• Main Page
  • Related Pages
  • Namespaces
  • Data Structures
  • Files
  • Examples
  • File List
  • Globals

cms/login.lib.php

Go to the documentation of this file.
00001 <?php
00002 if(!defined('__PRAGYAN_CMS'))
00003 { 
00004         header($_SERVER['SERVER_PROTOCOL'].' 403 Forbidden');
00005         echo "<h1>403 Forbidden<h1><h4>You are not authorized to access the page.</h4>";
00006         echo '<hr/>'.$_SERVER['SERVER_SIGNATURE'];
00007         exit(1);
00008 }
00016 function resetPasswd($allow_login) {
00017         if((!isset($_POST['user_email']))&&(!isset($_GET['key']))) {
00018                 $resetPasswd =<<<RESET
00019                                         <form class="registrationform" method="POST" name="user_passreset" onsubmit="return checkForm(this)" action="./+login&subaction=resetPasswd">
00020                                                 <fieldset>
00021                                                 <legend>Reset Password</legend>
00022                                                         <table>
00023                                                                 <tr>
00024                                                                         <td><label for="user_email"  class="labelrequired">Email</label></td>
00025                                                                         <td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00026                                                                 </tr>
00027                                                                 <tr>
00028                                                                         <td colspan="2">&nbsp;</td>
00029                                                                 </tr>
00030                                                                 <tr>
00031                                                                         <td><input type="submit" id="submitbutton" value="Submit"></td>
00032                                                                         <td>
00033 RESET;
00034                 if($allow_login)
00035                         $resetPasswd .="<a href='./+login&subaction=register'>Sign Up</a> ";
00036                         $resetPasswd .= "<a href='./+login'>Login</a></td>
00037                                                                 </tr>
00038                                                         </table>
00039                                                 </fieldset>
00040                                         </form>";
00041                 return $resetPasswd;
00042         }
00043         elseif(!isset($_GET['key'])) {
00044                                                 $user_email = escape($_GET['user_email']);
00045                                                 if (!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", escape($_POST['user_email'])))
00046                                                         displayerror("Invalid Email Id. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00047                                                 else {
00048                                                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='".escape($_POST[user_email])."' ";
00049                                                         $result = mysql_query($query);
00050                                                         $temp = mysql_fetch_assoc($result);
00051                                                         if (mysql_num_rows($result) == 0)
00052                                                                 displayerror("E-mail not in registered accounts list. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00053                                                         elseif ($temp['user_activated'] == 0) {
00054                                                                 displayerror("Account not yet activated.<b>Please check your email</b> and click on the activation link. <a href=\"./+login&subaction=register&reSendKey=1\">Resend activation mail?</a><br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00055                                                         } else {
00056                                                                 
00057                                                                 $key = md5($temp['user_password'].'xXc'.substr($temp['user_email'],1,2));
00058                                                                 
00059                                                                 // send mail code starts here - see common.lib.php for more
00060 //                                                              $from = "no-reply@pragyan.org";
00061                                                                 $to = "$temp[user_email]";
00062                                                                 $mailtype = "password_forgot_reset";
00063                                                                 $language = "en";
00064                                                                 
00065                                                                 $messenger = new messenger(false);
00066                                                                 global $onlineSiteUrl;
00067                                                                 $messenger->assign_vars(array('RESETPASS_URL'=>"$onlineSiteUrl/+login&subaction=resetPasswd&resetPasswd=$temp[user_email]&key=$key", 'NAME'=>"$temp[user_fullname]", 'WEBSITE'=>CMS_TITLE, 'DOMAIN' => $onlineSiteUrl));
00068                                 
00069                                                                 if ($messenger->mailer($to,$mailtype,$key))
00070                                                                         displayinfo("Password reset link sent. Kindly check your e-mail. <br /><input type=\"button\" onclick=\"history.go(-2)\" value=\"Go back\" />");
00071                                                                 else 
00072                                                                         displayerror("Password reset failed. Kindly contact webadmin@pragyan.org");
00073                                                                 // send mail code ends here
00074                                                                 
00075                                                         }
00076                                                 }
00077         }
00078         else {
00079                                         $key = escape($_GET['key']);
00080                                         $user_email = escape($_GET['resetPasswd']);
00081                                         $password = rand();
00082                                         $dbpassword = md5($password);
00083                                         $query = "SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "users` WHERE `user_email`='" . $user_email . "'";
00084                                         $result = mysql_query($query);
00085                                         $temp = mysql_fetch_assoc($result);
00086                                         if ($key == md5($temp['user_password'].'xXc'.substr($temp['user_email'],1,2))) {
00087                                                 $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users`  SET `user_password`='$dbpassword' WHERE `user_email`='$user_email'";
00088                                                 $result = mysql_query($query);
00089                                                 if (mysql_affected_rows() > 0) { 
00090                                                         // send mail code starts here
00091 //                                                      $from = "no-reply@pragyan.org";
00092                                                         $to = "$temp[user_email]";
00093                                                         $mailtype = "password_reset";
00094                                                         $language = "en";
00095                                                         
00096                                                         $messenger = new messenger(false);
00097                                                         global $onlineSiteUrl;
00098                                                         $messenger->assign_vars(array('PASSWORD'=>"$password",'NAME'=>"$temp[user_fullname]", 'WEBSITE'=>CMS_TITLE, 'DOMAIN'=>$onlineSiteUrl));
00099                         
00100                                                         if ($messenger->mailer($to,$mailtype,$key))
00101                                                                 displayinfo("Password reset. Kindly check your e-mail.");
00102                                                         else 
00103                                                                 displayerror("Password reset failed. Kindly contact administrator");
00104                                                         // send mail code ends here
00105                         
00106                                                 }
00107                                         } else
00108                                                 displayinfo(safe_html("Authentication failure for password reset for $user_email"));
00109         }
00110         return "";
00111 }
00123 function openid_endpoint($openid_url){
00124     
00129 if(function_exists('filter_input')) {
00130     if( ! filter_input(INPUT_POST, "openid_identifier", FILTER_VALIDATE_URL)) {
00131       $error = "Error: OpenID Identifier is not in proper format.";
00132     }
00133   }
00134   else 
00135     {
00136       // Found this on Google. Seems to match most valid URLs. Feel free to modify or replace.
00137       if( ! eregi("^((https?)://)?(((www\.)?[^ ]+\.[com|org|net|edu|gov|us]))([^ ]+)?$",$openid_url)) {
00138         $error = "Error: OpenID Identifier is not in proper format.";
00139       }
00140     }   
00142   if ( ! isset($error)) {
00146     $_SESSION['openid_url'] = $openid_url;
00147 
00151     $openid = new Dope_OpenID($openid_url);
00158     global $rewriteEngineEnabled;
00159 
00163     if($rewriteEngineEnabled=='true')
00164       $returnURL="http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php?action=login&subaction=openid_verify";
00165     else
00166       $returnURL="http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/?action=login&subaction=openid_verify";
00167 
00168     $openid->setReturnURL($returnURL);
00169 
00177     $openid->SetTrustRoot("http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME']));
00178     
00189     $openid->setOptionalInfo(array('nickname','fullname','email'));
00190                 
00191                 
00199     //$openid->setPapePolicies('http://schemas.openid.net/pape/policies/2007/06/phishing-resistant ');
00200                 
00208     //$openid->setPapeMaxAuthAge(120);
00209                 
00210    
00212     
00213     $endpoint_url = $openid->getOpenIDEndpoint();
00214     if($endpoint_url){
00216       $_SESSION['openid_endpoint_url'] = $endpoint_url;
00218       $openid->redirect();
00220       exit;
00221     }
00222     else{
00229       $the_error = $openid->getError();
00230       $error = "Error Code: {$the_error['code']}<br />";
00231       $error .= "Error Description: {$the_error['description']}<br />";
00232     }
00233   }
00234   
00235 }
00266 function openid_login($userdata){
00267   $userdata['openid_url']=escape($_GET['openid_identity']);
00269   $query="SELECT * FROM `" . MYSQL_DATABASE_PREFIX . "openid_users` WHERE `openid_url` = '". $userdata['openid_url'] . "';";
00270 
00271   $result=mysql_query($query) or die(mysql_error(). " in openid_login() inside login.lib.php while executing query for openid_row");
00272   $openid_row=mysql_fetch_array($result);
00273   if($openid_row)
00274     { 
00275       //print_r($row);
00277       $userid=$openid_row['user_id'];
00278       
00279     
00281         $userdetails = getUserInfo(getUserEmail($userid));
00282         
00283         if(!$userdetails)
00284         {
00285                 displayerror("Your openid registration is corrupted. Please contact site administrator.");
00286                 return;
00287         }
00289         if($userdetails && ($userdetails['user_activated']==0))
00290         {
00291                         displayerror("Your account is not activated. Please verify your account using the email sent to you during registration or contact site administrator.");
00292                         return;
00293         }
00294     
00296       $query = "SELECT `user_lastlogin` FROM `". MYSQL_DATABASE_PREFIX .  "users` WHERE `user_id`=".$openid_row['user_id']. ";";
00297       $result=mysql_query($query) or die(mysql_error(). " in openid_login() inside login.lib.php while trying to fetch last login");
00298       $last_login_row=mysql_fetch_array($result);
00299       $_SESSION['last_to_last_login_datetime']=$last_login_row['user_lastlogin'];
00300       
00302       $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` =". $openid_row['user_id']. ";" ;
00303       mysql_query($query) or die(mysql_error() . " in openid_login() inside login.lib.php while trying to update the last login");
00305       setAuth($openid_row['user_id']);
00306                                         
00307       return $openid_row['user_id'];
00308                 
00309     }
00310   else
00311     {
00321       //Save the OpenID url first in Session
00322       $_SESSION['openid_url']=$userdata['openid_url'];
00323       $_SESSION['openid_email']=$userdata['email'];
00324       if(array_key_exists('email',$userdata))
00325         {
00327           $userdetails = getUserInfo($userdata['email']);
00328           $userid= $userdetails['user_id'];
00330           if($userdetails && ($userdetails['user_activated']==0))
00331                 {
00332                         displayerror("Your account is not activated. Please verify your account using the email sent to you during registration or contact site administrator.");
00333                         return;
00334                 }
00335           if($userdetails && $userdetails['user_activated'] && ($userdetails['user_loginmethod']!='openid'))
00336             {
00339               $username=getUserName($userid);
00340               displayinfo("<ul><li>An account with your Email was found in our record already. This mean you are already registered as a user.</li>".
00341                           "<li>You just need to provide your password of your existing account to link your OpenID with.</li>".
00342                           "<li> This is a one time step after which you can use your OpenID account to Login.</li></ul>");
00343               $cmstitle=CMS_TITLE;
00344                $openid_pass_form=<<<OPENIDPASS
00345                 
00346         <form method="POST" class="registrationform" name="openid_pass"  action="./home/+login&subaction=openid_pass">
00347                 <fieldset>
00348                  <legend>Password for the existing account </legend>
00349                                             Please Enter the Password of the pre-existing account on $cmstitle
00350                 <input type="hidden" name="email" value="${userdata['email']}" />                                                                                                                     
00351         <table>
00352 
00353 <tr><td>Username</td>
00354 
00355 <td>$username</td></tr>
00356 
00357 <tr><td>Email</td>
00358 <td>${userdata['email']}</td></tr>
00359  <tr><td><label for="user_password" class="labelrequired">Password</label></td>
00360                                       <td><input type="password" name="user_password"  id="user_password"  class="required" /><br /></td>
00361                                       </tr>
00362                                       <tr>
00363                                       <td><input type="submit" value="Submit" /></td>
00364                                       
00365                                                                             </tr>
00366                                                                             </table>
00367                                                                             </fieldset>
00368                                                                             </form>
00369 OPENIDPASS;
00370               return $openid_pass_form;
00371 
00372             }
00373 
00374           else
00375             {
00382               displayinfo("Seems like you are using this OpenID for the first time. We just need your full name to continue.");
00383               $openid_detail_form=<<<OPENIDFORM
00384         <form method="POST" class="registrationform" name="quick_openid_reg"  action="./home/+login&subaction=quick_openid_reg">
00385         <fieldset>
00386         <legend>Just give us your Full name</legend>
00387         <table>
00388         <tr>
00389         <td><label for="user_email"  class="labelrequired">Email</label></td>
00390         <td><input type="text" name="user_email" value="${userdata['email']}"  id="user_email" class="required" readonly="true" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00391         </tr>
00392 
00393         <tr>
00394         <td><label for="user_name">Full Name</label></td>
00395         <td><input type="text" name="user_name" value="${userdata['fullname']}"  id="user_name" class="required"/><br /></td>
00396         </tr>
00397 
00398         <tr>
00399         <td><input type="submit" value="Submit" /></td>
00400         
00401         </tr>
00402     
00403         </table>
00404         </fieldset>
00405         </form>
00406 OPENIDFORM;
00407                     return $openid_detail_form;
00408             
00409            
00410             
00411             }
00412         }
00413       else
00414         {
00418           displayerror("The OpenID provider didn't return your Email Address. Please configure your Provider to provide your Email address");
00419           return;
00420         }
00421       
00422                                      
00423       
00424     }
00425 }
00426 
00427 function loginForm($allow_login=1)
00428 {
00429   global $urlRequestRoot;
00430   global $cmsFolder;
00431   $openidFolder=$urlRequestRoot.'/'.$cmsFolder.'/openid';
00432         $openid_login_str =<<<OPENIDLOGIN
00433 
00434         <!-- Simple OpenID Selector -->
00435         <link rel="stylesheet" href="$openidFolder/css/openid.css" />
00436  
00437         <script type="text/javascript" src="$openidFolder/js/openid-jquery.js.php?imgpath=$openidFolder/images/"></script>
00438         <script type="text/javascript">
00439         $(document).ready(function() {
00440             openid.init('openid_identifier');
00441         });
00442         </script>
00443         <!-- /Simple OpenID Selector -->
00444 
00445                                         <script language="javascript" type="text/javascript">
00446                                         <!--
00447                                         function checkLoginForm(inputhandler) {
00448                                                 if(inputhandler.user_password.value.length==0) {
00449                                                         alert("Blank password not allowed.");
00450                                                         return false;
00451                                                 }
00452                                                 return checkEmail(this.user_email);
00453                                         }
00454                                         -->
00455                                         </script>
00456 
00457 <fieldset>
00458 <legend>Login With your OpenID</legend>
00459 <!-- Simple OpenID Selector -->
00460 <form action="./+login&subaction=openid_login" method="post" id="openid_form">
00461         <input type="hidden" name="process" value="1" />
00462         
00463                            <p> Sign-in using your existing account on popular websites
00464 <br>Please click your account provider:</p>
00465 
00466                 <div id="openid_choice">
00467     
00468                         <div id="openid_btns"></div>
00469                         </div>
00470                         
00471                         <div id="openid_input_area">
00472                                 <input id="openid_identifier" name="openid_identifier" type="text" value="http://" />
00473                                 <br/>
00474                                 <input id="openid_submit" type="submit" value="Sign-In"/>
00475                         </div>
00476                         <noscript>
00477                         <p>OpenID is service that allows you to log-on to many different websites using a single
00478  indentity.
00479                         Find out <a href="http://openid.net/what/">more about OpenID</a> and <a href="http://openid.net/get/">how to get an OpenID enabled account</a>.</p>
00480                         </noscript>
00481         
00482 </form>
00483 <!-- /Simple OpenID Selector -->
00484 </fieldset>
00485 OPENIDLOGIN;
00486         $login_str=<<<LOGIN
00487                                         <script language="javascript" type="text/javascript">
00488                                         <!--
00489                                         function checkLoginForm(inputhandler) {
00490                                                 if(inputhandler.user_password.value.length==0) {
00491                                                         alert("Blank password not allowed.");
00492                                                         return false;
00493                                                 }
00494                                                 return checkEmail(this.user_email);
00495                                         }
00496                                         -->
00497                                         </script>
00498                                         <form method="POST" class="registrationform" name="user_loginform" id="pragyan_loginform" onsubmit="return checkLoginForm(this);" action="./+login" autocomplete="off">
00499                                                 <fieldset>
00500                                                 <legend>Login</legend>
00501                                                         <table cellspacing=0 cellpadding=0>
00502                                                                 <tr>
00503                                                                         <td><label for="user_email"  class="labelrequired">Email</label></td>
00504                                                                         <td><input type="text" name="user_email" id="user_email" class="required" onchange="if(this.length!=0) return checkEmail(this);"/><br /></td>
00505                                                                 </tr>
00506                                                                 <tr><td><label for="user_password" class="labelrequired">Password</label></td>
00507                                                                         <td><input type="password" name="user_password"  id="user_password"  class="required" /><br /></td>
00508                                                                 </tr>
00509                                                                 <tr>
00510                                                                         <td><input type="submit" value="Login" /></td>
00511                                                                         <td><a href="./+login&subaction=resetPasswd">Lost Password?</a> 
00512 LOGIN;
00513         if($allow_login)
00514                 $login_str .= "<a href=\"./+login&subaction=register\">Sign Up</a>";
00515                 $login_str .= "</td>
00516                                                                 </tr>
00517                                                         </table>
00518                                                 </fieldset>
00519                                         </form>";
00520         global $openid_enabled;
00521         if($openid_enabled=='true')
00522           return $openid_login_str.$login_str;
00523         else
00524           return $login_str;
00525 }
00526 
00531 function login() {
00532   $allow_login_query = "SELECT `value` FROM `".MYSQL_DATABASE_PREFIX."global` WHERE `attribute` = 'allow_login'";
00533   $allow_login_result = mysql_query($allow_login_query);
00534   $allow_login_result = mysql_fetch_array($allow_login_result);
00535   if(isset($_GET['subaction'])) {
00536     if($_GET['subaction']=="resetPasswd") {
00537       return resetPasswd($allow_login_result[0]);
00538     }
00539    if($allow_login_result[0])
00540     if($_GET['subaction']=="register") {
00541       require_once("registration.lib.php");
00542       return register();
00543     }
00544     global $openid_enabled;
00545     if(($openid_enabled=='true')&&($allow_login_result[0])){
00546       if($_GET['subaction']=="openid_login")
00547         {
00548           if(isset($_POST['process']))
00549             {
00550               $openid_url = trim($_POST['openid_identifier']);
00551               openid_endpoint($openid_url);
00552             }
00553         }
00554       if($_GET['subaction']=="openid_verify"){
00555         if($_GET['openid_mode'] != "cancel")
00556           {
00557           
00558             $openid_url = $_GET['openid_identity'];             // Get the user's OpenID Identity as returned to us from the OpenID Provider
00559             $openid = new Dope_OpenID($openid_url);               //Create a new Dope_OpenID object.
00560             $validate_result = $openid->validateWithServer();   //validate to see if everything was recieved properly
00561             if ($validate_result === TRUE) {
00562               $userinfo = $openid->filterUserInfo($_GET);
00563               return openid_login($userinfo);
00564             }
00565             else if ($openid->isError() === TRUE){// Else if you're here, there was some sort of error during processing.
00566               $the_error = $openid->getError();
00567               $error = "Error Code: {$the_error['code']}<br />";
00568               $error .= "Error Description: {$the_error['description']}<br />";
00569             }
00570             else{//Else validation with the server failed for some reason.
00571               $error = "Error: Could not validate the OpenID at {$_SESSION['openid_url']}";
00572             }
00573           }
00574         else //cancelled
00575           {
00576             displayerror("User cancelled the OpenID authorization");
00577           }
00578       }
00579       if($_GET['subaction']=="openid_pass")
00580         {
00581           if(!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email']))
00582             {
00583               displayerror("You are trying to link an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
00584               return;
00585             }
00586           else
00587             {
00588               $openid_url=$_SESSION['openid_url'];
00589               $openid_email=$_SESSION['openid_email'];
00590               unset($_SESSION['openid_url']);
00591               unset($_SESSION['openid_email']);
00592               if(!isset($_POST['user_password']))
00593                 {
00594                   displayerror("Empty Passwords not allowed");
00595                   return;
00596                 }
00597               $user_passwd=$_POST['user_password'];
00598               $info=getUserInfo($openid_email);
00599               if(!$info)
00600                 {
00601                   displayerror("No user with Email $openid_email");
00602                 }
00603               else
00604                 {
00605                   $check=checkLogin($info['user_loginmethod'],$info['user_name'],$openid_email,$user_passwd);
00606                   if($check)
00607                     {
00608                       //Password was correct. Link the account
00609                       $query="INSERT INTO `" . MYSQL_DATABASE_PREFIX ."openid_users` (`openid_url`,`user_id`) VALUES ('$openid_url',".$info['user_id'].")";
00610                       $result=mysql_query($query) or die(mysql_error()." in login() subaction=openid_pass while trying to Link OpenID account");
00611                       if($result)
00612                         {
00613                           displayinfo("Account successfully Linked. Log In one more time to continue.");
00614                         }
00615                     }
00616                   else
00617                     {
00618                       displayerror("The password you specified was incorrect");
00619                     }
00620                                   
00621                 }
00622             }
00623         }
00624       if($_GET['subaction']=="quick_openid_reg")
00625         {
00626           if(!isset($_SESSION['openid_url']) || !isset($_SESSION['openid_email']))
00627             {
00628               displayerror("You are trying to register an OpenID account without validating your log-in. Please <a href=\"./+login\">Login</a> with your OpenID account first.");
00629               return;
00630             }
00631           else
00632             {
00633               $openid_url=$_SESSION['openid_url'];
00634               $openid_email=$_SESSION['openid_email'];
00635               unset($_SESSION['openid_url']);
00636               unset($_SESSION['openid_email']);
00637               if(!isset($_POST['user_name']) || $_POST['user_name']=="")
00638                 {
00639                   displayerror("You didn't specified your Full name. Please <a href=\"./+login\">Login</a> again.");
00640                   return ;
00641                 }
00642               $openid_fname=escape($_POST['user_name']);
00643               //Now let's start making the dummy user
00644               $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " ."(`user_name`, `user_email`, `user_fullname`, `user_password`, `user_activated`,`user_loginmethod`) ".
00645                 "VALUES ('".$openid_email."', '".$openid_email."','".$openid_fname."','0',1,'openid');";            
00646               $result=mysql_query($query) or die(mysql_error()." in login() subaction=quick_openid_reg while trying to insert information of new account");
00647               if($result)
00648                 {
00649                   $id=mysql_insert_id();
00650                   $query="INSERT INTO `" . MYSQL_DATABASE_PREFIX ."openid_users` (`openid_url`,`user_id`) VALUES ('$openid_url',".$id.")";
00651                   $result=mysql_query($query) or die(mysql_error()." in login() subaction=quick_openid_reg while trying to Link OpenID account");
00652                   if($result)
00653                     {
00654                       displayinfo("Account successfully registered. You can now login via OpenID. Please complete your profile information after logging in.");
00655                     }
00656 
00657                 }
00658             
00659               return "";
00660               
00661             }
00662         }
00663     }
00664   }
00665 
00666   if (!isset ($_POST['user_email'])) {
00667     return loginForm($allow_login_result[0]);
00668   } else {
00669                         
00670     /*if it is, 
00671       then userLDAPVerify($user_email,$user_passwd);
00672       if the password is correct, update his password in DB
00673       else $dontloginLDAP = true;
00674       }
00675       else {
00676       if(userLDAPVerify($user_email,$user_passwd)) {
00677       create his row in DB with loginmethod = ldap and user_activated = 1
00678       (for this, use the createUser funciton in common.lib.php)
00679       }
00680       }*/
00681                                         
00682                         
00683     global $cookieSupported;
00684     $login_status = false;
00685     if($cookieSupported==true) {
00686       if ((($_POST['user_email']) == "") || (($_POST['user_password']) == "")){
00687         displayerror("Blank e-mail or password NOT allowed. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00688         return loginForm($allow_login_result[0]);
00689         }
00690         else {
00691         $user_email = escape($_POST['user_email']);
00692         $user_passwd = escape($_POST['user_password']);
00693         $login_method = '';
00694                                         
00695         if($temp = getUserInfo($user_email)) { 
00696           // check if exists in DB
00697           $login_status = checkLogin($temp['user_loginmethod'],$temp['user_name'],$user_email,$user_passwd);
00698           // This is to make sure when user logs in through LDAP, ADS or IMAP accounts, his passwords should be changed in database also, incase its old.
00699           if ($login_status)
00700             updateUserPassword($user_email,$user_passwd); //update passwd in db
00701         }
00702         else { //if user is not in db
00703           global $authmethods;
00704           if(strpos($user_email,'@') > -1) {
00705             $tmp = explode('@',$user_email);
00706             $user_name = $tmp[0];
00707             $user_domain = strtolower($tmp[1]);
00708           }
00709           else $user_name = $user_email;
00710 
00711           if(isset($user_domain) && $user_domain==$authmethods['imap']['user_domain']) {
00712             if($login_status = checkLogin('imap',$user_name,$user_email,$user_passwd)) $login_method='imap';
00713           }
00714           elseif(isset($user_domain) && $user_domain==$authmethods['ads']['user_domain']) {
00715             if($login_status = checkLogin('ads',$user_name,$user_email,$user_passwd)) $login_method='ads';
00716           }
00717                                                 
00718           elseif(isset($user_domain) && $user_domain==$authmethods['ldap']['user_domain']) {
00719             if(($login_status = checkLogin('ldap',$user_name,$user_email,$user_passwd))) $login_method='ldap';
00720           }
00721                                                 
00722           if($login_status) { //create new user in db and activate the user (only if user's login is valid)
00723             $user_fullname = strtoupper($user_name);
00724             $user_md5passwd = md5($user_passwd);
00725             $query = "INSERT INTO `" . MYSQL_DATABASE_PREFIX . "users` " .
00726               "(`user_id`, `user_name`, `user_email`, `user_fullname`, `user_password`, `user_loginmethod`, `user_activated`) " .
00727               "VALUES (DEFAULT, '{$user_name}', '{$user_email}', '{$user_fullname}', '{$user_md5passwd}', '{$login_method}', '1')";
00728             mysql_query($query) or die(mysql_error() . " creating new user !");
00729           }
00730           else displaywarning("Incorrect username and/or password for <b>".(isset($user_domain)?$user_domain."</b> domain!":$user_name."</b> user"));
00731         }
00732                                 
00733         if($login_status) {
00734           $temp = getUserInfo($user_email);
00735           if (!$temp['user_activated']) {
00736             displayinfo("The e-mail has not yet been verified. Kindly check your email and click on verification link. <br /><input type=\"button\" onclick=\"history.go(-1)\" value=\"Go back\" />");
00737             // if user exists in db and admin has set user_activated = false delibrately
00738             // then it means that the user has been denied access !!!
00739           }
00740           else {
00741             $query = "UPDATE `" . MYSQL_DATABASE_PREFIX . "users` SET `user_lastlogin`=NOW() WHERE `" . MYSQL_DATABASE_PREFIX . "users`.`user_id` =$temp[user_id]";
00742             mysql_query($query) or die(mysql_error() . " in login.lib.L:111");
00743             $_SESSION['last_to_last_login_datetime']=$temp['user_lastlogin'];
00744             setAuth($temp['user_id']);
00745                                                         
00746             //exit();
00747             //displayinfo("Welcome " . $temp['user_name'] . "!");
00748             return $temp['user_id'];
00749           }
00750         }
00751         else {
00752           displaywarning("Wrong E-mail or password. <a href='./+login&subaction=resetPasswd'>Lost Password?</a><br />");
00753                 return loginForm($allow_login_result[0]);
00754         }
00755       }
00756       return 0;
00757     } else {
00758       showCookieWarning();
00759       return 0;
00760     }
00761   }
00762 }
00763 
00764 /*** ALL auth FUNCTIONS USED HERE CAN BE FOUND at authenticate.lib.php ***/
00765 
00766 
00767 

Generated on Sun Jan 2 2011 04:55:31 for Pragyan CMS by  doxygen 1.7.1