// Include the common auth system files (including the OAuth2 Server object).
require_once(__DIR__.'/authsystem.inc.php');
-// Start HTML document as a DOM object.
-extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
-$document->formatOutput = true; // we want a nice output
-
-$style = $head->appendElement('link');
-$style->setAttribute('rel', 'stylesheet');
-$style->setAttribute('href', 'authsystem.css');
-$head->appendJSFile('authsystem.js');
-$title->appendText('KaiRo.at Authentication Server');
-$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
-
-// Make the document not be scaled on mobile devices.
-$vpmeta = $head->appendElement('meta');
-$vpmeta->setAttribute('name', 'viewport');
-$vpmeta->setAttribute('content', 'width=device-width, height=device-height');
-
$errors = $utils->checkForSecureConnection();
$utils->sendSecurityHeaders();
-$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
-$para->setAttribute('id', 'jswarning');
-$para->setAttribute('class', 'warn');
+// Initialize the HTML document with our basic elements.
+extract($utils->initHTMLDocument('KaiRo.at Authentication Server')); // sets $document, $html, $head, $title, $body
if (!count($errors)) {
$session = $utils->initSession(); // Read session or create new session and set cookie.
$session['logged_in'] = 0;
}
elseif (array_key_exists('email', $_POST)) {
- if (!preg_match('/^[^@]+@[^@]+\.[^@]+$/', $_POST['email'])) {
+ if (!preg_match('/^[^@]+@([^@]+\.[^@]+|localhost)$/', $_POST['email'])) {
$errors[] = _('The email address is invalid.');
}
elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
}
elseif (array_key_exists('reset', $_GET)) {
if ($session['logged_in']) {
- $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
+ $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
$result->execute(array(':userid' => $session['user']));
$user = $result->fetch(PDO::FETCH_ASSOC);
if (!$user['id']) {
}
}
elseif (array_key_exists('verification_code', $_GET)) {
- $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
+ $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
$result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
$user = $result->fetch(PDO::FETCH_ASSOC);
if ($user['id']) {
}
elseif (array_key_exists('reset_code', $_GET)) {
$reset_fail = true;
- $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `email` = :email');
+ $result = $db->prepare('SELECT `id`,`email`,`verify_hash`,`group_id` FROM `auth_users` WHERE `email` = :email');
$result->execute(array(':email' => @$_GET['email']));
$user = $result->fetch(PDO::FETCH_ASSOC);
if ($user['id']) {
}
}
elseif (array_key_exists('clients', $_GET)) {
- $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
+ $result = $db->prepare('SELECT `id`,`email`,`group_id` FROM `auth_users` WHERE `id` = :userid;');
$result->execute(array(':userid' => $session['user']));
$user = $result->fetch(PDO::FETCH_ASSOC);
if ($session['logged_in'] && $user['id']) {
$list = $body->appendElement('ul');
$list->setAttribute('class', 'flat warn');
foreach ($errors as $msg) {
- $item = $list->appendElement('li', $msg);
+ $item = $list->appendElement('li');
+ $item->appendHTMLMarkup($msg);
}
$body->appendButton(_('Back'), 'history.back();');
}