.
# --------------------------------------------------------
# $Id: login_page.php,v 1.57.2.1 2007-10-13 22:33:19 giallu Exp $
# --------------------------------------------------------
# Login page POSTs results to login.php
# Check to see if the user is already logged in
require_once( 'core.php' );
if ( auth_is_user_authenticated() && !current_user_is_anonymous() ) {
print_header_redirect( config_get( 'default_home_page' ) );
}
$f_error = gpc_get_bool( 'error' );
$f_cookie_error = gpc_get_bool( 'cookie_error' );
$f_return = gpc_get_string( 'return', '' );
# Check for HTTP_AUTH. HTTP_AUTH is handled in login.php
if ( HTTP_AUTH == config_get( 'login_method' ) ) {
$t_uri = "login.php";
if ( !$f_return && ON == config_get( 'allow_anonymous_login' ) ) {
$t_uri = "login_anon.php";
}
if ( $f_return ) {
$t_uri .= "?return=" . urlencode( $f_return );
}
print_header_redirect( $t_uri );
exit;
}
html_page_top1();
html_page_top2a();
echo '
';
# Display short greeting message
# echo lang_get( 'login_page_info' ) . '
';
# Only echo error message if error variable is set
if ( $f_error ) {
echo '' . lang_get( 'login_error' ) . '';
}
if ( $f_cookie_error ) {
echo lang_get( 'login_cookies_disabled' ) . '
';
}
echo '
';
?>
';
print_signup_link();
PRINT ' ';
print_lost_password_link();
PRINT '
';
#
# Do some checks to warn administrators of possible security holes.
# Since this is considered part of the admin-checks, the strings are not translated.
#
# Warning, if plain passwords are selected
if ( config_get( 'login_method' ) === PLAIN ) {
echo '';
echo '
WARNING: Plain password authentication is used, this will expose your passwords to administrators.
';
echo '
';
}
# Generate a warning if administrator/root is valid.
$t_admin_user_id = user_get_id_by_name( 'administrator' );
if ( $t_admin_user_id !== false ) {
if ( user_is_enabled( $t_admin_user_id ) && auth_does_password_match( $t_admin_user_id, 'root' ) ) {
echo '';
echo '
WARNING: You should disable the default "administrator" account or change its password.
';
echo '
';
}
}
# Check if the admin directory is available and is readable.
$t_admin_dir = dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'admin' . DIRECTORY_SEPARATOR;
if ( is_dir( $t_admin_dir ) && is_readable( $t_admin_dir ) ) {
echo '', "\n";
echo '
WARNING: Admin directory should be removed.
', "\n";
echo '
', "\n";
# since admin directory and db_upgrade lists are available check for missing db upgrades
# Check for db upgrade for versions < 1.0.0 using old upgrader
$t_db_version = config_get( 'database_version' , 0 );
# if db version is 0, we haven't moved to new installer.
if ( $t_db_version == 0 ) {
if ( db_table_exists( config_get( 'mantis_upgrade_table' ) ) ) {
$query = "SELECT COUNT(*) from " . config_get( 'mantis_upgrade_table' ) . ";";
$result = db_query( $query );
if ( db_num_rows( $result ) < 1 ) {
$t_upgrade_count = 0;
} else {
$t_upgrade_count = (int)db_result( $result );
}
} else {
$t_upgrade_count = 0;
}
if ( $t_upgrade_count > 0 ) { # table exists, check for number of updates
if ( file_exists( 'admin/upgrade_inc.php' ) ) {
require_once( 'admin/upgrade_inc.php' );
$t_upgrades_reqd = $upgrade_set->count_items();
} else {
// can't find upgrade file, assume system is up to date
$t_upgrades_reqd = $t_upgrade_count;
}
} else {
$t_upgrades_reqd = 1000; # arbitrarily large number to force an upgrade
}
if ( ( $t_upgrade_count != $t_upgrades_reqd ) &&
( $t_upgrade_count != ( $t_upgrades_reqd + 10 ) ) ) { # there are 10 optional data escaping fixes that may be present
echo '';
echo '
WARNING: The database structure may be out of date. Please upgrade here before logging in.
';
echo '
';
}
}
# Check for db upgrade for versions > 1.0.0 using new installer and schema
require_once( 'admin/schema.php' );
$t_upgrades_reqd = sizeof( $upgrade ) - 1;
if ( ( 0 < $t_db_version ) &&
( $t_db_version != $t_upgrades_reqd ) ) {
if ( $t_db_version < $t_upgrades_reqd ) {
echo '';
echo '
WARNING: The database structure may be out of date. Please upgrade here before logging in.
';
echo '
';
} else {
echo '';
echo '
WARNING: The database structure is more up-to-date than the code installed. Please upgrade the code.
';
echo '
';
}
}
}
?>