[ Index ] |
PHP Cross Reference of phpwcms V1.4.7 _r403 (01.11.10) |
[Summary view] [Print] [Text view]
1 <?php 2 /************************************************************************************* 3 Copyright notice 4 5 (c) 2002-2010 Oliver Georgi (oliver@phpwcms.de) // All rights reserved. 6 7 This script is part of PHPWCMS. The PHPWCMS web content management system is 8 free software; you can redistribute it and/or modify it under the terms of 9 the GNU General Public License as published by the Free Software Foundation; 10 either version 2 of the License, or (at your option) any later version. 11 12 The GNU General Public License can be found at http://www.gnu.org/copyleft/gpl.html 13 A copy is found in the textfile GPL.txt and important notices to the license 14 from the author is found in LICENSE.txt distributed with these scripts. 15 16 This script is distributed in the hope that it will be useful, but WITHOUT ANY 17 WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A 18 PARTICULAR PURPOSE. See the GNU General Public License for more details. 19 20 This copyright notice MUST APPEAR in all copies of the script! 21 *************************************************************************************/ 22 23 // ---------------------------------------------------------------- 24 // obligate check for phpwcms constants 25 if (!defined('PHPWCMS_ROOT')) { 26 die("You Cannot Access This Script Directly, Have a Nice Day."); 27 } 28 // ---------------------------------------------------------------- 29 30 31 // frontend login 32 33 $CNT_TMP .= headline($crow["acontent_title"], $crow["acontent_subtitle"], $template_default["article"]); 34 35 if(!empty($crow["acontent_template"]) && is_file(PHPWCMS_TEMPLATE.'inc_cntpart/felogin/'.$crow["acontent_template"])) { 36 37 $_loginData = @unserialize($crow["acontent_form"]); 38 39 $_loginData['template'] = @file_get_contents(PHPWCMS_TEMPLATE.'inc_cntpart/felogin/'.$crow["acontent_template"]); 40 41 $_loginData['form'] = get_tmpl_section('LOGIN_FORM', $_loginData['template']); 42 $_loginData['logged_in'] = get_tmpl_section('LOGIN_IS', $_loginData['template']); 43 44 $_loginData['register'] = get_tmpl_section('PROFILE_REGISTER', $_loginData['template']); 45 $_loginData['manage'] = get_tmpl_section('PROFILE_MANAGE', $_loginData['template']); 46 47 $_loginData['reminder'] = get_tmpl_section('REMINDER_FORM', $_loginData['template']); 48 $_loginData['reminder_success'] = get_tmpl_section('REMINDER_SUCCESS', $_loginData['template']); 49 $_loginData['reminder_email'] = get_tmpl_section('REMINDER_EMAIL', $_loginData['template']); 50 51 52 $_loginData['session_key'] = session_id(); 53 54 $_loginData['template'] = $_loginData['form']; 55 $_loginData['error'] = false; 56 $_loginData['login'] = ''; 57 $_loginData['password'] = ''; 58 $_loginData['remember'] = 0; 59 $_loginData['remind_data'] = ''; 60 61 62 $_loginData['felogin_profile_registration'] = empty($_loginData['felogin_profile_registration']) ? 0 : 1; 63 $_loginData['felogin_profile_manage'] = empty($_loginData['felogin_profile_manage']) ? 0 : 1; 64 $_loginData['validate_db']['userdetail'] = empty($_loginData['felogin_validate_userdetail']) ? 0 : 1; 65 $_loginData['validate_db']['backenduser'] = empty($_loginData['felogin_validate_backenduser']) ? 0 : 1; 66 67 // handle Login 68 if(isset($_POST['feLogin'])) { 69 70 $_loginData['login'] = slweg($_POST['feLogin']); 71 $_loginData['password'] = slweg($_POST['fePassword']); 72 $_loginData['remember'] = empty($_POST['feRemember']) ? 0 : 1; 73 74 $_loginData['query_result'] = _checkFrontendUserLogin($_loginData['login'], md5($_loginData['password']), $_loginData['validate_db']); 75 76 // ok, and now check if we got valid login data 77 if($_loginData['query_result'] !== false && is_array($_loginData['query_result']) && count($_loginData['query_result'])) { 78 79 $_SESSION[ $_loginData['session_key'] ] = $_loginData['login']; 80 $_SESSION[ $_loginData['session_key'].'_userdata'] = _getFrontendUserBaseData($_loginData['query_result']); 81 82 if($_loginData['remember'] && !empty($_loginData['felogin_cookie_expire'])) { 83 84 setcookie( 'phpwcmsFeLoginRemember', 85 $_loginData['login'].'##-|-##'.md5($_loginData['password']).'##-|-##'.$_loginData['validate_db']['userdetail'].'##-|-##'.$_loginData['validate_db']['backenduser'], 86 time()+$_loginData['felogin_cookie_expire'], '/', getCookieDomain() ); 87 88 } 89 90 } else { 91 92 $_loginData['error'] = true; 93 94 } 95 96 } elseif(isset($_POST['feReminder'])) { 97 98 $_loginData['remind_data'] = slweg($_POST['feReminder']); 99 100 // check if valid email - send login 101 if( $_loginData['remind_data'] && is_valid_email($_loginData['remind_data']) ) { 102 103 if($_loginData['validate_db']['userdetail']) { 104 $sql = 'SELECT detail_login AS LOGIN, detail_email AS EMAIL FROM '.DB_PREPEND."phpwcms_userdetail WHERE LOWER(detail_email)='"; 105 $sql .= aporeplace(strtolower($_loginData['remind_data']))."' LIMIT 1"; 106 $result = _dbQuery($sql); 107 } 108 109 // hm, seems no user found - OK test against cms users 110 if($_loginData['validate_db']['backenduser'] && !isset($result[0])) { 111 $sql = 'SELECT usr_login AS LOGIN, usr_email AS EMAIL FROM '.DB_PREPEND.'phpwcms_user WHERE '; 112 $sql .= "LOWER(usr_email)='".aporeplace(strtolower($_loginData['remind_data']))."' LIMIT 1"; 113 $result = _dbQuery($sql); 114 } 115 116 if(isset($result[0])) { 117 $_loginData['remind_login'] = $result[0]; 118 } 119 120 // otherwise check login and send password 121 } elseif($_loginData['remind_data']) { 122 123 if($_loginData['validate_db']['userdetail']) { 124 $sql = 'SELECT detail_id, detail_login AS LOGIN, detail_email AS EMAIL FROM '.DB_PREPEND."phpwcms_userdetail WHERE "; 125 $sql .= "detail_login='".aporeplace($_loginData['remind_data'])."' LIMIT 1"; 126 $result = _dbQuery($sql); 127 128 if(isset($result[0])) { 129 $result[0]['PASSWORD'] = generic_string(8); 130 _dbUpdate('phpwcms_userdetail', array('detail_password'=>md5($result[0]['PASSWORD'])), 'WHERE detail_id='.$result[0]['detail_id']); 131 $_loginData['remind_password'] = $result[0]; 132 } 133 } 134 135 // hm, seems no user found - OK test against cms users 136 if($_loginData['validate_db']['backenduser'] && !isset($result[0])) { 137 $sql = 'SELECT usr_id, usr_login AS LOGIN, usr_email AS EMAIL FROM '.DB_PREPEND.'phpwcms_user WHERE '; 138 $sql .= "usr_login='".aporeplace($_loginData['remind_data'])."' LIMIT 1"; 139 $result = _dbQuery($sql); 140 141 if(isset($result[0])) { 142 $result[0]['PASSWORD'] = generic_string(8); 143 _dbUpdate('phpwcms_user', array('usr_pass'=>md5($result[0]['PASSWORD'])), 'WHERE usr_id='.$result[0]['usr_id']); 144 $_loginData['remind_password'] = $result[0]; 145 } 146 } 147 } 148 149 if(isset($_loginData['remind_password']) || isset($_loginData['remind_login'])) { 150 151 $_loginData['reminder'] = $_loginData['reminder_success']; 152 153 $_loginData['LOGIN_URL'] = 'index.php'.returnGlobalGET_QueryString('', array(), array('profile_manage', 'profile_register', 'profile_reminder') ); 154 155 $_loginData['reminder_email'] = str_replace('{LOGIN_URL}', PHPWCMS_URL . $_loginData['LOGIN_URL'], $_loginData['reminder_email']); 156 157 if(isset($_loginData['remind_password'])) { 158 159 $_loginData['reminder_email'] = str_replace('{LOGIN}', $_loginData['remind_password']['LOGIN'], $_loginData['reminder_email']); 160 $_loginData['reminder_email'] = str_replace('{PASSWORD}', $_loginData['remind_password']['PASSWORD'], $_loginData['reminder_email']); 161 $_loginData['reminder_to'] = $_loginData['remind_password']['EMAIL']; 162 163 $_loginData['reminder_email_body'] = returnTagContent( $_loginData['reminder_email'], 'PASSWORD_EMAIL' ); 164 $_loginData['reminder_email_body'] = $_loginData['reminder_email_body']['tag']; 165 166 } else { 167 168 $_loginData['reminder_email'] = str_replace('{LOGIN}', $_loginData['remind_login']['LOGIN'], $_loginData['reminder_email']); 169 $_loginData['reminder_to'] = $_loginData['remind_login']['EMAIL']; 170 171 $_loginData['reminder_email_body'] = returnTagContent( $_loginData['reminder_email'], 'LOGIN_EMAIL' ); 172 $_loginData['reminder_email_body'] = $_loginData['reminder_email_body']['tag']; 173 174 } 175 176 $_loginData['reminder_email_subject'] = returnTagContent( $_loginData['reminder_email'], 'SUBJECT' ) ; 177 $_loginData['reminder_email_subject'] = trim( $_loginData['reminder_email_subject']['tag'] ); 178 179 @sendEmail( array( 'recipient' => $_loginData['reminder_to'], 180 'subject' => $_loginData['reminder_email_subject'], 181 'text' => $_loginData['reminder_email_body'] 182 ) ); 183 184 185 } else { 186 187 $_loginData['error'] = true; 188 189 } 190 191 } 192 193 // register profile default 194 $_loginData['get_profile_register'] = 'create'; 195 $_loginData['get_profile_manage'] = 'edit'; 196 197 198 199 if(_getFeUserLoginStatus()) { 200 201 // proof if "former" redirect URL is known and redirect 202 if(!empty($_SESSION['LOGIN_REDIRECT'])) { 203 $linkto = $_SESSION['LOGIN_REDIRECT']; 204 unset($_SESSION['LOGIN_REDIRECT']); 205 headerRedirect($linkto); 206 207 // user is logged in 208 } elseif(isset($_POST['feLogin'])) { 209 210 headerRedirect(decode_entities(FE_CURRENT_URL)); 211 212 } 213 214 // manage account 215 if($_loginData['felogin_profile_manage'] && isset($_getVar['profile_manage'])) { 216 217 $_loginData['get_profile_manage'] = strval($_getVar['profile_manage']); 218 219 $_loginData['template'] = $_loginData['manage']; 220 221 } else { 222 223 $_loginData['template'] = $_loginData['logged_in']; 224 $_loginData['template'] = str_replace('{LOGIN}', html_specialchars( $_SESSION[ $_loginData['session_key'] ] ), $_loginData['template']); 225 226 } 227 228 // check if user can register and if register form should be displayed 229 } elseif($_loginData['felogin_profile_registration'] && isset($_getVar['profile_register'])) { 230 231 $_loginData['get_profile_register'] = strval($_getVar['profile_register']); 232 233 $_loginData['template'] = $_loginData['register']; 234 235 } elseif(isset($_POST['feReminder']) || isset($_getVar['profile_reminder'])) { 236 237 $_loginData['template'] = render_cnt_template($_loginData['reminder'], 'ERROR', ($_loginData['error'] ? 'login/email wrong' : '') ); 238 $_loginData['template'] = render_cnt_template($_loginData['template'], 'REMINDER', html_specialchars($_loginData['remind_data']) ); 239 240 } else { 241 242 $_loginData['template'] = render_cnt_template($_loginData['template'], 'ERROR', ($_loginData['error'] ? 'login/pass wrong' : '') ); 243 $_loginData['template'] = render_cnt_template($_loginData['template'], 'LOGIN', html_specialchars($_loginData['login'])); 244 $_loginData['template'] = render_cnt_template($_loginData['template'], 'PASSWORD', ''); 245 $_loginData['template'] = render_cnt_template($_loginData['template'], 'REMEMBER', ($_loginData['remember'] ? ' checked="checked"' : '') ); 246 247 } 248 249 // check register profile 250 if($_loginData['felogin_profile_registration']) { 251 // possible -> set link to form 252 $_loginData['uri'] = 'index.php'.returnGlobalGET_QueryString('htmlentities', array('profile_register'=>$_loginData['get_profile_register']), array('profile_manage', 'profile_reminder') ); 253 $_loginData['template'] = render_cnt_template($_loginData['template'], 'REGISTER_PROFILE', $_loginData['uri'] ); 254 } else { 255 // not possible 256 $_loginData['template'] = render_cnt_template($_loginData['template'], 'REGISTER_PROFILE', '' ); 257 } 258 259 // check manage profile 260 if($_loginData['felogin_profile_manage']) { 261 // possible -> set link to form 262 $_loginData['uri'] = 'index.php'.returnGlobalGET_QueryString('htmlentities', array('profile_manage'=>$_loginData['get_profile_manage']), array('profile_register', 'profile_reminder') ); 263 $_loginData['template'] = render_cnt_template($_loginData['template'], 'MANAGE_PROFILE', $_loginData['uri'] ); 264 } else { 265 // not possible 266 $_loginData['template'] = render_cnt_template($_loginData['template'], 'MANAGE_PROFILE', '' ); 267 } 268 269 $_loginData['uri'] = 'index.php'.returnGlobalGET_QueryString('htmlentities', array('profile_reminder'=>'1'), array('profile_manage', 'profile_register') ); 270 $_loginData['template'] = render_cnt_template($_loginData['template'], 'REMINDER_FORM', $_loginData['uri'] ); 271 272 $_loginData['uri'] = 'index.php'.returnGlobalGET_QueryString('htmlentities', array(), array('profile_manage', 'profile_register', 'profile_reminder') ); 273 $CNT_TMP .= str_replace(array('{FORM_TARGET}', '{LOGIN_URL}'), $_loginData['uri'], $_loginData['template']); 274 275 } 276 277 ?>
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Tue Nov 16 22:51:00 2010 | Cross-referenced by PHPXref 0.7 |