1 | <?php |
||
2 | // This script displays a login screen in a popupbox when SSL is enabled in the preferences. You should use this script only when your server supports SSL. Place this file under your SSL directory |
||
3 | |||
4 | use Xmf\Request; |
||
5 | |||
6 | // path to your xoops main directory |
||
7 | $path = '/path/to/xoops/directory'; |
||
8 | |||
9 | include $path . '/mainfile.php'; |
||
10 | if (!defined('XOOPS_ROOT_PATH')) { |
||
11 | exit(); |
||
12 | } |
||
13 | include_once XOOPS_ROOT_PATH . '/language/' . $xoopsConfig['language'] . '/user.php'; |
||
14 | $op = Request::getString('op', 'login', 'POST') === 'dologin' ? 'dologin' : 'login'; |
||
15 | |||
16 | $username = trim(Request::getString('username', '', 'POST')); |
||
17 | $password = trim(Request::getString('userpass', '', 'POST')); |
||
18 | if ($username == '' || $password == '') { |
||
19 | $op = 'login'; |
||
20 | } |
||
21 | |||
22 | echo ' |
||
23 | <html> |
||
24 | <head> |
||
25 | <meta http-equiv="content-type" content="text/html; charset=' . _CHARSET . '" /> |
||
26 | <meta http-equiv="content-language" content="' . _LANGCODE . '" /> |
||
27 | <title>' . $xoopsConfig['sitename'] . '</title> |
||
28 | <link rel="stylesheet" type="text/css" media="all" href="' . XOOPS_URL . '/xoops.css" /> |
||
29 | '; |
||
30 | $style = xoops_getcss($xoopsConfig['theme_set']); |
||
31 | if ($style == '') { |
||
32 | $style = xoops_getcss($xoopsConfig['theme_set']); |
||
33 | } |
||
34 | if ($style != '') { |
||
35 | echo '<link rel="stylesheet" type="text/css" media="all" href="' . $style . '" />'; |
||
36 | } |
||
37 | echo ' |
||
38 | </head> |
||
39 | <body> |
||
40 | '; |
||
41 | |||
42 | if ($op === 'dologin') { |
||
43 | /** @var \XoopsMemberHandler $member_handler */ |
||
44 | $member_handler = xoops_getHandler('member'); |
||
45 | $myts = \MyTextSanitizer::getInstance(); |
||
46 | $user = $member_handler->loginUser(addslashes($username), addslashes($password)); |
||
47 | if (is_object($user)) { |
||
48 | if (0 == $user->getVar('level')) { |
||
49 | redirect_header(XOOPS_URL . '/index.php', 5, _US_NOACTTPADM); |
||
50 | exit(); |
||
51 | } |
||
52 | if ($xoopsConfig['closesite'] == 1) { |
||
53 | $allowed = false; |
||
54 | foreach ($user->getGroups() as $group) { |
||
55 | if (in_array($group, $xoopsConfig['closesite_okgrp']) || XOOPS_GROUP_ADMIN == $group) { |
||
56 | $allowed = true; |
||
57 | break; |
||
58 | } |
||
59 | } |
||
60 | if (!$allowed) { |
||
61 | redirect_header(XOOPS_URL . '/index.php', 1, _NOPERM); |
||
62 | exit(); |
||
63 | } |
||
64 | } |
||
65 | $user->setVar('last_login', time()); |
||
66 | if (!$member_handler->insertUser($user)) { |
||
67 | // Handle error |
||
68 | } |
||
69 | $_SESSION = []; |
||
70 | $_SESSION['xoopsUserId'] = $user->getVar('uid'); |
||
71 | $_SESSION['xoopsUserGroups'] = $user->getGroups(); |
||
72 | if (!empty($xoopsConfig['use_ssl'])) { |
||
73 | xoops_confirm([$xoopsConfig['sslpost_name'] => session_id()], XOOPS_URL . '/misc.php?action=showpopups&type=ssllogin', _US_PRESSLOGIN, _LOGIN); |
||
74 | } else { |
||
75 | echo sprintf(_US_LOGGINGU, $user->getVar('uname')); |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
76 | echo '<div style="text-align:center;"><input value="' . _CLOSE . '" type="button" onclick="document.window.opener.location.reload();document.window.close();" /></div>'; |
||
77 | } |
||
78 | } else { |
||
79 | xoops_error(_US_INCORRECTLOGIN . '<br><a href="login.php">' . _BACK . '</a>'); |
||
80 | } |
||
81 | } |
||
82 | |||
83 | if ($op === 'login') { |
||
84 | echo ' |
||
85 | <div style="text-align: center; padding: 5px; margin: 0;"> |
||
86 | <form action="login.php" method="post"> |
||
87 | <table class="outer" width="95%"> |
||
88 | <tr> |
||
89 | <td class="head">' . _USERNAME . '</td> |
||
90 | <td class="even"><input type="text" name="username" value="" /></td> |
||
91 | </tr> |
||
92 | <tr> |
||
93 | <td class="head">' . _PASSWORD . '</td> |
||
94 | <td class="even"><input type="password" name="userpass" value="" /></td> |
||
95 | </tr> |
||
96 | <tr> |
||
97 | <td class="head"> </td> |
||
98 | <td class="even"><input type="hidden" name="op" value="dologin" /><input type="submit" name="submit" value="' . _LOGIN . '" /></td> |
||
99 | </tr> |
||
100 | </table> |
||
101 | </form> |
||
102 | </div> |
||
103 | '; |
||
104 | } |
||
105 | |||
106 | echo ' |
||
107 | </body> |
||
108 | </html> |
||
109 | '; |
||
110 |