Blame Extras/Mantis/1.1.2-1.fc9/login_page.php

4c79b5
4c79b5
# Mantis - a php based bugtracking system
4c79b5
4c79b5
# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
4c79b5
# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
4c79b5
4c79b5
# Mantis is free software: you can redistribute it and/or modify
4c79b5
# it under the terms of the GNU General Public License as published by
4c79b5
# the Free Software Foundation, either version 2 of the License, or
4c79b5
# (at your option) any later version.
4c79b5
#
4c79b5
# Mantis is distributed in the hope that it will be useful,
4c79b5
# but WITHOUT ANY WARRANTY; without even the implied warranty of
4c79b5
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4c79b5
# GNU General Public License for more details.
4c79b5
#
4c79b5
# You should have received a copy of the GNU General Public License
4c79b5
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
4c79b5
4c79b5
	#------------------------------
4c79b5
	#   $Revision: 2643 $
4c79b5
	#     $Author: al $    
4c79b5
	#       $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $                                              
4c79b5
	#------------------------------
4c79b5
4c79b5
	# Login page POSTs results to login.php
4c79b5
	# Check to see if the user is already logged in
4c79b5
4c79b5
	require_once( 'core.php' );
4c79b5
4c79b5
	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
4c79b5
		print_header_redirect( config_get( 'default_home_page' ) );
4c79b5
	}
4c79b5
4c79b5
	$f_error	= gpc_get_bool( 'error' );
4c79b5
	$f_cookie_error	= gpc_get_bool( 'cookie_error' );
4c79b5
	$f_return	= gpc_get_string( 'return', '' );
4c79b5
4c79b5
	# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php
4c79b5
4c79b5
	if ( HTTP_AUTH == config_get( 'login_method' ) ) {
4c79b5
4c79b5
		$t_uri = "login.php";
4c79b5
4c79b5
		if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
4c79b5
			$t_uri = "login_anon.php";
4c79b5
		}
4c79b5
4c79b5
		if ( $f_return ) {
4c79b5
			$t_uri .= "?return=" . urlencode( $f_return );
4c79b5
		}
4c79b5
4c79b5
		print_header_redirect( $t_uri );
4c79b5
		exit;
4c79b5
	}
4c79b5
4c79b5
	html_page_top1();
4c79b5
4c79b5
	html_page_top2a();
4c79b5
4c79b5
	# Display short greeting message
4c79b5
	# echo lang_get( 'login_page_info' ) . '
';
4c79b5
4c79b5
?>
4c79b5
4c79b5
4c79b5
4c79b5
4c79b5
	# Only echo error message if error variable is set
4c79b5
	if ( $f_error ) {
4c79b5
		print '
';
4c79b5
		print '

' . lang_get( 'login_error' ) . '

';
4c79b5
		print '';
4c79b5
	}
4c79b5
4c79b5
	if ( $f_cookie_error ) {
4c79b5
		print '
';
4c79b5
		print '

' . lang_get( 'login_cookies_disabled' ) . '

';
4c79b5
		print '';
4c79b5
	}
4c79b5
4c79b5
?>
4c79b5
4c79b5

4c79b5
4c79b5
4c79b5
4c79b5
4c79b5
4c79b5
	# Add Anonymous login link if it is set to ON in the config file.
4c79b5
	if ( ON == config_get( 'allow_anonymous_login' ) ) {
4c79b5
		print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );
4c79b5
		PRINT '
';
4c79b5
	}
4c79b5
4c79b5
	print_signup_link();
4c79b5
4c79b5
	PRINT '
'. "\n";
4c79b5
4c79b5
	print_lost_password_link();
4c79b5
4c79b5
?>
4c79b5
4c79b5
4c79b5
4c79b5
4c79b5
4c79b5
<form name="login_form" method="post" action="login.php">
4c79b5
4c79b5
	
4c79b5
	if ( !is_blank( $f_return ) ) { ?>
4c79b5
	<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
4c79b5
	
4c79b5
4c79b5
	
4c79b5
4c79b5
		
4c79b5
4c79b5
			
4c79b5
				:
4c79b5
			
4c79b5
4c79b5
			
4c79b5
				<input type="text" name="username" size="20" maxlength="32" />
4c79b5
			
4c79b5
4c79b5
		
4c79b5
4c79b5
		
4c79b5
4c79b5
			
4c79b5
				:
4c79b5
			
4c79b5
4c79b5
			
4c79b5
				<input type="password" name="password" size="20" maxlength="32" />
4c79b5
			
4c79b5
4c79b5
		
4c79b5
4c79b5
		
4c79b5
4c79b5
			
4c79b5
				:
4c79b5
			
4c79b5
4c79b5
			
4c79b5
				<input type="checkbox" name="perm_login" />
4c79b5
			
4c79b5
4c79b5
		
4c79b5
4c79b5
		
4c79b5
4c79b5
			
4c79b5
4c79b5
			
4c79b5
				<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
4c79b5
			
4c79b5
4c79b5
		
4c79b5
4c79b5
	
4c79b5
4c79b5
</form>
4c79b5
4c79b5
4c79b5
4c79b5
	#
4c79b5
	# Do some checks to warn administrators of possible security holes.
4c79b5
	# Since this is considered part of the admin-checks, the strings are not translated.
4c79b5
	#
4c79b5
4c79b5
	# Warning, if plain passwords are selected
4c79b5
	if ( config_get( 'login_method' ) === PLAIN ) {
4c79b5
		print '

WARNING: Plain password authentication is used, this will expose your passwords to administrators.

';
4c79b5
	}
4c79b5
4c79b5
	# Generate a warning if administrator/root is valid.
4c79b5
	$t_admin_user_id = user_get_id_by_name( 'administrator' );
4c79b5
	if ( $t_admin_user_id !== false ) {
4c79b5
		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
4c79b5
			print '

WARNING: You should disable the default "administrator" account or change its password.

';
4c79b5
		}
4c79b5
	}
4c79b5
4c79b5
	# Check if the admin directory is available and is readable.
4c79b5
	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
4c79b5
	if ( 0 && is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
4c79b5
		print '

WARNING: Admin directory should be removed.

' . "\n";
4c79b5
			
4c79b5
		# Since admin directory and db_upgrade lists are available check for missing db upgrades	
4c79b5
		# Check for db upgrade for versions < 1.0.0 using old upgrader
4c79b5
		$t_db_version = config_get( 'database_version' , 0 );
4c79b5
4c79b5
		# if db version is 0, we haven't moved to new installer.
4c79b5
		if ( $t_db_version == 0 ) {
4c79b5
4c79b5
			if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {
4c79b5
4c79b5
				$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
4c79b5
				$result = db_query( $query );
4c79b5
4c79b5
				if ( db_num_rows( $result ) < 1 ) {
4c79b5
					$t_upgrade_count = 0;
4c79b5
				} else {
4c79b5
					$t_upgrade_count = (int)db_result( $result );
4c79b5
				}
4c79b5
4c79b5
			} else {
4c79b5
4c79b5
				$t_upgrade_count = 0;
4c79b5
			}
4c79b5
4c79b5
			if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
4c79b5
4c79b5
				if ( file_exists( 'admin/upgrade_inc.php' ) ) {
4c79b5
4c79b5
					require_once( 'admin/upgrade_inc.php' );
4c79b5
4c79b5
					$t_upgrades_reqd = $upgrade_set->count_items();
4c79b5
4c79b5
				} else {
4c79b5
4c79b5
					// can't find upgrade file, assume system is up to date
4c79b5
					$t_upgrades_reqd = $t_upgrade_count;
4c79b5
				}
4c79b5
4c79b5
			} else {
4c79b5
4c79b5
				$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
4c79b5
			}
4c79b5
4c79b5
			if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
4c79b5
					( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
4c79b5
				print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

';
4c79b5
			}
4c79b5
		}
4c79b5
4c79b5
		# Check for db upgrade for versions > 1.0.0 using new installer and schema
4c79b5
		require_once( 'admin/schema.php' );
4c79b5
		$t_upgrades_reqd = sizeof( $upgrade ) - 1;
4c79b5
4c79b5
		if ( ( 0 < $t_db_version ) &&
4c79b5
				( $t_db_version != $t_upgrades_reqd ) ) {
4c79b5
4c79b5
			if ( $t_db_version < $t_upgrades_reqd ) {
4c79b5
				print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

';
4c79b5
			} else {
4c79b5
				print '

WARNING: The database structure is more up-to-date than the code installed. Please upgrade the code.

';
4c79b5
			}
4c79b5
		}
4c79b5
	}
4c79b5
?>
4c79b5
4c79b5
4c79b5
4c79b5
<script type="text/javascript" language="JavaScript">
4c79b5
4c79b5
	window.document.login_form.username.focus();
4c79b5
// -->
4c79b5
</script>
4c79b5
4c79b5
4c79b5