source: admin/auth.php @ 356:92eb78a10899

Visit:

Revision 356:92eb78a10899, 12.2 KB checked in by Franck <carnet.franck.paul@…>, 14 years ago (diff)
Set correct langage, fix #1218

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2011 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15	# If we have a session cookie, go to index.php
16	if (isset($_SESSION['sess_user_id']))
17	{
18	http::redirect('index.php');
19	}
20
21	# Loading locales for detected language
22	# That's a tricky hack but it works ;)
23	$dlang = http::getAcceptLanguage();
24	$dlang = ($dlang == '' ? 'en' : $dlang);
25	if ($dlang != 'en')
26	{
27	l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main');
28	}
29
30	$page_url = http::getHost().$_SERVER['REQUEST_URI'];
31
32	$change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']);
33	$login_data = !empty($_POST['login_data']) ? $_POST['login_data'] : null;
34	$recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']);
35	$safe_mode = !empty($_REQUEST['safe_mode']);
36	$akey = $core->auth->allowPassChange() && !empty($_GET['akey']) ? $_GET['akey'] : null;
37	$user_id = $user_pwd = $user_key = $user_email = null;
38	$err = $msg = null;
39
40	# Auto upgrade
41	if (empty($_GET) && empty($_POST)) {
42	require dirname(__FILE__).'/../inc/dbschema/upgrade.php';
43	try {
44	if (($changes = dotclearUpgrade($core)) !== false) {
45	$msg = __('Dotclear has been upgraded.').'<!-- '.$changes.' -->';
46	}
47	} catch (Exception $e) {
48	$err = $e->getMessage();
49	}
50	}
51
52	# If we have POST login informations, go throug auth process
53	if (!empty($_POST['user_id']) && !empty($_POST['user_pwd']))
54	{
55	$user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null;
56	$user_pwd = !empty($_POST['user_pwd']) ? $_POST['user_pwd'] : null;
57	}
58	# If we have COOKIE login informations, go throug auth process
59	elseif (isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104)
60	{
61	# If we have a remember cookie, go through auth process with user_key
62	$user_id = substr($_COOKIE['dc_admin'],40);
63	$user_id = @unpack('a32',@pack('H*',$user_id));
64	if (is_array($user_id))
65	{
66	$user_id = $user_id[1];
67	$user_key = substr($_COOKIE['dc_admin'],0,40);
68	$user_pwd = null;
69	}
70	else
71	{
72	$user_id = null;
73	}
74	}
75
76	# Recover password
77	if ($recover && !empty($_POST['user_id']) && !empty($_POST['user_email']))
78	{
79	$user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null;
80	$user_email = !empty($_POST['user_email']) ? $_POST['user_email'] : '';
81	try
82	{
83	$recover_key = $core->auth->setRecoverKey($user_id,$user_email);
84
85	$subject = mail::B64Header('DotClear '.__('Password reset'));
86	$message =
87	__('Someone has requested to reset the password for the following site and username.')."\n\n".
88	$page_url."\n".__('Username:').' '.$user_id."\n\n".
89	__('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.')."\n".
90	$page_url.'?akey='.$recover_key;
91
92	$headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST'];
93	$headers[] = 'Content-Type: text/plain; charset=UTF-8;';
94
95	mail::sendMail($user_email,$subject,$message,$headers);
96	$msg = sprintf(__('The e-mail was sent successfully to %s.'),$user_email);
97	}
98	catch (Exception $e)
99	{
100	$err = $e->getMessage();
101	}
102	}
103	# Send new password
104	elseif ($akey)
105	{
106	try
107	{
108	$recover_res = $core->auth->recoverUserPassword($akey);
109
110	$subject = mb_encode_mimeheader('DotClear '.__('Your new password'),'UTF-8','B');
111	$message =
112	__('Username:').' '.$recover_res['user_id']."\n".
113	__('Password:').' '.$recover_res['new_pass']."\n\n".
114	preg_replace('/\?(.*)$/','',$page_url);
115
116	$headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST'];
117	$headers[] = 'Content-Type: text/plain; charset=UTF-8;';
118
119	mail::sendMail($recover_res['user_email'],$subject,$message,$headers);
120	$msg = __('Your new password is in your mailbox.');
121	}
122	catch (Exception $e)
123	{
124	$err = $e->getMessage();
125	}
126	}
127	# Change password and retry to log
128	elseif ($change_pwd and $data = unserialize(base64_decode($_POST['login_data'])))
129	{
130	# Check login informations
131	$check_user = false;
132	if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104)
133	{
134	$user_id = substr($data['cookie_admin'],40);
135	$user_id = @unpack('a32',@pack('H*',$user_id));
136	if (is_array($user_id))
137	{
138	$user_id = $user_id[1];
139	$user_key = substr($data['cookie_admin'],0,40);
140	$check_user = $core->auth->checkUser($user_id,null,$user_key) === true;
141	}
142	}
143
144	try
145	{
146	if (!$core->auth->allowPassChange() \|\| !$check_user) {
147	$change_pwd = false;
148	throw new Exception();
149	}
150
151	if ($_POST['new_pwd'] != $_POST['new_pwd_c']) {
152	throw new Exception(__("Passwords don't match"));
153	}
154
155	if ($core->auth->checkUser($user_id,$_POST['new_pwd']) === true) {
156	throw new Exception(__("You didn't change your password."));
157	}
158
159	$cur = $core->con->openCursor($core->prefix.'user');
160	$cur->user_change_pwd = 0;
161	$cur->user_pwd = $_POST['new_pwd'];
162	$core->updUser($core->auth->userID(),$cur);
163
164	$core->session->start();
165	$_SESSION['sess_user_id'] = $user_id;
166	$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
167
168	if (!empty($data['blog_id'])) {
169	$_SESSION['sess_blog_id'] = $data['blog_id'];
170	}
171
172	if (!empty($data['user_remember']))
173	{
174	setcookie('dc_admin',$data['cookie_admin'],strtotime('+15 days'),'','',DC_ADMIN_SSL);
175	}
176
177	http::redirect('index.php');
178	}
179	catch (Exception $e)
180	{
181	$err = $e->getMessage();
182	}
183	}
184	# Try to log
185	elseif ($user_id !== null && ($user_pwd !== null \|\| $user_key !== null))
186	{
187	# We check the user
188	$check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key) === true;
189
190	$cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id.
191	crypt::hmac(DC_MASTER_KEY,$user_pwd)).bin2hex(pack('a32',$user_id));
192
193	if ($check_user && $core->auth->mustChangePassword())
194	{
195	$login_data = base64_encode(serialize(array(
196	'user_id'=>$user_id,
197	'cookie_admin'=>$cookie_admin,
198	'blog_id'=>(!empty($_POST['blog']) ? $_POST['blog'] : ''),
199	'user_remember'=>!empty($_POST['user_remember'])
200	)));
201
202	if (!$core->auth->allowPassChange()) {
203	$err = __('You have to change your password before you can login.');
204	} else {
205	$err = __('In order to login, you have to change your password now.');
206	$change_pwd = true;
207	}
208	}
209	elseif ($check_user && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin())
210	{
211	$err = __('Safe Mode can only be used for super administrators.');
212	}
213	elseif ($check_user)
214	{
215	$core->session->start();
216	$_SESSION['sess_user_id'] = $user_id;
217	$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
218
219	if (!empty($_POST['blog'])) {
220	$_SESSION['sess_blog_id'] = $_POST['blog'];
221	}
222
223	if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) {
224	$_SESSION['sess_safe_mode'] = true;
225	}
226
227	if (!empty($_POST['user_remember'])) {
228	setcookie('dc_admin',$cookie_admin,strtotime('+15 days'),'','',DC_ADMIN_SSL);
229	}
230
231	http::redirect('index.php');
232	}
233	else
234	{
235	if (isset($_COOKIE['dc_admin'])) {
236	unset($_COOKIE['dc_admin']);
237	setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL);
238	}
239	$err = __('Wrong username or password');
240	}
241	}
242
243	if (isset($_GET['user'])) {
244	$user_id = $_GET['user'];
245	}
246
247	header('Content-Type: text/html; charset=UTF-8');
248	?>
249	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
250	<html xmlns="http://www.w3.org/1999/xhtml"
251	xml:lang="<?php echo $dlang; ?>" lang="<?php echo $dlang; ?>">
252	<head>
253	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
254	<meta http-equiv="Content-Script-Type" content="text/javascript" />
255	<meta http-equiv="Content-Style-Type" content="text/css" />
256	<meta http-equiv="Content-Language" content="<?php echo $dlang; ?>" />
257	<meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />
258	<meta name="GOOGLEBOT" content="NOSNIPPET" />
259	<title><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></title>
260
261	<?php
262	echo dcPage::jsLoadIE7();
263	echo dcPage::jsCommon();
264	?>
265
266	<style type="text/css">
267	@import url(style/default.css);
268	</style>
269	<?php
270	# --BEHAVIOR-- loginPageHTMLHead
271	$core->callBehavior('loginPageHTMLHead');
272	?>
273
274	<script type="text/javascript">
275	//<![CDATA[
276	$(window).load(function() {
277	var uid = $('input[name=user_id]');
278	var upw = $('input[name=user_pwd]');
279	uid.focus();
280
281	if (upw.length == 0) { return; }
282
283	if ($.browser.mozilla) {
284	uid.keypress(processKey);
285	} else {
286	uid.keydown(processKey);
287	}
288	function processKey(evt) {
289	if (evt.keyCode == 13 && upw.val() == '') {
290	upw.focus();
291	return false;
292	}
293	return true;
294	};
295	$.cookie('dc_admin_test_cookie',true);
296	if ($.cookie('dc_admin_test_cookie')) {
297	$('#cookie_help').hide();
298	$.cookie('dc_admin_test_cookie', '', {'expires': -1});
299	} else {
300	$('#cookie_help').show();
301	}
302	$('#issue #more').toggleWithLegend($('#issue').children().not('#more'));
303	});
304	//]]>
305	</script>
306	</head>
307
308	<body id="dotclear-admin" class="auth">
309
310	<form action="auth.php" method="post" id="login-screen">
311	<h1><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></h1>
312
313	<?php
314	if ($err) {
315	echo '<div class="error">'.$err.'</div>';
316	}
317	if ($msg) {
318	echo '<p class="message">'.$msg.'</p>';
319	}
320
321	if ($akey)
322	{
323	echo '<p><a href="auth.php">'.__('Back to login screen').'</a></p>';
324	}
325	elseif ($recover)
326	{
327	echo
328	'<fieldset><legend>'.__('Request a new password').'</legend>'.
329	'<p><label for="user_id">'.__('Username:').' '.
330	form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id),'',1).'</label></p>'.
331
332	'<p><label for="user_email">'.__('Email:').' '.
333	form::field(array('user_email','user_email'),20,255,html::escapeHTML($user_email),'',2).'</label></p>'.
334
335	'<p><input type="submit" value="'.__('recover').'" tabindex="3" />'.
336	form::hidden(array('recover'),1).'</p>'.
337	'</fieldset>'.
338
339	'<div id="issue">'.
340	'<p><a href="auth.php">'.__('Back to login screen').'</a></p></div>';
341	}
342	elseif ($change_pwd)
343	{
344	echo
345	'<fieldset><legend>'.__('Change your password').'</legend>'.
346	'<p><label for="new_pwd">'.__('New password:').' '.
347	form::password(array('new_pwd','new_pwd'),20,255,'','',1).'</label></p>'.
348
349	'<p><label for="new_pwd_c">'.__('Confirm password:').' '.
350	form::password(array('new_pwd_c','new_pwd_c'),20,255,'','',2).'</label></p>'.
351	'</fielset>'.
352
353	'<p><input type="submit" value="'.__('change').'" />'.
354	form::hidden('login_data',$login_data).'</p>';
355	}
356	else
357	{
358	if (is_callable(array($core->auth,'authForm')))
359	{
360	echo $core->auth->authForm($user_id);
361	}
362	else
363	{
364	echo
365	'<fieldset>';
366	if ($safe_mode) {
367	echo '<legend>'.__('Safe mode login').'</legend>';
368	echo
369	'<p class="form-note info">'.
370	__('This mode allows you to login without activating any of your plugins. This may be useful to solve compatibility problems').' <br />'.
371	__('Disable or delete any plugin suspected to cause trouble, then log out and log back in normally.').
372	'</p>';
373	}
374	echo
375	'<p><label for="user_id">'.__('Username:').' '.
376	form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id),'',1).'</label></p>'.
377
378	'<p><label for="user_pwd">'.__('Password:').' '.
379	form::password(array('user_pwd','user_pwd'),20,255,'','',2).'</label></p>'.
380
381	'<p><label for="user_remember" class="classic">'.
382	form::checkbox(array('user_remember','user_remember'),1,'','',3).' '.
383	__('Remember my ID on this computer').'</label></p>'.
384
385	'<p><input type="submit" value="'.__('log in').'" tabindex="4" /></p>';
386
387	if (!empty($_REQUEST['blog'])) {
388	echo form::hidden('blog',html::escapeHTML($_REQUEST['blog']));
389	}
390	if($safe_mode) {
391	echo form::hidden('safe_mode',1);
392	}
393
394	echo
395	'</fieldset>'.
396	'<p id="cookie_help" class="error">'.__('You must accept cookies in order to use the private area.').'</p>';
397
398	echo '<div id="issue">';
399
400	if ($safe_mode) {
401	echo
402	'<p><a href="auth.php" id="normal_mode_link">'.__('Get back to normal authentication').'</a></p>';
403	} else {
404	echo '<p id="more"><strong>'.__('Connection issue?').'</strong></p>';
405	if ($core->auth->allowPassChange()) {
406	echo '<p><a href="auth.php?recover=1">'.__('I forgot my password').'</a></p>';
407	}
408	echo '<p><a href="auth.php?safe_mode=1" id="safe_mode_link">'.__('I want to log in in safe mode').'</a></p>';
409	}
410
411	echo '</div>';
412	}
413	}
414	?>
415	</form>
416	</body>
417	</html>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/auth.php @ 356:92eb78a10899

Download in other formats:

Sites map