ja admin osa stringe pole tõlgitud, siis ei näidata keele valikuna seda sisselogimise juures
		$sql2 = $site->db->prepare("
			SELECT COUNT(sona) AS cnt_sona, COUNT(origin_sona) AS cnt_origin_sona 
			FROM sys_sonad
			WHERE sst_id = 12 AND keel = ?", 
			$lang[keel]
		);
		$sth2 = new SQL($sql2);
		$site->debug->msg($sth2->debug->get_msgs());
		$tmp_rec =  $sth2->fetchrow();
		$translated = ($tmp_rec['cnt_sona'] > 30 || $tmp_rec['cnt_origin_sona'] > 30) ? 1 : 0;
		
		# Naitame valikus ainult keeled, mis juba t6lkitud.
		if ($translated){
			$output .= "<option value=\"".$lang['keel']."\" ".($lang['on_default_admin'] ? 'selected':'').">".$lang['nimi']."</option>\n";
			$naidatud = 1;
		}

		if (!$naidatud){ $output = $reserv_output; };

	} # / loop over in use languages
	# / language selectbox data
	#################

	#################
	# get default admin language
	$sql = $site->db->prepare("SELECT glossary_id FROM keel WHERE keel.on_default_admin='1' LIMIT 1");
	$sth = new SQL($sql);
	$default_admin_lang = $sth->fetchsingle();

	#################
	# get site metadata
	# metadata is saved in the HOME SECTION object
	$home_id = $site->alias(array(
		'key' => 'rub_home_id',
		'keel' => $site->keel,
	));
	# can't use "new Objekt" here, beacuse site is not fully loaded yet.
	$sql = $site->db->prepare("SELECT objekt_id, meta_title FROM objekt WHERE objekt_id=?",	$home_id);
	$sth = new SQL($sql);
	$home_objekt = $sth->fetch();
	$meta_title = $home_objekt['meta_title'];

	# / get site metadata
	#################
	
	$url = str_replace(array('?op=logout', '&op=logout', urlencode('?op=logout'), urlencode('&op=logout')), '', $site->safeURI);
?> 
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
	<title><?=$meta_title?></title>
	<meta http-equiv="Content-Type" content="text/html; charset=<?=$site->encoding?>">
	<link rel="stylesheet" type="text/css" href="<?=$site->CONF['wwwroot'].$site->CONF['styles_path'] ?>/loginscreen.css">
</head>

<body style="overflow-y: auto; overflow-x: auto;" onLoad="document.forms['loginform'].user.focus()">
	<?########### FORM ?>
	  <form method="post" name="loginform" action="<?=$site->wwwroot?><?if($site->in_admin){echo "/admin";}if($site->in_editor){echo "/editor";}?>/index.php">
	<?
	foreach ($site->fdat as $key=>$value) {
		if (!is_array($value) && $key!="user" && $key!="pass" && !($key == 'op' && $value == 'logout')) {
	?>
		<input type="hidden" name="<?php echo htmlspecialchars(xss_clean($key)); ?>" value="<?php echo htmlspecialchars(xss_clean($value)); ?>">
	<?
		}
	}
	?>
	<input type=hidden name="op" value="login">
	<input type=hidden name="url" value="<?php echo $url ?>">

	<table width="100%" height="99%" cellspacing=0 cellpadding=0 border=0>
		<tr>
			<td valign=middle align=center>
				
				<table class="shadow_box_wrapper" cellspacing="0" cellpadding="0">
					<tr><td class="tl"></td><td class="tc"></td><td class="tr"></td></tr>
					<tr>
						<td class="ml"></td>
						<td> <!-- shadow_box_wrapper content -->
							
							<div id="loginbox">
								<div id="loginhead">
									<h1><?=$site->sys_sona(array(sona => "Admin login", tyyp=>"Admin")) ?></h1>
									<a href="<?=$site->wwwroot?>" title="<?=$meta_title?>"><?=strlen($meta_title)>50?substr($meta_title,0,50).'..':$meta_title?></a>
								</div>
								<div id="loginmain">
								<?######## error #######?>
									<? if ($auth_error == 1) { ?>
										<div class="errormessage"><?=$site->sys_sona(array(sona => "Unauthorized access", tyyp=>"Admin")) ?></div>
									<? } elseif ($auth_error == 2) { ?>
										<div class="errormessage"><?=str_replace("[minutes]",$site->CONF['login_locked_time'], $site->sys_sona(array(sona => "Maximum logins error", tyyp=>"Admin"))) ?></div>

									<? } ?>
								<?### / error ####?>
									<div></div> <?## IE7 bug - needs this to show errormessage, otherwise it will dissapera#?>
									<table>
								<?######## username #######?>
									<?php
										$username = '';
									?>
										<tr>
											<td class="label"><?=$site->sys_sona(array(sona => "Username", tyyp=>"Admin")) ?>:</td>
											<td><input type="text" name="user" value="<?=xss_clean($username);?>"></td>
										</tr>
							<?######## password #######?>
										<tr>
											<td class="label"><?=$site->sys_sona(array(sona => "Password", tyyp=>"Admin")) ?>:</td>
											<td><input type="password" name="pass"></td>
										</tr>
							<?######## language selectbox:  #######?>
							<? # show only if more than one language found
								if($lang_count > 1) {
										?>
										<tr>
											<td class="label"><?=$site->sys_sona(array(sona => "translations", tyyp=>"Admin")) ?>:</td>
											<td><select name="keel"><?=$output?></select></td>
										</tr>
									<? }
								# otherwise display hidden field with default lang ID value (Bug #2460)		
								else {	?>
										<input type="hidden" name="keel" value="<?=$default_admin_lang?>">
							<?} ?>
										<tr>
											<td colspan="2"><div class="separator"></div></td>
										</tr>
										<tr id="bottomrow">
											<td></td>
											<td>
												<input id="loginbutton" type="submit" name="Submit" value="<?=$site->sys_sona(array(sona => "Login", tyyp=>"Admin")) ?>">
												<? if($site->CONF['allow_forgot_password']){ ?>
													<a href="?op=remindpass"><?=$site->sys_sona(array(sona => "Unustasid parooli", tyyp=>"kasutaja"))?></a>
												<?}?>
											</td>
										</tr>
									</table>
								</div>
							</div>
							
						</td> <!-- shadow_box_wrapper content -->
						<td class="mr"></td>
					</tr>
					<tr><td class="bl"></td><td class="bc"></td><td class="br"></td></tr>
				</table> <!-- shadow_box_wrapper -->
				<div id="logindisclaimer">Saurus CMS CE <a href="http://www.saurus.info/" title="Web content management software Saurus CMS">www.saurus.info</a></div>
			</td>
		</tr>
	</table>	

	</form>
	<?########### / FORM ?>

	</body>
	</html>
	<?
if($site->user) { $site->user->debug->print_msg(); }
# guest debug: 
if($site->guest) { 	$site->guest->debug->print_msg(); }

$site->debug->print_msg();

	exit();
}
# / FUNCTION admin_login_form
############################


############################
# FUNCTION print_remindpass_form
/**
* print_remindpass_form
* 
* prints forgotten password page html (entire page),
* uses array $site->fdat['form_error'] if needed.
* 
* @package CMS
* 
* usage:	include_once($class_path."login_html.inc.php");
*			print_remindpass_form(array("site" => $this));
*/
function print_remindpass_form() {
	$args = func_get_arg(0);
	$site = &$args['site']; # pointer to site instance
	
	# check if feature is allowed: 
	if(!$site->CONF['allow_forgot_password']){ return; }

	############ STEP 1 => FORM

	# decide if we are in this form first time or second time but with errors 
	if($site->fdat['op2'] == 'send' && !is_array($site->fdat['form_error'])) {
		$pass_is_sent = 1;
	} else { $pass_is_sent = 0; }
	
	#################
	# get site metadata
	# metadata is saved in the HOME SECTION object
	$home_id = $site->alias(array(
		'key' => 'rub_home_id',
		'keel' => $site->keel,
	));
	# can't use "new Objekt" here, beacuse site is not fully loaded yet.
	$sql = $site->db->prepare("SELECT objekt_id, meta_title FROM objekt WHERE objekt_id=?",	$home_id);
	$sth = new SQL($sql);
	$home_objekt = $sth->fetch();
	$meta_title = $home_objekt['meta_title'];

	# / get site metadata
	#################


######## lisatud header kuna muidu tekib gzip-i compressi kasutamisel esimesel korral valge tühi leht
header("Content-type: text/html;charset=".$site->encoding);

?><!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title><?=$meta_title?></title>
<meta http-equiv="Content-Type" content="text/html; charset=<?=$site->encoding?>">
	<link rel="stylesheet" type="text/css" href="<?=$site->CONF['wwwroot'].$site->CONF['styles_path'] ?>/loginscreen.css">
</head>

<body style="overflow-y: auto; overflow-x: auto;" <?if(!$pass_is_sent){?>onLoad="document.forms['loginform'].email.focus()"<?}?>>

	<?########### FORM ?>
	  <form method="POST" name="loginform" action="<?=$site->wwwroot?><?if($site->in_admin){echo "/admin";}if($site->in_editor){echo "/editor";}?>/index.php">
	<?
	#added by Dima 05.05.2003
	foreach ($site->fdat as $key=>$value) {
		if (!is_array($value) && $key!="email" && $key!="op2") {
	?>
		<input type="hidden" name="<?=$key?>" value="<?=$value?>">
	<?
		}
	}
	?>
	<input type=hidden name=op2 value="send">

	<table width="100%" style="height: 99%;" cellspacing=0 cellpadding=0 border=0>
		<tr>
			<td valign=middle align=center>
				
				<table class="shadow_box_wrapper" cellspacing="0" cellpadding="0">
					<tr><td class="tl"></td><td class="tc"></td><td class="tr"></td></tr>
					<tr>
						<td class="ml"></td>
						<td> <!-- shadow_box_wrapper content -->
				
							<div id="loginbox">
								<div id="loginhead">
									<h1><?=$site->sys_sona(array(sona => "Admin login", tyyp=>"Admin")) ?></h1>
									<a href="<?=$site->wwwroot?>" title="<?=$meta_title?>"><?=strlen($meta_title)>50?substr($meta_title,0,50).'..':$meta_title?></a>
								</div>
								<div id="loginmain">
									<?######## error OR ok message #######?>
									<? if ($site->fdat['form_error']['email'] || $pass_is_sent) { ?>
			
										<?if($site->fdat['form_error']['email']){?>
											<div class="errormessage"><?=$site->fdat['form_error']['email']?></div>
										<?}elseif($pass_is_sent){?>
											<div class="okmessage"><?=$site->sys_sona(array(sona => "unustatud_parool_saadetud", tyyp=>"system"))?></div>
										<?}?>
									<? } ?>						
									<div></div> <?## IE7 bug - needs this to show errormessage, otherwise it will dissapera#?>
									<table cellspacing="0" cellpadding="0" border="0">
								<?if(!$pass_is_sent){?>
											<tr><td colspan=2 class="label"><?=$site->sys_sona(array(sona => "Unustatud parooli saatmine", tyyp=>"kujundus"))?></td></tr>
										<?}?>
									
								<?if(!$pass_is_sent){?>
								<?######## e-mail #######?>
										<tr>
											<td class="label"><?=$site->sys_sona(array(sona => "Email", tyyp=>"kasutaja"))?>:</td>
											<td><input type="text" name="email"></td>
										</tr>
								<?}?>
										<tr>
											<td colspan="2"><div class="separator"></div></td>
										</tr>					
										<tr id="bottomrow">
											<td></td>
											<td>
												<?if(!$pass_is_sent){?>
													<input id="loginbutton" type="submit" name="Submit" value="<?=$site->sys_sona(array(sona => "Saada", tyyp=>"kasutaja")) ?>">
												<?}?>
												<a href="index.php?id=<?=$site->fdat['id']?>"><?=$site->sys_sona(array(sona => "tagasi", tyyp=>"editor"))?></a>
											</td>
										</tr>
										</table>
								
								</div> <!-- #loginmain -->
								
								
							</div> <!-- #loginbox -->
						</td> <!-- shadow_box_wrapper content -->
						<td class="mr"></td>
					</tr>
					<tr><td class="bl"></td><td class="bc"></td><td class="br"></td></tr>
				</table> <!-- shadow_box_wrapper -->
				<div id="logindisclaimer">Saurus CMS CE <a href="http://www.saurus.info/" title="Web content management software Saurus CMS">www.saurus.info</a></div>
			</td>
		</tr>
	</table>	

	</form>
	<?########### / FORM ?>

	</body>
	</html>
<?
if($site->user) { $site->user->debug->print_msg(); }
# guest debug: 
if($site->guest) { 	$site->guest->debug->print_msg(); }

$site->debug->print_msg();

	return;
}
# / FUNCTION print_remindpass_form
############################


############################
# FUNCTION send_remindpass
/**
* send_remindpass
* 
* sends an e-mail to the user with new generated password or
* if errors occurred then saves errors to the $site->fdat['form_error'] array.
* Requires: GET/POST parameter "op2" must be "send", is step 2 after #remind password# form
* 
* @package CMS
* 
* usage:	include_once($class_path."login_html.inc.php");
*			send_remindpass(array("site" => $this));
*/
function send_remindpass() {
	$args = func_get_arg(0);
	$site = &$args['site']; # pointer to site instance
	# check if feature is allowed: 
	if(!$site->CONF['allow_forgot_password']){ return; }

	#########################
	# STEP 2 => SEND E-MAIL
	if($site->fdat['op2'] == 'send') {

	##### emaili formaadi kontroll
	if (!preg_match("/^[\w\-\&\.\d]+\@[\w\-\&\.\d]+$/", $site->fdat['email'])) {
		$op2_status = "error";
		$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "wrong email format", tyyp=>"kasutaja"));
	}
	#### if no errors
	if ($op2_status != "error") {

		###### check if user exists
		$sql = $site->db->prepare("SELECT user_id, firstname,lastname,username,email,is_readonly FROM users WHERE email LIKE ? ", $site->fdat['email']);
#		print $sql;
		$sth = new SQL($sql);
		$site->debug->msg($sth->debug->get_msgs());
		$user = $sth->fetch();	
#		printr($user);
#		exit;

		##### exactly 1 user found => OK
		if ($sth->rows == 1 && $user['is_readonly']!=1) {
			# data sanity: if account info exists => OK
			if($user['username']){ 
	
			######## always GENERATE NEW PASSWORD
			$new_pass = genpassword(8); # length 8 char
			# then encrypt password
			$enc_new_pass = crypt($new_pass, Chr(rand(65,91)).Chr(rand(65,91)));
		
			########## CHANGE password
			$sql = $site->db->prepare("UPDATE users SET password=? WHERE user_id=? ", $enc_new_pass, $user['user_id']);
#			print $sql;
			$sth = new SQL($sql);		

			########## SEND email
			$header = "<br>";
			$footer = "<br>____________________________________<br>
			".$site->CONF["site_name"]."<br>
			".(empty($_SERVER['HTTPS']) ? 'http://' : 'https://').$site->CONF["hostname"].$site->CONF["wwwroot"]."/";

			/*
			$headers  = "MIME-Version: 1.0\r\n";
			$headers .= "Content-type: text/html; charset=".$site->encoding."\r\n";
			$headers .= "From: ".$site->CONF["from_email"]."\r\n";
			*/

$message .= "
".$site->sys_sona(array(sona => "Name", tyyp=>"Admin")).": ".$user['firstname']." ".$user['lastname']."<br>
".$site->sys_sona(array(sona => "Username", tyyp=>"Admin")).": ".$user['username']."<br>
".$site->sys_sona(array(sona => "Password", tyyp=>"Admin")).": ".$new_pass."<br>
";

$message .= '<br>'.$site->sys_sona(array(sona => "forgotten password: mail body", tyyp=>"kasutaja")).'<br>';

			global $class_path;
			include_once($class_path.'mail.class.php');

			$mail = new email(array(
		  		'subject' => $site->sys_sona(array('sona' => 'unustatud parool: subject', 'tyyp' => 'kasutaja')),
		  		'message' => strip_tags($header.$message.$footer),
		  		'html' => $header.$message.$footer,
		  		'charset' => $site->encoding,
		  	));
		  	
		  	$send_status = $mail->send_mail(array(
		  		'to' => $user['email'],
		  		'from' => $site->CONF['from_email'],
		  	));

			//$send_status = mail ($user['email'],$site->sys_sona(array(sona => "unustatud parool: subject", tyyp=>"kasutaja")), $header.$message.$footer, $headers);

			######## MAIL OK
			if ($send_status) { 
				new Log(array(
					'action' => 'send',
					'component' => 'Users',
					'message' => "Password reminder: e-mail sent to '".$user['email']."'.",
				));
				$op2_status = "ok";			
			}
			######## MAIL ERROR
			else  { 
				new Log(array(
					'action' => 'send',
					'component' => 'Users',
					'type' => 'ERROR',
					'message' => "Password reminder error: can't send e-mail to '".$user['email']."'.",
				));
				$op2_status = "error";
				$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "viga", tyyp=>"kujundus"));			
			} 

			} # if account info exists
			# if no username found => error
			else {
				new Log(array(
					'action' => 'send',
					'component' => 'Users',
					'type' => 'ERROR',
					'message' => "Password reminder error: user with e-mail '".$site->fdat['email']."' doesn't have username.",
				));
				$op2_status = "error";
				$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja"));	
			}
		} # exactly 1 user found 
		else {
				# 0) the User is flagged is_readonly => write log message
			if($user['is_readonly']==1){
					new Log(array(
						'action' => 'send',
						'component' => 'Users',
						'type' => 'ERROR',
						'message' => "Password reminder error: the email '".$site->fdat['email']."' belongs to a is_readonly flagged user, so no password was sent.",
					));
			}else{
				# 1) if more than 1 users found => write log message
				if($sth->rows > 1) { 
					new Log(array(
						'action' => 'send',
						'component' => 'Users',
						'type' => 'ERROR',
						'message' => "Password reminder error: more than 1 user found with  e-mail '".$site->fdat['email']."'.",
					));
				}
				# 2) if no users found => write log message and give error message
				else {
					new Log(array(
						'action' => 'send',
						'component' => 'Users',
						'type' => 'ERROR',
						'message' => "Password reminder error: no user found with e-mail '".$site->fdat['email']."'.",
					));
				}
			}
			$op2_status = "error";
			$site->fdat['form_error']['email'] = $site->sys_sona(array(sona => "email not found", tyyp=>"kasutaja"));	
		} # how many users found
	} # email is ok
	} # op2
	# / STEP 2 => SEND
	#########################

	return $site->fdat['form_error'];
}
# / FUNCTION send_remindpass
############################


###################
# Generates a somewhat random pronounceable password $length letters long
function genpassword($length){

    srand((double)microtime()*1000000);

    $vowels = array("a", "e", "i", "o", "u");
    $cons = array("b", "c", "d", "g", "h", "j", "k", "l", "m", "n", "p", "r", "s", "t", "u", "v", "w", "tr", "cr", "br", "fr", "th", "dr", "ch", "ph", "wr", "st", "sp", "sw", "pr", "sl", "cl");
    $numbers = array("1", "2", "3", "4", "5", "6", "7", "8", "9");

	$password = '';

    $num_vowels = count($vowels);
    $num_cons = count($cons);
    $num_numbers = count($numbers);

    for($i = 0; $i < $length; $i++){
        $password .= $cons[rand(0, $num_cons - 1)] . $vowels[rand(0, $num_vowels - 1)] ;
    }
    $password = $numbers[rand(0, $num_numbers - 1)].$password;

    return substr($password, 0, $length);
}
Return current item: Saurus CMS