Peter M. Groen / knowledgetree

Commit 3021e3c050decc3d68d051785b6c6236800daea5

Authored by michael
1 parent d634e530

fixed login and error handling 


git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@143 c91229c3-7414-0410-bfa2-8a42b809f60b
Inline Side-by-side
Showing 1 changed file with 25 additions and 20 deletions
login.php
  View file @3021e3c
... ... @@ -23,26 +23,27 @@ require_once("$default->owl_fs_root/lib/Session.inc");
23 23 // -------------------------------
24 24 // page start
25 25 // -------------------------------
26   -
  26 +global $default;
27 27 if ($loginAction == "loginForm") {
28 28 // TODO: build login form using PatternMainPage
29   - include("./lib/header.inc");
30   - print("<CENTER>");
31   - print("<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'><BR>$lang_engine<BR>$lang_version: $default->version<BR><HR WIDTH=300>");
  29 + //include("./lib/header.inc");
  30 + print "<CENTER>";
  31 + print "<IMG SRC='$default->owl_root_url/locale/$default->owl_lang/graphics/$default->logo'>";
  32 + print "<BR><HR WIDTH=300>";
32 33 print "<FORM ACTION=\"login.php\" METHOD=\"POST\">";
33 34  
34 35 if (isset($fileid)) {
35 36 print "<INPUT TYPE=\"HIDDEN\" NAME=\"parent\" value=\"$parent\">";
36 37 print "<INPUT TYPE=\"HIDDEN\" NAME=\"fileid\" value=\"$fileid\">";
37 38 }
38   - if (isset($errorMessage)) {
39   - print "<font color=\"red\">$errorMessage</font><br>";
40   - }
  39 +
  40 + print "<font color=\"red\">$errorMessage</font><br>";
41 41  
42   - print "<TABLE><TR><TD>$lang_username:</TD><TD><INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>";
43   - print "<TR><TD>$lang_password:</TD><TD><INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>";
  42 + print "<TABLE><TR><TD>$lang_username:</TD><TD>
  43 + <INPUT TYPE=\"TEXT\" NAME=\"fUserName\"><BR></TD></TR>";
  44 + print "<TR><TD>$lang_password:</TD><TD>
  45 + <INPUT TYPE=\"PASSWORD\" NAME=\"fPassword\"><BR></TD></TR></TABLE>";
44 46 print "<input type=\"hidden\" name=\"redirect\" value=\"$redirect\"/>";
45   - print "<INPUT TYPE=\"hidden\" name=\"action\" value=\"login\">\n";
46 47 print "<INPUT TYPE=\"hidden\" name=\"loginAction\" value=\"login\">\n";
47 48 print "<INPUT TYPE=\"SUBMIT\" Value=\"$lang_login\">\n";
48 49 print "<BR><BR><HR WIDTH=300>";
... ... @@ -53,18 +54,20 @@ if ($loginAction == &quot;loginForm&quot;) {
53 54 if (checkrequirements() == 1) {
54 55 // TODO: appropriate error message
55 56 echo "check requirements failed!<br>";
56   - //exit;
  57 + exit;
57 58 } else {
  59 + // set default url for login failure
  60 + $url = $url . "login.php?loginAction=loginForm";
58 61 // if requirements are met and we have a username and password to authenticate
59 62 if( isset($fUserName) && isset($fPassword) ) {
60 63 // verifies the login and password of the user
61   - $dbAuth = new DBAuthenticator();
  64 + $dbAuth = new $default->authentication_class;
62 65 $userDetails = $dbAuth->login($fUserName, $fPassword);
  66 +
63 67 switch ($userDetails["status"]) {
64 68 // bad credentials
65 69 case 0:
66   - // this doesn't need to go back to the controller
67   - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_loginfail));
  70 + $url = $url . "&errorMessage=$lang_loginfail";
68 71 break;
69 72 // successfully authenticated
70 73 case 1:
... ... @@ -77,25 +80,27 @@ if ($loginAction == &quot;loginForm&quot;) {
77 80 // check for a location to forward to
78 81 if (isset($redirect) && strlen(trim($redirect))>0) {
79 82 $url = urldecode($redirect);
  83 + // else redirect to the dashboard
80 84 } else {
81   - $_SESSION["authorised"] = false;
82   - $url = "control.php?action=DASHBOARD";
  85 + $_SESSION["authorised"] = false;
  86 + $url = "control.php?action=dashboard";
83 87 }
84 88 break;
85 89 // login disabled
86 90 case 2:
87   - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_logindisabled));
  91 + $url = $url . "&errorMessage=$lang_logindisabled";
88 92 break;
89 93 // too many sessions
90 94 case 3 :
91   - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_toomanysessions));
  95 + $url = $url . "&errorMessage=$lang_toomanysessions";
92 96 break;
93 97 default :
94   - redirect("login.php?loginAction=loginForm&errorMessage=" . urlencode($lang_err_general));
  98 + $url = $url . "&errorMessage=$lang_err_general";
95 99 }
96 100 } else {
97 101 // didn't receive any login parameters, so redirect login form
98   - $url = "control.php?action=LOGIN_FORM";
  102 + // TODO: set "no login parameters received error message?
  103 + // internal error message- should never happen
99 104 }
100 105 redirect($url);
101 106 }
... ...