1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
|
<?php
/**
* $Header: /cvsroot/bitweaver/_bit_users/validate.php,v 1.16 2008/02/20 10:48:58 nickpalmer Exp $
*
* Copyright (c) 2004 bitweaver.org
* Copyright (c) 2003 tikwiki.org
* Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
* All Rights Reserved. See copyright.txt for details and a complete list of authors.
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details
*
* $Id: validate.php,v 1.16 2008/02/20 10:48:58 nickpalmer Exp $
* @package users
* @subpackage functions
*/
$bypass_siteclose_check = 'y';
/**
* required setup
*/
require_once( '../bit_setup_inc.php' );
global $gBitSystem;
//Remember where user is logging in from and send them back later; using session variable for those of us who use WebISO services
//do not use session loginfrom with login.php or register.php - only "inline" login forms display in perm denied fatals, etc.
if( isset( $_SERVER['HTTP_REFERER'] ) && strpos( $_SERVER['HTTP_REFERER'], 'login.php' ) === FALSE && strpos( $_SERVER['HTTP_REFERER'], 'register.php' ) === FALSE ) {
$from = parse_url( $_SERVER['HTTP_REFERER'] );
$_SESSION['loginfrom'] = (!empty($from['path']) ? $from['path'] : '').( !empty( $from['query'] ) ? '?'.$from['query'] : '' );
} elseif( !empty( $_SESSION['loginfrom'] ) ) {
unset( $_SESSION['loginfrom'] );
}
$https_mode = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
if ($gBitSystem->isFeatureActive( 'site_https_login_required' ) && !$https_mode) {
$url = $gBitSystem->getConfig( 'site_https_domain' );
$site_https_port = $gBitSystem->getConfig('site_https_port', $site_https_port);
if ($site_https_port != 443)
$url .= ':' . $site_https_port;
$url .= $gBitSystem->getConfig( 'site_https_prefix' ) . $gBitSystem->getDefaultPage();
if (SID)
$url .= '?' . SID;
$url = preg_replace('/\/+/', '/', $url);
header("Location: https://$url");
exit;
}
$user = isset($_REQUEST['user']) ? $_REQUEST['user'] : false;
$pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : false;
$challenge = isset($_REQUEST['challenge']) ? $_REQUEST['challenge'] : false;
$response = isset($_REQUEST['response']) ? $_REQUEST['response'] : false;
// if $referer is set, login() will return the user to whence he came
$url = $gBitUser->login( $user, $pass, $challenge, $response );
if (!preg_match('/^\w+:\/{2}/', $url)) {
$url = httpPrefix() . $url;
}
// but if we came from a login page, let's go home (except if we got an error when login in)
if( (strpos( $url, 'login.php?' ) || strpos( $url, 'remind_password.php' )) && strpos( $url, 'login.php?error=') == -1) {
$url = $gBitSystem->getDefaultPage();
}
header('Location: ' . $url);
exit;
?>
|
