. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Functions\Functions; use Rhumsaa\Uuid\Uuid; /** * Defined in session.php * * @global Tree $WT_TREE */ global $WT_TREE; define('WT_SCRIPT_NAME', 'login.php'); require './includes/session.php'; // If we are already logged in, then go to the “Home page” if (Auth::check() && $WT_TREE) { header('Location: ' . WT_BASE_URL); return; } $controller = new PageController; $action = Filter::post('action'); $user_realname = Filter::post('user_realname'); $user_name = Filter::post('user_name'); $user_email = Filter::postEmail('user_email'); $user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = Filter::post('user_comments'); $user_password = Filter::post('user_password'); $user_hashcode = Filter::post('user_hashcode'); $url = Filter::post('url'); // Not actually a URL - just a path $username = Filter::post('username'); $password = Filter::post('password'); $timediff = Filter::postInteger('timediff', -43200, 50400, 0); // Same range as date('Z') // These parameters may come from the URL which is emailed to users. if (!$action) $action = Filter::get('action'); if (!$user_name) $user_name = Filter::get('user_name'); if (!$user_hashcode) $user_hashcode = Filter::get('user_hashcode'); if (!$url) $url = Filter::get('url'); $message = ''; switch ($action) { case 'login': try { if (!$_COOKIE) { Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); throw new \Exception(I18N::translate('You cannot login because your browser does not accept cookies.')); } $user = User::findByIdentifier($username); if (!$user) { Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->checkPassword($password)) { Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->getPreference('verified')) { Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); throw new \Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); } if (!$user->getPreference('verified_by_admin')) { Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); throw new \Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); } Auth::login($user); Log::addAuthenticationLog('Login: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName()); Session::put('timediff', $timediff); Session::put('locale', Auth::user()->getPreference('language')); Session::put('theme_id', Auth::user()->getPreference('theme')); // If we’ve clicked login from the login page, we don’t want to go back there. if (strpos($url, WT_SCRIPT_NAME) === 0) { $url = ''; } // We're logging in as an administrator if (Auth::isAdmin()) { // Check for updates $latest_version_txt = Functions::fetchLatestVersion(); if (preg_match('/^[0-9.]+\|[0-9.]+\|/', $latest_version_txt)) { list($latest_version, $earliest_version, $download_url) = explode('|', $latest_version_txt); if (version_compare(WT_VERSION, $latest_version) < 0) { // An upgrade is available. Let the admin know, by redirecting to the upgrade wizard $url = 'admin_site_upgrade.php'; } } else { // Cannot determine the latest version } } // Redirect to the target URL header('Location: ' . WT_BASE_URL . $url); return; } catch (\Exception $ex) { $message = $ex->getMessage(); } // No break; default: $controller ->setPageTitle(I18N::translate('Login')) ->pageHeader() ->addInlineJavascript(' jQuery("#new_passwd_form").hide(); jQuery("#passwd_click").click(function() { jQuery("#new_passwd_form").slideToggle(100, function() { jQuery("#new_passwd_username").focus() }); return false; }); '); echo '
', Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE), '
'; break; } echo '', $message, '
'; } echo ''; // hidden New Password block echo '', I18N::translate('Hello %s…
Thank you for your registration.', $user->getRealNameHtml()), '
', I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.
After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.
To login to this website, you will need to know your user name and password.', $user->getEmail()), '
', I18N::translate('You have confirmed your request to become a registered user.'), '
'; echo '', I18N::translate('The administrator has been informed. As soon as they give you permission to login, you can login with your user name and password.'), '
'; } else { echo ''; echo I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo '
'; } echo '