Commit 12d1557e707d7c9b9790fa800ad56f2a00a460fa
1 parent
0467f982
fixed login and error handling
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@143 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
1 changed file
with
25 additions
and
20 deletions
login.php
| @@ -23,26 +23,27 @@ require_once("$default->owl_fs_root/lib/Session.inc"); | @@ -23,26 +23,27 @@ require_once("$default->owl_fs_root/lib/Session.inc"); | ||
| 23 | // ------------------------------- | 23 | // ------------------------------- |
| 24 | // page start | 24 | // page start |
| 25 | // ------------------------------- | 25 | // ------------------------------- |
| 26 | - | 26 | +global $default; |
| 27 | if ($loginAction == "loginForm") { | 27 | if ($loginAction == "loginForm") { |
| 28 | // TODO: build login form using PatternMainPage | 28 | // TODO: build login form using PatternMainPage |
| 29 | - include("./lib/header.inc"); | ||
| 30 | - print("<CENTER>"); | ||
| 31 | - print("<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'><BR>$lang_engine<BR>$lang_version: $default->version<BR><HR WIDTH=300>"); | 29 | + //include("./lib/header.inc"); |
| 30 | + print "<CENTER>"; | ||
| 31 | + print "<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'>"; | ||
| 32 | + print "<BR><HR WIDTH=300>"; | ||
| 32 | print "<FORM ACTION=\"login.php\" METHOD=\"POST\">"; | 33 | print "<FORM ACTION=\"login.php\" METHOD=\"POST\">"; |
| 33 | 34 | ||
| 34 | if (isset($fileid)) { | 35 | if (isset($fileid)) { |
| 35 | print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">"; | 36 | print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">"; |
| 36 | print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">"; | 37 | print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">"; |
| 37 | } | 38 | } |
| 38 | - if (isset($errorMessage)) { | ||
| 39 | - print "<font color=\"red\">$errorMessage</font><br>"; | ||
| 40 | - } | 39 | + |
| 40 | + print "<font color=\"red\">$errorMessage</font><br>"; | ||
| 41 | 41 | ||
| 42 | - print "<TABLE><TR><TD>$lang_username:</TD><TD><INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>"; | ||
| 43 | - print "<TR><TD>$lang_password:</TD><TD><INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>"; | 42 | + print "<TABLE><TR><TD>$lang_username:</TD><TD> |
| 43 | + <INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>"; | ||
| 44 | + print "<TR><TD>$lang_password:</TD><TD> | ||
| 45 | + <INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>"; | ||
| 44 | print "<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>"; | 46 | print "<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>"; |
| 45 | - print "<INPUT TYPE=\"hidden\" name=\"action\" value=\"login\">\n"; | ||
| 46 | print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n"; | 47 | print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n"; |
| 47 | print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n"; | 48 | print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n"; |
| 48 | print "<BR><BR><HR WIDTH=300>"; | 49 | print "<BR><BR><HR WIDTH=300>"; |
| @@ -53,18 +54,20 @@ if ($loginAction == "loginForm") { | @@ -53,18 +54,20 @@ if ($loginAction == "loginForm") { | ||
| 53 | if (checkrequirements() == 1) { | 54 | if (checkrequirements() == 1) { |
| 54 | // TODO: appropriate error message | 55 | // TODO: appropriate error message |
| 55 | echo "check requirements failed!<br>"; | 56 | echo "check requirements failed!<br>"; |
| 56 | - //exit; | 57 | + exit; |
| 57 | } else { | 58 | } else { |
| 59 | + // set default url for login failure | ||
| 60 | + $url = $url . "login.php?loginAction=loginForm"; | ||
| 58 | // if requirements are met and we have a username and password to authenticate | 61 | // if requirements are met and we have a username and password to authenticate |
| 59 | if( isset($fUserName) && isset($fPassword) ) { | 62 | if( isset($fUserName) && isset($fPassword) ) { |
| 60 | // verifies the login and password of the user | 63 | // verifies the login and password of the user |
| 61 | - $dbAuth = new DBAuthenticator(); | 64 | + $dbAuth = new $default->authentication_class; |
| 62 | $userDetails = $dbAuth->login($fUserName, $fPassword); | 65 | $userDetails = $dbAuth->login($fUserName, $fPassword); |
| 66 | + | ||
| 63 | switch ($userDetails["status"]) { | 67 | switch ($userDetails["status"]) { |
| 64 | // bad credentials | 68 | // bad credentials |
| 65 | case 0: | 69 | case 0: |
| 66 | - // this doesn't need to go back to the controller | ||
| 67 | - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_loginfail)); | 70 | + $url = $url . "&errorMessage=$lang_loginfail"; |
| 68 | break; | 71 | break; |
| 69 | // successfully authenticated | 72 | // successfully authenticated |
| 70 | case 1: | 73 | case 1: |
| @@ -77,25 +80,27 @@ if ($loginAction == "loginForm") { | @@ -77,25 +80,27 @@ if ($loginAction == "loginForm") { | ||
| 77 | // check for a location to forward to | 80 | // check for a location to forward to |
| 78 | if (isset($redirect) && strlen(trim($redirect))>0) { | 81 | if (isset($redirect) && strlen(trim($redirect))>0) { |
| 79 | $url = urldecode($redirect); | 82 | $url = urldecode($redirect); |
| 83 | + // else redirect to the dashboard | ||
| 80 | } else { | 84 | } else { |
| 81 | - $_SESSION["authorised"] = false; | ||
| 82 | - $url = "control.php?action=DASHBOARD"; | 85 | + $_SESSION["authorised"] = false; |
| 86 | + $url = "control.php?action=dashboard"; | ||
| 83 | } | 87 | } |
| 84 | break; | 88 | break; |
| 85 | // login disabled | 89 | // login disabled |
| 86 | case 2: | 90 | case 2: |
| 87 | - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_logindisabled)); | 91 | + $url = $url . "&errorMessage=$lang_logindisabled"; |
| 88 | break; | 92 | break; |
| 89 | // too many sessions | 93 | // too many sessions |
| 90 | case 3 : | 94 | case 3 : |
| 91 | - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_toomanysessions)); | 95 | + $url = $url . "&errorMessage=$lang_toomanysessions"; |
| 92 | break; | 96 | break; |
| 93 | default : | 97 | default : |
| 94 | - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_err_general)); | 98 | + $url = $url . "&errorMessage=$lang_err_general"; |
| 95 | } | 99 | } |
| 96 | } else { | 100 | } else { |
| 97 | // didn't receive any login parameters, so redirect login form | 101 | // didn't receive any login parameters, so redirect login form |
| 98 | - $url = "control.php?action=LOGIN_FORM"; | 102 | + // TODO: set "no login parameters received error message? |
| 103 | + // internal error message- should never happen | ||
| 99 | } | 104 | } |
| 100 | redirect($url); | 105 | redirect($url); |
| 101 | } | 106 | } |