summaryrefslogtreecommitdiff
path: root/validate.php
blob: 2a1fb1d92105c901c1d19fb3d82516d363390e7f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
// Copyright (c) 2002-2003, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
// Initialization
$bypass_siteclose_check = 'y';
require_once( '../bit_setup_inc.php' );
global $gBitSystem;
/*
if (!isset($_REQUEST["login"])) {
  header("location: $HTTP_REFERER");
  die;
}
*/
/* SPIDERKILL - nuked this since it seems to go off at odd times
// Alert user if cookies are switched off
if (ini_get('session.use_cookies') == 1) {
vd( $_COOKIE );
	if(!isset($_COOKIE[BIT_SESSION_NAME])) {
		$url = KERNEL_PKG_URL.'error.php?error=' . urlencode(tra('You have to enable cookies to be able to login to this site'));
		header("location: $url");
		die;
	}
}
*/

//Remember where user is logging in from and send them back later; using session variable for those of us who use WebISO services
if( empty( $_SESSION['loginfrom'] ) ) {
	if( isset( $_SERVER['HTTP_REFERER'] ) && !strpos( $_SERVER['HTTP_REFERER'], 'login.php' )  && !strpos( $_SERVER['HTTP_REFERER'], 'register.php' ) ) {
		$from = (parse_url($_SERVER['HTTP_REFERER']));
		$_SESSION['loginfrom'] = $from['path'];
	}
}
if ($gBitUser->hasPermission( 'bit_p_admin' )) {
	if (isset($_REQUEST["su"])) {
		if ($gBitUser->userExists( array( 'login' => $_REQUEST['username'] ) ) ) {
			$_SESSION["$user_cookie_site"] = $_REQUEST["username"];
			$smarty->assign_by_ref('user', $_REQUEST["username"]);
		}
		$url = $_SESSION['loginfrom'];
		//unset session variable for the next su
		unset($_SESSION['loginfrom']);
		header("location: $url");
		die;
	}
}

$https_mode = isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on';
$https_login_required = $gBitSystem->getPreference('https_login_required', 'n');
if ($https_login_required == 'y' && !$https_mode) {
	$url = 'https://' . $https_domain;
	if ($https_port != 443)
		$url .= ':' . $https_port;
	$url .= $https_prefix . $gBitSystem->getDefaultPage();
	if (SID)
		$url .= '?' . SID;
	header("Location " . $url);
	exit;
}

$user = isset($_REQUEST['user']) ? $_REQUEST['user'] : false;
$pass = isset($_REQUEST['pass']) ? $_REQUEST['pass'] : false;
$challenge = isset($_REQUEST['challenge']) ? $_REQUEST['challenge'] : false;
$response = isset($_REQUEST['response']) ? $_REQUEST['response'] : false;

$url = $gBitUser->login( $user, $pass, $challenge, $response );

// if $referer is set, we return the user to whence he came
if( !strpos( $url, 'login.php?' ) ) {
	if( isset( $_REQUEST['referer'] ) ) {
		$url = $_REQUEST['referer'];
	} elseif( !empty( $_SERVER['HTTP_REFERER'] ) ) { 
		$url = $_SERVER['HTTP_REFERER'];
	} else {
		$url = BIT_ROOT_URL;
	}
}

header('location: ' . $url);
exit;
?>