2 include "../../env.inc.php";
4 include "./includes/config.php";
5 include "./includes/php-dbi.php";
6 include "./includes/functions.php";
7 include "./includes/$user_inc";
8 include "./includes/connect.php";
10 // Change this to true to show "no such user" or "invalid password" on
12 $showLoginFailureReason = true;
14 load_global_settings ();
19 //utilisation des cookies
20 //modif du fichier include/user.php
22 if($_GET['type'] == 'group'){
23 $group_id = getIntFromRequest('group_id');
24 session_require_perm ('project_admin', $group_id) ;
26 //choix du calendrier a afficher
27 $sql_group = "SELECT unix_group_name FROM groups WHERE group_id = '".$_GET['group_id']."'" ;
28 $result_group = dbi_query ($sql_group);
29 if ( $result_group ) {
30 if ( $row_group = dbi_fetch_row ( $result_group ) ) {
31 $return_path = 'week.php?user='.$row_group[0];
33 dbi_free_result ( $result_group );
35 //on log l'utilisateur
36 $sql = "SELECT user_name,user_pw FROM users WHERE user_id = '".user_getid()."'" ;
38 $result = dbi_query ($sql);
40 if ( $row_log = dbi_fetch_row ( $result ) ) {
41 $_POST['login'] = $row_log[0];
42 $_POST['password'] = $row_log[1];
45 dbi_free_result ( $result );
51 if($_GET['type'] == 'user'){
52 $sql = "SELECT user_name,user_pw FROM users WHERE user_id = '".user_getid()."'" ;
53 $result = dbi_query ($sql);
55 if ( $row_log = dbi_fetch_row ( $result ) ) {
56 $_POST['login'] = $row_log[0];
57 $_POST['password'] = $row_log[1];
60 dbi_free_result ( $result );
66 if ( ! empty ( $last_login ) ) {
70 if ( empty ( $webcalendar_login ) ) {
71 $webcalendar_login = "";
74 if ( $remember_last_login == "Y" && empty ( $login ) ) {
75 $last_login = $login = $webcalendar_login;
79 include "includes/translate.php";
81 // see if a return path was set
82 if ( ! empty ( $return_path ) ) {
83 $return_path = clean_whitespace ( $return_path );
89 if ( ! empty ( $LANGUAGE ) && $LANGUAGE != "Browser-defined" && $LANGUAGE != "none" ) {
90 $lang = languageToAbbrev ( $LANGUAGE );
92 $lang_long = get_browser_language ();
93 $lang = languageToAbbrev ( $lang_long );
96 if ( empty ( $lang ) ) {
100 $login = getPostValue ( 'login' );
101 $password = getPostValue ( 'password' );
103 if ( ! empty ( $settings['session'] ) && $settings['session'] = 'php' ) {
107 // calculate path for cookie
108 if ( empty ( $PHP_SELF ) ) {
109 $PHP_SELF = $_SERVER["PHP_SELF"];
111 $cookie_path = str_replace ( "login.php", "", $PHP_SELF );
112 //echo "Cookie path: $cookie_path\n$cookie_path1";
114 if ( $single_user == "Y" ) {
115 // No login for single-user mode
116 do_redirect ( "index.php" );
117 } else if ( $use_http_auth ) {
118 // There is no login page when using HTTP authorization
119 do_redirect ( "index.php" );
121 if ( ! empty ( $login ) && ! empty ( $password ) ) {
122 if ( get_magic_quotes_gpc() ) {
123 $password = stripslashes ( $password );
124 $login = stripslashes ( $login );
126 $login = trim ( $login );
127 if ( $login != addslashes ( $login ) ) {
128 die_miserable_death ( "Illegal characters in login " .
129 "<tt>" . htmlentities ( $login ) . "</tt>" );
131 if ( user_valid_login ( $login, $password ) ) {
132 user_load_variables ( $login, "" );
133 // set login to expire in 365 days
134 srand((double) microtime() * 1000000);
135 $salt = chr( rand(ord('A'), ord('z'))) . chr( rand(ord('A'), ord('z')));
136 $encoded_login = encode_string ( $login . "|" . crypt($password, $salt) );
138 if ( ! empty ( $settings['session'] ) && $settings['session'] = 'php' ) {
139 $_SESSION['webcalendar_session'] = $encoded_login;
141 if ( ! empty ( $remember ) && $remember == "yes" ) {
142 SetCookie ( "webcalendar_session", $encoded_login,
143 time() + ( 24 * 3600 * 365 ), $cookie_path );
145 SetCookie ( "webcalendar_session", $encoded_login, 0, $cookie_path );
148 load_user_preferences ();
149 // The cookie "webcalendar_login" is provided as a convenience to
150 // other apps that may wish to find out what the last calendar
151 // login was, so they can use week_ssi.php as a server-side include.
152 // As such, it's not a security risk to have it un-encoded since it
153 // is not used to allow logins within this app. It is used to
154 // load user preferences on the login page (before anyone has
155 // logged in) if $remember_last_login is set to "Y" (in admin.php).
156 if ( ! empty ( $remember ) && $remember == "yes" ) {
157 SetCookie ( "webcalendar_login", $login,
158 time() + ( 24 * 3600 * 365 ), $cookie_path );
160 SetCookie ( "webcalendar_login", $login, 0, $cookie_path );
162 do_redirect ( $url );
165 if ( empty ( $error ) || ! $showLoginFailureReason ) {
166 $error = translate("Invalid login" );
170 // No login info... just present empty login page
173 // delete current user
174 SetCookie ( "webcalendar_session", "", 0, $cookie_path );
175 // In older versions the cookie path had no trailing slash and NS 4.78
176 // thinks "path/" and "path" are different, so the line above does not
177 // delete the "old" cookie. This prohibits the login. So we delete the
178 // cookie with the trailing slash removed
179 if (substr($cookie_path, -1) == '/') {
180 SetCookie ( "webcalendar_session", "", 0, substr($cookie_path, 0, -1) );
183 $charset = ( ! empty ( $LANGUAGE )?translate("charset"): "iso-8859-1" );
184 echo "<?xml version=\"1.0\" encoding=\"$charset\"?>" . "\n";
187 PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "DTD/xhtml1-transitional.dtd">
188 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="<?php echo $lang; ?>" lang="<?php echo $lang; ?>">
190 <meta http-equiv="Content-Type" content="text/html; charset=<?php echo $charset; ?>" />
191 <title><?php etranslate($application_name)?></title>
192 <script type="text/javascript">
193 // error check login/password
194 function valid_form ( form ) {
195 if ( form.login.value.length == 0 || form.password.value.length == 0 ) {
196 alert ( "<?php etranslate("You must enter a login and password")?>." );
201 function myOnLoad() {
202 <?php if ( ! empty ( $plugins_enabled ) && ( $plugins_enabled ) ){ ?>
204 window.open("login.php","_top","");
208 document.login_form.login.focus();
210 if ( ! empty ( $login ) ) echo "document.login_form.login.select();";
211 if ( ! empty ( $error ) ) {
212 echo " alert ( \"$error\" );\n";
218 include "includes/styles.php";
220 // Print custom header (since we do not call print_header function)
221 if ( ! empty ( $CUSTOM_SCRIPT ) && $CUSTOM_SCRIPT == 'Y' ) {
223 "SELECT cal_template_text FROM webcal_report_template " .
224 "WHERE cal_template_type = 'S' and cal_report_id = 0" );
226 if ( $row = dbi_fetch_row ( $res ) ) {
229 dbi_free_result ( $res );
234 <body onload="myOnLoad();">
236 // Print custom header (since we do not call print_header function)
237 if ( ! empty ( $CUSTOM_HEADER ) && $CUSTOM_HEADER == 'Y' ) {
239 "SELECT cal_template_text FROM webcal_report_template " .
240 "WHERE cal_template_type = 'H' and cal_report_id = 0" );
242 if ( $row = dbi_fetch_row ( $res ) ) {
245 dbi_free_result ( $res );
251 // If Application Name is set to Title then get translation
252 // If not, use the Admin defined Application Name
253 if ( ! empty ( $application_name ) && $application_name =="Title") {
254 etranslate($application_name);
256 echo htmlspecialchars ( $application_name );
261 if ( ! empty ( $error ) ) {
262 print "<span style=\"color:#FF0000; font-weight:bold;\">" .
263 translate("Error") . ": $error</span><br />\n";
268 <form name="login_form" id="login" action="login.php" method="post"
269 onsubmit="return valid_form(this)">
271 if ( ! empty ( $return_path ) ) {
272 echo "<input type=\"hidden\" name=\"return_path\" value=\"" .
273 htmlentities ( $return_path ) . "\" />\n";
277 <table cellpadding="10" align="center">
279 <img src="login.gif" alt="Login" /></td><td align="right">
280 <label for="user"><?php etranslate("Username")?>:</label></td><td>
281 <input name="login" id="user" size="15" maxlength="25"
282 value="<?php if ( ! empty ( $last_login ) ) echo $last_login;?>"
285 <tr><td style="text-align:right;">
286 <label for="password"><?php etranslate("Password")?>:</label></td><td>
287 <input name="password" id="password" type="password" size="15"
288 maxlength="30" tabindex="2" />
290 <tr><td colspan="3" style="font-size: 10px;">
291 <input type="checkbox" name="remember" id="remember" tabindex="3"
292 value="yes" <?php if ( ! empty ( $remember ) && $remember == "yes" ) {
293 echo "checked=\"checked\""; }?> /><label for="remember">
294 <?php etranslate("Save login via cookies so I don't have to login next time")?></label>
296 <tr><td colspan="4" style="text-align:center;">
297 <input type="submit" value="<?php etranslate("Login")?>" tabindex="4" />
302 <?php if ( ! empty ( $public_access ) && $public_access == "Y" ) { ?>
304 <a class="nav" href="index.php">
305 <?php etranslate("Access public calendar")?></a><br />
308 <?php if ( $demo_mode == "Y" ) {
309 // This is used on the sourceforge demo page
310 echo "Demo login: user = \"demo\", password = \"demo\"<br />";
313 <span class="cookies"><?php etranslate("cookies-note")?></span><br />
316 <a href="<?php echo $PROGRAM_URL ?>" id="programname"><?php echo $PROGRAM_NAME?></a>
318 <?php // Print custom trailer (since we do not call print_trailer function)
319 if ( ! empty ( $CUSTOM_TRAILER ) && $CUSTOM_TRAILER == 'Y' ) {
321 "SELECT cal_template_text FROM webcal_report_template " .
322 "WHERE cal_template_type = 'T' and cal_report_id = 0" );
324 if ( $row = dbi_fetch_row ( $res ) ) {
327 dbi_free_result ( $res );