login.php
3.93 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
/**
* $Id$
*
* This page handles logging a user into the dms.
* This page displays the login form, and performs the business logic login processing.
*
* Licensed under the GNU GPL. For full terms see the file COPYING.
*
* @version $Revision$
* @author <a href="mailto:michael@jamwarehouse.com>Michael Joseph</a>, Jam Warehouse (Pty) Ltd, South Africa
* @package dms
*/
// main library routines and defaults
require_once("./config/dmsDefaults.php");
require_once("$default->owl_fs_root/lib/db.inc");
require_once("$default->owl_fs_root/lib/dms.inc");
require_once("$default->owl_fs_root/lib/lookup.inc");
//require_once("$default->owl_fs_root/config/html.php");
require_once("$default->owl_fs_root/lib/control.inc");
require_once("$default->owl_fs_root/lib/Session.inc");
// -------------------------------
// page start
// -------------------------------
global $default;
if ($loginAction == "loginForm") {
// TODO: build login form using PatternMainPage
//include("./lib/header.inc");
print "<CENTER>";
print "<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'>";
print "<BR><HR WIDTH=300>";
print "<FORM ACTION=\"login.php\" METHOD=\"POST\">";
if (isset($fileid)) {
print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">";
print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">";
}
print "<font color=\"red\">$errorMessage</font><br>";
print "<TABLE><TR><TD>$lang_username:</TD><TD>
<INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>";
print "<TR><TD>$lang_password:</TD><TD>
<INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>";
print "<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>";
print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n";
print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n";
print "<BR><BR><HR WIDTH=300>";
//include("./lib/footer.inc");
} elseif ($loginAction == "login") {
// set default url for login failure
$url = $url . "login.php?loginAction=loginForm";
// if requirements are met and we have a username and password to authenticate
if( isset($fUserName) && isset($fPassword) ) {
// verifies the login and password of the user
$dbAuth = new $default->authentication_class;
$userDetails = $dbAuth->login($fUserName, $fPassword);
switch ($userDetails["status"]) {
// bad credentials
case 0:
$url = $url . "&errorMessage=$lang_loginfail";
break;
// successfully authenticated
case 1:
// start the session
$session = new Session();
$sessionID = $session->create($userDetails["user_id"]);
// add the user details array to the session
$_SESSION["userDetails"] = $userDetails;
// check for a location to forward to
if (isset($redirect) && strlen(trim($redirect))>0) {
$url = urldecode($redirect);
// else redirect to the dashboard
} else {
$_SESSION["authorised"] = false;
$url = "control.php?action=dashboard";
}
break;
// login disabled
case 2:
$url = $url . "&errorMessage=$lang_logindisabled";
break;
// too many sessions
case 3 :
$url = $url . "&errorMessage=$lang_toomanysessions";
break;
default :
$url = $url . "&errorMessage=$lang_err_general";
}
} else {
// didn't receive any login parameters, so redirect login form
// TODO: set "no login parameters received error message?
// internal error message- should never happen
}
redirect($url);
}
?>