The Travelsized Content Management System: auth.php Source File

00001 <?PHP
00002 /* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
00003  * This file is part of Travelsized CMS
00004  *              A content management system with modules, based on wiki syntax
00005  *
00006  * Author: Dan Jensen <admin@leinir.dk>
00007  * Copyright 2003/2004
00008  *
00009  * This program is free software; you can redistribute it and/or modify
00010  * it under the terms of the GNU General Public License as published by
00011  * the Free Software Foundation; either version 2 of the License, or
00012  * (at your option) any later version.
00013  *
00014  * The GNU General Public License is available at: http://www.gnu.org/copyleft/
00015  * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * */
00016 
00017 // Save the user ID into a global variable
00018 $viewUser = htmlspecialchars( $_REQUEST["user_id"] );
00019 
00028 function allUsersArray( $associative = false, $sortByName = false ) {
00029         $fp = fopen("setup/password.txt", "r");
00030         while (!feof($fp)) {
00031                 $line = trim(fgets($fp, 1000));
00032                 list($l, $p) = explode(",", $line);
00033                 $userlist[] = $l;
00034         }
00035         fclose($fp);
00036         
00037         
00038         if( $associative )
00039         {
00040                 foreach( $userlist as $key => $value )
00041                         $templist[$value] = getUserInfo($value, "name");
00042                 
00043                 $userlist = $templist;
00044                 
00045                 if( $sortByName )
00046                         asort($userlist);
00047                 else
00048                         ksort($userlist);
00049         }
00050         else
00051                 sort($userlist);
00052         
00053         
00054         
00055         return $userlist;
00056 }
00057 
00063 function currentUser() {
00064         return $_SESSION[siteURL(true)]["login"];
00065 }
00066 
00070 {
00071         $usergroups = array();
00072         // This is the system defaults
00073         $usergroups_global_default["global_setup"] = true;
00074         $usergroups_global_default["global_admin"] = false;
00075         $usergroups_global_default["global_user_view"] = true;
00076         $usergroups_global_default["global_user_edit"] = false;
00077         $usergroups_global_default["global_user_new"] = false;
00078         $usergroups_global_default["global_themes"] = false;
00079         $usergroups_global_default["global_files"] = false;
00080         $usergroups_global_default["global_frontpage_view"] = true;
00081         $usergroups_global_default["global_frontpage_edit"] = false;
00082         $usergroups_global_default["global_pages_create"] = false;
00083         $usergroups_global_default["global_pages_edit"] = false;
00084         $usergroups_global_default["global_menus"] = false;
00085         $usergroups_global_default["global_menus_view"] = true;
00086         $usergroups_global_default["global_menus_edit"] = false;
00087         
00088         // This value is true, because we want to make sure this happens transparently accross the sites...
00089         foreach( $profilemodules as $key => $value )
00090                 $usergroups_global_default["profile_" . substr( $value, 14 )] = true;
00091         
00092         // Only load user-defined usergroups_default if it actually exists
00093         if (file_exists("$setup_folder/usergroups_default.inc"))
00094                 include "$setup_folder/usergroups_default.inc";
00095         
00096         if( is_array($usergroups_default) )
00097         {
00098                 foreach ($usergroups_global_default as $key => $value)
00099                         if (!array_key_exists($key, $usergroups_default))
00100                                 setAllowed($key, $value);
00101         }
00102         else
00103         {
00104                 $usergroups_default = $usergroups_global_default;
00105                 $filename = "$setup_folder/usergroups_default.inc";
00106                 $content = "<?PHP\n\$usergroups_default = '" . serialize($usergroups_default) . "';\n\$usergroups_default = unserialize(\$usergroups_default);\n?>";
00107                 file_put_contents($filename, $content);
00108                 chmod($filename, 0664);// make sure the file is actually accessible...
00109         }
00110 }
00111 
00119 function isAllowed($groupname) {
00120         global $usergroups, $usergroups_default;
00121         if (
00122                 currentUser() == "admin" || // admin is god
00123                 $usergroups["global_admin"] === true || // see above... user has been allowed the same rights as admin
00124                 $usergroups[$groupname] === true || // current user access rights for this group
00125                 $usergroups_default[$groupname] === true // default access rights for this group
00126                 )
00127                 return true;
00128         else
00129                 return false;
00130 }
00139 function userIsAllowed($username, $groupname)
00140 {
00141         global $usergroups_default;
00142         $usergroups = getPermissions($username);
00143         if (
00144                 $username == "admin" || // admin is god
00145                 $usergroups["global_admin"] === true || // see above... user has been allowed the same rights as admin
00146                 $usergroups[$groupname] === true || // current user access rights for this group
00147                 $usergroups_default[$groupname] === true // default access rights for this group
00148                 )
00149                 return true;
00150         else
00151                 return false;
00152 }
00160 function getPermissions($username) {
00161         global $userinfo_folder;
00162         $usergroups = "";
00163         if (file_exists("$userinfo_folder/$username/usergroups.inc")) include ("$userinfo_folder/$username/usergroups.inc");
00164         return $usergroups;
00165 }
00176 function setAllowed($groupname, $allowed = true, $username = "") {
00177         global $usergroups, $usergroups_default, $userinfo_folder, $setup_folder;
00178         if ($allowed == "false") $allowed = false;
00179         if ($username == "") { // No username is defined, so this means that we're setting the default access
00180                 $usergroups_default[$groupname] = (bool) $allowed;
00181                 $filename = "$setup_folder/usergroups_default.inc";
00182                 $content = "<?PHP\n\$usergroups_default = '" . serialize($usergroups_default) . "';\n\$usergroups_default = unserialize(\$usergroups_default);\n?>";
00183         } else {
00184                 $filename = "$userinfo_folder/$username/usergroups.inc";
00185                 if (file_exists($filename)) include $filename;
00186                 $usergroups[$groupname] = (bool) $allowed;
00187                 $content = "<?PHP\n\$usergroups = '" . serialize($usergroups) . "';\n\$usergroups = unserialize(\$usergroups);\n?>";
00188         }
00189 
00190         if (file_exists($filename)) { if (!unlink($filename)) return false; }
00191         file_put_contents($filename, $content);
00192         return chmod($filename, 0664);
00193 }
00201 function removeUsergroup($groupname) {
00202         global $usergroups_default, $usergroups, $userinfo_folder, $setup_folder;
00203         
00204         $userlist = allUsersArray(); // get all users
00205         foreach ($userlist as $key => $value) { // cycle through all users
00206                 $filename = "$userinfo_folder/$value/usergroups.inc"; // permissions file filename
00207                 if (file_exists($filename)) { // only remove this user's permissions if there are any
00208                         $temp_permissions = getPermissions($value); // load their permissions
00209                         if (array_key_exists($groupname, $temp_permissions)) { // only remove this permission if it really exists
00210                                 unset($temp_permissions[$groupname]); // unset the groupname permission
00211                                 $content = "<?PHP\n\$usergroups = '" . serialize($temp_permissions) . "';\n\$usergroups = unserialize(\$usergroups);\n?>"; // permissions file contents
00212                                 if (unlink($filename)) { // remove permissions file if it already exists
00213                                         if (!file_put_contents($filename, $content)) { //save permissions back to file
00214                                                 // if unsuccessful, return false!
00215                                                 return false;
00216                                         }
00217                                 }
00218                         }
00219                 }
00220         }
00221         
00222         unset($usergroups_default[$groupname]); // remove from $usergroups_default
00223         $filename = "$setup_folder/usergroups_default.inc"; // default permissions file filename
00224         $content = "<?PHP\n\$usergroups_default = '" . serialize($usergroups_default) . "';\n\$usergroups_default = unserialize(\$usergroups_default);\n?>"; //
00225         if (file_exists($filename)) unlink($filename); // remove old default permissions file
00226         file_put_contents($filename, $content);// save new default permissions file
00227         chmod($filename, 0664);// make sure the file is actually accessible...
00228         
00229         if (file_exists("$userinfo_folder/$login/usergroups.inc")) include "$userinfo_folder/$login/usergroups.inc"; //reload current user's permissions
00230         
00231         return true;
00232 }
00233 
00243 function getUserInfo($login, $which_info = "email", $defaultValue = null )
00244 {
00245         global $userinfo_folder, $usermanager;
00246         
00247         if( $defaultValue !== null )
00248                 $value = $defaultValue;
00249         else
00250                 $value = i18n("No ##0## information\n", array($which_info));
00251         
00252         if( $login != "" )
00253         {
00254                 if( !$usermanager->userExists($login) )
00255                         $value = i18n("Unknown user");
00256                 else if( file_exists("$userinfo_folder/$login/$which_info.txt") )
00257                 {
00258                         if( $fp = fopen("$userinfo_folder/$login/$which_info.txt", "r") )
00259                         {
00260                                 if( ($info = fread($fp, filesize("$userinfo_folder/$login/$which_info.txt"))) != "" )
00261                                 {
00262                                         if( $info == "" )
00263                                                 $value = i18n("Unknown") . " $which_info";
00264                                         else
00265                                                 $value = $info;
00266                                 }
00267                         }
00268                 }
00269         }
00270         
00271         return $value;
00272 }
00273 function saveUserInfo($login, $which_info, $info) {
00274         global $userinfo_folder;
00275         $filename = "$userinfo_folder/$login/$which_info.txt";
00276         if ($info === false)
00277                 $info = 0;
00278         
00279         if (file_exists($filename)) {
00280                 if (!unlink($filename)) {
00281                         return false;
00282                 }
00283         }
00284         
00285         if( is_array( $info ) )
00286                 $info = serialize( $info );
00287         
00288         if ($fp = fopen($filename, 'a')) {
00289                 if (fwrite($fp, $info) === FALSE) return false;
00290                 fclose($fp);
00291                 chmod($filename, 0664);// make sure the file is actually accessible...
00292         } else {
00293                 return false;
00294         }
00295         
00296         if( strlen( $info ) == 0 )
00297                 unlink( $filename );
00298         
00299         return true;
00300 }
00301 
00302 function auth($login = '', $passwd = '', $pass_file = 'setup/password.txt') {
00303         global $usergroups, $userinfo_folder, $setup_folder;
00304         $login = strtolower($login);
00305         
00306         if ($_REQUEST["login_sevenday"]) {
00307                 ini_set("session.gc_maxlifetime", 3153600000);
00308                 ini_set("session.cookie_lifetime", 3153600000);
00309                 //ini_set("session.gc_maxlifetime", 31536000);
00310                 //setcookie(session_name(),session_id(),time()+3600*24*7);
00311         }
00312         
00313         session_start();
00314         if( is_array( $_SESSION[ siteURL( true ) ] ) ) {
00315                 if (file_exists("$userinfo_folder/" . currentUser() . "/usergroups.inc")) include "$userinfo_folder/" . currentUser() . "/usergroups.inc";
00316                 return true;
00317         } elseif (!empty($login)) {
00318                 $fp = fopen($pass_file, 'r');
00319                 while (!feof($fp)) {
00320                         $line = trim(fgets($fp, 1000));
00321                         list($l, $p) = explode(",", $line);
00322                         $check_pass = crypt($passwd, $p);
00323                         if (($l == $login) && ($p == $check_pass)) {
00324                                 $_SESSION[siteURL(true)] = array("login"=>$login);
00325                                 $theme_user = getUserInfo($login, "theme");
00326                                 if ($theme_user != i18n("No ##0## information\n", array("theme"))) $_SESSION["theme"] = $theme_user;
00327                                 fclose($fp);
00328                                 if (file_exists("$userinfo_folder/$login/usergroups.inc")) include "$userinfo_folder/$login/usergroups.inc";
00329                                 return true;
00330                         }
00331                 }
00332                 fclose($fp);
00333                 return false;
00334         } else {
00335                 return false;
00336         }
00337 }
00338 
00339 function isauth() {
00340         if (currentUser() == "") { //no login
00341                 return false;
00342         } else {
00343                 return true;
00344         }
00345 }
00346 
00347 //The unauth function logs out the current user
00348 function unauth () {
00349         session_start();
00350         session_unset();
00351         session_destroy();
00352 }
00353 
00361 function setFriend($login, $friendwith, $isfriend = true) {
00362         global $userinfo_folder;
00363         $filename = "$userinfo_folder/$login/relationships.php";
00364         if (file_exists($filename)) $relationships = file_get_contents($filename);
00365         $relationships = unserialize(substr($relationships, strpos($relationships, "\n") + 1));
00366         
00367         if ($isfriend) {
00368                 $relationships["friends"][$friendwith] = $friendwith;
00369         } else {
00370                 if (is_array($relationships["friends"])) {
00371                         foreach($relationships["friends"] as $key => $value) {
00372                                 if ($value == $friendwith) {
00373                                         unset($relationships["friends"][$key]);
00374                                         break; // No reason to check for more, since there's only going to be one entry per friend :)
00375                                 }
00376                         }
00377                 }
00378         }
00379         
00380         $relationships = "<?php die(\"access denied\"); ?>\n" . serialize($relationships);
00381         if (file_exists($filename)) { if (!unlink($filename)) return false; }
00382         file_put_contents($filename, $relationships);
00383         chmod($filename, 0664);// make sure the file is actually accessible...
00384         return true;
00385 }
00386 
00390 function isFriend($user, $peer) {
00391         global $userinfo_folder;
00392         $filename = "$userinfo_folder/$user/relationships.php";
00393         if (file_exists($filename)) $relationships = file_get_contents($filename);
00394         $relationships = unserialize(substr($relationships, strpos($relationships, "\n") + 1));
00395         if (is_array($relationships["friends"])) { return array_key_exists($peer, $relationships["friends"]); } else { return false; }
00396 }
00397 
00405 function setBlacklisted($login, $blacklists, $isblacklisted = true) {
00406         global $userinfo_folder;
00407         $filename = "$userinfo_folder/$login/relationships.php";
00408         if (file_exists($filename)) $relationships = file_get_contents($filename);
00409         $relationships = unserialize(substr($relationships, strpos($relationships, "\n") + 1));
00410         
00411         if ($isblacklisted) {
00412                 $relationships["blacklists"][$blacklists] = $blacklists;
00413         } else {
00414                 if (is_array($relationships["blacklists"])) {
00415                         foreach($relationships["blacklists"] as $key => $value) {
00416                                 if ($value == $blacklists) {
00417                                         unset($relationships["blacklists"][$key]);
00418                                         break; // No reason to check for more, since there's only going to be one entry per friend :)
00419                                 }
00420                         }
00421                 }
00422         }
00423         
00424         $relationships = "<?php die(\"access denied\"); ?>\n" . serialize($relationships);
00425         if (file_exists($filename)) { if (!unlink($filename)) return false; }
00426         file_put_contents($filename, $relationships);
00427         chmod($filename, 0664);// make sure the file is actually accessible...
00428         return true;
00429 }
00430 
00434 function isBlacklisting($user, $peer) {
00435         global $userinfo_folder;
00436         $filename = "$userinfo_folder/$user/relationships.php";
00437         if (file_exists($filename)) $relationships = file_get_contents($filename);
00438         $relationships = unserialize(substr($relationships, strpos($relationships, "\n") + 1));
00439         if (is_array($relationships["blacklists"])) { return array_key_exists($peer, $relationships["blacklists"]); } else { return false; }
00440 }
00441 
00445 function userAllows($username, $accesslevel) {
00446         // admin is always allowed... even if user says otherwise... no need to check further
00447         if (isAllowed("global_admin"))
00448                 return true;
00449         
00450         $isfriend = isFriend($username, currentUser());
00451         $isblacklisted = isBlacklisting($username, currentUser());
00452         
00453         switch ($accesslevel) {
00454         case 4: // No-one
00455                 if( isAuth() && $username == currentUser() ) return true; // is the user himself?
00456                 return false;
00457         case 3: // Friends
00458                 if ($isfriend) return true; // is the user a friend?
00459                 return false; // otherwise you're not allowed
00460         case 2: // Registered users, minus blacklisted
00461                 if (isauth() && !$isblacklisted) return true; // is the user logged in, and not blacklisted?
00462                 return false; // If the user is either not logged in, or blacklisted, you're not allowed
00463         case 1: // Registered users
00464                 if (isauth()) return true; // is the user logged in?
00465                 return false; // otherwise you're not allowed
00466         case 0: // All
00467         default:
00468                 return true;
00469         }
00470 }
00471 
00475 function userAllowsContact($username) {
00476         global $profile_options;
00477         $userinfo = getUserInfo($username, "profiles_contact");
00478         if ($userinfo == i18n("No") . " profiles_contact " . i18n("information")) $userinfo = $profile_options["profiles_contact"];
00479         
00480         return userAllows($username, $userinfo);
00481 }
00482 
00486 function userAllowsView($username) {
00487         global $profile_options;
00488         $userinfo = getUserInfo($username, "profiles_view");
00489         if ($userinfo == i18n("No ##0## information\n", array("profiles_view"))) $userinfo = $profile_options["profiles_view"];
00490         
00491         return userAllows($username, $userinfo);
00492 }
00493 
00497 function userAllowsMypage($username) {
00498         global $profile_options;
00499         $userinfo = getUserInfo($username, "profiles_mypage");
00500         if ($userinfo == i18n("No ##0## information\n", array("profiles_mypage"))) $userinfo = $profile_options["profiles_mypage"];
00501         
00502         return userAllows($username, $userinfo);
00503 }
00504 
00505 function profileEditAllowed($username)
00506 {
00507         if( isAllowed("global_user_edit") || ($username != "" && $username == currentUser()) )
00508                 return true;
00509         else
00510                 return false;
00511 }
00512 
00516 class Userman {
00517         function changeadd($login = "", $passwd = "", $pass_file = 'setup/password.txt'){
00518                 global $userinfo_folder;
00519                 if (!file_exists("$userinfo_folder/$login")) mkdir("$userinfo_folder/$login", 0775);
00520                 
00521                 $passwd = crypt($passwd);
00522                 
00523                 if (file_exists($pass_file)) {
00524                         //Read the current password file
00525                         $fp = fopen($pass_file, "r");
00526                         while (!feof($fp)) {
00527                                 $tmp_line = trim(fgets($fp, 1000));
00528                                 list($l, $p) = explode(",", $tmp_line);
00529                                 $password_list[$l] = $p;
00530                         }
00531                         fclose($fp);
00532                 }
00533                 
00534                 $password_list[$login] = $passwd;
00535                 $fp = fopen($pass_file, "w");
00536                 foreach ($password_list as $user => $password) {
00537                         if (!$user == "") $pass_content = "$pass_content$user,$password\n";
00538                 }
00539                 fputs($fp, trim($pass_content));
00540                 fclose($fp);
00541                 
00542                 return true;
00543         }
00544         
00545         function rename($login, $newlogin, $pass_file = 'setup/password.txt') {
00546                 global $userinfo_folder;
00547                 
00548                 rename("$userinfo_folder/$login", "$userinfo_folder/$newlogin");
00549                 
00550                 if (file_exists($pass_file)) {
00551                         //Read the current password file
00552                         $fp = fopen($pass_file, "r");
00553                         while (!feof($fp)) {
00554                                 $tmp_line = trim(fgets($fp, 1000));
00555                                 list($l, $p) = explode(",", $tmp_line);
00556                                 $password_list[$l] = $p;
00557                         }
00558                         fclose($fp);
00559                 }
00560                 
00561                 $passwd = $password_list[$login]; // Get the old password
00562                 unset($password_list[$login]); // Delete the user
00563                 $password_list[$newlogin] = $passwd; // Set the same password for the new username
00564                 
00565                 $fp = fopen($pass_file, "w");
00566                 foreach ($password_list as $user => $password) {
00567                         if (!$user == "") $pass_content = "$pass_content$user,$password\n";
00568                 }
00569                 fputs($fp, trim($pass_content));
00570                 fclose($fp);
00571                 
00572                 return true;
00573         }
00574         
00575         function remove($login = "", $pass_file = 'setup/password.txt'){
00576                 global $usermanager, $userinfo_folder;
00577                 if (file_exists($pass_file)) {
00578                         //Read the current password file
00579                         $fp = fopen($pass_file, "r");
00580                         while (!feof($fp)) {
00581                                 $tmp_line = trim(fgets($fp, 1000));
00582                                 list($l, $p) = explode(",", $tmp_line);
00583                                 $password_list[$l] = $p;
00584                         }
00585                         fclose($fp);
00586                 }
00587                 unset($password_list[$login]);
00588                 $fp = fopen($pass_file, "w");
00589                 foreach ($password_list as $user => $password) {
00590                         $pass_content = "$pass_content$user,$password\n";
00591                 }
00592                 fputs($fp, trim($pass_content));
00593                 fclose($fp);
00594 
00595                 rmdirr("$userinfo_folder/$login");
00596                 
00597                 $userlist = allUsersArray();
00598                 foreach($userlist as $key => $value) {
00599                         setFriend($value, $login, false);
00600                         setBlacklisted($value, $login, false);
00601                 }
00602                 
00603                 return true;
00604         }
00605         
00606         function userExists($login, $pass_file = 'setup/password.txt') {
00607                 $login = strtolower($login);
00608                 if (file_exists($pass_file)) {
00609                         $fp = fopen($pass_file, "r");
00610                         $value = false;
00611                         while (!feof($fp)) {
00612                                 $tmp_line = trim(fgets($fp, 1000));
00613                                 list($l, $p) = explode(",", $tmp_line);
00614                                 if ($l == $login) $value = true;
00615                         }
00616                         fclose($fp);
00617                         return $value;
00618                 }
00619                 return false;
00620         }
00621 }
00622 
00623 function globalID_auth( $splitID )
00624 {
00625         $pageID = null;
00626         
00627         // Is the globalID directly aimed at this module?
00628         if( $splitID[0] == "logout" )
00629         {
00630                 $pageID = $_REQUEST["page_id"] = 0;
00631                 unauth();
00632         }
00633         
00634         return $pageID;
00635 }
00636 
00637 function loginform_small() {
00638         global $language, $profilemodules, $usermanager;
00639         if (isAuth()) {
00640                 $thisUser = $_SESSION[siteURL(true)]["login"];
00641                 $data = "
00642                 <div id=\"loginform_small\">
00643                 " . i18n("Welcome") . "<br /><a href=\"" . globalIDtoURL("user/$thisUser/mypage") . "\">" . getUserInfo($_SESSION[siteURL(true)]["login"], "name") . "</a>
00644                 <hr class=\"loginform\" />";
00645                 
00646                 foreach( $profilemodules as $key => $value )
00647                         $data .= "
00648                         <a class=\"loginform\" href=\"" . globalIDtoURL("user/$thisUser/" . substr($value, 14)) . "\">" . i18n(substr($value, 14)) . "</a>";
00649                 
00650                 $data .= "
00651                 </div>";
00652                 return $data;
00653         } else {
00654                 $loginfrm = "<form action=\"" . thisPageURL() . "\" method=\"post\"><input type=\"hidden\" name=\"logout\" value=\"false\" /><div id=\"loginform_small\">";
00655                 if (isset($_REQUEST["username"])) {
00656                         $loginfrm .= "
00657                         <div id=\"login_text\">". i18n("Authorisation error, try again") . "<br />";
00658                         
00659                         if (!$usermanager->userExists($_REQUEST["username"])) {
00660                                 $loginfrm .= i18n("Unknown user!") . "</div>";
00661                         } else {
00662                                 $loginfrm .= i18n("Incorrect password") . "<a href=\"" . globalIDtoURL("setup/requestpassword/{$_REQUEST['username']}") . "\" class=\"command\" title=\"" . i18n("Get a new password sent by email") . "\">[?]</a></div>";
00663                         }
00664                 } else {
00665                         $loginfrm .= "
00666                         <div id=\"login_text\">" . i18n("Log in here") . "</div>";
00667                 }
00668                 $loginfrm .= "
00669                 <div id=\"login_username\"><span id=\"login_username_text\">" . i18n("Username:") . "</span><input id=\"login_username_box\" type=\"text\" name=\"username\" value=\"{$_REQUEST['username']}\" /></div>
00670                 <div id=\"login_password\"><span id=\"login_password_text\">" . i18n("Password:") . "</span><input id=\"login_password_box\" type=\"password\" name=\"password\" /></div>
00671                 <div id=\"login_sevenday\"><label><input id=\"login_sevenday\" name=\"login_sevenday\" type=\"checkbox\" /><span id=\"login_sevenday_text\">" . i18n("Remember me") . "</span></label></div><input id=\"login_login_button\" type=\"submit\" value=\"" . i18n("Log in") . "\" />
00672                 </div>";
00673                 if (isAllowed("global_user_new")) { $loginfrm .= "<div id=\"login_new_button\"><a class=\"login_new_button\" href=\"" . globalIDtoURL("user/" . i18n("username") . "/new") . "\">" . i18n("Register a user") . "</a></div>"; }
00674                 $loginfrm .= "</form>";
00675                 return $loginfrm;
00676         }
00677 }
00678 
00679 function loginform($language = "en", $submit_uri, $auth_messages = "") {
00680         global $auth_messages, $usermanager, $globalID;
00681         // THIS IS A VERY DIRTY HACK! Should really be fixed by making the setup globalID be called something else, but...
00682         if( $globalID == "setup" )
00683                 $loginfrm = "<form action=\"" . thisPageURL() . "/?globalID=setup\" method=\"post\"><input type=\"hidden\" name=\"logout\" value=\"false\" /><div align=\"center\"><table width=\"300\" style=\"border: 1px solid gray;\"><tr><td colspan=\"2\" style=\"border-bottom: 1px solid gray;\">";
00684         else
00685                 $loginfrm = "<form action=\"" . thisPageURL() . "\" method=\"post\"><input type=\"hidden\" name=\"logout\" value=\"false\" /><div align=\"center\"><table width=\"300\" style=\"border: 1px solid gray;\"><tr><td colspan=\"2\" style=\"border-bottom: 1px solid gray;\">";
00686         if (isset($_REQUEST["username"])) {
00687                 $loginfrm .= "
00688                 <div align=\"left\">";
00689                 if (!$usermanager->userExists($_REQUEST["username"])) {
00690                         $loginfrm .= i18n("Unknown user!") . " ";
00691                 } else {
00692                         $loginfrm .= i18n("Incorrect password") . " - <a href=\"" . globalIDtoURL("setup/requestpassword/{$_REQUEST['username']}") . "\" class=\"command\">" . i18n("Get a new password sent by email") . "</a>. ";
00693                 }
00694                 $loginfrm .= i18n("The login information you provided was invalid. Please log in again below:") . "</div>";
00695         } else {
00696                 $loginfrm = "$loginfrm
00697                 <div align=\"left\">" . i18n("Write username and password below to get access to the administration functions.") . "</div>";
00698         }
00699         $loginfrm = "$loginfrm
00700         <tr><td width=\"50%\">" . i18n("Username:") . "</td><td width=\"50%\" align=\"right\"><input style=\"width: 100%\" type=\"text\" name=\"username\" /></td></tr>
00701         <tr><td>" . i18n("Password:") . "</td><td align=\"right\"><input style=\"width: 100%\" type=\"password\" name=\"password\" /></td></tr>
00702         <tr><td>" . i18n("Remember me") . "</td><td align=\"right\"><input style=\"width: 100%\" type=\"checkbox\" name=\"login_sevenday\" /></td></tr>
00703         <tr><td colspan=\"2\" align=\"center\"><input type=\"submit\" value=\"" . i18n("Log in") . "\" /></td></tr>
00704         </table></div></form>";
00705         return $loginfrm;
00706 }
00707 ?>