login.php
6.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
<?php
// main library routines and defaults
require_once("../config/dmsDefaults.php");
require_once("../lib/util/sanitize.inc");
require_once("Html.inc");
/**
* $Id$
*
* This page handles logging a user into the dms.
* This page displays the login form, and performs the business logic login processing.
*
* Copyright (c) 2003 Jam Warehouse http://www.jamwarehouse.com
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*
* @version $Revision$
* @author Michael Joseph <michael@jamwarehouse.com>, Jam Warehouse (Pty) Ltd, South Africa
*/
global $default;
if ($loginAction == "loginForm") {
// TODO: build login form using PatternMainPage
print "<html>
<head>
<META http-equiv=\"Content-Type\" content=\"text/html; charset=UTF8\">
<link rel=\"stylesheet\" href=\"$default->uiUrl/stylesheet.php\">
<link rel=\"SHORTCUT ICON\" href=\"$default->graphicsUrl/tree.ico\">
<title>The KnowledgeTree</title>
<SCRIPT TYPE=\"text/javascript\">
<!--
function submitenter(myfield,e) {
var keycode;
if (window.event) {
keycode = window.event.keyCode;
} else if (e) {
keycode = e.which;
} else {
return true;
}
if (keycode == 13) {
myfield.form.submit();
return false;
} else {
return true;
}
}
//-->
</SCRIPT
</head>
<body onload=\"javascript:document.loginForm.fUserName.focus()\">
<center>
<img src=\"$default->graphicsUrl/ktLogin.jpg\">
<br><br>
<table>\n
<form name=\"loginForm\" action=\"" . $_SERVER["PHP_SELF"] . "\" method=\"post\">
<tr><td>" . _("Please enter your details below to login") . "</td></tr>
<tr><td></td></tr>
<tr><td><font color=\"red\">" . sanitize($errorMessage) . "</font><tr><td>
\t<tr><td>" . _("Username") . ":</td></tr>
\t<tr><td><input type=\"text\" name=\"fUserName\" size=\"35\"></td></tr>
\t<tr><td>" . _("Password") . ":</td></tr>
<tr><td><input type=\"password\" name=\"fPassword\" size=\"35\" onKeyPress=\"return submitenter(this,event)\">
</td></tr>
<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>
<input type=\"hidden\" name=\"loginAction\" value=\"login\">\n
<tr align=\"right\"><td><input type=\"image\" src=\"" . KTHtml::getLoginButton() . "\" border=\"0\"></td></tr>\n
<tr><td><font size=\"1\">" . _("Version") . ": " . $default->system->get("knowledgeTreeVersion") . "</font></td></tr>
</table>
</center>
</body>
</html>";
} elseif ($loginAction == "login") {
// set default url for login failure
// with redirect appended if set
$url = $url . "login.php?loginAction=loginForm" . (isset($redirect) ? "&redirect=" . urlencode($redirect) : "");
// if requirements are met and we have a username and password to authenticate
if( isset($fUserName) && isset($fPassword) ) {
// verifies the login and password of the user
$dbAuth = new $default->authenticationClass;
$userDetails = $dbAuth->login($fUserName, $fPassword);
switch ($userDetails["status"]) {
// bad credentials
case 0:
$url = $url . "&errorMessage=" . urlencode(_("Login failure"));
break;
// successfully authenticated
case 1:
// start the session
$session = new Session();
$sessionID = $session->create($userDetails["userID"]);
// initialise page-level authorisation array
$_SESSION["pageAccess"] = NULL;
// check for a location to forward to
if (isset($redirect) && strlen(trim($redirect))>0) {
// remove any params from redirect before looking up from sitemap
if (strstr($redirect, "?")) {
$queryString = substr($redirect, strpos($redirect, "?")+1, strlen($redirect));
$redirect = substr($redirect, 0, strpos($redirect, "?"));
}
// need to strip rootUrl off $redirect
if (strlen($default->rootUrl) > 0) {
$redirect = substr($redirect, strpos($redirect, $default->rootUrl)+strlen($default->rootUrl), strlen($redirect));
}
$action = $default->siteMap->getActionFromPage($redirect);
if ($action) {
$url = generateControllerUrl($action);
} else {
// default to the dashboard
$url = generateControllerUrl("dashboard");
}
// else redirect to the dashboard if there is none
} else {
$url = generateControllerUrl("dashboard");
}
break;
// login disabled
case 2:
$url = $url . "&errorMessage=" . urlencode(_("Account has been DISABLED, contact the System Adminstrator"));
break;
// too many sessions
case 3 :
$url = $url . "&errorMessage=" . urlencode(_("Maximum sessions for user reached.<br>Contact the System Administrator"));
break;
// not a unit user
case 4 :
$url = $url . "&errorMessage=" . urlencode(_("This user does not belong to a group and is therefore not allowed to log in."));
break;
default :
$url = $url . "&errorMessage=" . urlencode(_("Login failure"));
}
} else {
// didn't receive any login parameters, so redirect login form
$default->log->error("login.php no login parameters received");
}
if (strlen($queryString) > 0) {
$url .= "&$queryString";
}
redirect($url);
} else {
// redirect to root
redirect($default->rootUrl);
}
?>