diff --git a/controllers/anonymous.php b/controllers/anonymous.php
index 27812c9..e72bb89 100644
--- a/controllers/anonymous.php
+++ b/controllers/anonymous.php
@@ -1,154 +1,150 @@
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*/
//
// Prepares the page
//
switch ($url[0]) {
case 'tour':
//The user have forgotten .html, let's redirect him
header('Location: ' . $Config['StaticContentURL'] . '/tour.html');
exit;
case 'invite':
//Invite form
if ($_POST['form'] == 'account.create') {
//User tries to claim its invite to create an account
require_once('includes/objects/invite.php');
require_once('includes/objects/user.php');
//Gets invite
$invite = new Invite($_POST['invite_code']);
if ($invite->lastError != '') {
//Not existing invite.
$smarty->assign('NOTIFY', lang_get("IncorrectInviteCode"));
} elseif ($invite->is_claimed()) {
//The invitation have already claimed by someone else.
$smarty->assign('NOTIFY', lang_get("InviteCodeAlreadyClaimed"));
} else {
//Checks if the given information is correct
//We ignore bad mails. All we really need is a login and a pass.
//We fill our array $errors with all the errors
$errors = [];
if (!$_POST['username']) {
$errors[] = lang_get('MissingUsername');
} elseif (!User::is_available_login($_POST['username'])) {
$errors[] = lang_get('LoginUnavailable');
}
if (User::get_username_from_email($_POST['email']) !== false) {
$errors[] = "There is already an account with this e-mail.";
}
if (!$_POST['passwd']) {
$errors[] = lang_get('MissingPassword');
}
if (count($errors)) {
$smarty->assign('WAP', join('
', $errors));
} else {
//Creates account
$user = new User();
$user->regdate = time();
$user->generate_id();
$user->name = $_POST['username'];
$user->active = 1;
$user->email = $_POST['email'];
$user->set_password($_POST['passwd']);
$user->save_to_database();
//Updates invite
$invite->to_user_id = $user->id;
$invite->save_to_database();
//Notifies host
require_once('includes/objects/message.php');
$message = new Message();
$message->from = 0;
$message->to = $invite->from_perso_id;
$message->text = sprintf(lang_get('InviteHaveBeenClaimed'), $invite->code);
$message->send();
//Logs in user
login($user->id, $user->name);
//Prints confirm message
$smarty->assign('WAP', lang_get("AccountCreated"));
//Redirects users to homepage
header('refresh: 5; url=' . get_url());
//Calls void controller
$smarty->assign('screen', 'user.create');
define('NO_FOOTER_EXTRA', true);
include("void.php");
exit;
}
}
//Keeps username, email, invite code printed on account create form
$smarty->assign('username', $_POST['username']);
$smarty->assign('invite_code', $_POST['invite_code']);
$smarty->assign('email', $_POST['email']);
}
//If the invite code is specified, checks format
if ($url[1]) {
if (preg_match("/^([A-Z]){3}([0-9]){3}$/i", $url[1])) {
$smarty->assign('invite_code', strtoupper($url[1]));
} else {
$smarty->assign('NOTIFY', lang_get("IncorrectInviteCode"));
}
}
$template = 'account_create.tpl';
break;
default:
//Login form
- if (array_key_exists('LastUsername', $_COOKIE)) {
- $smarty->assign('username', $_COOKIE['LastUsername']);
- }
- if (array_key_exists('LastOpenID', $_COOKIE)) {
- $smarty->assign('OpenID', $_COOKIE['LastOpenID']);
- }
- $smarty->assign('LoginError', $loginError);
+ $smarty->assign('username', $_COOKIE['LastUsername'] ?? "");
+ $smarty->assign('OpenID', $_COOKIE['LastOpenID'] ?? "");
+ $smarty->assign('LoginError', $loginError ?? "");
$template = 'login.tpl';
break;
}
//
// HTML output
//
if ($template) {
$smarty->display($template);
}
diff --git a/includes/login.php b/includes/login.php
index a541b11..e811a21 100644
--- a/includes/login.php
+++ b/includes/login.php
@@ -1,158 +1,158 @@
* @copyright 2010 Sébastien Santoro aka Dereckson
* @license http://www.opensource.org/licenses/bsd-license.php BSD
* @version 0.1
* @link http://scherzo.dereckson.be/doc/zed
* @link http://zed.dereckson.be/
* @filesource
*
* @todo Pick between DumbStore and FileStore and cleans the file accordingly.
*/
///
/// OpenID helper code
///
$useOpenID = isset($Config['OpenID']) && $Config['OpenID'];
if ($useOpenID) {
require_once('Auth/OpenID/Consumer.php');
require_once('Auth/OpenID/FileStore.php');
}
/**
* Gets an Auth_OpenID_Consumer instance
*
* @return Auth_OpenID_Consumer the instance
*/
function get_openid_consumer () {
if (!file_exists('/dev/urandom')) {
//We don't have a reliable source of random numbers
define('Auth_OpenID_RAND_SOURCE', null);
}
$fs = new Auth_OpenID_FileStore(CACHE_DIR . '/openid');
return new Auth_OpenID_Consumer($fs);
}
/**
* Logs in the user if the OpenID is recognized.
* Otherwise, sets an error message.
*
* @param string $url The OpenID URL
*/
function openid_login ($url) {
global $db, $_SESSION, $LoginError, $LoginSuccessful;
$url = $db->escape($url);
$sql = 'SELECT user_id FROM ' . TABLE_USERS_AUTH
. " WHERE auth_type = 'OpenID' AND auth_identity LIKE '$url'";
if ($user_id = $db->queryScalar($sql)) {
$sql = "UPDATE " . TABLE_SESSIONS . " SET user_id = '$user_id' WHERE session_id LIKE '$_SESSION[ID]'";
if (!$db->query($sql)) {
message_die(SQL_ERROR, "Can't update session table", '', __LINE__, __FILE__, $sql);
}
$LoginSuccessful = true;
setcookie("LastOpenID", $url, time() + 2592000);
header("location: " . get_url());
} else {
$LoginError = "Read the source to get an invite.";
}
}
///
/// Login procedural code
///
$action = isset($_GET['action']) ? $_GET['action'] : '';
if ($action == 'openid.login') {
//Gets Auth_OpenID_Consumer instance, completes the OpenID transaction
//and processes the result.
- if (!$useOpenID()) {
+ if (!$useOpenID) {
header("Status: 403 Forbidden");
die("OpenID disabled.");
}
$consumer = get_openid_consumer();
$reply = $consumer->complete(get_server_url() . $_SERVER['REQUEST_URI']);
if ($reply->status == Auth_OpenID_SUCCESS) {
openid_login($reply->endpoint->claimed_id);
} elseif ($reply->message) {
//TODO: $reply->message could be rather long and won't fit in the UI
//space. You can wish to add code to print $LoginError elsewhere if
//too long.
$LoginError = "[OpenID] $reply->message";
} else {
$LoginError = "[OpenID] $reply->status";
}
} elseif (isset($_POST['LogIn'])) {
//User have filled login form
if ($_POST['openid'] && $useOpenID) {
//Gets Auth_OpenID_Consumer instance
$consumer = get_openid_consumer();
//Starts the OpenID transaction and redirects user to provider url
if ($request = $consumer->begin($_POST['openid'])) {
$url = $request->redirectURL(get_server_url(), "$Config[SiteURL]/?action=openid.login", false);
header("location: $url");
$LoginError = 'Click here to continue login';
} else {
$LoginError = 'Invalid OpenID URL.';
}
} else {
//Login
//Authentications way, the user/password in last.
//OpenID is handled by a separate logic.
$Login = $_POST['username'];
$authentications = [];
if ($useYubiCloud = array_key_exists('YubiCloud', $Config) ) {
$authentications[] = new YubiCloudAuthentication($_POST['password'], $Login);
}
if ($Login) {
$authentications[] = new UserPasswordAuthentication($Login, $_POST['password']);
}
$loginSuccessful = false;
foreach ($authentications as $authentication) {
if ($authentication->isValid()) {
$loginSuccessful = true;
//Logs in user
login($authentication->getUserID(), $Login);
} else {
$loginError = $authentication->getError();
}
if (!$authentication->canTryNextAuthenticationMethod()) {
break;
}
}
//Tests if the password wouldn't match an invite code
//If so, redirects people using login page as invitation claim page
- if (!$LoginSuccessful) {
+ if (!$loginSuccessful) {
$code = $db->escape($_POST['password']);
$sql = "SELECT * FROM " . TABLE_USERS_INVITES . " WHERE invite_code = '$code'";
if (!$result = $db->query($sql)) {
message_die(SQL_ERROR, "Can't get invites", '', __LINE__, __FILE__, $sql);
}
if ($row = $db->fetchRow($result)) {
$url = get_url('invite', $_POST['password']);
header('location: ' . $url);
}
}
}
} elseif (isset($_POST['LogOut']) || $action == "user.logout") {
Logout();
}