. */ use Rhumsaa\Uuid\Uuid; use Zend_Controller_Request_Http; use Zend_Session; use Zend_Session_Namespace; /** * Defined in session.php * * @global Zend_Controller_Request_Http $WT_REQUEST * @global Zend_Session_Namespace $WT_SESSION * @global Tree $WT_TREE */ global $WT_REQUEST, $WT_SESSION, $WT_TREE; define('WT_SCRIPT_NAME', 'login.php'); require './includes/session.php'; // If we are already logged in, then go to the “Home page” if (Auth::check() && WT_GED_ID) { header('Location: ' . WT_BASE_URL); return; } $controller = new PageController; $REQUIRE_ADMIN_AUTH_REGISTRATION = Site::getPreference('REQUIRE_ADMIN_AUTH_REGISTRATION'); $action = Filter::post('action'); $user_realname = Filter::post('user_realname'); $user_name = Filter::post('user_name'); $user_email = Filter::postEmail('user_email'); $user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = Filter::post('user_comments'); $user_password = Filter::post('user_password'); $user_hashcode = Filter::post('user_hashcode'); $url = Filter::post('url'); // Not actually a URL - just a path $username = Filter::post('username'); $password = Filter::post('password'); $timediff = Filter::postInteger('timediff', -43200, 50400, 0); // Same range as date('Z') // These parameters may come from the URL which is emailed to users. if (!$action) $action = Filter::get('action'); if (!$user_name) $user_name = Filter::get('user_name', WT_REGEX_USERNAME); if (!$user_hashcode) $user_hashcode = Filter::get('user_hashcode'); if (!$url) $url = Filter::get('url'); $message = ''; switch ($action) { case 'login': try { if (!$_COOKIE) { Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); throw new \Exception(I18N::translate('You cannot login because your browser does not accept cookies.')); } $user = User::findByIdentifier($username); if (!$user) { Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->checkPassword($password)) { Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->getPreference('verified')) { Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); throw new \Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); } if (!$user->getPreference('verified_by_admin')) { Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); throw new \Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); } Auth::login($user); Log::addAuthenticationLog('Login: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName()); $WT_SESSION->timediff = $timediff; $WT_SESSION->locale = Auth::user()->getPreference('language'); $WT_SESSION->theme_id = Auth::user()->getPreference('theme'); $WT_SESSION->activity_time = WT_TIMESTAMP; Auth::user()->setPreference('sessiontime', WT_TIMESTAMP); // If we’ve clicked login from the login page, we don’t want to go back there. if (strpos($url, WT_SCRIPT_NAME) === 0) { $url = ''; } // We're logging in as an administrator if (Auth::isAdmin()) { // Check for updates $latest_version_txt = fetch_latest_version(); if (preg_match('/^[0-9.]+\|[0-9.]+\|/', $latest_version_txt)) { list($latest_version, $earliest_version, $download_url) = explode('|', $latest_version_txt); if (version_compare(WT_VERSION, $latest_version) < 0) { // An upgrade is available. Let the admin know, by redirecting to the upgrade wizard $url = 'admin_site_upgrade.php'; } } else { // Cannot determine the latest version } } // Redirect to the target URL header('Location: ' . WT_BASE_URL . $url); // Explicitly write the session data before we exit, // as it doesn’t always happen when using APC. Zend_Session::writeClose(); return; } catch (\Exception $ex) { $message = $ex->getMessage(); } // No break; default: $controller ->setPageTitle(I18N::translate('Login')) ->pageHeader() ->addInlineJavascript(' jQuery("#new_passwd_form").hide(); jQuery("#passwd_click").click(function() { jQuery("#new_passwd_form").slideToggle(100, function() { jQuery("#new_passwd_username").focus() }); return false; }); '); echo '
', Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE), '
'; break; } echo '', /* I18N: %s is a username */ I18N::translate('A new password has been created and emailed to %s. You can change this password after you login.', $user_name), '
', I18N::translate('Hello %s…
Thank you for your registration.', $user->getRealName()), '
';
if ($REQUIRE_ADMIN_AUTH_REGISTRATION) {
echo I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.
After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.
To login to this website, you will need to know your user name and password.', $user->getEmail());
} else {
echo I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.
After you have followed the instructions in the confirmation email, you can login. To login to this website, you will need to know your user name and password.', $user->getEmail());
}
echo '