1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
//------------------------------------------------------------------------------ |
4
|
|
|
// |
5
|
|
|
// eTraxis - Records tracking web-based system |
6
|
|
|
// Copyright (C) 2005-2011 Artem Rodygin |
7
|
|
|
// |
8
|
|
|
// This program is free software: you can redistribute it and/or modify |
9
|
|
|
// it under the terms of the GNU General Public License as published by |
10
|
|
|
// the Free Software Foundation, either version 3 of the License, or |
11
|
|
|
// (at your option) any later version. |
12
|
|
|
// |
13
|
|
|
// This program is distributed in the hope that it will be useful, |
14
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of |
15
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
16
|
|
|
// GNU General Public License for more details. |
17
|
|
|
// |
18
|
|
|
// You should have received a copy of the GNU General Public License |
19
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>. |
20
|
|
|
// |
21
|
|
|
//------------------------------------------------------------------------------ |
22
|
|
|
|
23
|
|
|
/** |
24
|
|
|
* @package eTraxis |
25
|
|
|
* @ignore |
26
|
|
|
*/ |
27
|
|
|
|
28
|
|
|
/**#@+ |
29
|
|
|
* Dependency. |
30
|
|
|
*/ |
31
|
|
|
require_once('../engine/engine.php'); |
32
|
|
|
require_once('../dbo/accounts.php'); |
33
|
|
|
/**#@-*/ |
34
|
|
|
|
35
|
|
|
@session_start(); |
|
|
|
|
36
|
|
|
|
37
|
|
|
if (get_user_level() != USER_LEVEL_GUEST) |
38
|
|
|
{ |
39
|
|
|
debug_write_log(DEBUG_NOTICE, 'User is already authorized.'); |
40
|
|
|
header('Location: ../records/index.php'); |
41
|
|
|
exit; |
42
|
|
|
} |
43
|
|
|
|
44
|
|
|
// process submitted credentials |
45
|
|
|
|
46
|
|
|
$username = ustrcut($_REQUEST['username'], MAX_ACCOUNT_USERNAME + 1); |
47
|
|
|
$password = ustrcut($_REQUEST['password'], MAX_ACCOUNT_PASSWORD); |
48
|
|
|
|
49
|
|
|
debug_write_log(DEBUG_DUMP, '$username = ' . $username); |
50
|
|
|
|
51
|
|
|
$pos = ustrpos($username, '\\'); |
52
|
|
|
|
53
|
|
|
if ($pos !== FALSE) |
54
|
|
|
{ |
55
|
|
|
$username = usubstr($username, $pos + 1); |
56
|
|
|
} |
57
|
|
|
|
58
|
|
|
if (ustrlen($username) == 0) |
59
|
|
|
{ |
60
|
|
|
debug_write_log(DEBUG_NOTICE, 'Empty form is submitted.'); |
61
|
|
|
send_http_error(get_html_resource(RES_ALERT_REQUIRED_ARE_EMPTY_ID)); |
62
|
|
|
} |
63
|
|
|
else |
64
|
|
|
{ |
65
|
|
|
$error = login_user($username, $password); |
66
|
|
|
|
67
|
|
View Code Duplication |
switch ($error) |
68
|
|
|
{ |
69
|
|
|
case NO_ERROR: |
70
|
|
|
header('HTTP/1.0 200 OK'); |
71
|
|
|
break; |
72
|
|
|
|
73
|
|
|
case ERROR_UNKNOWN_USERNAME: |
74
|
|
|
send_http_error(get_html_resource(RES_ALERT_UNKNOWN_USERNAME_ID)); |
75
|
|
|
break; |
76
|
|
|
|
77
|
|
|
case ERROR_ACCOUNT_DISABLED: |
78
|
|
|
send_http_error(get_html_resource(RES_ALERT_ACCOUNT_DISABLED_ID)); |
79
|
|
|
break; |
80
|
|
|
|
81
|
|
|
case ERROR_ACCOUNT_LOCKED: |
82
|
|
|
send_http_error(get_html_resource(RES_ALERT_ACCOUNT_LOCKED_ID)); |
83
|
|
|
break; |
84
|
|
|
|
85
|
|
|
default: |
86
|
|
|
send_http_error(get_html_resource(RES_ALERT_UNKNOWN_ERROR_ID)); |
87
|
|
|
} |
88
|
|
|
} |
89
|
|
|
|
90
|
|
|
?> |
91
|
|
|
|
If you suppress an error, we recommend checking for the error condition explicitly: