Changeset 2313:ef1db3d7c388 for admin/auth.php
- Timestamp:
- 10/08/13 15:27:39 (12 years ago)
- Branch:
- twig
- Parents:
- 1524:913f5a36bbb0 (diff), 2312:d01c85eaa37d (diff)
Note: this is a merge changeset, the changes displayed below correspond to the merge itself.
Use the (diff) links above to see all the changes relative to each parent. - Files:
-
- 2 edited
-
admin/auth.php (modified) (2 diffs)
-
admin/auth.php (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
-
admin/auth.php
r1492 r2313 265 265 ->addField( 266 266 new dcFieldText('user_id','',array( 267 "label" => __('Username:')))) 267 "label" => __('Username:'), 268 "maxlength" => 32))) 268 269 ->addField( 269 270 new dcFieldPassword('user_pwd','',array( … … 306 307 $form->safe_mode = !empty($_REQUEST['safe_mode']); 307 308 $_ctx->akey = false; 309 $_ctx->dlang = $dlang; 308 310 309 311 # If we have no POST login informations and have COOKIE login informations, go throug auth process -
admin/auth.php
r2311 r2313 4 4 # This file is part of Dotclear 2. 5 5 # 6 # Copyright (c) 2003-201 3Olivier Meunier & Association Dotclear6 # Copyright (c) 2003-2011 Olivier Meunier & Association Dotclear 7 7 # Licensed under the GPL version 2.0 license. 8 8 # See LICENSE file or … … 14 14 15 15 # If we have a session cookie, go to index.php 16 if (isset($_SESSION['sess_user_id'])) 17 { 16 if (isset($_SESSION['sess_user_id'])) { 18 17 http::redirect('index.php'); 19 18 } … … 23 22 $dlang = http::getAcceptLanguage(); 24 23 $dlang = ($dlang == '' ? 'en' : $dlang); 25 if ($dlang != 'en' && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$dlang)) 26 { 27 l10n::lang($dlang); 24 if ($dlang != 'en' && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$dlang)) { 28 25 l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main'); 29 26 } 30 31 $page_url = http::getHost().$_SERVER['REQUEST_URI'];32 33 $change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']);34 $login_data = !empty($_POST['login_data']) ? html::escapeHTML($_POST['login_data']) : null;35 $recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']);36 $safe_mode = !empty($_REQUEST['safe_mode']);37 $akey = $core->auth->allowPassChange() && !empty($_GET['akey']) ? $_GET['akey'] : null;38 $user_id = $user_pwd = $user_key = $user_email = null;39 $err = $msg = null;40 27 41 28 # Auto upgrade … … 44 31 try { 45 32 if (($changes = dotclearUpgrade($core)) !== false) { 46 $msg = __('Dotclear has been upgraded.').'<!-- '.$changes.' -->'; 47 } 48 } catch (Exception $e) { 49 $err = $e->getMessage(); 50 } 51 } 52 53 # If we have POST login informations, go throug auth process 54 if (!empty($_POST['user_id']) && !empty($_POST['user_pwd'])) 33 $_ctx->setAlert(__('Dotclear has been upgraded.').'<!-- '.$changes.' -->'); 34 } 35 } 36 catch (Exception $e) { 37 $_ctx->addError($e->getMessage()); 38 } 39 } 40 41 /** 42 Actions for authentication on admin pages 43 */ 44 class adminPageAuth 55 45 { 56 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 57 $user_pwd = !empty($_POST['user_pwd']) ? $_POST['user_pwd'] : null; 58 } 59 # If we have COOKIE login informations, go throug auth process 60 elseif (isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104) 61 { 46 # Send new password from recover email 47 public static function send($akey) 48 { 49 global $core, $_ctx; 50 51 $_ctx->akey = true; 52 53 try { 54 $recover_res = $core->auth->recoverUserPassword($akey); 55 56 $subject = mb_encode_mimeheader('DotClear '.__('Your new password'),'UTF-8','B'); 57 $message = 58 __('Username:').' '.$recover_res['user_id']."\n". 59 __('Password:').' '.$recover_res['new_pass']."\n\n". 60 preg_replace('/\?(.*)$/','',http::getHost().$_SERVER['REQUEST_URI']); 61 62 $headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST']; 63 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 64 65 mail::sendMail($recover_res['user_email'],$subject,$message,$headers); 66 $_ctx->setAlert(__('Your new password is in your mailbox.')); 67 } 68 catch (Exception $e) { 69 $_ctx->addError($e->getMessage()); 70 } 71 } 72 73 # Authentication process 74 public static function process($form,$user_id,$user_pwd,$user_key=null) 75 { 76 global $core, $_ctx; 77 78 # We check the user 79 $check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key) === true; 80 81 $cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id. 82 crypt::hmac(DC_MASTER_KEY,$user_pwd)).bin2hex(pack('a32',$user_id)); 83 84 if ($check_user && $core->auth->mustChangePassword()) 85 { 86 $form->login_data = join('/',array( 87 base64_encode($user_id), 88 $cookie_admin, 89 $form->user_remember == '' ? '0' : '1' 90 )); 91 92 if (!$core->auth->allowPassChange()) { 93 $_ctx->addError(__('You have to change your password before you can login.')); 94 } else { 95 $_ctx->addError(__('In order to login, you have to change your password now.')); 96 $_ctx->change_pwd = true; 97 } 98 } 99 elseif ($check_user && $form->safe_mode != '' && !$core->auth->isSuperAdmin()) 100 { 101 $_ctx->addError(__('Safe Mode can only be used for super administrators.')); 102 } 103 elseif ($check_user) 104 { 105 $core->session->start(); 106 $_SESSION['sess_user_id'] = $user_id; 107 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 108 109 if ($form->blog != '') { 110 $_SESSION['sess_blog_id'] = $form->blog; 111 } 112 113 if ($form->safe_mode != '' && $core->auth->isSuperAdmin()) { 114 $_SESSION['sess_safe_mode'] = true; 115 } 116 117 if ($form->user_remember != '') { 118 setcookie('dc_admin',$cookie_admin,strtotime('+15 days'),'','',DC_ADMIN_SSL); 119 } 120 121 http::redirect('index.php'); 122 } 123 else 124 { 125 if (isset($_COOKIE['dc_admin'])) { 126 unset($_COOKIE['dc_admin']); 127 setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL); 128 } 129 $_ctx->addError(__('Wrong username or password')); 130 } 131 } 132 133 # Login form action 134 public static function login($form) 135 { 136 global $_ctx; 137 138 if ($form->user_id != '' && $form->user_pwd != '') { 139 self::process($form,$form->user_id,$form->user_pwd); 140 } 141 142 # Send post values to form 143 $form->user_id = $form->user_id; 144 } 145 146 # Recover password form action 147 public static function recover($form) 148 { 149 global $core, $_ctx; 150 151 if ($form->user_id == '' || $form->user_email == '') { 152 return; 153 } 154 155 $user_id = $form->user_id; 156 $user_email = $form->user_email; 157 $page_url = http::getHost().$_SERVER['REQUEST_URI']; 158 159 try { 160 $recover_key = $core->auth->setRecoverKey($user_id,$user_email); 161 162 $subject = mail::B64Header('DotClear '.__('Password reset')); 163 $message = 164 __('Someone has requested to reset the password for the following site and username.')."\n\n". 165 $page_url."\n".__('Username:').' '.$user_id."\n\n". 166 __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.')."\n". 167 $page_url.'?akey='.$recover_key; 168 169 $headers[] = 'From: '.(defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 170 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 171 172 mail::sendMail($user_email,$subject,$message,$headers); 173 $_ctx->setAlert(sprintf(__('The e-mail was sent successfully to %s.'),$user_email)); 174 } 175 catch (Exception $e) { 176 $_ctx->addError($e->getMessage()); 177 } 178 179 # Send post values to form 180 $form->user_id = $form->user_id; 181 $form->user_email = $form->user_email; 182 } 183 184 # Change password form action 185 public static function change($form) 186 { 187 global $core, $_ctx; 188 189 if ($form->login_data) { 190 return; 191 } 192 $_ctx->change_pwd = true; 193 194 $new_pwd = (string) $form->new_pwd; 195 $new_pwd_c = (string) $form->new_pwd_c; 196 197 try { 198 $tmp_data = explode('/',$form->login_data); 199 if (count($tmp_data) != 3) { 200 throw new Exception(); 201 } 202 $data = array( 203 'user_id'=>base64_decode($tmp_data[0]), 204 'cookie_admin'=>$tmp_data[1], 205 'user_remember'=>$tmp_data[2]=='1' 206 ); 207 if ($data['user_id'] === false) { 208 throw new Exception(); 209 } 210 211 # Check login informations 212 $check_user = false; 213 if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104) 214 { 215 $user_id = substr($data['cookie_admin'],40); 216 $user_id = @unpack('a32',@pack('H*',$user_id)); 217 if (is_array($user_id)) 218 { 219 $user_id = $user_id[1]; 220 $user_key = substr($data['cookie_admin'],0,40); 221 $check_user = $core->auth->checkUser($user_id,null,$user_key) === true; 222 } 223 } 224 225 if (!$core->auth->allowPassChange() || !$check_user) { 226 $_ctx->change_pwd = false; 227 throw new Exception(); 228 } 229 230 if ($new_pwd != $new_pwd_c) { 231 throw new Exception(__("Passwords don't match")); 232 } 233 234 if ($core->auth->checkUser($user_id,$new_pwd) === true) { 235 throw new Exception(__("You didn't change your password.")); 236 } 237 238 $cur = $core->con->openCursor($core->prefix.'user'); 239 $cur->user_change_pwd = 0; 240 $cur->user_pwd = $new_pwd; 241 $core->updUser($core->auth->userID(),$cur); 242 243 $core->session->start(); 244 $_SESSION['sess_user_id'] = $user_id; 245 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 246 247 if ($data['user_remember']) { 248 setcookie('dc_admin',$data['cookie_admin'],strtotime('+15 days'),'','',DC_ADMIN_SSL); 249 } 250 251 http::redirect('index.php'); 252 } 253 catch (Exception $e) { 254 $_ctx->addError($e->getMessage()); 255 } 256 257 # Send post values to form 258 $form->login_data = $form->login_data; 259 } 260 } 261 262 # Form fields 263 $form = new dcForm($core,'auth','auth.php'); 264 $form 265 ->addField( 266 new dcFieldText('user_id','',array( 267 "label" => __('Username:'), 268 "maxlength" => 32))) 269 ->addField( 270 new dcFieldPassword('user_pwd','',array( 271 "label" => __('Password:')))) 272 ->addField( 273 new dcFieldText('user_email','',array( 274 "label" => __('Email:')))) 275 ->addField( 276 new dcFieldPassword('new_pwd','',array( 277 "label" => __('New password:')))) 278 ->addField( 279 new dcFieldPassword('new_pwd_c','',array( 280 "label" => __('Confirm password:')))) 281 ->addField( 282 new dcFieldCheckbox ('user_remember',1,array( 283 "label" => __('Remember my ID on this computer')))) 284 ->addField( 285 new dcFieldSubmit('auth_login',__('log in'),array( 286 'action' => array('adminPageAuth','login')))) 287 ->addField( 288 new dcFieldSubmit('auth_recover',__('recover'),array( 289 'action' => array('adminPageAuth','recover')))) 290 ->addField( 291 new dcFieldSubmit('auth_change',__('change'),array( 292 'action' => array('adminPageAuth','change')))) 293 ->addField( 294 new dcFieldHidden ('safe_mode','0')) 295 ->addField( 296 new dcFieldHidden ('recover','0')) 297 ->addField( 298 new dcFieldHidden ('login_data','')) 299 ->addField( 300 new dcFieldHidden ('blog','')); 301 302 # Context variables 303 $_ctx->allow_pass_change = $core->auth->allowPassChange(); 304 $_ctx->change_pwd = $core->auth->allowPassChange() && $form->new_pwd != '' && $form->new_pwd_c != '' && $form->login_data != ''; 305 $_ctx->recover = $form->recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']); 306 $_ctx->setSafeMode(!empty($_REQUEST['safe_mode'])); 307 $form->safe_mode = !empty($_REQUEST['safe_mode']); 308 $_ctx->akey = false; 309 $_ctx->dlang = $dlang; 310 311 # If we have no POST login informations and have COOKIE login informations, go throug auth process 312 if ($form->user_id == '' && $form->user_pwd == '' 313 && isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104) { 314 62 315 # If we have a remember cookie, go through auth process with user_key 63 316 $user_id = substr($_COOKIE['dc_admin'],40); 64 317 $user_id = @unpack('a32',@pack('H*',$user_id)); 65 if (is_array($user_id))66 {318 319 if (is_array($user_id)) { 67 320 $user_id = $user_id[1]; 68 321 $user_key = substr($_COOKIE['dc_admin'],0,40); 69 $user_pwd = null; 70 } 71 else 72 { 73 $user_id = null; 74 } 75 } 76 77 # Recover password 78 if ($recover && !empty($_POST['user_id']) && !empty($_POST['user_email'])) 79 { 80 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 81 $user_email = !empty($_POST['user_email']) ? $_POST['user_email'] : ''; 82 try 83 { 84 $recover_key = $core->auth->setRecoverKey($user_id,$user_email); 85 86 $subject = mail::B64Header('DotClear '.__('Password reset')); 87 $message = 88 __('Someone has requested to reset the password for the following site and username.')."\n\n". 89 $page_url."\n".__('Username:').' '.$user_id."\n\n". 90 __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.')."\n". 91 $page_url.'?akey='.$recover_key; 92 93 $headers[] = 'From: '.(defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 94 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 95 96 mail::sendMail($user_email,$subject,$message,$headers); 97 $msg = sprintf(__('The e-mail was sent successfully to %s.'),$user_email); 98 } 99 catch (Exception $e) 100 { 101 $err = $e->getMessage(); 102 } 103 } 104 # Send new password 105 elseif ($akey) 106 { 107 try 108 { 109 $recover_res = $core->auth->recoverUserPassword($akey); 110 111 $subject = mb_encode_mimeheader('DotClear '.__('Your new password'),'UTF-8','B'); 112 $message = 113 __('Username:').' '.$recover_res['user_id']."\n". 114 __('Password:').' '.$recover_res['new_pass']."\n\n". 115 preg_replace('/\?(.*)$/','',$page_url); 116 117 $headers[] = 'From: dotclear@'.$_SERVER['HTTP_HOST']; 118 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 119 120 mail::sendMail($recover_res['user_email'],$subject,$message,$headers); 121 $msg = __('Your new password is in your mailbox.'); 122 } 123 catch (Exception $e) 124 { 125 $err = $e->getMessage(); 126 } 127 } 128 # Change password and retry to log 129 elseif ($change_pwd) 130 { 131 try 132 { 133 $tmp_data = explode('/',$_POST['login_data']); 134 if (count($tmp_data) != 3) { 135 throw new Exception(); 136 } 137 $data = array( 138 'user_id'=>base64_decode($tmp_data[0]), 139 'cookie_admin'=>$tmp_data[1], 140 'user_remember'=>$tmp_data[2]=='1' 141 ); 142 if ($data['user_id'] === false) { 143 throw new Exception(); 144 } 145 146 # Check login informations 147 $check_user = false; 148 if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104) 149 { 150 $user_id = substr($data['cookie_admin'],40); 151 $user_id = @unpack('a32',@pack('H*',$user_id)); 152 if (is_array($user_id)) 153 { 154 $user_id = $user_id[1]; 155 $user_key = substr($data['cookie_admin'],0,40); 156 $check_user = $core->auth->checkUser($user_id,null,$user_key) === true; 157 } 158 } 159 160 if (!$core->auth->allowPassChange() || !$check_user) { 161 $change_pwd = false; 162 throw new Exception(); 163 } 164 165 if ($_POST['new_pwd'] != $_POST['new_pwd_c']) { 166 throw new Exception(__("Passwords don't match")); 167 } 168 169 if ($core->auth->checkUser($user_id,$_POST['new_pwd']) === true) { 170 throw new Exception(__("You didn't change your password.")); 171 } 172 173 $cur = $core->con->openCursor($core->prefix.'user'); 174 $cur->user_change_pwd = 0; 175 $cur->user_pwd = $_POST['new_pwd']; 176 $core->updUser($core->auth->userID(),$cur); 177 178 $core->session->start(); 179 $_SESSION['sess_user_id'] = $user_id; 180 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 181 182 if ($data['user_remember']) 183 { 184 setcookie('dc_admin',$data['cookie_admin'],strtotime('+15 days'),'','',DC_ADMIN_SSL); 185 } 186 187 http::redirect('index.php'); 188 } 189 catch (Exception $e) 190 { 191 $err = $e->getMessage(); 192 } 193 } 194 # Try to log 195 elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) 196 { 197 # We check the user 198 $check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key,false) === true; 199 if ($check_user) { 200 $check_perms = $core->auth->findUserBlog() !== false; 201 } else { 202 $check_perms = false; 203 } 204 205 $cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id. 206 crypt::hmac(DC_MASTER_KEY,$user_pwd)).bin2hex(pack('a32',$user_id)); 207 208 if ($check_perms && $core->auth->mustChangePassword()) 209 { 210 $login_data = join('/',array( 211 base64_encode($user_id), 212 $cookie_admin, 213 empty($_POST['user_remember'])?'0':'1' 214 )); 215 216 if (!$core->auth->allowPassChange()) { 217 $err = __('You have to change your password before you can login.'); 218 } else { 219 $err = __('In order to login, you have to change your password now.'); 220 $change_pwd = true; 221 } 222 } 223 elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) 224 { 225 $err = __('Safe Mode can only be used for super administrators.'); 226 } 227 elseif ($check_perms) 228 { 229 $core->session->start(); 230 $_SESSION['sess_user_id'] = $user_id; 231 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 232 233 if (!empty($_POST['blog'])) { 234 $_SESSION['sess_blog_id'] = $_POST['blog']; 235 } 236 237 if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) { 238 $_SESSION['sess_safe_mode'] = true; 239 } 240 241 if (!empty($_POST['user_remember'])) { 242 setcookie('dc_admin',$cookie_admin,strtotime('+15 days'),'','',DC_ADMIN_SSL); 243 } 244 245 http::redirect('index.php'); 246 } 247 else 248 { 249 if (isset($_COOKIE['dc_admin'])) { 250 unset($_COOKIE['dc_admin']); 251 setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL); 252 } 253 if ($check_user) { 254 $err = __('Insufficient permissions'); 255 } else { 256 $err = __('Wrong username or password'); 257 } 258 } 322 $user_pwd = ''; 323 324 adminPageAuth::process($form,$user_id,$user_pwd,$user_key); 325 } 326 } 327 # If we have an akey, go throug send password process 328 elseif ($core->auth->allowPassChange() && !empty($_GET['akey'])) { 329 adminPageAuth::send($_GET['akey']); 259 330 } 260 331 261 332 if (isset($_GET['user'])) { 262 $user_id = $_GET['user']; 263 } 264 265 header('Content-Type: text/html; charset=UTF-8'); 333 $form->user_id = $_GET['user']; 334 } 335 336 $form->setup(); 337 338 $core->tpl->display('auth.html.twig'); 266 339 ?> 267 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">268 <html xmlns="http://www.w3.org/1999/xhtml"269 xml:lang="<?php echo $dlang; ?>" lang="<?php echo $dlang; ?>">270 <head>271 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />272 <meta http-equiv="Content-Script-Type" content="text/javascript" />273 <meta http-equiv="Content-Style-Type" content="text/css" />274 <meta http-equiv="Content-Language" content="<?php echo $dlang; ?>" />275 <meta name="ROBOTS" content="NOARCHIVE,NOINDEX,NOFOLLOW" />276 <meta name="GOOGLEBOT" content="NOSNIPPET" />277 <meta name="viewport" content="width=device-width, initial-scale=1.0" />278 <title><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></title>279 <link rel="icon" type="image/png" href="images/favicon96-logout.png" />280 <link rel="shortcut icon" href="favicon.ico" type="image/x-icon" />281 282 283 <?php284 echo dcPage::jsLoadIE7();285 echo dcPage::jsCommon();286 ?>287 288 <link rel="stylesheet" href="style/default.css" type="text/css" media="screen" />289 290 <?php291 # --BEHAVIOR-- loginPageHTMLHead292 $core->callBehavior('loginPageHTMLHead');293 ?>294 295 <script type="text/javascript">296 //<![CDATA[297 $(window).load(function() {298 var uid = $('input[name=user_id]');299 var upw = $('input[name=user_pwd]');300 uid.focus();301 302 if (upw.length == 0) { return; }303 304 uid.keypress(processKey);305 306 function processKey(evt) {307 if (evt.which == 13 && upw.val() == '') {308 upw.focus();309 return false;310 }311 return true;312 };313 $.cookie('dc_admin_test_cookie',true);314 if ($.cookie('dc_admin_test_cookie')) {315 $('#cookie_help').hide();316 $.cookie('dc_admin_test_cookie', '', {'expires': -1});317 } else {318 $('#cookie_help').show();319 }320 $('#issue #more').toggleWithLegend($('#issue').children().not('#more'));321 });322 //]]>323 </script>324 </head>325 326 <body id="dotclear-admin" class="auth">327 328 <form action="auth.php" method="post" id="login-screen">329 <h1><?php echo html::escapeHTML(DC_VENDOR_NAME); ?></h1>330 331 <?php332 if ($err) {333 echo '<div class="error">'.$err.'</div>';334 }335 if ($msg) {336 echo '<p class="success">'.$msg.'</p>';337 }338 339 if ($akey)340 {341 echo '<p><a href="auth.php">'.__('Back to login screen').'</a></p>';342 }343 elseif ($recover)344 {345 echo346 '<div class="fieldset"><h2>'.__('Request a new password').'</h2>'.347 '<p><label for="user_id">'.__('Username:').'</label> '.348 form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id)).'</p>'.349 350 '<p><label for="user_email">'.__('Email:').'</label> '.351 form::field(array('user_email','user_email'),20,255,html::escapeHTML($user_email)).'</p>'.352 353 '<p><input type="submit" value="'.__('recover').'" />'.354 form::hidden(array('recover'),1).'</p>'.355 '</div>'.356 357 '<div id="issue">'.358 '<p><a href="auth.php">'.__('Back to login screen').'</a></p>'.359 '</div>';360 }361 elseif ($change_pwd)362 {363 echo364 '<div class="fieldset"><h2>'.__('Change your password').'</h2>'.365 '<p><label for="new_pwd">'.__('New password:').'</label> '.366 form::password(array('new_pwd','new_pwd'),20,255).'</p>'.367 368 '<p><label for="new_pwd_c">'.__('Confirm password:').'</label> '.369 form::password(array('new_pwd_c','new_pwd_c'),20,255).'</p>'.370 '</div>'.371 372 '<p><input type="submit" value="'.__('change').'" />'.373 form::hidden('login_data',$login_data).'</p>';374 }375 else376 {377 if (is_callable(array($core->auth,'authForm')))378 {379 echo $core->auth->authForm($user_id);380 }381 else382 {383 if ($safe_mode) {384 echo '<div class="fieldset">';385 echo '<h2>'.__('Safe mode login').'</h2>';386 echo387 '<p class="form-note">'.388 __('This mode allows you to login without activating any of your plugins. This may be useful to solve compatibility problems').' </p>'.389 '<p class="form-note">'.__('Disable or delete any plugin suspected to cause trouble, then log out and log back in normally.').390 '</p>';391 }392 else {393 echo '<div class="fieldset">';394 }395 396 echo397 '<p><label for="user_id">'.__('Username:').'</label> '.398 form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id)).'</p>'.399 400 '<p><label for="user_pwd">'.__('Password:').'</label> '.401 form::password(array('user_pwd','user_pwd'),20,255).'</p>'.402 403 '<p>'.404 form::checkbox(array('user_remember','user_remember'),1).405 '<label for="user_remember" class="classic">'.406 __('Remember my ID on this computer').'</label></p>'.407 408 '<p><input type="submit" value="'.__('log in').'" class="login" /></p>';409 410 if (!empty($_REQUEST['blog'])) {411 echo form::hidden('blog',html::escapeHTML($_REQUEST['blog']));412 }413 if($safe_mode) {414 echo415 form::hidden('safe_mode',1).416 '</div>';417 }418 else {419 echo '</div>';420 }421 echo422 '<p id="cookie_help" class="error">'.__('You must accept cookies in order to use the private area.').'</p>';423 424 echo '<div id="issue">';425 426 if ($safe_mode) {427 echo428 '<p><a href="auth.php" id="normal_mode_link">'.__('Get back to normal authentication').'</a></p>';429 } else {430 echo '<p id="more"><strong>'.__('Connection issue?').'</strong></p>';431 if ($core->auth->allowPassChange()) {432 echo '<p><a href="auth.php?recover=1">'.__('I forgot my password').'</a></p>';433 }434 echo '<p><a href="auth.php?safe_mode=1" id="safe_mode_link">'.__('I want to log in in safe mode').'</a></p>';435 }436 437 echo '</div>';438 }439 }440 ?>441 </form>442 </body>443 </html>
Note: See TracChangeset
for help on using the changeset viewer.