search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Fix #11417: Allow EVENT_MENU_MAIN plugin events to return null
[mantis/radio.git] / login_page.php
blobb7520a57e9858b3b96c42d37eeacbfa3190e826c
1 <?php
2 # MantisBT - A PHP based bugtracking system
3
4 # MantisBT is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 2 of the License, or
7 # (at your option) any later version.
8 #
9 # MantisBT is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with MantisBT. If not, see <http://www.gnu.org/licenses/>.
16
17 /**
18 * Login page POSTs results to login.php
19 * Check to see if the user is already logged in
20 *
21 * @package MantisBT
22 * @copyright Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
23 * @copyright Copyright (C) 2002 - 2010 MantisBT Team - mantisbt-dev@lists.sourceforge.net
24 * @link http://www.mantisbt.org
25 *
26 * @uses core.php
27 * @uses authentication_api.php
28 * @uses config_api.php
29 * @uses constant_inc.php
30 * @uses current_user_api.php
31 * @uses database_api.php
32 * @uses gpc_api.php
33 * @uses html_api.php
34 * @uses lang_api.php
35 * @uses print_api.php
36 * @uses string_api.php
37 * @uses user_api.php
38 * @uses utility_api.php
39 */
40
41 require_once( 'core.php' );
42 require_api( 'authentication_api.php' );
43 require_api( 'config_api.php' );
44 require_api( 'constant_inc.php' );
45 require_api( 'current_user_api.php' );
46 require_api( 'database_api.php' );
47 require_api( 'gpc_api.php' );
48 require_api( 'html_api.php' );
49 require_api( 'lang_api.php' );
50 require_api( 'print_api.php' );
51 require_api( 'string_api.php' );
52 require_api( 'user_api.php' );
53 require_api( 'utility_api.php' );
54
55 if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
56 print_header_redirect( config_get( 'default_home_page' ) );
57 }
58
59 $f_error = gpc_get_bool( 'error' );
60 $f_cookie_error = gpc_get_bool( 'cookie_error' );
61 $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) );
62 $f_username = gpc_get_string( 'username', '' );
63 $f_perm_login = gpc_get_bool( 'perm_login', false );
64 $f_secure_session = gpc_get_bool( 'secure_session', false );
65 $f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null );
66
67 $t_session_validation = ( ON == config_get_global( 'session_validation' ) );
68
69 # Check for automatic logon methods where we want the logon to just be handled by login.php
70 if ( auth_automatic_logon_bypass_form() ) {
71 $t_uri = "login.php";
72
73 if ( ON == config_get( 'allow_anonymous_login' ) ) {
74 $t_uri = "login_anon.php";
75 }
76
77 if ( !is_blank( $f_return ) ) {
78 $t_uri .= "?return=" . string_url( $f_return );
79 }
80
81 print_header_redirect( $t_uri );
82 exit;
83 }
84
85 # Login page shouldn't be indexed by search engines
86 html_robots_noindex();
87
88 html_page_top1();
89 html_page_top2a();
90
91 echo '<br /><div align="center">';
92
93 # Display short greeting message
94 # echo lang_get( 'login_page_info' ) . '<br />';
95
96 # Only echo error message if error variable is set
97 if ( $f_error ) {
98 echo '<font color="red">' . lang_get( 'login_error' ) . '</font>';
99 }
100 if ( $f_cookie_error ) {
101 echo lang_get( 'login_cookies_disabled' ) . '<br />';
102 }
103
104 # Determine if secure_session should default on or off?
105 # - If no errors, and no cookies set, default to on.
106 # - If no errors, but cookie is set, use the cookie value.
107 # - If errors, use the value passed in.
108 if ( $t_session_validation ) {
109 if ( !$f_error && !$f_cookie_error ) {
110 $t_default_secure_session = ( is_null( $f_secure_session_cookie ) ? true : $f_secure_session_cookie );
111 } else {
112 $t_default_secure_session = $f_secure_session;
113 }
114 }
115
116 echo '</div>';
117 ?>
118
119 <!-- Login Form BEGIN -->
120 <br />
121 <div align="center">
122 <form name="login_form" method="post" action="login.php">
123 <?php # CSRF protection not required here - form does not result in modifications ?>
124 <table class="width50" cellspacing="1">
125 <tr>
126 <td class="form-title">
127 <?php
128 if ( !is_blank( $f_return ) ) {
129 ?>
130 <input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
131 <?php
132 }
133 echo lang_get( 'login_title' ) ?>
134 </td>
135 <td class="right">
136 <?php
137 if ( ON == config_get( 'allow_anonymous_login' ) ) {
138 print_bracket_link( 'login_anon.php?return=' . string_url( $f_return ), lang_get( 'login_anonymously' ) );
139 }
140 ?>
141 </td>
142 </tr>
143 <tr class="row-1">
144 <td class="category">
145 <?php echo lang_get( 'username' ) ?>
146 </td>
147 <td>
148 <input type="text" name="username" size="28" maxlength="<?php echo USERLEN;?>" value="<?php echo string_attribute( $f_username ); ?>" />
149 </td>
150 </tr>
151 <tr class="row-2">
152 <td class="category">
153 <?php echo lang_get( 'password' ) ?>
154 </td>
155 <td>
156 <input type="password" name="password" size="16" maxlength="<?php echo PASSLEN;?>" />
157 </td>
158 </tr>
159 <tr class="row-1">
160 <td class="category">
161 <?php echo lang_get( 'save_login' ) ?>
162 </td>
163 <td>
164 <input type="checkbox" name="perm_login" <?php echo ( $f_perm_login ? 'checked="checked" ' : '' ) ?>/>
165 </td>
166 </tr>
167 <?php if ( $t_session_validation ) { ?>
168 <tr class="row-2">
169 <td class="category">
170 <?php echo lang_get( 'secure_session' ) ?>
171 </td>
172 <td>
173 <input type="checkbox" name="secure_session" <?php echo ( $t_default_secure_session ? 'checked="checked" ' : '' ) ?>/>
174 <?php echo '<span class="small">' . lang_get( 'secure_session_long' ) . '</span>' ?>
175 </td>
176 </tr>
177 <?php } ?>
178 <tr>
179 <td class="center" colspan="2">
180 <input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
181 </td>
182 </tr>
183 </table>
184 </form>
185 </div>
186
187 <?php
188 echo '<br /><div align="center">';
189 print_signup_link();
190 echo '&nbsp;';
191 print_lost_password_link();
192 echo '</div>';
193
194 #
195 # Do some checks to warn administrators of possible security holes.
196 # Since this is considered part of the admin-checks, the strings are not translated.
197 #
198
199 if ( config_get_global( 'admin_checks' ) == ON ) {
200
201 # Generate a warning if administrator/root is valid.
202 $t_admin_user_id = user_get_id_by_name( 'administrator' );
203 if ( $t_admin_user_id !== false ) {
204 if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
205 echo '<div class="warning" align="center">', "\n";
206 echo "\t", '<p><font color="red">', lang_get( 'warning_default_administrator_account_present' ), '</font></p>', "\n";
207 echo '</div>', "\n";
208 }
209 }
210
211 # Check if the admin directory is available and is readable.
212 $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
213 if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
214 echo '<div class="warning" align="center">', "\n";
215 echo '<p><font color="red">', lang_get( 'warning_admin_directory_present' ), '</font></p>', "\n";
216 echo '</div>', "\n";
217
218 # since admin directory and db_upgrade lists are available check for missing db upgrades
219 # Check for db upgrade for versions < 1.0.0 using old upgrader
220 $t_db_version = config_get( 'database_version' , 0 );
221 # if db version is 0, we haven't moved to new installer.
222 if ( $t_db_version == 0 ) {
223 $t_upgrade_count = 0;
224 if ( db_table_exists( db_get_table( 'upgrade' ) ) ) {
225 $query = "SELECT COUNT(*) from " . db_get_table( 'upgrade' ) . ";";
226 $result = db_query_bound( $query );
227 if ( db_num_rows( $result ) > 0 ) {
228 $t_upgrade_count = (int)db_result( $result );
229 }
230 }
231
232 if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
233
234 # new config table database version is 0.
235 # old upgrade tables exist.
236 # assume user is upgrading from <1.0 and therefore needs to update to 1.x before upgrading to 1.2
237 echo '<div class="warning" align="center">';
238 echo '<p><font color="red">', lang_get( 'error_database_version_out_of_date_1' ), '</font></p>';
239 echo '</div>';
240 } else {
241 # old upgrade tables do not exist, yet config database_version is 0
242 echo '<div class="warning" align="center">';
243 echo '<p><font color="red">', lang_get( 'error_database_no_schema_version' ), '</font></p>';
244 echo '</div>';
245 }
246 }
247
248 # Check for db upgrade for versions > 1.0.0 using new installer and schema
249 require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' );
250 $t_upgrades_reqd = count( $upgrade ) - 1;
251
252 if ( ( 0 < $t_db_version ) &&
253 ( $t_db_version != $t_upgrades_reqd ) ) {
254
255 if ( $t_db_version < $t_upgrades_reqd ) {
256 echo '<div class="warning" align="center">';
257 echo '<p><font color="red">', lang_get( 'error_database_version_out_of_date_2' ), '</font></p>';
258 echo '</div>';
259 } else {
260 echo '<div class="warning" align="center">';
261 echo '<p><font color="red">', lang_get( 'error_code_version_out_of_date' ), '</font></p>';
262 echo '</div>';
263 }
264 }
265 }
266
267 } # if 'admin_checks'
268 ?>
269
270 <!-- Autofocus JS -->
271 <?php if ( ON == config_get( 'use_javascript' ) ) { ?>
272 <script type="text/javascript" language="JavaScript">
273 <!--
274 window.document.login_form.<?php if ( is_blank( $f_username ) ) { echo 'username'; } else { echo 'password'; } ?>.focus();
275 // -->
276 </script>
277 <?php
278 }
279
280 html_page_bottom1a( __FILE__ );