. /** * Login page POSTs results to login.php * Check to see if the user is already logged in * * @package MantisBT * @copyright Copyright 2000 - 2002 Kenzaburo Ito - kenito@300baud.org * @copyright Copyright 2002 MantisBT Team - mantisbt-dev@lists.sourceforge.net * @link http://www.mantisbt.org * * @uses core.php * @uses authentication_api.php * @uses config_api.php * @uses constant_inc.php * @uses current_user_api.php * @uses database_api.php * @uses gpc_api.php * @uses html_api.php * @uses lang_api.php * @uses print_api.php * @uses string_api.php * @uses user_api.php * @uses utility_api.php */ require_once( 'core.php' ); require_api( 'authentication_api.php' ); require_api( 'config_api.php' ); require_api( 'constant_inc.php' ); require_api( 'current_user_api.php' ); require_api( 'database_api.php' ); require_api( 'gpc_api.php' ); require_api( 'html_api.php' ); require_api( 'lang_api.php' ); require_api( 'print_api.php' ); require_api( 'string_api.php' ); require_api( 'user_api.php' ); require_api( 'utility_api.php' ); require_css( 'login.css' ); $f_error = gpc_get_bool( 'error' ); $f_cookie_error = gpc_get_bool( 'cookie_error' ); $f_return = string_sanitize_url( gpc_get_string( 'return', '' ) ); $f_username = gpc_get_string( 'username', '' ); $f_perm_login = gpc_get_bool( 'perm_login', false ); $f_secure_session = gpc_get_bool( 'secure_session', false ); $f_secure_session_cookie = gpc_get_cookie( config_get_global( 'cookie_prefix' ) . '_secure_session', null ); # Set username to blank if invalid to prevent possible XSS exploits if( !user_is_name_valid( $f_username ) ) { $f_username = ''; } if( config_get_global( 'email_login_enabled' ) ) { $t_username_label = lang_get( 'username_or_email' ); } else { $t_username_label = lang_get( 'username' ); } $t_session_validation = ( ON == config_get_global( 'session_validation' ) ); # If user is already authenticated and not anonymous if( auth_is_user_authenticated() && !current_user_is_anonymous() ) { # If return URL is specified redirect to it; otherwise use default page if( !is_blank( $f_return ) ) { print_header_redirect( $f_return, false, false, true ); } else { print_header_redirect( config_get( 'default_home_page' ) ); } } # Check for automatic logon methods where we want the logon to just be handled by login.php if( auth_automatic_logon_bypass_form() ) { $t_uri = 'login.php'; if( ON == config_get( 'allow_anonymous_login' ) ) { $t_uri = 'login_anon.php'; } if( !is_blank( $f_return ) ) { $t_uri .= '?return=' . string_url( $f_return ); } print_header_redirect( $t_uri ); exit; } # Determine if secure_session should default on or off? # - If no errors, and no cookies set, default to on. # - If no errors, but cookie is set, use the cookie value. # - If errors, use the value passed in. if( $t_session_validation ) { if( !$f_error && !$f_cookie_error ) { $t_default_secure_session = ( is_null( $f_secure_session_cookie ) ? true : $f_secure_session_cookie ); } else { $t_default_secure_session = $f_secure_session; } } # Determine whether the username or password field should receive automatic focus. $t_username_field_autofocus = 'autofocus'; $t_password_field_autofocus = ''; if( $f_username ) { $t_username_field_autofocus = ''; $t_password_field_autofocus = 'autofocus'; } # Login page shouldn't be indexed by search engines html_robots_noindex(); html_page_top1(); html_page_top2a(); if( $f_error || $f_cookie_error ) { echo '
'; echo ''; echo '
'; } $t_warnings = array(); $t_upgrade_required = false; if( config_get_global( 'admin_checks' ) == ON && file_exists( dirname( __FILE__ ) .'/admin' ) ) { # Generate a warning if default user administrator/root is valid. $t_admin_user_id = user_get_id_by_name( 'administrator' ); if( $t_admin_user_id !== false ) { if( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) { $t_warnings[] = lang_get( 'warning_default_administrator_account_present' ); } } /** * Display Warnings for enabled debugging / developer settings * @param string $p_type Message Type. * @param string $p_setting Setting. * @param string $p_value Value. * @return string */ function debug_setting_message ( $p_type, $p_setting, $p_value ) { return sprintf( lang_get( 'warning_change_setting' ), $p_setting, $p_value ) . sprintf( lang_get( 'word_separator' ) ) . sprintf( lang_get( "warning_${p_type}_hazard" ) ); } $t_config = 'show_detailed_errors'; if( config_get( $t_config ) != OFF ) { $t_warnings[] = debug_setting_message( 'security', $t_config, 'OFF' ); } $t_config = 'display_errors'; $t_errors = config_get_global( $t_config ); if( !( isset( $t_errors[E_ALL] ) && $t_errors[E_ALL] == DISPLAY_ERROR_HALT || isset( $t_errors[E_USER_ERROR] ) && $t_errors[E_USER_ERROR] == DISPLAY_ERROR_HALT ) ) { $t_warnings[] = debug_setting_message( 'integrity', $t_config . '[E_USER_ERROR]', DISPLAY_ERROR_HALT ); } # since admin directory and db_upgrade lists are available check for missing db upgrades # if db version is 0, we do not have a valid database. $t_db_version = config_get( 'database_version', 0 ); if( $t_db_version == 0 ) { $t_warnings[] = lang_get( 'error_database_no_schema_version' ); } # Check for db upgrade for versions > 1.0.0 using new installer and schema require_once( 'admin' . DIRECTORY_SEPARATOR . 'schema.php' ); $t_upgrades_reqd = count( $g_upgrade ) - 1; if( ( 0 < $t_db_version ) && ( $t_db_version != $t_upgrades_reqd ) ) { if( $t_db_version < $t_upgrades_reqd ) { $t_warnings[] = lang_get( 'error_database_version_out_of_date_2' ); $t_upgrade_required = true; } else { $t_warnings[] = lang_get( 'error_code_version_out_of_date' ); } } } ?>
'; } if( $t_upgrade_required ) { echo ''; } # CSRF protection not required here - form does not result in modifications echo '
/>
/>
0 ) { echo '
'; echo ''; echo '
'; } html_page_bottom1a();