-
-
Notifications
You must be signed in to change notification settings - Fork 35
/
login.php
121 lines (96 loc) · 3.89 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
<?php
/*
Part-DB Version 0.4+ "nextgen"
Copyright (C) 2017 Jan Böhmer
https://github.com/jbtronics
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*/
include_once('start_session.php');
use PartDB\Database;
use PartDB\HTML;
use PartDB\Log;
use PartDB\User;
$user_name = isset($_POST['username']) ? $_POST['username'] : "";
$password = isset($_POST['password']) ? $_POST['password']: "";
$logout = isset($_REQUEST['logout']);
$redirect_url = isset($_REQUEST['redirect']) ? $_REQUEST['redirect'] : "";
$messages = array();
$fatal_error = false;
$action = "default";
if (!User::isLoggedIn() && $user_name != "") {
$action = "login";
}
if ($logout == true && User::isLoggedIn() && $user_name == "") {
$action = "logout";
}
if (User::isLoggedIn() && $logout == false) {
$action = "redirect";
}
$html = new HTML($config['html']['theme'], $user_config['theme'], $config['partdb_title'] . " - " . _('Login'));
try {
$database = new Database();
$log = new Log($database);
$user = User::getLoggedInUser($database, $log);
} catch (Exception $e) {
$messages[] = array('text' => nl2br($e->getMessage()), 'strong' => true, 'color' => 'red');
$fatal_error = true;
}
if (!$fatal_error) {
switch ($action) {
case "logout":
User::logout();
$html->setVariable("refresh_navigation_frame", true, "boolean");
$html->setVariable('loggedout', true);
break;
case "login":
try {
$user = User::getUserByName($database, $log, $user_name);
$pw_valid = User::login($user, $password);
} catch (Exception $ex) {
$pw_valid = false;
}
$html->setVariable("pw_valid", $pw_valid, "boolean");
if (User::isLoggedIn()) {
$html->setVariable("refresh_navigation_frame", true, "boolean");
}
break;
case "redirect":
if ($redirect_url != "") {
//We need to remove Part-DB/ part, because PHP_URI_REQUEST contains it...
$html->redirect(str_replace(BASE_RELATIVE . "/", "", $redirect_url));
} else if (User::getLoggedInUser()->getNeedPasswordChange()) { //Redirect to user settings, when user needs to change password.
$html->redirect("user_settings.php");
} else { //Else redirect to start page.
$html->redirect("startup.php");
}
break;
case "default":
break;
}
}
//If a ajax version is requested, say this the template engine.
/*if (isset($_REQUEST["ajax"])) {
$html->setVariable("ajax_request", true);
}*/
if (User::isLoggedIn()) {
$user = User::getLoggedInUser($database, $log);
$html->setVariable("loggedin", true, "boolean");
}
$html->setVariable("username", $user_name, "string");
//$html->set_variable("refresh_navigation_frame", true, "boolean");
$reload_link = $fatal_error ? 'login.php' : ''; // an empty string means that the...
$html->printHeader($messages, $reload_link); // ...reload-button won't be visible
if (! $fatal_error) {
$html->printTemplate('login');
}
$html->printFooter();