Viewing file:  login.php (8.95 KB) -rw-rw-rw-
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
<?php
include "includes/config.php";
include "includes/php-dbi.php";
include "includes/functions.php";
include "includes/$user_inc";
include "includes/connect.php";
// Change this to true to show "no such user" or "invalid password" on
// login failures.
$showLoginFailureReason = true;
load_global_settings ();
if ( ! empty ( $last_login ) ) {
$login = "";
}
if ( empty ( $webcalendar_login ) ) {
$webcalendar_login = "";
}
if ( $remember_last_login == "Y" && empty ( $login ) ) {
$last_login = $login = $webcalendar_login;
}
include "includes/translate.php";
// see if a return path was set
if ( ! empty ( $return_path ) ) {
$return_path = clean_whitespace ( $return_path );
$url = $return_path;
} else {
$url = "index.php";
}
$lang = '';
if ( ! empty ( $LANGUAGE ) && $LANGUAGE != "Browser-defined" && $LANGUAGE != "none" ) {
$lang = languageToAbbrev ( $LANGUAGE );
} else {
$lang_long = get_browser_language ();
$lang = languageToAbbrev ( $lang_long );
}
if ( empty ( $lang ) ) {
$lang = 'en';
}
$login = getPostValue ( 'login' );
$password = getPostValue ( 'password' );
if ( ! empty ( $settings['session'] ) && $settings['session'] = 'php' ) {
session_start ();
}
// calculate path for cookie
if ( empty ( $PHP_SELF ) ) {
$PHP_SELF = $_SERVER["PHP_SELF"];
}
$cookie_path = str_replace ( "login.php", "", $PHP_SELF );
//echo "Cookie path: $cookie_path\n$cookie_path1";
if ( $single_user == "Y" ) {
// No login for single-user mode
do_redirect ( "index.php" );
} else if ( $use_http_auth ) {
// There is no login page when using HTTP authorization
do_redirect ( "index.php" );
} else {
if ( ! empty ( $login ) && ! empty ( $password ) ) {
if ( get_magic_quotes_gpc() ) {
$password = stripslashes ( $password );
$login = stripslashes ( $login );
}
$login = trim ( $login );
if ( $login != addslashes ( $login ) ) {
die_miserable_death ( "Illegal characters in login " .
"<tt>" . htmlentities ( $login ) . "</tt>" );
}
if ( user_valid_login ( $login, $password ) ) {
user_load_variables ( $login, "" );
// set login to expire in 365 days
srand((double) microtime() * 1000000);
$salt = chr( rand(ord('A'), ord('z'))) . chr( rand(ord('A'), ord('z')));
$encoded_login = encode_string ( $login . "|" . crypt($password, $salt) );
if ( ! empty ( $settings['session'] ) && $settings['session'] = 'php' ) {
$_SESSION['webcalendar_session'] = $encoded_login;
} else {
if ( ! empty ( $remember ) && $remember == "yes" ) {
SetCookie ( "webcalendar_session", $encoded_login,
time() + ( 24 * 3600 * 365 ), $cookie_path );
} else {
SetCookie ( "webcalendar_session", $encoded_login, 0, $cookie_path );
}
}
load_user_preferences ();
// The cookie "webcalendar_login" is provided as a convenience to
// other apps that may wish to find out what the last calendar
// login was, so they can use week_ssi.php as a server-side include.
// As such, it's not a security risk to have it un-encoded since it
// is not used to allow logins within this app. It is used to
// load user preferences on the login page (before anyone has
// logged in) if $remember_last_login is set to "Y" (in admin.php).
if ( ! empty ( $remember ) && $remember == "yes" ) {
SetCookie ( "webcalendar_login", $login,
time() + ( 24 * 3600 * 365 ), $cookie_path );
} else {
SetCookie ( "webcalendar_login", $login, 0, $cookie_path );
}
do_redirect ( $url );
} else {
// Invalid login
if ( empty ( $error ) || ! $showLoginFailureReason ) {
$error = translate("Invalid login" );
}
}
} else {
// No login info... just present empty login page
//$error = "Start";
}
// delete current user
SetCookie ( "webcalendar_session", "", 0, $cookie_path );
// In older versions the cookie path had no trailing slash and NS 4.78
// thinks "path/" and "path" are different, so the line above does not
// delete the "old" cookie. This prohibits the login. So we delete the
// cookie with the trailing slash removed
if (substr($cookie_path, -1) == '/') {
SetCookie ( "webcalendar_session", "", 0, substr($cookie_path, 0, -1) );
}
}
$charset = ( ! empty ( $LANGUAGE )?translate("charset"): "iso-8859-1" );
echo "<?xml version=\"1.0\" encoding=\"$charset\"?>" . "\n";
?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" lang="<?php echo $lang; ?>">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
<title><?php etranslate($application_name)?></title>
<script type="text/javascript">
// error check login/password
function valid_form ( form ) {
if ( form.login.value.length == 0 || form.password.value.length == 0 ) {
alert ( "<?php etranslate("You must enter a login and password")?>." );
return false;
}
return true;
}
function myOnLoad() {
<?php if ( ! empty ( $plugins_enabled ) && ( $plugins_enabled ) ){ ?>
if (self != top) {
window.open("login.php","_top","");
return;
}
<?php } ?>
document.login_form.login.focus();
<?php
if ( ! empty ( $login ) ) echo "document.login_form.login.select();";
if ( ! empty ( $error ) ) {
echo " alert ( \"$error\" );\n";
}
?>
}
</script>
<?php
include "includes/styles.php";
// Print custom header (since we do not call print_header function)
if ( ! empty ( $CUSTOM_SCRIPT ) && $CUSTOM_SCRIPT == 'Y' ) {
$res = dbi_query (
"SELECT cal_template_text FROM webcal_report_template " .
"WHERE cal_template_type = 'S' and cal_report_id = 0" );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
echo $row[0];
}
dbi_free_result ( $res );
}
}
?>
</head>
<body onload="myOnLoad();">
<?php
// Print custom header (since we do not call print_header function)
if ( ! empty ( $CUSTOM_HEADER ) && $CUSTOM_HEADER == 'Y' ) {
$res = dbi_query (
"SELECT cal_template_text FROM webcal_report_template " .
"WHERE cal_template_type = 'H' and cal_report_id = 0" );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
echo $row[0];
}
dbi_free_result ( $res );
}
}
?>
<h2><?php
// If Application Name is set to Title then get translation
// If not, use the Admin defined Application Name
if ( ! empty ( $application_name ) && $application_name =="Title") {
etranslate($application_name);
} else {
echo htmlspecialchars ( $application_name );
}
?></h2>
<?php
if ( ! empty ( $error ) ) {
print "<span style=\"color:#FF0000; font-weight:bold;\">" .
translate("Error") . ": $error</span><br />\n";
} else {
print "<br />\n";
}
?>
<form name="login_form" id="login" action="login.php" method="post"
onsubmit="return valid_form(this)">
<?php
if ( ! empty ( $return_path ) ) {
echo "<input type=\"hidden\" name=\"return_path\" value=\"" .
htmlentities ( $return_path ) . "\" />\n";
}
?>
<table cellpadding="10" align="center">
<tr><td rowspan="2">
<img src="login.gif" alt="Login" /></td><td align="right">
<label for="user"><?php etranslate("Username")?>:</label></td><td>
<input name="login" id="user" size="15" maxlength="25"
value="<?php if ( ! empty ( $last_login ) ) echo $last_login;?>"
tabindex="1" />
</td></tr>
<tr><td style="text-align:right;">
<label for="password"><?php etranslate("Password")?>:</label></td><td>
<input name="password" id="password" type="password" size="15"
maxlength="30" tabindex="2" />
</td></tr>
<tr><td colspan="3" style="font-size: 10px;">
<input type="checkbox" name="remember" id="remember" tabindex="3"
value="yes" <?php if ( ! empty ( $remember ) && $remember == "yes" ) {
echo "checked=\"checked\""; }?> /><label for="remember">
<?php etranslate("Save login via cookies so I don't have to login next time")?></label>
</td></tr>
<tr><td colspan="4" style="text-align:center;">
<input type="submit" value="<?php etranslate("Login")?>" tabindex="4" />
</td></tr>
</table>
</form>
<?php if ( ! empty ( $public_access ) && $public_access == "Y" ) { ?>
<br /><br />
<a class="nav" href="index.php">
<?php etranslate("Access public calendar")?></a><br />
<?php } ?>
<?php if ( $demo_mode == "Y" ) {
// This is used on the sourceforge demo page
echo "Demo login: user = \"demo\", password = \"demo\"<br />";
} ?>
<br /><br /><br />
<span class="cookies"><?php etranslate("cookies-note")?></span><br />
<hr />
<br /><br />
<a href="<?php echo $PROGRAM_URL ?>" id="programname"><?php echo $PROGRAM_NAME?></a>
<?php // Print custom trailer (since we do not call print_trailer function)
if ( ! empty ( $CUSTOM_TRAILER ) && $CUSTOM_TRAILER == 'Y' ) {
$res = dbi_query (
"SELECT cal_template_text FROM webcal_report_template " .
"WHERE cal_template_type = 'T' and cal_report_id = 0" );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
echo $row[0];
}
dbi_free_result ( $res );
}
} ?>
</body>
</html>
|