Sponsorenverwaltung - Team StarCraft e.V.
 All Data Structures Files Functions Variables
login.php
Go to the documentation of this file.
1 <?php
2  /**
3  * @file login.php
4  *
5  * @brief Does the login/session initialisation.
6  *
7  * @details
8  * This file does most of the login-tasks, including but not limited to checking
9  * the submitted information were valid, checking if the passwords match (and
10  * if it's valid) as well as initialising the session.
11  *
12  * This file depends on inc/common.php and inc/templates/login.tpl
13  *
14  * @version 1.0.0
15  * @copyright (c) 2013, Team StarCraft e.V.
16  * @author Daniel Seichter
17  * @author Alexander Vorndran
18  * @date 02.07.2013
19  */
20 
21  /// @cond MAINPART
22  // include
23  include("inc/common.php");
24 
25 
26  if(isUserLoggedIn()) {
27  //Prevent the user visiting the logged in page he/she is already logged in
28  header("Location: home.php");
29  die();
30  }
31 
32 
33  //Forms posted
34  if(!empty($_POST)) {
35  $errors = array();
36  $username = sanitize(trim($_POST["username"]));
37  $password = trim($_POST["password"]);
38 
39  //Perform some validation
40  //Feel free to edit / change as required
41  if($username == "") {
42  $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");
43  }
44  if($password == "") {
45  $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");
46  }
47 
48  if(count($errors) == 0) {
49  //A security note here, never tell the user which credential was incorrect
50  if(!usernameExists($username)) {
51  $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
52  } else {
53  $userdetails = fetchUserDetails($username);
54  //See if the user's account is activated
55  if($userdetails["active"]==0) {
56  $errors[] = lang("ACCOUNT_INACTIVE");
57  } else if($userdetails["active"]==-1) {
58  $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
59  } else if($userdetails["active"]==2) {
60  //it's locked print a message
61  $errors[] = lang('ACCOUNT_DEACTIVATED');
62  // enable this if you want to deny login if someone is already logged in
63 // } else if(!(strcasecmp(getStoredSession($userdetails['id']),RESET_SESSION_ID)===0)&&!hasSessionTimedOut($userdetails['id'])) {
64 // //someone else is logged in with this account and his session hasn't timed out yet
65 // $errors[] = lang('ACCOUNT_IN_USE');
66  } else if(hasOnetimePasswordExpired($userdetails['id'])) {
67  // the temporary password was used but not changed
68  $errors[] = lang('ACCOUNT_USER_OR_PASS_INVALID');
69  } else {
70  //Hash the password and use the salt from the database to compare the password.
71  $entered_pass = generateImprovedHash($password,$userdetails["password"]);
72 
73  if($entered_pass != $userdetails["password"]) {
74  //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing
75  $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");
76  } else if(!hasValidMail($userdetails['id'])&&FALSE) {
77  /* TODO: has to be reactivated */
78  $errors[] = "Die E-Mail-Adresse wurde noch nicht verifiziert.";
79  } else {
80  //Passwords match! we're good to go'
81 
82  //Construct a new logged in user object
83  //Transfer some db data to the session object
84  $loggedInUser = new LoggedInUser();
85  $loggedInUser->email = $userdetails["email"];
86  $loggedInUser->userId = $userdetails["id"];
87  $loggedInUser->passwordHash = $userdetails["password"];
88  $loggedInUser->title = $userdetails["title"];
89  $loggedInUser->username = $userdetails["username"];
90  $loggedInUser->sessionId = generateSessionId();
91 
92  //Update last sign in
93  $loggedInUser->updateLastActivity();
94  $loggedInUser->setStoredSession();
95  $_SESSION["userCakeUser"] = $loggedInUser;
96 
97  // if it was a temporary password mark it as used
98  // there is only a exception for the root
99  if(hasOnetimePassword($loggedInUser->userId)&&!isUserRoot()) {
100  flagPassword($userdetails["id"], -2);
101  }
102 
103  if(isset($_GET['ref'])) {
104  $path = "Location: ".$_GET['ref'];
105  header($path);
106  die();
107  } else {
108  //Redirect to user account page
109  header("Location: ".PAGE_AFTER_LOGIN);
110  die();
111  }
112  }
113  }
114  }
115  }
116  }
117 
118  if (!empty($_SERVER['HTTP_REFERER'])) {
119  $url = explode('/',$_SERVER['HTTP_REFERER']);
120  $url = $url[sizeof($url)-1];
121 
122  $pages = fetchAllPages();
123  if (isset($pages[$url])) {
124  /* do not redirect to logout.php */
125  $url = str_replace(array('logout','login'), 'home', $url);
126  $smarty->assign('ref','?ref='.$url);
127  }
128  }
129 
130  // run template
131  displayTemplateWithErrorsAndSuccesses('Login','login.tpl');
132  /// @endcond
133 ?>