source: admin/auth.php @ 199:d1538efa6724

Visit:

Revision 199:d1538efa6724, 12.0 KB checked in by Franck <carnet.franck.paul@…>, 14 years ago (diff)
Suppression de <meta name="MSSmartTagsPreventParsing" content="TRUE" /> dans le head Ne sert strictement à plus rien du tout du tout Fix #963 (http://dev.dotclear.org/2.0/ticket/963)

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2010 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15	# If we have a session cookie, go to index.php
16	if (isset($_SESSION['sess_user_id']))
17	{
18	http::redirect('index.php');
19	}
20
21	# Loading locales for detected language
22	# That's a tricky hack but it works ;)
23	$dlang = http::getAcceptLanguage();
24	if ($dlang != 'en')
25	{
26	l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main');
27	}
28
29	$page_url = http::getHost().$_SERVER['REQUEST_URI'];
30
31	$change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']);
32	$login_data = !empty($_POST['login_data']) ? $_POST['login_data'] : null;
33	$recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']);
34	$safe_mode = !empty($_REQUEST['safe_mode']);
35	$akey = $core->auth->allowPassChange() && !empty($_GET['akey']) ? $_GET['akey'] : null;
36	$user_id = $user_pwd = $user_key = $user_email = null;
37	$err = $msg = null;
38
39	# Auto upgrade
40	if (empty($_GET) && empty($_POST)) {
41	require dirname(__FILE__).'/../inc/dbschema/upgrade.php';
42	try {
43	if (($changes = dotclearUpgrade($core)) !== false) {
44	$msg = __('Dotclear has been upgraded.').'<!-- '.$changes.' -->';
45	}
46	} catch (Exception $e) {
47	$err = $e->getMessage();
48	}
49	}
50
51	# If we have POST login informations, go throug auth process
52	if (!empty($_POST['user_id']) && !empty($_POST['user_pwd']))
53	{
54	$user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null;
55	$user_pwd = !empty($_POST['user_pwd']) ? $_POST['user_pwd'] : null;
56	}
57	# If we have COOKIE login informations, go throug auth process
58	elseif (isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104)
59	{
60	# If we have a remember cookie, go through auth process with user_key
61	$user_id = substr($_COOKIE['dc_admin'],40);
62	$user_id = @unpack('a32',@pack('H*',$user_id));
63	if (is_array($user_id))
64	{
65	$user_id = $user_id[1];
66	$user_key = substr($_COOKIE['dc_admin'],0,40);
67	$user_pwd = null;
68	}
69	else
70	{
71	$user_id = null;
72	}
73	}
74
75	# Recover password
76	if ($recover && !empty($_POST['user_id']) && !empty($_POST['user_email']))
77	{
78	$user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null;
79	$user_email = !empty($_POST['user_email']) ? $_POST['user_email'] : '';
80	try
81	{
82	$recover_key = $core->auth->setRecoverKey($user_id,$user_email);
83
84	$subject = mail::B64Header('DotClear '.__('Password reset'));
85	$message =
86	__('Someone has requested to reset the password for the following site and username.')."\n\n".
87	$page_url."\n".__('Username:').' '.$user_id."\n\n".
88	__('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.')."\n".
89	$page_url.'?akey='.$recover_key;
90
91	$headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST'];
92	$headers[] = 'Content-Type: text/plain; charset=UTF-8;';
93
94	mail::sendMail($user_email,$subject,$message,$headers);
95	$msg = sprintf(__('The e-mail was sent successfully to %s.'),$user_email);
96	}
97	catch (Exception $e)
98	{
99	$err = $e->getMessage();
100	}
101	}
102	# Send new password
103	elseif ($akey)
104	{
105	try
106	{
107	$recover_res = $core->auth->recoverUserPassword($akey);
108
109	$subject = mb_encode_mimeheader('DotClear '.__('Your new password'),'UTF-8','B');
110	$message =
111	__('Username:').' '.$recover_res['user_id']."\n".
112	__('Password:').' '.$recover_res['new_pass']."\n\n".
113	preg_replace('/\?(.*)$/','',$page_url);
114
115	$headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST'];
116	$headers[] = 'Content-Type: text/plain; charset=UTF-8;';
117
118	mail::sendMail($recover_res['user_email'],$subject,$message,$headers);
119	$msg = __('Your new password is in your mailbox.');
120	}
121	catch (Exception $e)
122	{
123	$err = $e->getMessage();
124	}
125	}
126	# Change password and retry to log
127	elseif ($change_pwd and $data = unserialize(base64_decode($_POST['login_data'])))
128	{
129	# Check login informations
130	$check_user = false;
131	if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104)
132	{
133	$user_id = substr($data['cookie_admin'],40);
134	$user_id = @unpack('a32',@pack('H*',$user_id));
135	if (is_array($user_id))
136	{
137	$user_id = $user_id[1];
138	$user_key = substr($data['cookie_admin'],0,40);
139	$check_user = $core->auth->checkUser($user_id,null,$user_key) === true;
140	}
141	}
142
143	try
144	{
145	if (!$core->auth->allowPassChange() \|\| !$check_user) {
146	$change_pwd = false;
147	throw new Exception();
148	}
149
150	if ($_POST['new_pwd'] != $_POST['new_pwd_c']) {
151	throw new Exception(__("Passwords don't match"));
152	}
153
154	if ($core->auth->checkUser($user_id,$_POST['new_pwd']) === true) {
155	throw new Exception(__("You didn't change your password."));
156	}
157
158	$cur = $core->con->openCursor($core->prefix.'user');
159	$cur->user_change_pwd = 0;
160	$cur->user_pwd = $_POST['new_pwd'];
161	$core->updUser($core->auth->userID(),$cur);
162
163	$core->session->start();
164	$_SESSION['sess_user_id'] = $user_id;
165	$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
166
167	if (!empty($data['blog_id'])) {
168	$_SESSION['sess_blog_id'] = $data['blog_id'];
169	}
170
171	if (!empty($data['user_remember']))
172	{
173	setcookie('dc_admin',$data['cookie_admin'],strtotime('+15 days'),'','',DC_ADMIN_SSL);
174	}
175
176	http::redirect('index.php');
177	}
178	catch (Exception $e)
179	{
180	$err = $e->getMessage();
181	}
182	}
183	# Try to log
184	elseif ($user_id !== null && ($user_pwd !== null \|\| $user_key !== null))
185	{
186	# We check the user
187	$check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key) === true;
188
189	$cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id.
190	crypt::hmac(DC_MASTER_KEY,$user_pwd)).bin2hex(pack('a32',$user_id));
191
192	if ($check_user && $core->auth->mustChangePassword())
193	{
194	$login_data = base64_encode(serialize(array(
195	'user_id'=>$user_id,
196	'cookie_admin'=>$cookie_admin,
197	'blog_id'=>(!empty($_POST['blog']) ? $_POST['blog'] : ''),
198	'user_remember'=>!empty($_POST['user_remember'])
199	)));
200
201	if (!$core->auth->allowPassChange()) {
202	$err = __('You have to change your password before you can login.');
203	} else {
204	$err = __('In order to login, you have to change your password now.');
205	$change_pwd = true;
206	}
207	}
208	elseif ($check_user && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin())
209	{
210	$err = __('Safe Mode can only be used for super administrators.');
211	}
212	elseif ($check_user)
213	{
214	$core->session->start();
215	$_SESSION['sess_user_id'] = $user_id;
216	$_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY);
217
218	if (!empty($_POST['blog'])) {
219	$_SESSION['sess_blog_id'] = $_POST['blog'];
220	}
221
222	if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) {
223	$_SESSION['sess_safe_mode'] = true;
224	}
225
226	if (!empty($_POST['user_remember'])) {
227	setcookie('dc_admin',$cookie_admin,strtotime('+15 days'),'','',DC_ADMIN_SSL);
228	}
229
230	http::redirect('index.php');
231	}
232	else
233	{
234	if (isset($_COOKIE['dc_admin'])) {
235	unset($_COOKIE['dc_admin']);
236	setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL);
237	}
238	$err = __('Wrong username or password');
239	}
240	}
241
242	if (isset($_GET['user'])) {
243	$user_id = $_GET['user'];
244	}
245
246	header('Content-Type: text/html; charset=UTF-8');
247	?>
248	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
249	<html xmlns="http://www.w3.org/1999/xhtml"
250	xml:lang="en" lang="en">
251	<head>
252	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
253	<meta http-equiv="Content-Script-Type" content="text/javascript" />
254	<meta http-equiv="Content-Style-Type" content="text/css" />
255	<meta http-equiv="Content-Language" content="en" />
256	<meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />
257	<meta name="GOOGLEBOT" content="NOSNIPPET" />
258	<title><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></title>
259
260	<?php
261	echo dcPage::jsLoadIE7();
262	echo dcPage::jsCommon();
263	?>
264
265	<style type="text/css">
266	@import url(style/default.css);
267	</style>
268	<?php
269	# --BEHAVIOR-- loginPageHTMLHead
270	$core->callBehavior('loginPageHTMLHead');
271	?>
272
273	<script type="text/javascript">
274	//<![CDATA[
275	$(window).load(function() {
276	var uid = $('input[name=user_id]');
277	var upw = $('input[name=user_pwd]');
278	uid.focus();
279
280	if (upw.length == 0) { return; }
281
282	if ($.browser.mozilla) {
283	uid.keypress(processKey);
284	} else {
285	uid.keydown(processKey);
286	}
287	function processKey(evt) {
288	if (evt.keyCode == 13 && upw.val() == '') {
289	upw.focus();
290	return false;
291	}
292	return true;
293	};
294
295	if (navigator.cookieEnabled) {
296	$('#cookie_help').hide();
297	} else {
298	$('#cookie_help').show();
299	}
300	$('#issue #more').toggleWithLegend($('#issue').children().not('#more'));
301	});
302	//]]>
303	</script>
304	</head>
305
306	<body id="dotclear-admin" class="auth">
307
308	<form action="auth.php" method="post" id="login-screen">
309	<h1><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></h1>
310
311	<?php
312	if ($err) {
313	echo '<div class="error">'.$err.'</div>';
314	}
315	if ($msg) {
316	echo '<p class="message">'.$msg.'</p>';
317	}
318
319	if ($akey)
320	{
321	echo '<p><a href="auth.php">'.__('Back to login screen').'</a></p>';
322	}
323	elseif ($recover)
324	{
325	echo
326	'<fieldset><legend>'.__('Request a new password').'</legend>'.
327	'<p><label for="user_id">'.__('Username:').' '.
328	form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id),'',1).'</label></p>'.
329
330	'<p><label for="user_email">'.__('Email:').' '.
331	form::field(array('user_email','user_email'),20,255,html::escapeHTML($user_email),'',2).'</label></p>'.
332
333	'<p><input type="submit" value="'.__('recover').'" tabindex="3" />'.
334	form::hidden(array('recover'),1).'</p>'.
335	'</fieldset>'.
336
337	'<p><a href="auth.php">'.__('Back to login screen').'</a></p>';
338	}
339	elseif ($change_pwd)
340	{
341	echo
342	'<fieldset><legend>'.__('Change your password').'</legend>'.
343	'<p><label for="new_pwd">'.__('New password:').' '.
344	form::password(array('new_pwd','new_pwd'),20,255,'','',1).'</label></p>'.
345
346	'<p><label for="new_pwd_c">'.__('Confirm password:').' '.
347	form::password(array('new_pwd_c','new_pwd_c'),20,255,'','',2).'</label></p>'.
348	'</fielset>'.
349
350	'<p><input type="submit" value="'.__('change').'" />'.
351	form::hidden('login_data',$login_data).'</p>';
352	}
353	else
354	{
355	if (is_callable(array($core->auth,'authForm')))
356	{
357	echo $core->auth->authForm($user_id);
358	}
359	else
360	{
361	echo
362	'<fieldset>';
363	if ($safe_mode) {
364	echo '<legend>'.__('Safe mode login').'</legend>';
365	echo
366	'<p class="form-note info">'.
367	__('This mode allows you to login without activating any of your plugins. This may be useful to solve compatibility problems').' <br />'.
368	__('Disable or delete any plugin suspected to cause trouble, then log out and log back in normally.').
369	'</p>';
370	}
371	echo
372	'<p><label for="user_id">'.__('Username:').' '.
373	form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id),'',1).'</label></p>'.
374
375	'<p><label for="user_pwd">'.__('Password:').' '.
376	form::password(array('user_pwd','user_pwd'),20,255,'','',2).'</label></p>'.
377
378	'<p><label for="user_remember" class="classic">'.
379	form::checkbox(array('user_remember','user_remember'),1,'','',3).' '.
380	__('Remember my ID on this computer').'</label></p>'.
381
382	'<p><input type="submit" value="'.__('log in').'" tabindex="4" /></p>';
383
384	if (!empty($_REQUEST['blog'])) {
385	echo form::hidden('blog',html::escapeHTML($_REQUEST['blog']));
386	}
387	if($safe_mode) {
388	echo form::hidden('safe_mode',1);
389	}
390
391	echo
392	'</fieldset>'.
393	'<p id="cookie_help">'.__('You must accept cookies in order to use the private area.').'</p>';
394
395	echo '<div id="issue">';
396
397	if ($safe_mode) {
398	echo
399	'<p><a href="auth.php" id="normal_mode_link">'.__('Get back to normal authentication').'</a></p>';
400	} else {
401	echo '<p id="more"><strong>'.__('Connection issue?').'</strong></p>';
402	if ($core->auth->allowPassChange()) {
403	echo '<p><a href="auth.php?recover=1">'.__('I forgot my password').'</a></p>';
404	}
405	echo '<p><a href="auth.php?safe_mode=1" id="safe_mode_link">'.__('I want to log in in safe mode').'</a></p>';
406	}
407
408	echo '</div>';
409	}
410	}
411	?>
412	</form>
413	</body>
414	</html>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/auth.php @ 199:d1538efa6724

Download in other formats:

Sites map