Blame Identity/Webenv/Mantis/1.1.2-1.fc9/login_page.php

ef5584
ef5584
# Mantis - a php based bugtracking system
ef5584
ef5584
# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
ef5584
# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net
ef5584
ef5584
# Mantis is free software: you can redistribute it and/or modify
ef5584
# it under the terms of the GNU General Public License as published by
ef5584
# the Free Software Foundation, either version 2 of the License, or
ef5584
# (at your option) any later version.
ef5584
#
ef5584
# Mantis is distributed in the hope that it will be useful,
ef5584
# but WITHOUT ANY WARRANTY; without even the implied warranty of
ef5584
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
ef5584
# GNU General Public License for more details.
ef5584
#
ef5584
# You should have received a copy of the GNU General Public License
ef5584
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.
ef5584
ef5584
	#------------------------------
ef5584
	#   $Revision: 2643 $
ef5584
	#     $Author: al $    
ef5584
	#       $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $                                              
ef5584
	#------------------------------
ef5584
ef5584
	# Login page POSTs results to login.php
ef5584
	# Check to see if the user is already logged in
ef5584
ef5584
	require_once( 'core.php' );
ef5584
ef5584
	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
ef5584
		print_header_redirect( config_get( 'default_home_page' ) );
ef5584
	}
ef5584
ef5584
	$f_error	= gpc_get_bool( 'error' );
ef5584
	$f_cookie_error	= gpc_get_bool( 'cookie_error' );
ef5584
	$f_return	= gpc_get_string( 'return', '' );
ef5584
ef5584
	# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php
ef5584
ef5584
	if ( HTTP_AUTH == config_get( 'login_method' ) ) {
ef5584
ef5584
		$t_uri = "login.php";
ef5584
ef5584
		if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
ef5584
			$t_uri = "login_anon.php";
ef5584
		}
ef5584
ef5584
		if ( $f_return ) {
ef5584
			$t_uri .= "?return=" . urlencode( $f_return );
ef5584
		}
ef5584
ef5584
		print_header_redirect( $t_uri );
ef5584
		exit;
ef5584
	}
ef5584
ef5584
	html_page_top1();
ef5584
ef5584
	html_page_top2a();
ef5584
ef5584
	# Display short greeting message
ef5584
	# echo lang_get( 'login_page_info' ) . '
';
ef5584
ef5584
?>
ef5584
ef5584
ef5584
ef5584
ef5584
	# Only echo error message if error variable is set
ef5584
	if ( $f_error ) {
ef5584
		print '
';
ef5584
		print '

' . lang_get( 'login_error' ) . '

';
ef5584
		print '';
ef5584
	}
ef5584
ef5584
	if ( $f_cookie_error ) {
ef5584
		print '
';
ef5584
		print '

' . lang_get( 'login_cookies_disabled' ) . '

';
ef5584
		print '';
ef5584
	}
ef5584
ef5584
?>
ef5584
ef5584

ef5584
ef5584
ef5584
ef5584
ef5584
ef5584
	# Add Anonymous login link if it is set to ON in the config file.
ef5584
	if ( ON == config_get( 'allow_anonymous_login' ) ) {
ef5584
		print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );
ef5584
		PRINT '
';
ef5584
	}
ef5584
ef5584
	print_signup_link();
ef5584
ef5584
	PRINT '
'. "\n";
ef5584
ef5584
	print_lost_password_link();
ef5584
ef5584
?>
ef5584
ef5584
ef5584
ef5584
ef5584
ef5584
<form name="login_form" method="post" action="login.php">
ef5584
ef5584
	
ef5584
	if ( !is_blank( $f_return ) ) { ?>
ef5584
	<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
ef5584
	
ef5584
ef5584
	
ef5584
ef5584
		
ef5584
ef5584
			
ef5584
				:
ef5584
			
ef5584
ef5584
			
ef5584
				<input type="text" name="username" size="20" maxlength="32" />
ef5584
			
ef5584
ef5584
		
ef5584
ef5584
		
ef5584
ef5584
			
ef5584
				:
ef5584
			
ef5584
ef5584
			
ef5584
				<input type="password" name="password" size="20" maxlength="32" />
ef5584
			
ef5584
ef5584
		
ef5584
ef5584
		
ef5584
ef5584
			
ef5584
				:
ef5584
			
ef5584
ef5584
			
ef5584
				<input type="checkbox" name="perm_login" />
ef5584
			
ef5584
ef5584
		
ef5584
ef5584
		
ef5584
ef5584
			
ef5584
ef5584
			
ef5584
				<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
ef5584
			
ef5584
ef5584
		
ef5584
ef5584
	
ef5584
ef5584
</form>
ef5584
ef5584
ef5584
ef5584
	#
ef5584
	# Do some checks to warn administrators of possible security holes.
ef5584
	# Since this is considered part of the admin-checks, the strings are not translated.
ef5584
	#
ef5584
ef5584
	# Warning, if plain passwords are selected
ef5584
	if ( config_get( 'login_method' ) === PLAIN ) {
ef5584
		print '

WARNING: Plain password authentication is used, this will expose your passwords to administrators.

';
ef5584
	}
ef5584
ef5584
	# Generate a warning if administrator/root is valid.
ef5584
	$t_admin_user_id = user_get_id_by_name( 'administrator' );
ef5584
	if ( $t_admin_user_id !== false ) {
ef5584
		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
ef5584
			print '

WARNING: You should disable the default "administrator" account or change its password.

';
ef5584
		}
ef5584
	}
ef5584
ef5584
	# Check if the admin directory is available and is readable.
ef5584
	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
ef5584
	if ( 0 && is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
ef5584
		print '

WARNING: Admin directory should be removed.

' . "\n";
ef5584
			
ef5584
		# Since admin directory and db_upgrade lists are available check for missing db upgrades	
ef5584
		# Check for db upgrade for versions < 1.0.0 using old upgrader
ef5584
		$t_db_version = config_get( 'database_version' , 0 );
ef5584
ef5584
		# if db version is 0, we haven't moved to new installer.
ef5584
		if ( $t_db_version == 0 ) {
ef5584
ef5584
			if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {
ef5584
ef5584
				$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
ef5584
				$result = db_query( $query );
ef5584
ef5584
				if ( db_num_rows( $result ) < 1 ) {
ef5584
					$t_upgrade_count = 0;
ef5584
				} else {
ef5584
					$t_upgrade_count = (int)db_result( $result );
ef5584
				}
ef5584
ef5584
			} else {
ef5584
ef5584
				$t_upgrade_count = 0;
ef5584
			}
ef5584
ef5584
			if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
ef5584
ef5584
				if ( file_exists( 'admin/upgrade_inc.php' ) ) {
ef5584
ef5584
					require_once( 'admin/upgrade_inc.php' );
ef5584
ef5584
					$t_upgrades_reqd = $upgrade_set->count_items();
ef5584
ef5584
				} else {
ef5584
ef5584
					// can't find upgrade file, assume system is up to date
ef5584
					$t_upgrades_reqd = $t_upgrade_count;
ef5584
				}
ef5584
ef5584
			} else {
ef5584
ef5584
				$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
ef5584
			}
ef5584
ef5584
			if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
ef5584
					( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
ef5584
				print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

';
ef5584
			}
ef5584
		}
ef5584
ef5584
		# Check for db upgrade for versions > 1.0.0 using new installer and schema
ef5584
		require_once( 'admin/schema.php' );
ef5584
		$t_upgrades_reqd = sizeof( $upgrade ) - 1;
ef5584
ef5584
		if ( ( 0 < $t_db_version ) &&
ef5584
				( $t_db_version != $t_upgrades_reqd ) ) {
ef5584
ef5584
			if ( $t_db_version < $t_upgrades_reqd ) {
ef5584
				print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

';
ef5584
			} else {
ef5584
				print '

WARNING: The database structure is more up-to-date than the code installed. Please upgrade the code.

';
ef5584
			}
ef5584
		}
ef5584
	}
ef5584
?>
ef5584
ef5584
ef5584
ef5584
<script type="text/javascript" language="JavaScript">
ef5584
ef5584
	window.document.login_form.username.focus();
ef5584
// -->
ef5584
</script>
ef5584
ef5584
ef5584