# Copyright (C) 2014, 2016, 2017 Assaf Gordon # Copyright (C) 2001-2011, 2013, 2017 Sylvain Beucler # Copyright (C) 2013, 2014, 2017-2024 Ineiev # # This file is part of Savane. # # Code written before 2008-03-30 (commit 8b757b2565ff) is distributed # under the terms of the GNU General Public license version 3 or (at your # option) any later version; further contributions are covered by # the GNU Affero General Public license version 3 or (at your option) # any later version. The license notices for the AGPL and the GPL follow. # # Savane is free software: you can redistribute it and/or modify # it under the terms of the GNU Affero General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # Savane is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Affero General Public License for more details. # # You should have received a copy of the GNU Affero General Public License # along with this program. If not, see . # # Savane is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as # published by the Free Software Foundation, either version 3 of the # License, or (at your option) any later version. # # Savane is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . require_once ('../include/init.php'); require_once ('../include/account.php'); require_once ('../include/sane.php'); utils_disable_cache (); extract (sane_import ('get', ['true' => 'from_brother'])); # Logged users have no business here. if (user_isloggedin () && !$from_brother) session_redirect ("{$sys_home}my/"); # Input checks. extract (sane_import ('request', [ 'true' => ['brotherhood', 'login'], 'digits' => 'cookie_for_a_year', 'name' => 'form_loginname', 'pass' => 'form_pw', 'internal_uri' => 'uri' ] )); if (empty ($cookie_for_a_year)) $cookie_for_a_year = 0; if (!$from_brother) form_check ('login'); $stay_in_ssl = session_stay_in_ssl (); $uri_enc = utils_urlencode ($uri); if (!$from_brother) session_check_cookies ($uri, $uri_enc); if (!empty ($login)) { if ($from_brother) { extract (sane_import ('get', ['digits' => 'session_uid', 'xdigits' => 'session_hash'] )); } if (isset ($session_uid) && session_exists ($session_uid, $session_hash)) { session_set_new_cookies ($session_uid, $cookie_for_a_year); $success = 1; } else $success = session_login_valid ($form_loginname, $form_pw, $cookie_for_a_year); if ($success) { session_set_theme (); # We return to our brother 'my', where we login originally, # unless we are request to go to an uri. if (!$uri) { $uri = "{$sys_home}my/"; $uri_enc = utils_urlencode ($uri); } session_login_brother ($uri, $uri_enc); # If no brother domain is defined, just return # to the page the login was requested from. $url = $uri; if ($stay_in_ssl) $url = "$sys_https_url$url"; session_redirect ($url); } # $success } # !empty ($login) if (isset ($session_hash)) { # Nuke their old session securely. session_delete_cookie ('session_hash'); if (isset ($user_id)) db_execute ("DELETE FROM session WHERE session_hash = ? AND user = ?", [$session_hash, $user_id] ); } site_header (['title' => _("Login")]); if (!empty ($login) && !$success) { if (isset ($signal_pending_account) && $signal_pending_account == 1) { print html_h (2, _("Pending Account")); print '

' . _("Your account is currently pending your email confirmation.\n" . "Visiting the link sent to you in this email will activate " . "your account.") . "

\n"; print '

[" . _("Resend Confirmation Email") . "]

\n"; } else { # Print helpful error message. print '
'; print '
' . _("Troubleshooting:") . "
\n
  • " . _("Is the “Caps Lock” or “A” light on " . "your keyboard on?") . "
    \n" . _("If so, hit “Caps Lock” key before trying again.") . "
    • \n
  • " . _("Did you forget or misspell your password?") . "
    \n" . utils_link ( 'lostpw.php', _("You can recover your password using the lost password form.") ) . "
    • \n" .'
  • ' . _("Still having trouble?") . "
    \n" . utils_link ( "{$sys_home}support/?group=$sys_unix_group_name", _("Fill a support request.") ) . "
    • \n"; print "
\n
\n"; } } if (isset ($sys_https_host)) utils_get_content ("account/login"); print form_tag (['action' => "$sys_https_url{$sys_home}account/login.php"]); print form_hidden (['uri' => $uri]); # Shortcuts to New Account and Lost Password have a tabindex superior to # the rest of form, so they don't mess with the normal order when you # press TAB on the keyboard (login -> password -> post). print '

' . html_label ('form_loginname', _("Login Name:")) . "
  \n"; print " [' . _("No account yet?") . "]

\n"; print '

' . html_label ('form_pw', _("Password:")) . "
\n  "; print ' ' . '[' . _("Lost your password?") . "]

\n"; $attr_list = ['tabindex' => '1']; if (!isset ($sys_https_host)) { print '

'; print _("This server does not encrypt data (no https), so the password you\n" . "sent may be viewed by other people. Do not use any important\n" . "passwords.") . "

\n"; } $attr_list['label'] = '' . _("Remember me") . "
\n" . _("For a year, your login information will be stored in a cookie. Use\n" . "this only if you are using your own computer."); print '

' . form_checkbox ('cookie_for_a_year', $cookie_for_a_year, $attr_list) . "

\n"; if (!empty ($sys_brother_domain)) { print '

'; print form_checkbox ('brotherhood', $brotherhood || !$login, # TRANSLATORS: the argument is a domain (like "savannah.gnu.org" # vs. "savannah.nongnu.org"). ['label' => '' . sprintf (_("Login also in %s"), $sys_brother_domain) . ''] ); print "

\n"; } print form_footer (_("Login"), 'login'); $HTML->footer ([]); ?>