# Mantis - a php based bugtracking system

# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org

# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net

# Mantis is free software: you can redistribute it and/or modify

# it under the terms of the GNU General Public License as published by

# the Free Software Foundation, either version 2 of the License, or

# (at your option) any later version.

#

# Mantis is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

# GNU General Public License for more details.

#

# You should have received a copy of the GNU General Public License

# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.

	#------------------------------

	#   $Revision: 2643 $

	#     $Author: al $    

	#       $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $                                              

	#------------------------------

	# Login page POSTs results to login.php

	# Check to see if the user is already logged in

	require_once( 'core.php' );

	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {

		print_header_redirect( config_get( 'default_home_page' ) );

	}

	$f_error	= gpc_get_bool( 'error' );

	$f_cookie_error	= gpc_get_bool( 'cookie_error' );

	$f_return	= gpc_get_string( 'return', '' );

	# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php

	if ( HTTP_AUTH == config_get( 'login_method' ) ) {

		$t_uri = "login.php";

		if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {

			$t_uri = "login_anon.php";

		}

		if ( $f_return ) {

			$t_uri .= "?return=" . urlencode( $f_return );

		}

		print_header_redirect( $t_uri );

		exit;

	}

	html_page_top1();

	html_page_top2a();

	# Display short greeting message

	# echo lang_get( 'login_page_info' ) . '
';

?>

	# Only echo error message if error variable is set

	if ( $f_error ) {

		print '
';

		print '
' . lang_get( 'login_error' ) . '
';

		print '';

	}

	if ( $f_cookie_error ) {

		print '
';

		print '
' . lang_get( 'login_cookies_disabled' ) . '
';

		print '';

	}

?>

	# Add Anonymous login link if it is set to ON in the config file.

	if ( ON == config_get( 'allow_anonymous_login' ) ) {

		print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );

		PRINT '
';

	}

	print_signup_link();

	PRINT '
'. "\n";

	print_lost_password_link();

?>

<form name="login_form" method="post" action="login.php">

	if ( !is_blank( $f_return ) ) { ?>

	<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />

				:

				<input type="text" name="username" size="20" maxlength="32" />

				:

				<input type="password" name="password" size="20" maxlength="32" />

				:

				<input type="checkbox" name="perm_login" />

				<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />

</form>

	#

	# Do some checks to warn administrators of possible security holes.

	# Since this is considered part of the admin-checks, the strings are not translated.

	#

	# Warning, if plain passwords are selected

	if ( config_get( 'login_method' ) === PLAIN ) {

		print '
WARNING: Plain password authentication is used, this will expose your passwords to administrators.
';

	}

	# Generate a warning if administrator/root is valid.

	$t_admin_user_id = user_get_id_by_name( 'administrator' );

	if ( $t_admin_user_id !== false ) {

		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {

			print '
WARNING: You should disable the default "administrator" account or change its password.
';

		}

	}

	# Check if the admin directory is available and is readable.

	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;

	if ( 0 && is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {

		print '
WARNING: Admin directory should be removed.
' . "\n";

		# Since admin directory and db_upgrade lists are available check for missing db upgrades	

		# Check for db upgrade for versions < 1.0.0 using old upgrader

		$t_db_version = config_get( 'database_version' , 0 );

		# if db version is 0, we haven't moved to new installer.

		if ( $t_db_version == 0 ) {

			if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {

				$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";

				$result = db_query( $query );

				if ( db_num_rows( $result ) < 1 ) {

					$t_upgrade_count = 0;

				} else {

					$t_upgrade_count = (int)db_result( $result );

				}

			} else {

				$t_upgrade_count = 0;

			}

			if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates

				if ( file_exists( 'admin/upgrade_inc.php' ) ) {

					require_once( 'admin/upgrade_inc.php' );

					$t_upgrades_reqd = $upgrade_set->count_items();

				} else {

					// can't find upgrade file, assume system is up to date

					$t_upgrades_reqd = $t_upgrade_count;

				}

			} else {

				$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade

			}

			if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&

					( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present

				print '
WARNING: The database structure may be out of date. Please upgrade here before logging in.
';

			}

		}

		# Check for db upgrade for versions > 1.0.0 using new installer and schema

		require_once( 'admin/schema.php' );

		$t_upgrades_reqd = sizeof( $upgrade ) - 1;

		if ( ( 0 < $t_db_version ) &&

				( $t_db_version != $t_upgrades_reqd ) ) {

			if ( $t_db_version < $t_upgrades_reqd ) {

				print '
WARNING: The database structure may be out of date. Please upgrade here before logging in.
';

			} else {

				print '
WARNING: The database structure is more up-to-date than the code installed.  Please upgrade the code.
';

			}

		}

	}

?>

<script type="text/javascript" language="JavaScript">

	window.document.login_form.username.focus();

// -->

</script>