login.php

   1 <?php
   2 # MantisBT - A PHP based bugtracking system
   3
   4 # MantisBT is free software: you can redistribute it and/or modify
   5 # it under the terms of the GNU General Public License as published by
   6 # the Free Software Foundation, either version 2 of the License, or
   7 # (at your option) any later version.
   8 #
   9 # MantisBT is distributed in the hope that it will be useful,
  10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12 # GNU General Public License for more details.
  13 #
  14 # You should have received a copy of the GNU General Public License
  15 # along with MantisBT.  If not, see <http://www.gnu.org/licenses/>.
  16
  17 /**
  18  * Check login then redirect to main_page.php or to login_page.php
  19  *
  20  * @package MantisBT
  21  * @copyright Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
  22  * @copyright Copyright (C) 2002 - 2011  MantisBT Team - mantisbt-dev@lists.sourceforge.net
  23  * @link http://www.mantisbt.org
  24  *
  25  * @uses core.php
  26  * @uses authentication_api.php
  27  * @uses config_api.php
  28  * @uses constant_inc.php
  29  * @uses gpc_api.php
  30  * @uses print_api.php
  31  * @uses session_api.php
  32  * @uses string_api.php
  33  */
  34
  35 /**
  36  * MantisBT Core API's
  37  */
  38 require_once( 'core.php' );
  39 require_api( 'authentication_api.php' );
  40 require_api( 'config_api.php' );
  41 require_api( 'constant_inc.php' );
  42 require_api( 'gpc_api.php' );
  43 require_api( 'print_api.php' );
  44 require_api( 'session_api.php' );
  45 require_api( 'string_api.php' );
  46
  47 $f_username             = gpc_get_string( 'username', '' );
  48 $f_password             = gpc_get_string( 'password', '' );
  49 $f_perm_login   = gpc_get_bool( 'perm_login' );
  50 $t_return               = string_url( string_sanitize_url( gpc_get_string( 'return', config_get( 'default_home_page' ) ) ) );
  51 $f_from                 = gpc_get_string( 'from', '' );
  52 $f_secure_session = gpc_get_bool( 'secure_session', false );
  53
  54 $f_username = auth_prepare_username($f_username);
  55 $f_password = auth_prepare_password($f_password);
  56
  57 gpc_set_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', $f_secure_session ? '1' : '0' );
  58
  59 if ( auth_attempt_login( $f_username, $f_password, $f_perm_login ) ) {
  60         session_set( 'secure_session', $f_secure_session );
  61
  62         $t_redirect_url = 'login_cookie_test.php?return=' . $t_return;
  63
  64 } else {
  65         $t_redirect_url = 'login_page.php?return=' . $t_return .
  66                 '&error=1&username=' . urlencode( $f_username ) .
  67                 '&perm_login=' . ( $f_perm_login ? 1 : 0 ) .
  68                 '&secure_session=' . ( $f_secure_session ? 1 : 0 );
  69
  70         if ( HTTP_AUTH == config_get( 'login_method' ) ) {
  71                 auth_http_prompt();
  72                 exit;
  73         }
  74 }
  75
  76 print_header_redirect( $t_redirect_url );