[Fusionforge-commits] r13548 - in trunk/src: common/include plugins/authbuiltin/www

Franck VILLAUME nerville at fusionforge.org
Thu Jun 23 14:52:34 CEST 2011


Author: nerville
Date: 2011-06-23 14:52:34 +0200 (Thu, 23 Jun 2011)
New Revision: 13548

Modified:
   trunk/src/common/include/session.php
   trunk/src/plugins/authbuiltin/www/post-login.php
Log:
nicer post-login.php, handle correctly warning_msg, feedback and error_msg

Modified: trunk/src/common/include/session.php
===================================================================
--- trunk/src/common/include/session.php	2011-06-23 12:45:04 UTC (rev 13547)
+++ trunk/src/common/include/session.php	2011-06-23 12:52:34 UTC (rev 13548)
@@ -160,7 +160,7 @@
 }
 
 function session_check_credentials_in_database($loginname, $passwd, $allowpending=false) {
-	global $feedback,$userstatus;
+	global $warning_msg ,$userstatus;
 
 	//  Try to get the users from the database using user_id and (MD5) user_pw
 	if (forge_get_config('require_unique_email')) {
@@ -184,7 +184,7 @@
 		}
 		if (!$res || db_numrows($res) < 1) {
 			// No user by that name
-			$feedback=_('Invalid Password Or User Name');
+			$warning_msg = _('Invalid Password Or User Name');
 			return false;
 		} else {
 			// There is a user with the provided user_name/email, but the MD5 passwds do not match
@@ -195,7 +195,7 @@
 			if (crypt ($passwd, $usr['unix_pw']) != $usr['unix_pw']) {
 				// Even the (crypt) unix_pw does not patch
 				// This one has clearly typed a bad passwd
-				$feedback=_('Invalid Password Or User Name');
+				$warning_msg = _('Invalid Password Or User Name');
 				return false;
 			}
 			// User exists, (crypt) unix_pw matches
@@ -226,7 +226,7 @@
 				$res = db_query_params ('UPDATE users SET user_pw=$1 WHERE user_id=$2',
 							array ('OUT OF DATE',
 							       $usr['user_id'])) ;
-				$feedback=_('Invalid Password Or User Name');
+				$warning_msg =_('Invalid Password Or User Name');
 				return false;
 			}
 		}
@@ -239,29 +239,29 @@
 		if ($allowpending && ($usr['status'] == 'P')) {
 			//1;
 		} else {
-			if ($usr['status'] == 'S') { 
+			if ($usr['status'] == 'S') {
 				//acount suspended
-				$feedback = _('Account Suspended');
+				$warning_msg = _('Account Suspended');
 				return false;
 			}
-			if ($usr['status'] == 'P') { 
+			if ($usr['status'] == 'P') {
 				//account pending
-				$feedback = _('Account Pending');
+				$warning_msg = _('Account Pending');
 				return false;
-			} 
-			if ($usr['status'] == 'D') { 
+			}
+			if ($usr['status'] == 'D') {
 				//account deleted
-				$feedback = _('Account Deleted');
+				$warning_msg = _('Account Deleted');
 				return false;
 			}
 			if ($usr['status'] != 'A') {
 				//unacceptable account flag
-				$feedback = _('Account Not Active');
+				$warning_msg = _('Account Not Active');
 				return false;
 			}
 		}
 		//create a new session
-		session_set_new(db_result($res,0,'user_id'));
+		session_set_new(db_result($res, 0, 'user_id'));
 
 		return true;
 	}
@@ -300,9 +300,9 @@
 		} else {
 			$eoldip = explode(".",$oldip);
 			$enewip = explode(".",$newip);
-			
+
 			// require same class b subnet
-			return ( ($eoldip[0] == $enewip[0]) 
+			return ( ($eoldip[0] == $enewip[0])
 				 && ($eoldip[1] == $enewip[1]) ) ;
 		}
 	}
@@ -375,9 +375,9 @@
  */
 function session_require($req, $reason='') {
 	if (!session_loggedin()) {
-		exit_not_logged_in();	
+		exit_not_logged_in();
 	}
-	
+
 	$user =& user_get_object(user_getid());
 	if (! $user->isActive()) {
 		session_logout();
@@ -421,7 +421,7 @@
 function session_require_perm ($section, $reference, $action = NULL, $reason='') {
 	if (!forge_check_perm ($section, $reference, $action)) {
 		exit_permission_denied ($reason,'');
-	}		
+	}
 }
 
 /**
@@ -438,7 +438,7 @@
 					   forge_get_config ('forge_name')) ;
 		}
 		exit_permission_denied ($reason,'');
-	}		
+	}
 }
 
 /**
@@ -491,7 +491,7 @@
 
 function session_set_internal ($user_id, $res=false) {
 	global $G_SESSION ;
-	
+
 	$G_SESSION = user_get_object($user_id,$res);
 	if ($G_SESSION) {
 		$G_SESSION->setLoggedIn(true);
@@ -526,7 +526,7 @@
 function session_getdata($user_id) {
 	return db_query_params ('SELECT u.*,sl.language_id, sl.name, sl.filename, sl.classname, sl.language_code, t.dirname, t.fullname
                                  FROM users u, supported_languages sl, themes t
-                                 WHERE u.language=sl.language_id 
+                                 WHERE u.language=sl.language_id
                                    AND u.theme_id=t.theme_id
                                    AND u.user_id=$1',
 				array ($user_id)) ;
@@ -549,7 +549,7 @@
 	$id_is_good = false;
 
 	$params = array();
-	// pass the session_ser from cookie to the auth plugins 
+	// pass the session_ser from cookie to the auth plugins
 	// (see AuthBuiltinPlugin::checkAuthSession() or likes)
 	// expect FORGE_AUTH_AUTHORITATIVE_ACCEPT, FORGE_AUTH_AUTHORITATIVE_REJECT or FORGE_AUTH_NOT_AUTHORITATIVE
 	// in results
@@ -573,7 +573,7 @@
 		$params['results'] = NULL;
 		plugin_hook_by_reference('fetch_authenticated_user', $params);
 		$user = $params['results'];
-		
+
 		if ($user) {
 			$params = array();
 			$params['username'] = $user->getUnixName();
@@ -587,14 +587,14 @@
 		}
 	}
 	// TODO: else... what ?
-	
+
 	$re = RBACEngine::getInstance();
 	$re->invalidateRoleCaches() ;
 }
 
 /**
  * Re initializes a session, trusting a non-sufficient plugin only temporarily
- * 
+ *
  * The checkAuthSession of the Auth plugin will have to acknowledge the 'sufficient_forced' param in 'check_auth_session' hook
  * @param string $authpluginname
  */
@@ -607,17 +607,17 @@
 	$id_is_good = false;
 
 	$params = array();
-	// pass the session_ser from cookie to the auth plugins 
+	// pass the session_ser from cookie to the auth plugins
 	// (see AuthBuiltinPlugin::checkAuthSession() or likes)
 	// expect FORGE_AUTH_AUTHORITATIVE_ACCEPT, FORGE_AUTH_AUTHORITATIVE_REJECT or FORGE_AUTH_NOT_AUTHORITATIVE
 	// in results
 	$params['sufficient_forced'] = $authpluginname;
-	
+
 	$params['auth_token'] = $session_ser;
 	$params['results'] = array();
-	
+
 	plugin_hook_by_reference('check_auth_session', $params);
-	
+
 	$seen_yes = false;
 	foreach ($params['results'] as $p => $r) {
 		if ($r == FORGE_AUTH_AUTHORITATIVE_ACCEPT) {
@@ -631,11 +631,11 @@
 		// expect user object in results
 		$params = array();
 		$params['results'] = NULL;
-		
+
 		plugin_hook_by_reference('fetch_authenticated_user', $params);
-		
+
 		$user = $params['results'];
-		
+
 		if ($user) {
 			$params = array();
 			$params['username'] = $user->getUnixName();
@@ -649,13 +649,13 @@
 		}
 	}
 	// TODO: else... what ?
-	
+
 	$re = RBACEngine::getInstance();
 	$re->invalidateRoleCaches() ;
 }
 
-//TODO - this should be generalized and used for pre.php, 
-//SOAP, forum_gateway.php, tracker_gateway.php, etc to 
+//TODO - this should be generalized and used for pre.php,
+//SOAP, forum_gateway.php, tracker_gateway.php, etc to
 //setup languages
 function session_continue($sessionKey) {
 	global $session_ser;
@@ -673,7 +673,7 @@
 
 /**
  *	session_get_user() - Wrapper function to return the User object for the logged in user.
- *	
+ *
  *	@return User
  *	@access public
  */

Modified: trunk/src/plugins/authbuiltin/www/post-login.php
===================================================================
--- trunk/src/plugins/authbuiltin/www/post-login.php	2011-06-23 12:45:04 UTC (rev 13547)
+++ trunk/src/plugins/authbuiltin/www/post-login.php	2011-06-23 12:52:34 UTC (rev 13548)
@@ -7,6 +7,8 @@
  * notice).
  *
  * Copyright 1999-2001 (c) VA Linux Systems
+ * Copyright 2011, Roland Mas
+ * Copyright 2011, Franck Villaume - Capgemini
  *
  * This file is part of FusionForge. FusionForge is free software;
  * you can redistribute it and/or modify it under the terms of the
@@ -24,14 +26,17 @@
  * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  */
 
-Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
-Header( "Cache-Control: no-cache");
-Header( "Cache-Control: must-revalidate");
+Header("Expires: Wed, 11 Nov 1998 11:11:11 GMT");
+Header("Cache-Control: no-cache");
+Header("Cache-Control: must-revalidate");
 
 require_once('../../../www/env.inc.php');
 require_once $gfcommon.'include/pre.php';
 require_once('../../../www/include/login-form.php');
 
+/* because session_check_credentials_in_database is setting warning_msg */
+global $warning_msg;
+
 $plugin = plugin_get_object('authbuiltin');
 
 $return_to = getStringFromRequest('return_to');
@@ -40,22 +45,25 @@
 $form_pw = getStringFromRequest('form_pw');
 $triggered = getIntFromRequest('triggered');
 
+if (session_loggedin())
+	session_redirect('/my');
+
 //
 //	Validate return_to
 //
 if ($return_to) {
-	$tmpreturn=explode('?',$return_to);
+	$tmpreturn = explode('?',$return_to);
 	$rtpath = $tmpreturn[0] ;
 
 	if (@is_file(forge_get_config('url_root').$rtpath)
 	    || @is_dir(forge_get_config('url_root').$rtpath)
 	    || (strpos($rtpath,'/projects') == 0)
 	    || (strpos($rtpath,'/plugins/mediawiki') == 0)) {
-		$newrt = $return_to ;
+		$newrt = $return_to;
 	} else {
-		$newrt = '/' ;
+		$newrt = '/';
 	}
-	$return_to = $newrt ;
+	$return_to = $newrt;
 }
 
 if (forge_get_config('use_ssl') && !session_issecure()) {
@@ -69,34 +77,28 @@
 	if (!form_key_is_valid(getStringFromRequest('form_key'))) {
 		exit_form_double_submit();
 	}
-	if (session_check_credentials_in_database(strtolower($form_loginname),$form_pw,false)) {
+	if (session_check_credentials_in_database(strtolower($form_loginname), $form_pw, false)) {
 		if ($plugin->isSufficient()) {
 			$plugin->startSession($form_loginname);
 		}
 		if ($return_to) {
-			header ("Location: " . util_make_url($return_to));
+			session_redirect($return_to);
 			exit;
 		} else {
-			header ("Location: " . util_make_url("/my"));
+			session_redirect('/my');
 			exit;
 		}
 	} else {
 		if ($form_loginname && $form_pw) {
-			$warning_msg = _('Invalid Password Or User Name');
 		} else {
-			$warning_msg = _('Missing Password Or Users Name');
+			$warning_msg = _('Missing Password Or User Name');
 		}
-
 	}
-}
 
-$HTML->header(array('title'=>'Login'));
-
-if ($login) {
 	form_release_key(getStringFromRequest('form_key'));
 	// Account Pending
 	if (!isset($userstatus)) {
-		if (isset ($form_loginname)) {
+		if (!empty($form_loginname)) {
 			$u = user_get_object_by_name($form_loginname) ||
 				user_get_object_by_email($form_loginname) ;
 			if (!$u) {
@@ -104,17 +106,16 @@
 			}
 		}
 	} else if ($userstatus == "P") {
-		$warning_msg .= '<br />'. sprintf(_('<p>Your account is currently pending your email confirmation.		Visiting the link sent to you in this email will activate your account.		<p>If you need this email resent, please click below and a confirmation		email will be sent to the email address you provided in registration.		<p><a href="%1$s">[Resend Confirmation Email]</a>		<br><hr>		<p>'), util_make_url ("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)));
+		$warning_msg .= '<br />'. sprintf(_('<p>Your account is currently pending your email confirmation.<br/>Visiting the link sent to you in this email will activate your account.<br/>If you need this email resent, please click below and a confirmation email will be sent to the email address you provided in registration.</p><a href="%1$s">[Resend Confirmation Email]</a><br><hr>'), util_make_url ("/account/pending-resend.php?form_user=".htmlspecialchars($form_loginname)));
 	} else {
 		if ($userstatus == "D") {
-			$error_msg .= '<br />'.sprintf(_('<p>Your %1$s account has been removed by %1$s staff. This may occur for two reasons, either 1) you requested that your account be removed; or 2) some action has been performed using your account which has been seen as objectionable (i.e. you have breached the terms of service for use of your account) and your account has been revoked for administrative reasons. Should you have questions or concerns regarding this matter, please log a <a href="%2$s">support request</a>.</p><p>Thank you, <br><br>%1$s Staff</p>'), forge_get_config ('forge_name'), util_make_url ("/support/?group_id=1"));
+			$error_msg = '<br />'.sprintf(_('<p>Your %1$s account has been removed by %1$s staff. This may occur for two reasons, either 1) you requested that your account be removed; or 2) some action has been performed using your account which has been seen as objectionable (i.e. you have breached the terms of service for use of your account) and your account has been revoked for administrative reasons. Should you have questions or concerns regarding this matter, please log a <a href="%2$s">support request</a>.</p><p>Thank you, <br><br>%1$s Staff</p>'), forge_get_config('forge_name'), util_make_url("/support/?group_id=1"));
 		}
 	}
-	html_error_top($error_msg);
-	html_warning_top($warning_msg);
-	html_feedback_top($feedback);
 }
 
+$HTML->header(array('title'=>'Login'));
+
 // Otherwise, display the login form again
 display_login_form($return_to, $triggered);
 




More information about the Fusionforge-commits mailing list