login.php

   1 <?php
   2 /************************************************************************/
   3 /* AContent                                                             */
   4 /************************************************************************/
   5 /* Copyright (c) 2010                                                   */
   6 /* Inclusive Design Institute                                           */
   7 /*                                                                      */
   8 /* This program is free software. You can redistribute it and/or        */
   9 /* modify it under the terms of the GNU General Public License          */
  10 /* as published by the Free Software Foundation.                        */
  11 /************************************************************************/
  12
  13 define('TR_INCLUDE_PATH', 'include/');
  14 require (TR_INCLUDE_PATH.'vitals.inc.php');
  15
  16 require_once(TR_INCLUDE_PATH. 'classes/DAO/UsersDAO.class.php');
  17
  18 $usersDAO = new UsersDAO();
  19
  20 // For security reasons the token has to be generated anew before each login attempt.
  21 // The entropy of SHA-1 input should be comparable to that of its output; in other words, the more randomness you feed it the better.
  22 /***
  23 * Remove comments below and add comments to the 2 lines in the following block to enable a remote login form.
  24 */
  25 //if (isset($_POST['token']))
  26 //{
  27 //      $_SESSION['token'] = $_POST['token'];
  28 //}
  29 //else
  30 //{
  31 //      if (!isset($_SESSION['token']))
  32 //              $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
  33 //}
  34
  35 /***
  36 * Add comments 2 lines below to enable a remote login form.
  37 */
  38 if (!isset($_SESSION['token']))
  39         $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
  40
  41 if (isset($_POST['submit']))
  42 {
  43         $user_id = $usersDAO->Validate($addslashes($_POST['form_login']), $addslashes($_POST['form_password_hidden']));
  44
  45         if (!$user_id)
  46         {
  47                 $msg->addError('INVALID_LOGIN');
  48         }
  49         else
  50         {
  51                 if ($usersDAO->getStatus($user_id) == TR_STATUS_DISABLED)
  52                 {
  53                         $msg->addError('ACCOUNT_DISABLED');
  54                 }
  55                 else
  56                 {
  57                         $usersDAO->setLastLogin($user_id);
  58                         $_SESSION['user_id'] = $user_id;
  59                         $msg->addFeedback('LOGIN_SUCCESS');
  60                         header('Location: index.php');
  61                         exit;
  62                 }
  63         }
  64
  65 }
  66
  67 global $onload;
  68 $onload = 'document.form.form_login.focus();';
  69
  70 //header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
  71 $savant->display('login.tmpl.php');
  72 ?>