[ Index ]

PHP Cross Reference of phpwcms V1.4.3 _r380 (23.11.09)

title

Body

[close]

/ -> login.php (source)

   1  <?php
   2  /*************************************************************************************
   3     Copyright notice
   4     
   5     (c) 2002-2009 Oliver Georgi (oliver@phpwcms.de) // All rights reserved.
   6   
   7     This script is part of PHPWCMS. The PHPWCMS web content management system is
   8     free software; you can redistribute it and/or modify it under the terms of
   9     the GNU General Public License as published by the Free Software Foundation;
  10     either version 2 of the License, or (at your option) any later version.
  11    
  12     The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html
  13     A copy is found in the textfile GPL.txt and important notices to the license 
  14     from the author is found in LICENSE.txt distributed with these scripts.
  15    
  16     This script is distributed in the hope that it will be useful, but WITHOUT ANY 
  17     WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A
  18     PARTICULAR PURPOSE.  See the GNU General Public License for more details.
  19   
  20     This copyright notice MUST APPEAR in all copies of the script!
  21  *************************************************************************************/
  22  
  23  // session_name('hashID');
  24  session_start();
  25  
  26  $phpwcms    = array();
  27  $BL            = array();
  28  
  29  require_once ('./config/phpwcms/conf.inc.php');
  30  require_once  ('./include/inc_lib/default.inc.php');
  31  require_once  (PHPWCMS_ROOT.'/include/inc_lib/dbcon.inc.php');
  32  
  33  require_once  (PHPWCMS_ROOT.'/include/inc_lib/general.inc.php');
  34  require_once  (PHPWCMS_ROOT.'/include/inc_lib/backend.functions.inc.php');
  35  require_once  (PHPWCMS_ROOT.'/include/inc_lang/code.lang.inc.php');
  36  
  37  $_SESSION['REFERER_URL'] = PHPWCMS_URL.get_login_file();
  38  
  39  // define vars
  40  $err         = 0;
  41  $wcs_user     = '';
  42  
  43  // where user should be redirected too after login
  44  if(!empty($_POST['ref_url'])) {
  45      $ref_url = xss_clean($_POST['ref_url']);
  46  } elseif(!empty($_GET['ref'])) {
  47      $ref_url = xss_clean(rawurldecode($_GET['ref']));
  48  } else {
  49      $ref_url = '';
  50  }
  51  
  52  
  53  // reset all inactive users
  54  $sql  = "UPDATE ".DB_PREPEND."phpwcms_userlog SET ";
  55  $sql .= "logged_in = 0, logged_change = '".time()."' ";
  56  $sql .= "WHERE logged_in = 1 AND ( ".time()." - logged_change ) > ".intval($phpwcms["max_time"]);
  57  mysql_query($sql, $db);
  58  
  59  
  60  //load default language EN
  61  require_once  (PHPWCMS_ROOT.'/include/inc_lang/backend/en/lang.inc.php');
  62  
  63  //define language and check if language file is available
  64  if(isset($_COOKIE['phpwcmsBELang'])) {
  65      $temp_lang = strtoupper( substr( trim( $_COOKIE['phpwcmsBELang'] ), 0, 2 ) );
  66      if( isset( $BL[ $temp_lang ] ) ) {
  67          $_SESSION["wcs_user_lang"] = strtolower($temp_lang);
  68      } else {
  69          setcookie('phpwcmsBELang', '', time()-3600 );
  70      }
  71  }
  72  if(isset($_POST['form_lang'])) {
  73      $_SESSION["wcs_user_lang"] = strtolower(substr(clean_slweg($_POST['form_lang']), 0, 2));
  74      set_language_cookie();
  75  }
  76  if(empty($_SESSION["wcs_user_lang"])) {
  77      $_SESSION["wcs_user_lang"] = strtolower( isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? substr( $_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2 ) : $phpwcms["default_lang"] );
  78  } else {
  79      $_SESSION["wcs_user_lang"] = strtolower( substr($_SESSION["wcs_user_lang"], 0, 2 ) );
  80  }
  81  if(isset($BL[strtoupper($_SESSION["wcs_user_lang"])]) && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php')) {
  82      $_SESSION["wcs_user_lang_custom"] = 1;
  83  } else {
  84      $_SESSION["wcs_user_lang"]             = 'en'; //by ono
  85      $_SESSION["wcs_user_lang_custom"]     = 0;
  86  }
  87  if(!empty($_SESSION["wcs_user_lang_custom"])) { 
  88      //use custom lang if available -> was set in login.php
  89      $BL['merge_lang_array'][0] = $BL['be_admin_optgroup_label'];
  90      $BL['merge_lang_array'][1] = $BL['be_cnt_field'];    
  91      include_once (PHPWCMS_ROOT.'/include/inc_lang/backend/'.$_SESSION["wcs_user_lang"].'/lang.inc.php');
  92      $BL['be_admin_optgroup_label'] = array_merge($BL['merge_lang_array'][0], $BL['be_admin_optgroup_label']);
  93      $BL['be_cnt_field'] = array_merge($BL['merge_lang_array'][1], $BL['be_cnt_field']);
  94  }
  95  
  96  //WYSIWYG EDITOR:
  97  //0 = no wysiwyg editor (default)
  98  //1 = CKEditor
  99  //2 = FCKeditor
 100  $phpwcms["wysiwyg_editor"]        = abs(intval($phpwcms["wysiwyg_editor"]));
 101  if($phpwcms["wysiwyg_editor"] > 2) {
 102      $phpwcms["wysiwyg_editor"] = 1;
 103  }
 104  $_SESSION["WYSIWYG_EDITOR"]        = $phpwcms["wysiwyg_editor"];
 105  $wysiwyg_template                = '';
 106  
 107  if($phpwcms["wysiwyg_editor"]) {
 108                      
 109      if(!empty($phpwcms['wysiwyg_template']['FCKeditor'])) {
 110          $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['FCKeditor']);
 111      } elseif(!empty($phpwcms['wysiwyg_template']['CKEditor'])) {
 112          $wysiwyg_template = convertStringToArray($phpwcms['wysiwyg_template']['CKEditor']);
 113      }
 114      
 115      if(empty($wysiwyg_template) || count($wysiwyg_template) == 0) {
 116          $wysiwyg_template = array('Basic');
 117      }
 118  
 119  }
 120  
 121  if(isset($_POST['form_aktion']) && $_POST['form_aktion'] == 'login' && isset($_POST['json']) && $_POST['json'] == '1') {
 122  
 123      $login_passed = 0;
 124      $wcs_user = slweg($_POST['form_loginname']);
 125      $wcs_pass = slweg($_POST['md5pass']);
 126      
 127      $sql_query =    "SELECT * FROM ".DB_PREPEND."phpwcms_user WHERE usr_login='".
 128                      aporeplace($wcs_user)."' AND usr_pass='".
 129                      aporeplace($wcs_pass)."' AND usr_aktiv=1 AND (usr_fe=1 OR usr_fe=2)";
 130  
 131      if($result = mysql_query($sql_query)) {
 132          if($row = mysql_fetch_assoc($result)) {
 133              $_SESSION["wcs_user"]            = $wcs_user;
 134              $_SESSION["wcs_user_name"]         = ($row["usr_name"]) ? $row["usr_name"] : $wcs_user;
 135              $_SESSION["wcs_user_id"]        = $row["usr_id"];
 136              $_SESSION["wcs_user_aktiv"]        = $row["usr_aktiv"];
 137              $_SESSION["wcs_user_rechte"]    = $row["usr_rechte"];
 138              $_SESSION["wcs_user_email"]        = $row["usr_email"];
 139              $_SESSION["wcs_user_avatar"]    = $row["usr_avatar"];
 140              $_SESSION["wcs_user_logtime"]    = time();
 141              $_SESSION["wcs_user_admin"]        = intval($row["usr_admin"]);
 142              $_SESSION["wcs_user_thumb"]        = 1;
 143              if($row["usr_lang"]) {
 144                  $_SESSION["wcs_user_lang"]    = $row["usr_lang"];
 145              }
 146              
 147              set_language_cookie();
 148                          
 149              $_SESSION["structure"]            = @unserialize($row["usr_var_structure"]);
 150              $_SESSION["klapp"]                = @unserialize($row["usr_var_privatefile"]);
 151              $_SESSION["pklapp"]                = @unserialize($row["usr_var_publicfile"]);
 152              $row["usr_vars"]                = @unserialize($row["usr_vars"]);
 153              $_SESSION["WYSIWYG_TEMPLATE"]    = empty($row["usr_vars"]['template']) || !in_array($row["usr_vars"]['template'], $wysiwyg_template) ? $wysiwyg_template[0] : $row["usr_vars"]['template'];
 154              
 155              $row["usr_wysiwyg"]                = abs(intval($row["usr_wysiwyg"]));
 156              // Fallback to FCKeditor?
 157              $_SESSION["WYSIWYG_EDITOR"]        = $row["usr_wysiwyg"] > 2 ? 2 : $row["usr_wysiwyg"];
 158              
 159              $login_passed = 1;
 160          }
 161          mysql_free_result($result);
 162      }
 163      
 164      if($login_passed) {
 165          //Schreiben der Login-Daten in Datenbank
 166          $check = mysql_query(    "SELECT COUNT(*) FROM ".DB_PREPEND."phpwcms_userlog WHERE logged_user='".
 167                                  aporeplace($wcs_user)."' AND logged_in=1", $db );
 168          if($row = mysql_fetch_row($check)) {
 169              if(!$row[0]) {
 170                  //Wenn kein User geführt wird, dann neu anlegen
 171                  mysql_query("INSERT INTO ".DB_PREPEND."phpwcms_userlog ".
 172                              "(logged_user, logged_username, logged_start, logged_change, ".
 173                              "logged_in, logged_ip) VALUES ('".
 174                              aporeplace($wcs_user)."', '".aporeplace($_SESSION["wcs_user_name"])."', ".time().", ".
 175                              time().", 1, '".aporeplace(getRemoteIP())."')", $db );                
 176              }
 177          }
 178          mysql_free_result($check);
 179          $_SESSION['PHPWCMS_ROOT'] = PHPWCMS_ROOT;
 180          set_status_message('Welcome '.$wcs_user.'!');
 181          if($ref_url) {
 182              headerRedirect($ref_url.'&'.session_name().'='.session_id());
 183          } else {
 184              headerRedirect(PHPWCMS_URL."phpwcms.php?". session_name().'='.session_id());
 185          }
 186  
 187      } else {
 188          $err = 1;
 189      }
 190  
 191  } elseif(isset($_POST['json']) && intval($_POST['json']) != 1) {
 192  
 193      $err = 1;
 194  
 195  }
 196  
 197  ?>
 198  <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 199  <html xmlns="http://www.w3.org/1999/xhtml">
 200  
 201  <head>
 202      <title><?php echo $BL['be_page_title'] . ' - ' . PHPWCMS_HOST ?></title>
 203      <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
 204      <meta name="robots" content="noindex, nofollow" />
 205      <link href="include/inc_css/login.css" rel="stylesheet" type="text/css" />
 206      <script language="JavaScript" type="text/javascript" src="include/inc_js/phpwcms.js"></script>
 207      <script language="JavaScript" type="text/javascript" src="include/inc_js/md5.js"></script>
 208  <?php
 209  
 210  if(isset($_SESSION["wcs_user_lang"]) && $_SESSION["wcs_user_lang"] == 'ar') {
 211      echo '    <style type="text/css">' . LF . '<!--' . LF . '* {direction: rtl;}' . LF . '//-->' . LF . '</style>';
 212  } elseif(strtolower($phpwcms['default_lang']) == 'ar') {
 213      echo '    <style type="text/css">' . LF . '<!--' . LF . '* {direction: rtl;}' . LF . '//-->' . LF . '</style>';
 214  }
 215  
 216  ?>
 217  </head>
 218  
 219  <body>
 220  <table width="504" border="0" align="center" cellpadding="0" cellspacing="0" summary="Login Screen">
 221    <tr>
 222      <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="12" /></td>
 223    </tr>
 224    <tr>
 225      <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2.jpg" alt="phpwcms" width="122" height="31" border="0" hspace="18" /></a></td>
 226    </tr>
 227    <tr>
 228      <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="7" /></td>
 229    </tr>
 230    <tr>
 231      <td colspan="3"><a href="index.php" target="_top"><img src="img/backend/preinfo2_r4_c2.jpg" alt="phpwcms" width="504" height="154" border="0" /></a></td>
 232    </tr>
 233    <tr>
 234      <td colspan="3"><img src="img/leer.gif" alt="" width="1" height="11" /></td>
 235    </tr>
 236    <tr>
 237      <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c2.gif" alt="" width="15" height="15" border="0" /></td>
 238      <td width="474" bgcolor="#FFFFFF" style="width:474px;"><img src="img/backend/preinfo2_r6_c3.gif" alt="" width="474" height="15" border="0" /></td>
 239      <td width="15" style="width:15px;"><img src="img/backend/preinfo2_r6_c7.gif" alt="" width="15" height="15" border="0" /></td>
 240    </tr>
 241    <tr>
 242      <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF">&nbsp;</td>
 243      <td bgcolor="#FFFFFF" style="padding-left:3px;padding-right:3px;" id="loginFormArea">
 244          <div class="error" style="font-weight:bold;padding:0 0 15px 0;font-size:12px;text-align:center"><?php
 245      
 246              echo $BL['be_login_jsinfo'];
 247      
 248          ?></div></td>
 249      <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF">&nbsp;</td>
 250    </tr>
 251    <tr>
 252      <td style="background-image:url(img/backend/preinfo2_r7_c2.gif);background-repeat:repeat-y;" bgcolor="#FFFFFF">&nbsp;</td>
 253      <td bgcolor="#FFFFFF" style="padding: 0 3px 5px 3px;">
 254          <strong><a href="http://www.phpwcms.de" target="_blank" style="text-decoration:none;">phpwcms</a></strong> 
 255          Copyright &copy; 2003&#8212;<?php echo date('Y'); ?>
 256          Oliver Georgi. Extensions are copyright of their respective owners.
 257          Visit <a href="http://www.phpwcms.de" target="_blank">http://www.phpwcms.de</a> for
 258          details. phpwcms is free software released under <a href="http://www.fsf.org/licensing/licenses/gpl.html" target="_blank">GPL</a> 
 259          and comes WITHOUT ANY WARRANTY. Obstructing the appearance of this notice is prohibited  by law. 
 260      </td>
 261      <td style="background-image:url(img/backend/preinfo2_r7_c7.gif);background-repeat:repeat-y;background-position:right;" bgcolor="#FFFFFF">&nbsp;</td>
 262    </tr>
 263    <tr>
 264      <td><img src="img/backend/preinfo2_r9_c2.gif" alt="" width="15" height="15" border="0" /></td>
 265      <td bgcolor="#FFFFFF"><img src="img/backend/preinfo2_r9_c3.gif" alt="" width="474" height="15" border="0" /></td>
 266      <td><img src="img/backend/preinfo2_r9_c7.gif" alt="" width="15" height="15" border="0" /></td>
 267    </tr>
 268  </table>
 269  <?php
 270  
 271  // get whole login form and keep in buffer
 272  ob_start();
 273  
 274  //<div id="loginForm" style="display:none;">
 275  
 276  ?>
 277  <form action="<?php echo PHPWCMS_URL.get_login_file() ?>" method="post" name="login_formular" id="login_formular" style="margin:0;padding:0;" onsubmit="return login(this);" autocomplete="off">
 278  <input type="hidden" name="json" id="json" value="0" />
 279  <input type="hidden" name="md5pass" id="md5pass" value="" autocomplete="off" />
 280  <input type="hidden" name="ref_url" value="<?php echo html_entities($ref_url) ?>" />
 281  <input name="form_aktion" type="hidden" id="form_aktion" value="login" />
 282  <?php 
 283        
 284      echo '<h1>'.$BL["login_text"].'</h1>';
 285      
 286      if(file_exists(PHPWCMS_ROOT.'/setup')) {
 287          echo '<div class="error" style="margin-top:10px;">'.$BL["setup_dir_exists"].'</div>';
 288      }
 289      if(file_exists(PHPWCMS_ROOT.'/phpwcms_code_snippets')) {
 290          echo '<div class="error" style="margin-top:10px;">'.$BL["phpwcms_code_snippets_dir_exists"].'</div>';
 291      }
 292      
 293      if(isset($_POST['json']) && $_POST['json'] == 2) $err = 0;
 294      
 295      if($err) {
 296          echo '<div class="error" style="margin-top:10px;font-weight:bold;">'.$BL["login_error"].'</div>';
 297      }
 298      
 299      echo '<div class="error" style="margin-top:10px;font-weight:bold;display:none;" id="jserr">'.$BL["login_error"].'</div>';    
 300      
 301      ?>    
 302  
 303      <table border="0" cellpadding="0" cellspacing="0" summary="Login Form" style="margin:15px 0 20px 10px">
 304          <tr>
 305            <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_username"] ?>:&nbsp;</td>
 306            <td class="v10"><input name="form_loginname" type="text" id="form_loginname" style="width:250px;" size="30" maxlength="30" value="<?php echo html_specialchars($wcs_user); ?>" /></td>
 307            </tr>
 308          <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="3" /></td></tr>
 309          <tr>
 310            <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_userpass"] ?>:&nbsp;</td>
 311            <td class="v10"><input name="form_password" type="password" id="form_password" style="width:250px;" size="30" maxlength="40" /></td>
 312            </tr>
 313          <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="4" /></td></tr>
 314          <tr>
 315            <td align="right" nowrap="nowrap" class="v10"><?php echo $BL["login_lang"] ?>:&nbsp;</td>
 316            <td class="v10"><select name="form_lang" id="form_lang" style="width:250px;" onchange="getObjectById('json').value='2';login(this.form);">
 317              <?php
 318  // check available languages installed and build language selector menu
 319  $lang_dirs = opendir(PHPWCMS_ROOT.'/include/inc_lang/backend');
 320  $lang_code = array();
 321  while($lang_codes = readdir( $lang_dirs )) {
 322      if( $lang_codes != "." && $lang_codes != ".." && is_file(PHPWCMS_ROOT.'/include/inc_lang/backend/'.$lang_codes."/lang.inc.php")) {
 323          $lang_code[$lang_codes]  = '<option value="'.$lang_codes.'"';
 324          $lang_code[$lang_codes] .= ($lang_codes == $_SESSION["wcs_user_lang"]) ? ' selected="selected"' : '';
 325          $lang_code[$lang_codes] .= '>';
 326          $lang_code[$lang_codes] .= (isset($BL[strtoupper($lang_codes)])) ? $BL[strtoupper($lang_codes)] : strtoupper($lang_codes);
 327          $lang_code[$lang_codes] .= '</option>';
 328      }
 329  }
 330  closedir( $lang_dirs );
 331  ksort($lang_code);
 332  
 333  echo implode(LF, $lang_code);
 334  
 335  ?>
 336            </select></td>
 337            </tr>
 338          <tr><td colspan="2"><img src="img/leer.gif" alt="" width="1" height="10" /></td></tr>
 339          <tr>
 340            <td>&nbsp;</td>
 341            <td><input name="submit_form" type="submit" value="<?php echo $BL["login_button"] ?>" /></td>
 342            </tr>
 343      </table>
 344      </form>
 345  <?php
 346  
 347  //</div>
 348  
 349  $formAll = ob_get_contents();
 350  ob_end_clean();
 351  
 352  $formAll = str_replace( "'", "\'", trim($formAll) );
 353  $formAll = str_replace( "\r", '', $formAll );
 354  //$formAll = str_replace( "\n", '', $formAll );
 355  $formAll = str_replace( "\n", "';\nlf += '", $formAll );
 356  $formAll = str_replace( '<', "<'+'", $formAll );
 357  
 358  ?>
 359  <script type="text/javascript">
 360  <!--
 361  var lf  = '<?php echo $formAll ?>';
 362  getObjectById('loginFormArea').innerHTML = lf;
 363  getObjectById('form_loginname').focus();
 364  //-->
 365  </script>
 366  </body>
 367  </html>


Generated: Wed Dec 30 05:55:15 2009 Cross-referenced by PHPXref 0.7