. /** * Login page POSTs results to login.php * Check to see if the user is already logged in * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses core.php * @uses authentication_api.php * @uses config_api.php * @uses constant_inc.php * @uses current_user_api.php * @uses database_api.php * @uses gpc_api.php * @uses html_api.php * @uses lang_api.php * @uses print_api.php * @uses string_api.php * @uses user_api.php * @uses utility_api.php */ require_once( 'core.php' ); require_api( 'authentication_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); require_api( 'current_user_api.php' ); require_api( 'database_api.php' ); require_api( 'gpc_api.php' ); require_api( 'html_api.php' ); require_api( 'lang_api.php' ); require_api( 'print_api.php' ); require_api( 'string_api.php' ); require_api( 'user_api.php' ); require_api( 'utility_api.php' ); require_css( 'login.css' ); $f_error = gpc_get_bool( 'error' ); $f_cookie_error = gpc_get_bool( 'cookie_error' ); $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) ); $f_username = gpc_get_string( 'username', '' ); $f_perm_login = gpc_get_bool( 'perm_login', false ); $f_secure_session = gpc_get_bool( 'secure_session', false ); $f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null ); # Set username to blank if invalid to prevent possible XSS exploits if( !user_is_name_valid( $f_username ) ) { $f_username = ''; } if( config_get_global( 'email_login_enabled' ) ) { $t_username_label = lang_get( 'username_or_email' ); } else { $t_username_label = lang_get( 'username' ); } $t_session_validation = ( ON == config_get_global( 'session_validation' ) ); # If user is already authenticated and not anonymous if( auth_is_user_authenticated() && !current_user_is_anonymous() ) { # If return URL is specified redirect to it; otherwise use default page if( !is_blank( $f_return ) ) { print_header_redirect( $f_return, false, false, true ); } else { print_header_redirect( config_get( 'default_home_page' ) ); } } # Check for automatic logon methods where we want the logon to just be handled by login.php if( auth_automatic_logon_bypass_form() ) { $t_uri = 'login.php'; if( ON == config_get( 'allow_anonymous_login' ) ) { $t_uri = 'login_anon.php'; } if( !is_blank( $f_return ) ) { $t_uri .= '?return=' . string_url( $f_return ); } print_header_redirect( $t_uri ); exit; } # Determine if secure_session should default on or off? # - If no errors, and no cookies set, default to on. # - If no errors, but cookie is set, use the cookie value. # - If errors, use the value passed in. if( $t_session_validation ) { if( !$f_error && !$f_cookie_error ) { $t_default_secure_session = ( is_null( $f_secure_session_cookie ) ? true : $f_secure_session_cookie ); } else { $t_default_secure_session = $f_secure_session; } } # Determine whether the username or password field should receive automatic focus. $t_username_field_autofocus = 'autofocus'; $t_password_field_autofocus = ''; if( $f_username ) { $t_username_field_autofocus = ''; $t_password_field_autofocus = 'autofocus'; } # Login page shouldn't be indexed by search engines html_robots_noindex(); html_page_top1(); html_page_top2a(); if( $f_error || $f_cookie_error ) { echo '