2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2007 by Greg Gay & Joel Kronenberg */
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
15 $_user_location = 'public';
16 define('AT_INCLUDE_PATH', 'include/');
17 require (AT_INCLUDE_PATH.'vitals.inc.php');
19 if (isset($_GET['course'])) {
20 $_GET['course'] = intval($_GET['course']);
25 // check if we have a cookie
26 if (!$msg->containsFeedbacks()) {
27 if (isset($_COOKIE['ATLogin'])) {
28 $cookie_login = $_COOKIE['ATLogin'];
30 if (isset($_COOKIE['ATPass'])) {
31 $cookie_pass = $_COOKIE['ATPass'];
35 if (!isset($_SESSION['token']) || !$_SESSION['token']) {
36 $_SESSION['token'] = sha1(mt_rand());
39 if (isset($cookie_login, $cookie_pass) && !isset($_POST['submit'])) {
41 $this_login = $cookie_login;
42 $this_password = $cookie_pass;
45 } else if (isset($_POST['submit'])) {
48 if (strlen($_POST['form_password_hidden']) < 40) { // <noscript> on client end
49 $this_password = sha1($_POST['form_password'] . $_SESSION['token']);
51 $this_password = $_POST['form_password_hidden'];
54 $this_login = $_POST['form_login'];
55 $auto_login = intval($_POST['auto']);
59 if (isset($this_login, $this_password) && !isset($_SESSION['session_test'])) {
60 $msg->addError('SESSION_COOKIES');
61 } else if (isset($this_login, $this_password)) {
62 if (version_compare(PHP_VERSION, '5.1.0', '>=')) {
63 session_regenerate_id(TRUE);
67 if ($_GET['course']) {
68 $_POST['form_course_id'] = intval($_GET['course']);
70 $_POST['form_course_id'] = intval($_POST['form_course_id']);
72 $this_login = $addslashes($this_login);
73 $this_password = $addslashes($this_password);
76 // check if that cookie is valid
77 $sql = "SELECT member_id, login, first_name, second_name, last_name, preferences, SHA1(CONCAT(password, '-', '".DB_PASSWORD."')) AS pass, language, status FROM ".TABLE_PREFIX."members WHERE login='$this_login' AND SHA1(CONCAT(password, '-', '".DB_PASSWORD."'))='$this_password'";
80 $sql = "SELECT member_id, login, first_name, second_name, last_name, preferences, language, status, SHA1(CONCAT(password, '-', '".DB_PASSWORD."')) AS pass FROM ".TABLE_PREFIX."members WHERE (login='$this_login' OR email='$this_login') AND SHA1(CONCAT(password, '$_SESSION[token]'))='$this_password'";
82 $result = mysql_query($sql, $db);
84 if (($row = mysql_fetch_assoc($result)) && ($row['status'] == AT_STATUS_UNCONFIRMED)) {
85 $msg->addError('NOT_CONFIRMED');
86 } else if ($row && $row['status'] == AT_STATUS_DISABLED) {
87 $msg->addError('ACCOUNT_DISABLED');
89 $_SESSION['valid_user'] = true;
90 $_SESSION['member_id'] = intval($row['member_id']);
91 $_SESSION['login'] = $row['login'];
92 assign_session_prefs(unserialize(stripslashes($row['preferences'])));
93 $_SESSION['is_guest'] = 0;
94 $_SESSION['lang'] = $row['language'];
95 $_SESSION['course_id'] = 0;
97 if ($auto_login == 1) {
98 $parts = parse_url($_base_href);
99 // update the cookie.. increment to another 2 days
100 $cookie_expire = time()+172800;
101 setcookie('ATLogin', $this_login, $cookie_expire, $parts['path'], $parts['host'], 0);
102 setcookie('ATPass', $row['pass'], $cookie_expire, $parts['path'], $parts['host'], 0);
105 $sql = "UPDATE ".TABLE_PREFIX."members SET creation_date=creation_date, last_login=NOW() WHERE member_id=$_SESSION[member_id]";
106 mysql_query($sql, $db);
108 $msg->addFeedback('LOGIN_SUCCESS');
109 header('Location: bounce.php?course='.$_POST['form_course_id']);
112 // check if it's an admin login.
113 $sql = "SELECT login, `privileges`, language FROM ".TABLE_PREFIX."admins WHERE login='$this_login' AND SHA1(CONCAT(password, '$_SESSION[token]'))='$this_password' AND `privileges`>0";
114 $result = mysql_query($sql, $db);
116 if ($row = mysql_fetch_assoc($result)) {
117 $sql = "UPDATE ".TABLE_PREFIX."admins SET last_login=NOW() WHERE login='$this_login'";
118 mysql_query($sql, $db);
120 $_SESSION['login'] = $row['login'];
121 $_SESSION['valid_user'] = true;
122 $_SESSION['course_id'] = -1;
123 $_SESSION['privileges'] = intval($row['privileges']);
124 $_SESSION['lang'] = $row['language'];
126 write_to_log(AT_ADMIN_LOG_UPDATE, 'admins', mysql_affected_rows($db), $sql);
128 $msg->addFeedback('LOGIN_SUCCESS');
130 header('Location: admin/index.php');
134 $msg->addError('INVALID_LOGIN');
139 $_SESSION['session_test'] = TRUE;
141 if (isset($_SESSION['member_id'])) {
142 $sql = "DELETE FROM ".TABLE_PREFIX."users_online WHERE member_id=$_SESSION[member_id]";
143 $result = @mysql_query($sql, $db);
146 unset($_SESSION['login']);
147 unset($_SESSION['valid_user']);
148 unset($_SESSION['member_id']);
149 unset($_SESSION['is_admin']);
150 unset($_SESSION['course_id']);
151 unset($_SESSION['is_super_admin']);
153 $_SESSION['prefs']['PREF_FORM_FOCUS'] = 1;
155 /*****************************/
156 /* template starts down here */
158 $onload = 'document.form.form_login.focus();';
160 $savant->assign('course_id', $_GET['course']);
162 if (isset($_GET['course'])) {
163 $savant->assign('title', ' '._AT('to1').' '.$system_courses[$_GET['course']]['title']);
165 $savant->assign('title', ' ');
168 header('P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"');
169 $savant->display('login.tmpl.php');