Changeset 3699:77a12236e993 for admin/auth.php
- Timestamp:
- 02/14/18 10:14:33 (6 years ago)
- Branch:
- default
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
admin/auth.php
r3649 r3699 11 11 # -- END LICENSE BLOCK ----------------------------------------- 12 12 13 require dirname(__FILE__) .'/../inc/admin/prepend.php';13 require dirname(__FILE__) . '/../inc/admin/prepend.php'; 14 14 15 15 # If we have a session cookie, go to index.php 16 if (isset($_SESSION['sess_user_id'])) 17 { 18 $core->adminurl->redirect('admin.home'); 16 if (isset($_SESSION['sess_user_id'])) { 17 $core->adminurl->redirect('admin.home'); 19 18 } 20 19 … … 23 22 $dlang = http::getAcceptLanguage(); 24 23 $dlang = ($dlang == '' ? 'en' : $dlang); 25 if ($dlang != 'en' && preg_match('/^[a-z]{2}(-[a-z]{2})?$/',$dlang)) 26 { 27 l10n::lang($dlang); 28 l10n::set(dirname(__FILE__).'/../locales/'.$dlang.'/main'); 24 if ($dlang != 'en' && preg_match('/^[a-z]{2}(-[a-z]{2})?$/', $dlang)) { 25 l10n::lang($dlang); 26 l10n::set(dirname(__FILE__) . '/../locales/' . $dlang . '/main'); 29 27 } 30 28 31 29 if (defined('DC_ADMIN_URL')) { 32 $page_url = DC_ADMIN_URL.$core->adminurl->get('admin.auth');30 $page_url = DC_ADMIN_URL . $core->adminurl->get('admin.auth'); 33 31 } else { 34 $page_url = http::getHost().$_SERVER['REQUEST_URI'];32 $page_url = http::getHost() . $_SERVER['REQUEST_URI']; 35 33 } 36 34 37 35 $change_pwd = $core->auth->allowPassChange() && isset($_POST['new_pwd']) && isset($_POST['new_pwd_c']) && isset($_POST['login_data']); 38 36 $login_data = !empty($_POST['login_data']) ? html::escapeHTML($_POST['login_data']) : null; 39 $recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']);40 $safe_mode = !empty($_REQUEST['safe_mode']);41 $akey = $core->auth->allowPassChange() && !empty($_GET['akey']) ? $_GET['akey'] : null;42 $user_id = $user_pwd = $user_key = $user_email= null;43 $err = $msg= null;37 $recover = $core->auth->allowPassChange() && !empty($_REQUEST['recover']); 38 $safe_mode = !empty($_REQUEST['safe_mode']); 39 $akey = $core->auth->allowPassChange() && !empty($_GET['akey']) ? $_GET['akey'] : null; 40 $user_id = $user_pwd = $user_key = $user_email = null; 41 $err = $msg = null; 44 42 45 43 # Auto upgrade 46 44 if (empty($_GET) && empty($_POST)) { 47 require dirname(__FILE__).'/../inc/dbschema/upgrade.php';48 49 50 $msg = __('Dotclear has been upgraded.').'<!-- '.$changes.' -->';51 52 53 54 45 require dirname(__FILE__) . '/../inc/dbschema/upgrade.php'; 46 try { 47 if (($changes = dcUpgrade::dotclearUpgrade($core)) !== false) { 48 $msg = __('Dotclear has been upgraded.') . '<!-- ' . $changes . ' -->'; 49 } 50 } catch (Exception $e) { 51 $err = $e->getMessage(); 52 } 55 53 } 56 54 57 55 # If we have POST login informations, go throug auth process 58 if (!empty($_POST['user_id']) && !empty($_POST['user_pwd'])) 59 { 60 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 61 $user_pwd = !empty($_POST['user_pwd']) ? $_POST['user_pwd'] : null; 56 if (!empty($_POST['user_id']) && !empty($_POST['user_pwd'])) { 57 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 58 $user_pwd = !empty($_POST['user_pwd']) ? $_POST['user_pwd'] : null; 62 59 } 63 60 # If we have COOKIE login informations, go throug auth process 64 elseif (isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104) 65 { 66 # If we have a remember cookie, go through auth process with user_key 67 $user_id = substr($_COOKIE['dc_admin'],40); 68 $user_id = @unpack('a32',@pack('H*',$user_id)); 69 if (is_array($user_id)) 70 { 71 $user_id = trim($user_id[1]); 72 $user_key = substr($_COOKIE['dc_admin'],0,40); 73 $user_pwd = null; 74 } 75 else 76 { 77 $user_id = null; 78 } 61 elseif (isset($_COOKIE['dc_admin']) && strlen($_COOKIE['dc_admin']) == 104) { 62 # If we have a remember cookie, go through auth process with user_key 63 $user_id = substr($_COOKIE['dc_admin'], 40); 64 $user_id = @unpack('a32', @pack('H*', $user_id)); 65 if (is_array($user_id)) { 66 $user_id = trim($user_id[1]); 67 $user_key = substr($_COOKIE['dc_admin'], 0, 40); 68 $user_pwd = null; 69 } else { 70 $user_id = null; 71 } 79 72 } 80 73 81 74 # Recover password 82 if ($recover && !empty($_POST['user_id']) && !empty($_POST['user_email'])) 83 { 84 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 85 $user_email = !empty($_POST['user_email']) ? html::escapeHTML($_POST['user_email']) : ''; 86 try 87 { 88 $recover_key = $core->auth->setRecoverKey($user_id,$user_email); 89 90 $subject = mail::B64Header('Dotclear '.__('Password reset')); 91 $message = 92 __('Someone has requested to reset the password for the following site and username.')."\n\n". 93 $page_url."\n".__('Username:').' '.$user_id."\n\n". 94 __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.')."\n". 95 $page_url.'?akey='.$recover_key; 96 97 $headers[] = 'From: '.(defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 98 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 99 100 mail::sendMail($user_email,$subject,$message,$headers); 101 $msg = sprintf(__('The e-mail was sent successfully to %s.'),$user_email); 102 } 103 catch (Exception $e) 104 { 105 $err = $e->getMessage(); 106 } 75 if ($recover && !empty($_POST['user_id']) && !empty($_POST['user_email'])) { 76 $user_id = !empty($_POST['user_id']) ? $_POST['user_id'] : null; 77 $user_email = !empty($_POST['user_email']) ? html::escapeHTML($_POST['user_email']) : ''; 78 try 79 { 80 $recover_key = $core->auth->setRecoverKey($user_id, $user_email); 81 82 $subject = mail::B64Header('Dotclear ' . __('Password reset')); 83 $message = 84 __('Someone has requested to reset the password for the following site and username.') . "\n\n" . 85 $page_url . "\n" . __('Username:') . ' ' . $user_id . "\n\n" . 86 __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\n" . 87 $page_url . '?akey=' . $recover_key; 88 89 $headers[] = 'From: ' . (defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 90 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 91 92 mail::sendMail($user_email, $subject, $message, $headers); 93 $msg = sprintf(__('The e-mail was sent successfully to %s.'), $user_email); 94 } catch (Exception $e) { 95 $err = $e->getMessage(); 96 } 107 97 } 108 98 # Send new password 109 elseif ($akey) 110 { 111 try 112 { 113 $recover_res = $core->auth->recoverUserPassword($akey); 114 115 $subject = mb_encode_mimeheader('Dotclear '.__('Your new password'),'UTF-8','B'); 116 $message = 117 __('Username:').' '.$recover_res['user_id']."\n". 118 __('Password:').' '.$recover_res['new_pass']."\n\n". 119 preg_replace('/\?(.*)$/','',$page_url); 120 121 $headers[] = 'From: '.(defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 122 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 123 124 mail::sendMail($recover_res['user_email'],$subject,$message,$headers); 125 $msg = __('Your new password is in your mailbox.'); 126 } 127 catch (Exception $e) 128 { 129 $err = $e->getMessage(); 130 } 99 elseif ($akey) { 100 try 101 { 102 $recover_res = $core->auth->recoverUserPassword($akey); 103 104 $subject = mb_encode_mimeheader('Dotclear ' . __('Your new password'), 'UTF-8', 'B'); 105 $message = 106 __('Username:') . ' ' . $recover_res['user_id'] . "\n" . 107 __('Password:') . ' ' . $recover_res['new_pass'] . "\n\n" . 108 preg_replace('/\?(.*)$/', '', $page_url); 109 110 $headers[] = 'From: ' . (defined('DC_ADMIN_MAILFROM') && DC_ADMIN_MAILFROM ? DC_ADMIN_MAILFROM : 'dotclear@local'); 111 $headers[] = 'Content-Type: text/plain; charset=UTF-8;'; 112 113 mail::sendMail($recover_res['user_email'], $subject, $message, $headers); 114 $msg = __('Your new password is in your mailbox.'); 115 } catch (Exception $e) { 116 $err = $e->getMessage(); 117 } 131 118 } 132 119 # Change password and retry to log 133 elseif ($change_pwd) 134 { 135 try 136 { 137 $tmp_data = explode('/',$_POST['login_data']); 138 if (count($tmp_data) != 3) { 139 throw new Exception(); 140 } 141 $data = array( 142 'user_id'=>base64_decode($tmp_data[0]), 143 'cookie_admin'=>$tmp_data[1], 144 'user_remember'=>$tmp_data[2]=='1' 145 ); 146 if ($data['user_id'] === false) { 147 throw new Exception(); 148 } 149 150 # Check login informations 151 $check_user = false; 152 if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104) 153 { 154 $user_id = substr($data['cookie_admin'],40); 155 $user_id = @unpack('a32',@pack('H*',$user_id)); 156 if (is_array($user_id)) { 157 $user_id = trim($data['user_id']); 158 $user_key = substr($data['cookie_admin'],0,40); 159 $check_user = $core->auth->checkUser($user_id,null,$user_key) === true; 160 } else { 161 $user_id = trim($user_id); 162 } 163 } 164 165 if (!$core->auth->allowPassChange() || !$check_user) { 166 $change_pwd = false; 167 throw new Exception(); 168 } 169 170 if ($_POST['new_pwd'] != $_POST['new_pwd_c']) { 171 throw new Exception(__("Passwords don't match")); 172 } 173 174 if ($core->auth->checkUser($user_id,$_POST['new_pwd']) === true) { 175 throw new Exception(__("You didn't change your password.")); 176 } 177 178 $cur = $core->con->openCursor($core->prefix.'user'); 179 $cur->user_change_pwd = 0; 180 $cur->user_pwd = $_POST['new_pwd']; 181 $core->updUser($core->auth->userID(),$cur); 182 183 $core->session->start(); 184 $_SESSION['sess_user_id'] = $user_id; 185 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 186 187 if ($data['user_remember']) 188 { 189 setcookie('dc_admin',$data['cookie_admin'],strtotime('+15 days'),'','',DC_ADMIN_SSL); 190 } 191 192 $core->adminurl->redirect('admin.home'); 193 } 194 catch (Exception $e) 195 { 196 $err = $e->getMessage(); 197 } 120 elseif ($change_pwd) { 121 try 122 { 123 $tmp_data = explode('/', $_POST['login_data']); 124 if (count($tmp_data) != 3) { 125 throw new Exception(); 126 } 127 $data = array( 128 'user_id' => base64_decode($tmp_data[0]), 129 'cookie_admin' => $tmp_data[1], 130 'user_remember' => $tmp_data[2] == '1' 131 ); 132 if ($data['user_id'] === false) { 133 throw new Exception(); 134 } 135 136 # Check login informations 137 $check_user = false; 138 if (isset($data['cookie_admin']) && strlen($data['cookie_admin']) == 104) { 139 $user_id = substr($data['cookie_admin'], 40); 140 $user_id = @unpack('a32', @pack('H*', $user_id)); 141 if (is_array($user_id)) { 142 $user_id = trim($data['user_id']); 143 $user_key = substr($data['cookie_admin'], 0, 40); 144 $check_user = $core->auth->checkUser($user_id, null, $user_key) === true; 145 } else { 146 $user_id = trim($user_id); 147 } 148 } 149 150 if (!$core->auth->allowPassChange() || !$check_user) { 151 $change_pwd = false; 152 throw new Exception(); 153 } 154 155 if ($_POST['new_pwd'] != $_POST['new_pwd_c']) { 156 throw new Exception(__("Passwords don't match")); 157 } 158 159 if ($core->auth->checkUser($user_id, $_POST['new_pwd']) === true) { 160 throw new Exception(__("You didn't change your password.")); 161 } 162 163 $cur = $core->con->openCursor($core->prefix . 'user'); 164 $cur->user_change_pwd = 0; 165 $cur->user_pwd = $_POST['new_pwd']; 166 $core->updUser($core->auth->userID(), $cur); 167 168 $core->session->start(); 169 $_SESSION['sess_user_id'] = $user_id; 170 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 171 172 if ($data['user_remember']) { 173 setcookie('dc_admin', $data['cookie_admin'], strtotime('+15 days'), '', '', DC_ADMIN_SSL); 174 } 175 176 $core->adminurl->redirect('admin.home'); 177 } catch (Exception $e) { 178 $err = $e->getMessage(); 179 } 198 180 } 199 181 # Try to log 200 elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) 201 { 202 # We check the user 203 $check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key,false) === true; 204 if ($check_user) { 205 $check_perms = $core->auth->findUserBlog() !== false; 206 } else { 207 $check_perms = false; 208 } 209 210 $cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id. 211 $core->auth->cryptLegacy($user_id)).bin2hex(pack('a32',$user_id)); 212 213 if ($check_perms && $core->auth->mustChangePassword()) 214 { 215 $login_data = join('/',array( 216 base64_encode($user_id), 217 $cookie_admin, 218 empty($_POST['user_remember'])?'0':'1' 219 )); 220 221 if (!$core->auth->allowPassChange()) { 222 $err = __('You have to change your password before you can login.'); 223 } else { 224 $err = __('In order to login, you have to change your password now.'); 225 $change_pwd = true; 226 } 227 } 228 elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) 229 { 230 $err = __('Safe Mode can only be used for super administrators.'); 231 } 232 elseif ($check_perms) 233 { 234 $core->session->start(); 235 $_SESSION['sess_user_id'] = $user_id; 236 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 237 238 if (!empty($_POST['blog'])) { 239 $_SESSION['sess_blog_id'] = $_POST['blog']; 240 } 241 242 if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) { 243 $_SESSION['sess_safe_mode'] = true; 244 } 245 246 if (!empty($_POST['user_remember'])) { 247 setcookie('dc_admin',$cookie_admin,strtotime('+15 days'),'','',DC_ADMIN_SSL); 248 } 249 250 $core->adminurl->redirect('admin.home'); 251 } 252 else 253 { 254 if (isset($_COOKIE['dc_admin'])) { 255 unset($_COOKIE['dc_admin']); 256 setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL); 257 } 258 if ($check_user) { 259 $err = __('Insufficient permissions'); 260 } else { 261 $err = __('Wrong username or password'); 262 } 263 } 182 elseif ($user_id !== null && ($user_pwd !== null || $user_key !== null)) { 183 # We check the user 184 $check_user = $core->auth->checkUser($user_id, $user_pwd, $user_key, false) === true; 185 if ($check_user) { 186 $check_perms = $core->auth->findUserBlog() !== false; 187 } else { 188 $check_perms = false; 189 } 190 191 $cookie_admin = http::browserUID(DC_MASTER_KEY . $user_id . 192 $core->auth->cryptLegacy($user_id)) . bin2hex(pack('a32', $user_id)); 193 194 if ($check_perms && $core->auth->mustChangePassword()) { 195 $login_data = join('/', array( 196 base64_encode($user_id), 197 $cookie_admin, 198 empty($_POST['user_remember']) ? '0' : '1' 199 )); 200 201 if (!$core->auth->allowPassChange()) { 202 $err = __('You have to change your password before you can login.'); 203 } else { 204 $err = __('In order to login, you have to change your password now.'); 205 $change_pwd = true; 206 } 207 } elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) { 208 $err = __('Safe Mode can only be used for super administrators.'); 209 } elseif ($check_perms) { 210 $core->session->start(); 211 $_SESSION['sess_user_id'] = $user_id; 212 $_SESSION['sess_browser_uid'] = http::browserUID(DC_MASTER_KEY); 213 214 if (!empty($_POST['blog'])) { 215 $_SESSION['sess_blog_id'] = $_POST['blog']; 216 } 217 218 if (!empty($_POST['safe_mode']) && $core->auth->isSuperAdmin()) { 219 $_SESSION['sess_safe_mode'] = true; 220 } 221 222 if (!empty($_POST['user_remember'])) { 223 setcookie('dc_admin', $cookie_admin, strtotime('+15 days'), '', '', DC_ADMIN_SSL); 224 } 225 226 $core->adminurl->redirect('admin.home'); 227 } else { 228 if (isset($_COOKIE['dc_admin'])) { 229 unset($_COOKIE['dc_admin']); 230 setcookie('dc_admin', false, -600, '', '', DC_ADMIN_SSL); 231 } 232 if ($check_user) { 233 $err = __('Insufficient permissions'); 234 } else { 235 $err = __('Wrong username or password'); 236 } 237 } 264 238 } 265 239 266 240 if (isset($_GET['user'])) { 267 241 $user_id = $_GET['user']; 268 242 } 269 243 … … 293 267 ?> 294 268 295 269 <link rel="stylesheet" href="style/default.css" type="text/css" media="screen" /> 296 270 297 271 <?php … … 300 274 ?> 301 275 302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 276 <script type="text/javascript"> 277 $(window).load(function() { 278 var uid = $('input[name=user_id]'); 279 var upw = $('input[name=user_pwd]'); 280 uid.focus(); 281 282 if (upw.length == 0) { return; } 283 284 uid.keypress(processKey); 285 286 function processKey(evt) { 287 if (evt.which == 13 && upw.val() == '') { 288 upw.focus(); 289 return false; 290 } 291 return true; 292 }; 293 $.cookie('dc_admin_test_cookie',true); 294 if ($.cookie('dc_admin_test_cookie')) { 295 $('#cookie_help').hide(); 296 $.cookie('dc_admin_test_cookie', '', {'expires': -1}); 297 } else { 298 $('#cookie_help').show(); 299 } 300 $('#issue #more').toggleWithLegend($('#issue').children().not('#more')); 301 }); 302 </script> 329 303 </head> 330 304 … … 336 310 <?php 337 311 if ($err) { 338 echo '<div class="error" role="alert">'.$err.'</div>';312 echo '<div class="error" role="alert">' . $err . '</div>'; 339 313 } 340 314 if ($msg) { 341 echo '<p class="success" role="alert">'.$msg.'</p>'; 342 } 343 344 if ($akey) 345 { 346 echo '<p><a href="'.$core->adminurl->get('admin.auth').'">'.__('Back to login screen').'</a></p>'; 347 } 348 elseif ($recover) 349 { 350 echo 351 '<div class="fieldset" role="main"><h2>'.__('Request a new password').'</h2>'. 352 '<p><label for="user_id">'.__('Username:').'</label> '. 353 form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id)).'</p>'. 354 355 '<p><label for="user_email">'.__('Email:').'</label> '. 356 form::field(array('user_email','user_email'),20,255,html::escapeHTML($user_email)).'</p>'. 357 358 '<p><input type="submit" value="'.__('recover').'" />'. 359 form::hidden(array('recover'),1).'</p>'. 360 '</div>'. 361 362 '<div id="issue">'. 363 '<p><a href="'.$core->adminurl->get('admin.auth').'">'.__('Back to login screen').'</a></p>'. 364 '</div>'; 365 } 366 elseif ($change_pwd) 367 { 368 echo 369 '<div class="fieldset"><h2>'.__('Change your password').'</h2>'. 370 '<p><label for="new_pwd">'.__('New password:').'</label> '. 371 form::password(array('new_pwd','new_pwd'),20,255).'</p>'. 372 373 '<p><label for="new_pwd_c">'.__('Confirm password:').'</label> '. 374 form::password(array('new_pwd_c','new_pwd_c'),20,255).'</p>'. 375 '</div>'. 376 377 '<p><input type="submit" value="'.__('change').'" />'. 378 form::hidden('login_data',$login_data).'</p>'; 379 } 380 else 381 { 382 if (is_callable(array($core->auth,'authForm'))) 383 { 384 echo $core->auth->authForm($user_id); 385 } 386 else 387 { 388 if ($safe_mode) { 389 echo '<div class="fieldset" role="main">'; 390 echo '<h2>'.__('Safe mode login').'</h2>'; 391 echo 392 '<p class="form-note">'. 393 __('This mode allows you to login without activating any of your plugins. This may be useful to solve compatibility problems').' </p>'. 394 '<p class="form-note">'.__('Disable or delete any plugin suspected to cause trouble, then log out and log back in normally.'). 395 '</p>'; 396 } 397 else { 398 echo '<div class="fieldset" role="main">'; 399 } 400 401 echo 402 '<p><label for="user_id">'.__('Username:').'</label> '. 403 form::field(array('user_id','user_id'),20,32,html::escapeHTML($user_id)).'</p>'. 404 405 '<p><label for="user_pwd">'.__('Password:').'</label> '. 406 form::password(array('user_pwd','user_pwd'),20,255).'</p>'. 407 408 '<p>'. 409 form::checkbox(array('user_remember','user_remember'),1). 410 '<label for="user_remember" class="classic">'. 411 __('Remember my ID on this device').'</label></p>'. 412 413 '<p><input type="submit" value="'.__('log in').'" class="login" /></p>'; 414 415 if (!empty($_REQUEST['blog'])) { 416 echo form::hidden('blog',html::escapeHTML($_REQUEST['blog'])); 417 } 418 if($safe_mode) { 419 echo 420 form::hidden('safe_mode',1). 421 '</div>'; 422 } 423 else { 424 echo '</div>'; 425 } 426 echo 427 '<p id="cookie_help" class="error">'.__('You must accept cookies in order to use the private area.').'</p>'; 428 429 echo '<div id="issue">'; 430 431 if ($safe_mode) { 432 echo 433 '<p><a href="'.$core->adminurl->get('admin.auth').'" id="normal_mode_link">'.__('Get back to normal authentication').'</a></p>'; 434 } else { 435 echo '<p id="more"><strong>'.__('Connection issue?').'</strong></p>'; 436 if ($core->auth->allowPassChange()) { 437 echo '<p><a href="'.$core->adminurl->get('admin.auth',array('recover' => 1)).'">'.__('I forgot my password').'</a></p>'; 438 } 439 echo '<p><a href="'.$core->adminurl->get('admin.auth',array('safe_mode' => 1)).'" id="safe_mode_link">'.__('I want to log in in safe mode').'</a></p>'; 440 } 441 442 echo '</div>'; 443 } 315 echo '<p class="success" role="alert">' . $msg . '</p>'; 316 } 317 318 if ($akey) { 319 echo '<p><a href="' . $core->adminurl->get('admin.auth') . '">' . __('Back to login screen') . '</a></p>'; 320 } elseif ($recover) { 321 echo 322 '<div class="fieldset" role="main"><h2>' . __('Request a new password') . '</h2>' . 323 '<p><label for="user_id">' . __('Username:') . '</label> ' . 324 form::field(array('user_id', 'user_id'), 20, 32, html::escapeHTML($user_id)) . '</p>' . 325 326 '<p><label for="user_email">' . __('Email:') . '</label> ' . 327 form::field(array('user_email', 'user_email'), 20, 255, html::escapeHTML($user_email)) . '</p>' . 328 329 '<p><input type="submit" value="' . __('recover') . '" />' . 330 form::hidden(array('recover'), 1) . '</p>' . 331 '</div>' . 332 333 '<div id="issue">' . 334 '<p><a href="' . $core->adminurl->get('admin.auth') . '">' . __('Back to login screen') . '</a></p>' . 335 '</div>'; 336 } elseif ($change_pwd) { 337 echo 338 '<div class="fieldset"><h2>' . __('Change your password') . '</h2>' . 339 '<p><label for="new_pwd">' . __('New password:') . '</label> ' . 340 form::password(array('new_pwd', 'new_pwd'), 20, 255, array('autocomplete' => 'new-password')) . '</p>' . 341 342 '<p><label for="new_pwd_c">' . __('Confirm password:') . '</label> ' . 343 form::password(array('new_pwd_c', 'new_pwd_c'), 20, 255, array('autocomplete' => 'new-password')) . '</p>' . 344 '</div>' . 345 346 '<p><input type="submit" value="' . __('change') . '" />' . 347 form::hidden('login_data', $login_data) . '</p>'; 348 } else { 349 if (is_callable(array($core->auth, 'authForm'))) { 350 echo $core->auth->authForm($user_id); 351 } else { 352 if ($safe_mode) { 353 echo '<div class="fieldset" role="main">'; 354 echo '<h2>' . __('Safe mode login') . '</h2>'; 355 echo 356 '<p class="form-note">' . 357 __('This mode allows you to login without activating any of your plugins. This may be useful to solve compatibility problems') . ' </p>' . 358 '<p class="form-note">' . __('Disable or delete any plugin suspected to cause trouble, then log out and log back in normally.') . 359 '</p>'; 360 } else { 361 echo '<div class="fieldset" role="main">'; 362 } 363 364 echo 365 '<p><label for="user_id">' . __('Username:') . '</label> ' . 366 form::field(array('user_id', 'user_id'), 20, 32, html::escapeHTML($user_id)) . '</p>' . 367 368 '<p><label for="user_pwd">' . __('Password:') . '</label> ' . 369 form::password(array('user_pwd', 'user_pwd'), 20, 255, array('autocomplete' => 'current-password')) . '</p>' . 370 371 '<p>' . 372 form::checkbox(array('user_remember', 'user_remember'), 1) . 373 '<label for="user_remember" class="classic">' . 374 __('Remember my ID on this device') . '</label></p>' . 375 376 '<p><input type="submit" value="' . __('log in') . '" class="login" /></p>'; 377 378 if (!empty($_REQUEST['blog'])) { 379 echo form::hidden('blog', html::escapeHTML($_REQUEST['blog'])); 380 } 381 if ($safe_mode) { 382 echo 383 form::hidden('safe_mode', 1) . 384 '</div>'; 385 } else { 386 echo '</div>'; 387 } 388 echo 389 '<p id="cookie_help" class="error">' . __('You must accept cookies in order to use the private area.') . '</p>'; 390 391 echo '<div id="issue">'; 392 393 if ($safe_mode) { 394 echo 395 '<p><a href="' . $core->adminurl->get('admin.auth') . '" id="normal_mode_link">' . __('Get back to normal authentication') . '</a></p>'; 396 } else { 397 echo '<p id="more"><strong>' . __('Connection issue?') . '</strong></p>'; 398 if ($core->auth->allowPassChange()) { 399 echo '<p><a href="' . $core->adminurl->get('admin.auth', array('recover' => 1)) . '">' . __('I forgot my password') . '</a></p>'; 400 } 401 echo '<p><a href="' . $core->adminurl->get('admin.auth', array('safe_mode' => 1)) . '" id="safe_mode_link">' . __('I want to log in in safe mode') . '</a></p>'; 402 } 403 404 echo '</div>'; 405 } 444 406 } 445 407 ?>
Note: See TracChangeset
for help on using the changeset viewer.