# Copyright (C) 2014, 2016, 2017 Assaf Gordon
# Copyright (C) 2001-2011, 2013, 2017 Sylvain Beucler
# Copyright (C) 2013, 2014, 2017-2024 Ineiev
#
# This file is part of Savane.
#
# Code written before 2008-03-30 (commit 8b757b2565ff) is distributed
# under the terms of the GNU General Public license version 3 or (at your
# option) any later version; further contributions are covered by
# the GNU Affero General Public license version 3 or (at your option)
# any later version. The license notices for the AGPL and the GPL follow.
#
# Savane is free software: you can redistribute it and/or modify
# it under the terms of the GNU Affero General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# Savane is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Affero General Public License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this program. If not, see .
#
# Savane is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as
# published by the Free Software Foundation, either version 3 of the
# License, or (at your option) any later version.
#
# Savane is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see .
require_once ('../include/init.php');
require_once ('../include/account.php');
require_once ('../include/sane.php');
utils_disable_cache ();
extract (sane_import ('get', ['true' => 'from_brother']));
# Logged users have no business here.
if (user_isloggedin () && !$from_brother)
session_redirect ("{$sys_home}my/");
# Input checks.
extract (sane_import ('request',
[
'true' => ['brotherhood', 'login'],
'digits' => 'cookie_for_a_year',
'name' => 'form_loginname',
'pass' => 'form_pw',
'internal_uri' => 'uri'
]
));
if (empty ($cookie_for_a_year))
$cookie_for_a_year = 0;
if (!$from_brother)
form_check ('login');
$stay_in_ssl = session_stay_in_ssl ();
$uri_enc = utils_urlencode ($uri);
if (!$from_brother)
session_check_cookies ($uri, $uri_enc);
if (!empty ($login))
{
if ($from_brother)
{
extract (sane_import ('get',
['digits' => 'session_uid', 'xdigits' => 'session_hash']
));
}
if (isset ($session_uid) && session_exists ($session_uid, $session_hash))
{
session_set_new_cookies ($session_uid, $cookie_for_a_year);
$success = 1;
}
else
$success =
session_login_valid ($form_loginname, $form_pw, $cookie_for_a_year);
if ($success)
{
session_set_theme ();
# We return to our brother 'my', where we login originally,
# unless we are request to go to an uri.
if (!$uri)
{
$uri = "{$sys_home}my/";
$uri_enc = utils_urlencode ($uri);
}
session_login_brother ($uri, $uri_enc);
# If no brother domain is defined, just return
# to the page the login was requested from.
$url = $uri;
if ($stay_in_ssl)
$url = "$sys_https_url$url";
session_redirect ($url);
} # $success
} # !empty ($login)
if (isset ($session_hash))
{
# Nuke their old session securely.
session_delete_cookie ('session_hash');
if (isset ($user_id))
db_execute ("DELETE FROM session WHERE session_hash = ? AND user = ?",
[$session_hash, $user_id]
);
}
site_header (['title' => _("Login")]);
if (!empty ($login) && !$success)
{
if (isset ($signal_pending_account) && $signal_pending_account == 1)
{
print html_h (2, _("Pending Account"));
print '
'
. _("Your account is currently pending your email confirmation.\n"
. "Visiting the link sent to you in this email will activate "
. "your account.")
. "
"
. _("Is the “Caps Lock” or “A” light on "
. "your keyboard on?")
. " \n"
. _("If so, hit “Caps Lock” key before trying again.")
. "
\n
"
. _("Did you forget or misspell your password?")
. " \n"
. utils_link (
'lostpw.php',
_("You can recover your password using the lost password form.")
)
. "
\n"
.'
' . _("Still having trouble?") . " \n"
. utils_link (
"{$sys_home}support/?group=$sys_unix_group_name",
_("Fill a support request.")
)
. "
\n";
print "
\n
\n";
}
}
if (isset ($sys_https_host))
utils_get_content ("account/login");
print form_tag (['action' => "$sys_https_url{$sys_home}account/login.php"]);
print form_hidden (['uri' => $uri]);
# Shortcuts to New Account and Lost Password have a tabindex superior to
# the rest of form, so they don't mess with the normal order when you
# press TAB on the keyboard (login -> password -> post).
print '
';
print
_("This server does not encrypt data (no https), so the password you\n"
. "sent may be viewed by other people. Do not use any important\n"
. "passwords.")
. "
\n";
}
$attr_list['label'] = '' . _("Remember me")
. " \n"
. _("For a year, your login information will be stored in a cookie. Use\n"
. "this only if you are using your own computer.");
print '