2 /************************************************************************/
4 /************************************************************************/
5 /* Copyright (c) 2010 */
6 /* Inclusive Design Institute */
8 /* This program is free software. You can redistribute it and/or */
9 /* modify it under the terms of the GNU General Public License */
10 /* as published by the Free Software Foundation. */
11 /************************************************************************/
13 define('TR_INCLUDE_PATH', 'include/');
14 require (TR_INCLUDE_PATH.'vitals.inc.php');
16 require_once(TR_INCLUDE_PATH. 'classes/DAO/UsersDAO.class.php');
18 $usersDAO = new UsersDAO();
20 // For security reasons the token has to be generated anew before each login attempt.
21 // The entropy of SHA-1 input should be comparable to that of its output; in other words, the more randomness you feed it the better.
23 * Remove comments below and add comments to the 2 lines in the following block to enable a remote login form.
25 //if (isset($_POST['token']))
27 // $_SESSION['token'] = $_POST['token'];
31 // if (!isset($_SESSION['token']))
32 // $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
36 * Add comments 2 lines below to enable a remote login form.
38 if (!isset($_SESSION['token']))
39 $_SESSION['token'] = sha1(mt_rand() . microtime(TRUE));
41 if (isset($_POST['submit']))
43 $user_id = $usersDAO->Validate($addslashes($_POST['form_login']), $addslashes($_POST['form_password_hidden']));
47 $msg->addError('INVALID_LOGIN');
51 if ($usersDAO->getStatus($user_id) == TR_STATUS_DISABLED)
53 $msg->addError('ACCOUNT_DISABLED');
57 $usersDAO->setLastLogin($user_id);
58 $_SESSION['user_id'] = $user_id;
59 $msg->addFeedback('LOGIN_SUCCESS');
60 header('Location: index.php');
68 $onload = 'document.form.form_login.focus();';
70 //header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
71 $savant->display('login.tmpl.php');