login.php
4.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
<?php
/**
* $Id$
*
* This page handles logging a user into the dms.
* This page displays the login form, and performs the business logic login processing.
*
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* @version $Revision$
* @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
* @package dms
*/
// main library routines and defaults
require_once("./config/dmsDefaults.php");
require_once("$default->owl_fs_root/lib/owl.lib.php");
require_once("$default->owl_fs_root/config/html.php");
require_once("$default->owl_fs_root/lib/control.inc");
require_once("$default->owl_fs_root/lib/Session.inc");
// -------------------------------
// page start
// -------------------------------
if ($loginAction == "loginForm") {
// TODO: build login form using PatternMainPage
include("./lib/header.inc");
print("<CENTER>");
print("<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'><BR>$lang_engine<BR>$lang_version: $default->version<BR><HR WIDTH=300>");
print "<FORM ACTION=\"login.php\" METHOD=\"POST\">";
if (isset($fileid)) {
print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">";
print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">";
}
if (isset($errorMessage)) {
print "<font color=\"red\">$errorMessage</font><br>";
}
print "<TABLE><TR><TD>$lang_username:</TD><TD><INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>";
print "<TR><TD>$lang_password:</TD><TD><INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>";
print "<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>";
print "<INPUT TYPE=\"hidden\" name=\"action\" value=\"login\">\n";
print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n";
print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n";
print "<BR><BR><HR WIDTH=300>";
//include("./lib/footer.inc");
} elseif ($loginAction == "login") {
// check the requirements
if (checkrequirements() == 1) {
// TODO: appropriate error message
echo "check requirements failed!<br>";
//exit;
} else {
// if requirements are met and we have a username and password to authenticate
if( isset($fUserName) && isset($fPassword) ) {
// verifies the login and password of the user
$dbAuth = new DBAuthenticator();
$userDetails = $dbAuth->login($fUserName, $fPassword);
switch ($userDetails["status"]) {
// bad credentials
case 0:
// this doesn't need to go back to the controller
redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_loginfail));
break;
// successfully authenticated
case 1:
// start the session
$session = new Session();
$sessionID = $session->create($userDetails["user_id"]);
// add the user details array to the session
$_SESSION["userDetails"] = $userDetails;
// check for a location to forward to
if (isset($redirect) && strlen(trim($redirect))>0) {
$url = urldecode($redirect);
} else {
$_SESSION["authorised"] = false;
$url = "control.php?action=DASHBOARD";
}
break;
// login disabled
case 2:
redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_logindisabled));
break;
// too many sessions
case 3 :
redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_toomanysessions));
break;
default :
redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_err_general));
}
} else {
// didn't receive any login parameters, so redirect login form
$url = "control.php?action=LOGIN_FORM";
}
redirect($url);
}
}
?>