. #------------------------------ # $Revision: 2643 $ # $Author: al $ # $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $ #------------------------------ # Login page POSTs results to login.php # Check to see if the user is already logged in require_once( 'core.php' ); if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) { print_header_redirect( config_get( 'default_home_page' ) ); } $f_error = gpc_get_bool( 'error' ); $f_cookie_error = gpc_get_bool( 'cookie_error' ); $f_return = gpc_get_string( 'return', '' ); # Check for HTTP_AUTH. HTTP_AUTH is handled in login.php if ( HTTP_AUTH == config_get( 'login_method' ) ) { $t_uri = "login.php"; if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) { $t_uri = "login_anon.php"; } if ( $f_return ) { $t_uri .= "?return=" . urlencode( $f_return ); } print_header_redirect( $t_uri ); exit; } html_page_top1(); html_page_top2a(); # Display short greeting message # echo lang_get( 'login_page_info' ) . '
'; ?> '; print '

' . lang_get( 'login_error' ) . '

'; print ''; } if ( $f_cookie_error ) { print '
'; print '

' . lang_get( 'login_cookies_disabled' ) . '

'; print '
'; } ?>

'; } print_signup_link(); PRINT '
'. "\n"; print_lost_password_link(); ?>
:
:
:
WARNING: Plain password authentication is used, this will expose your passwords to administrators.

'; } # Generate a warning if administrator/root is valid. $t_admin_user_id = user_get_id_by_name( 'administrator' ); if ( $t_admin_user_id !== false ) { if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { print '

WARNING: You should disable the default "administrator" account or change its password.

'; } } # Check if the admin directory is available and is readable. $t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR; if ( 0 && is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) { print '

WARNING: Admin directory should be removed.

' . "\n"; # Since admin directory and db_upgrade lists are available check for missing db upgrades # Check for db upgrade for versions < 1.0.0 using old upgrader $t_db_version = config_get( 'database_version' , 0 ); # if db version is 0, we haven't moved to new installer. if ( $t_db_version == 0 ) { if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) { $query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";"; $result = db_query( $query ); if ( db_num_rows( $result ) < 1 ) { $t_upgrade_count = 0; } else { $t_upgrade_count = (int)db_result( $result ); } } else { $t_upgrade_count = 0; } if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates if ( file_exists( 'admin/upgrade_inc.php' ) ) { require_once( 'admin/upgrade_inc.php' ); $t_upgrades_reqd = $upgrade_set->count_items(); } else { // can't find upgrade file, assume system is up to date $t_upgrades_reqd = $t_upgrade_count; } } else { $t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade } if ( ( $t_upgrade_count != $t_upgrades_reqd ) && ( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

'; } } # Check for db upgrade for versions > 1.0.0 using new installer and schema require_once( 'admin/schema.php' ); $t_upgrades_reqd = sizeof( $upgrade ) - 1; if ( ( 0 < $t_db_version ) && ( $t_db_version != $t_upgrades_reqd ) ) { if ( $t_db_version < $t_upgrades_reqd ) { print '

WARNING: The database structure may be out of date. Please upgrade here before logging in.

'; } else { print '

WARNING: The database structure is more up-to-date than the code installed. Please upgrade the code.

'; } } } ?>