centos / artwork-archive

Clone
Source Code
GIT

Files

  1.   7f76e6644bf2920ef9c329ee4e9c12c3eedd6e0c
  2.   Identity
  3.   Webenv
  4.   App
  5.   Mantis
  6.   1.1.2-1.fc9
  7.   login_page.php
Blob Blame History Raw 
<?php
# Mantis - a php based bugtracking system

# Copyright (C) 2000 - 2002  Kenzaburo Ito - kenito@300baud.org
# Copyright (C) 2002 - 2007  Mantis Team   - mantisbt-dev@lists.sourceforge.net

# Mantis is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 2 of the License, or
# (at your option) any later version.
#
# Mantis is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Mantis.  If not, see <http://www.gnu.org/licenses/>.

	#------------------------------
	#   $Revision: 2643 $
	#     $Author: al $    
	#       $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $                                              
	#------------------------------

	# Login page POSTs results to login.php
	# Check to see if the user is already logged in

	require_once( 'core.php' );

	if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
		print_header_redirect( config_get( 'default_home_page' ) );
	}

	$f_error	= gpc_get_bool( 'error' );
	$f_cookie_error	= gpc_get_bool( 'cookie_error' );
	$f_return	= gpc_get_string( 'return', '' );

	# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php

	if ( HTTP_AUTH == config_get( 'login_method' ) ) {

		$t_uri = "login.php";

		if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
			$t_uri = "login_anon.php";
		}

		if ( $f_return ) {
			$t_uri .= "?return=" . urlencode( $f_return );
		}

		print_header_redirect( $t_uri );
		exit;
	}

	html_page_top1();

	html_page_top2a();

	# Display short greeting message
	# echo lang_get( 'login_page_info' ) . '<br />';

?>

<!-- Login Form BEGIN -->

<?php 
	# Only echo error message if error variable is set
	if ( $f_error ) {
		print '<div id="message" class="red">';
		print '<p>' . lang_get( 'login_error' ) . '</p>';
		print '</div>';
	}

	if ( $f_cookie_error ) {
		print '<div id="message" class="red">';
		print '<p>' . lang_get( 'login_cookies_disabled' ) . '</p>';
		print '</div>';
	}

?>

<h2><?php echo lang_get( 'login_title' ); ?></h2>

<div class="quick-summary">

<?php

	# Add Anonymous login link if it is set to ON in the config file.
	if ( ON == config_get( 'allow_anonymous_login' ) ) {
		print_bracket_link( 'login_anon.php', lang_get( 'login_anonymously' ) );
		PRINT '<br />';
	}

	print_signup_link();

	PRINT '<br />'. "\n";

	print_lost_password_link();

?>

</div>

<div id="login_form">

<form name="login_form" method="post" action="login.php">

	<?php # Add some hidden fields
	if ( !is_blank( $f_return ) ) { ?>
	<input type="hidden" name="return" value="<?php echo string_html_specialchars( $f_return ) ?>" />
	<?php }	?>

	<table>

		<tr>

			<td style="text-align:right" width="150px;">
				<strong><?php echo lang_get( 'username' ) ?>:</strong>
			</td>

			<td>
				<input type="text" name="username" size="20" maxlength="32" />
			</td>

		</tr>

		<tr>

			<td style="text-align:right">
				<strong><?php echo lang_get( 'password' ) ?>:</strong>
			</td>

			<td>
				<input type="password" name="password" size="20" maxlength="32" />
			</td>

		</tr>

		<tr>

			<td style="text-align:right">
				<strong><?php echo lang_get( 'save_login' ) ?>:</strong>
			</td>

			<td>
				<input type="checkbox" name="perm_login" />
			</td>

		</tr>

		<tr>

			<td class="buttons"></td>

			<td class="buttons">
				<input type="submit" class="button" value="<?php echo lang_get( 'login_button' ) ?>" />
			</td>

		</tr>

	</table>

</form>
</div>

<?php
	#
	# Do some checks to warn administrators of possible security holes.
	# Since this is considered part of the admin-checks, the strings are not translated.
	#

	# Warning, if plain passwords are selected
	if ( config_get( 'login_method' ) === PLAIN ) {
		print '<p class="lmtxt red"><strong>WARNING:</strong> Plain password authentication is used, this will expose your passwords to administrators.</p>';
	}

	# Generate a warning if administrator/root is valid.
	$t_admin_user_id = user_get_id_by_name( 'administrator' );
	if ( $t_admin_user_id !== false ) {
		if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
			print '<p class="lmtxt red"><strong>WARNING:</strong> You should disable the default "administrator" account or change its password.</p>';
		}
	}

	# Check if the admin directory is available and is readable.
	$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
	if ( 0 && is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
		print '<p class="lmtxt red"><strong>WARNING:</strong> Admin directory should be removed.</p>' . "\n";
			
		# Since admin directory and db_upgrade lists are available check for missing db upgrades	
		# Check for db upgrade for versions < 1.0.0 using old upgrader
		$t_db_version = config_get( 'database_version' , 0 );

		# if db version is 0, we haven't moved to new installer.
		if ( $t_db_version == 0 ) {

			if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {

				$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
				$result = db_query( $query );

				if ( db_num_rows( $result ) < 1 ) {
					$t_upgrade_count = 0;
				} else {
					$t_upgrade_count = (int)db_result( $result );
				}

			} else {

				$t_upgrade_count = 0;
			}

			if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates

				if ( file_exists( 'admin/upgrade_inc.php' ) ) {

					require_once( 'admin/upgrade_inc.php' );

					$t_upgrades_reqd = $upgrade_set->count_items();

				} else {

					// can't find upgrade file, assume system is up to date
					$t_upgrades_reqd = $t_upgrade_count;
				}

			} else {

				$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
			}

			if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
					( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
				print '<p class="lmtxt red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/upgrade.php">here</a> before logging in.</p>';
			}
		}

		# Check for db upgrade for versions > 1.0.0 using new installer and schema
		require_once( 'admin/schema.php' );
		$t_upgrades_reqd = sizeof( $upgrade ) - 1;

		if ( ( 0 < $t_db_version ) &&
				( $t_db_version != $t_upgrades_reqd ) ) {

			if ( $t_db_version < $t_upgrades_reqd ) {
				print '<p class="lmtxt red"><strong>WARNING:</strong> The database structure may be out of date. Please upgrade <a href="admin/install.php">here</a> before logging in.</p>';
			} else {
				print '<p class="lmtxt red"><strong>WARNING:</strong> The database structure is more up-to-date than the code installed.  Please upgrade the code.</p>';
			}
		}
	}
?>

<!-- Autofocus JS -->
<?php if ( ON == config_get( 'use_javascript' ) ) { ?>
<script type="text/javascript" language="JavaScript">
<!--
	window.document.login_form.username.focus();
// -->
</script>
<?php } ?>

<?php html_page_bottom1a( __FILE__ ) ?>

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation