projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
first step in making the authorize target work correctly, move check for secure conne...
[authserver.git] / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
d26d08a1
RK		 9$errors = array();
10
133aecbe
RK		 11// Start HTML document as a DOM object.
12extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
13$document->formatOutput = true; // we want a nice output
14
15$style = $head->appendElement('link');
16$style->setAttribute('rel', 'stylesheet');
17$style->setAttribute('href', 'authsystem.css');
d26d08a1 18$head->appendJSFile('authsystem.js');
133aecbe
RK		 19$title->appendText('KaiRo.at Authentication Server');
20$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
21
77f0f9ff 22$errors += $utils->checkForSecureConnection();
d26d08a1
RK		 23
24$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
25$para->setAttribute('id', 'jswarning');
26$para->setAttribute('class', 'warn');
27
28if (!count($errors)) {
29 $session = null;
30 $user = array('id' => 0, 'email' => '');
b19743bc 31 $pagetype = 'default';
d26d08a1
RK		 32 $db->exec("SET time_zone='+00:00';"); // Execute directly on PDO object, set session to UTC to make our gmdate() values match correctly.
33 if (strlen(@$_COOKIE['sessionkey'])) {
34 // Fetch the session - or at least try to.
35 $result = $db->prepare('SELECT * FROM `auth_sessions` WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
36 $result->execute(array(':sesskey' => $_COOKIE['sessionkey'], ':expire' => gmdate('Y-m-d H:i:s')));
37 $row = $result->fetch(PDO::FETCH_ASSOC);
38 if ($row) {
39 $session = $row;
40
b19743bc
RK		 41 if (array_key_exists('logout', $_GET)) {
42 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
43 if (!$result->execute(array(':sessid' => $session['id']))) {
558e9862 44 $utils->log('logout_failure', 'session: '.$session['id']);
b19743bc
RK		 45 $errors[] = _('The email address is invalid.');
46 }
47 $session['logged_in'] = 0;
48 }
49 elseif (array_key_exists('email', $_POST)) {
d26d08a1
RK		 50 if (!preg_match('/^[^@]+@[^@]+\.[^@]+$/', $_POST['email'])) {
51 $errors[] = _('The email address is invalid.');
52 }
ac442755 53 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
d26d08a1
RK		 54 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash` FROM `auth_users` WHERE `email` = :email;');
55 $result->execute(array(':email' => $_POST['email']));
56 $user = $result->fetch(PDO::FETCH_ASSOC);
b19743bc 57 if ($user['id'] && array_key_exists('pwd', $_POST)) {
d26d08a1 58 // existing user, check password
ac442755 59 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
d26d08a1
RK		 60 // Check if a newer hashing algorithm is available
61 // or the cost has changed
ac442755 62 if ($utils->pwdNeedsRehash($user)) {
d26d08a1 63 // If so, create a new hash, and replace the old one
ac442755 64 $newHash = $utils->pwdHash($_POST['pwd']);
d26d08a1 65 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
b19743bc 66 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
558e9862
RK		 67 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
68 }
69 else {
70 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
b19743bc 71 }
d26d08a1
RK		 72 }
73
74 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
558e9862 75 $utils->log('login', 'user: '.$user['id']);
ac442755 76 $sesskey = $utils->createSessionKey();
77f0f9ff 77 setcookie('sessionkey', $sesskey, 0, "", "", !$utils->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
b19743bc
RK		 78 // If the session has a user set, create a new one - otherwise take existing session entry.
79 if (intval($session['user'])) {
80 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`, `user`, `logged_in`) VALUES (:sesskey, :expire, :userid, TRUE);');
81 $result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day'))));
82 // After insert, actually fetch the session row from the DB so we have all values.
83 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
84 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
85 $row = $result->fetch(PDO::FETCH_ASSOC);
86 if ($row) {
87 $session = $row;
88 }
89 else {
558e9862 90 $utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$user['id']);
b19743bc
RK		 91 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
92 }
93 }
94 else {
95 $result = $db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
96 if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
558e9862 97 $utils->log('login_failure', 'session: '.$session['id'].', user: '.$user['id']);
b19743bc
RK		 98 $errors[] = _('Login failed unexpectedly. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
99 }
100 }
89975cb9
RK		 101 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
102 if (strlen(@$user['verify_hash'])) {
103 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
104 if (!$result->execute(array(':userid' => $user['id']))) {
558e9862 105 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
89975cb9
RK		 106 }
107 else {
108 $user['verify_hash'] = '';
109 }
110 }
d26d08a1
RK		 111 }
112 else {
113 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
114 }
115 }
116 else {
b19743bc
RK		 117 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
118 if (array_key_exists('pwd', $_POST)) {
ac442755 119 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
d26d08a1
RK		 120 }
121 if (!count($errors)) {
122 // Put user into the DB
b19743bc 123 if (!$user['id']) {
ac442755
RK		 124 $newHash = $utils->pwdHash($_POST['pwd']);
125 $vcode = $utils->createVerificationCode();
b19743bc
RK		 126 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
127 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
558e9862 128 $utils->log('user_insert_failure', 'email: '.$_POST['email']);
b19743bc
RK		 129 $errors[] = _('Could not add user. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
130 }
131 $user = array('id' => $db->lastInsertId(),
132 'email' => $_POST['email'],
133 'pwdhash' => $newHash,
134 'status' => 'unverified',
135 'verify_hash' => $vcode);
558e9862 136 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
b19743bc
RK		 137 }
138 if ($user['status'] == 'unverified') {
139 // Send email for verification and show message to point to it.
140 $mail = new email();
141 $mail->setCharset('utf-8');
142 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
143 $mail->addRecipient($user['email']);
144 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
145 $mail->setSubject('Email Verification for KaiRo.at Authentication');
146 $mail->addMailText(_('Welcome!')."\n\n");
147 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
148 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
149 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
77f0f9ff 150 $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
b19743bc
RK		 151 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
152 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
153 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
154 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
155 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
156 //$mail->setDebugAddress("robert@localhost");
157 $mailsent = $mail->send();
158 if ($mailsent) {
159 $pagetype = 'verification_sent';
160 }
161 else {
558e9862 162 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
b19743bc
RK		 163 $errors[] = _('The confirmation email could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
164 }
165 }
166 else {
89975cb9 167 // Password reset requested with "Password forgotten?" function.
ac442755 168 $vcode = $utils->createVerificationCode();
89975cb9
RK		 169 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
170 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
558e9862 171 $utils->log('vhash_set_failure', 'user: '.$user['id']);
89975cb9
RK		 172 $errors[] = _('Could not initiate reset request. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
173 }
174 else {
558e9862 175 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
ac442755 176 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
89975cb9
RK		 177 // Send email with instructions for resetting the password.
178 $mail = new email();
179 $mail->setCharset('utf-8');
180 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
181 $mail->addRecipient($user['email']);
182 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
183 $mail->setSubject('How to reset your password for KaiRo.at Authentication');
184 $mail->addMailText(_('Hi,')."\n\n");
185 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
186 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
187 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
77f0f9ff 188 $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
89975cb9
RK		 189 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
190 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
191 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
192 //$mail->setDebugAddress("robert@localhost");
193 $mailsent = $mail->send();
194 if ($mailsent) {
195 $pagetype = 'resetmail_sent';
196 }
197 else {
558e9862 198 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
89975cb9
RK		 199 $errors[] = _('The email with password reset instructions could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
200 }
201 }
b19743bc 202 }
d26d08a1
RK		 203 }
204 }
205 }
89975cb9
RK		 206 else {
207 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again.');
208 }
d26d08a1 209 }
b19743bc
RK		 210 elseif (array_key_exists('reset', $_GET)) {
211 if ($session['logged_in']) {
e876642c
RK		 212 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
213 $result->execute(array(':userid' => $session['user']));
214 $user = $result->fetch(PDO::FETCH_ASSOC);
215 if (!$user['id']) {
558e9862 216 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
e876642c 217 }
b19743bc
RK		 218 $pagetype = 'resetpwd';
219 }
220 else {
221 // Display form for entering email.
222 $pagetype = 'resetstart';
223 }
224 }
225 elseif (array_key_exists('verification_code', $_GET)) {
226 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
227 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
228 $user = $result->fetch(PDO::FETCH_ASSOC);
229 if ($user['id']) {
230 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
231 if (!$result->execute(array(':userid' => $user['id']))) {
558e9862 232 $utils->log('verification_save_failure', 'user: '.$user['id']);
b19743bc
RK		 233 $errors[] = _('Could not save confirmation. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
234 }
235 $pagetype = 'verification_done';
236 }
237 else {
238 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
239 }
240 }
89975cb9
RK		 241 elseif (array_key_exists('reset_code', $_GET)) {
242 $reset_fail = true;
243 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `email` = :email');
244 $result->execute(array(':email' => @$_GET['email']));
245 $user = $result->fetch(PDO::FETCH_ASSOC);
246 if ($user['id']) {
247 // Deconstruct reset code and verify it.
248 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
249 $tcode_sessid = hexdec($regs[2]) - $user['id'];
250 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
251 $result->execute(array(':sessid' => $tcode_sessid));
252 $row = $result->fetch(PDO::FETCH_ASSOC);
253 if ($row) {
254 $tcode_session = $row;
255 if (($regs[1] == $user['verify_hash']) &&
ac442755 256 $utils->verifyTimeCode($regs[3], $session, 60)) {
89975cb9 257 // Set a new verify_hash for the actual password reset.
ac442755 258 $user['verify_hash'] = $utils->createVerificationCode();
89975cb9
RK		 259 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
260 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
558e9862 261 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
89975cb9
RK		 262 }
263 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
264 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
558e9862 265 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
89975cb9
RK		 266 }
267 $pagetype = 'resetpwd';
268 $reset_fail = false;
269 }
270 }
271 }
272 }
273 if ($reset_fail) {
274 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
275 }
276 }
b19743bc 277 elseif (intval($session['user'])) {
89975cb9 278 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;');
b19743bc
RK		 279 $result->execute(array(':userid' => $session['user']));
280 $user = $result->fetch(PDO::FETCH_ASSOC);
281 if (!$user['id']) {
558e9862 282 $utils->log('user_read_failure', 'user: '.$session['user']);
b19743bc 283 }
e876642c
RK		 284 // Password reset requested.
285 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
89975cb9
RK		 286 // If not logged in, a password reset needs to have the proper vcode set.
287 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
288 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
289 }
290 // If not logged in, a password reset also needs to have the proper email set.
291 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
292 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
293 }
294 // Check validity of time code.
ac442755 295 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
89975cb9
RK		 296 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
297 }
ac442755 298 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
e876642c 299 if (!count($errors)) {
ac442755 300 $newHash = $utils->pwdHash($_POST['pwd']);
89975cb9 301 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
e876642c 302 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
558e9862 303 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
e876642c
RK		 304 $errors[] = _('Password reset failed. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
305 }
306 else {
89975cb9 307 $pagetype = 'reset_done';
e876642c
RK		 308 }
309 }
310 }
b19743bc 311 }
d26d08a1
RK		 312 }
313 }
314 if (is_null($session)) {
315 // Create new session and set cookie.
ac442755 316 $sesskey = $utils->createSessionKey();
77f0f9ff 317 setcookie('sessionkey', $sesskey, 0, "", "", !$utils->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
d26d08a1
RK		 318 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`) VALUES (:sesskey, :expire);');
319 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s', strtotime('+5 minutes'))));
320 // After insert, actually fetch the session row from the DB so we have all values.
321 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
322 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
323 $row = $result->fetch(PDO::FETCH_ASSOC);
324 if ($row) {
325 $session = $row;
326 }
b19743bc 327 else {
558e9862 328 $utils->log('session_create_failure', 'key: '.$sesskey);
b19743bc
RK		 329 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
330 }
d26d08a1
RK		 331 }
332}
333
334if (!count($errors)) {
b19743bc
RK		 335 if ($pagetype == 'verification_sent') {
336 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
337 $para->setAttribute('class', 'verifyinfo pending');
338 }
89975cb9
RK		 339 elseif ($pagetype == 'resetmail_sent') {
340 $para = $body->appendElement('p',
341 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
342 $para->setAttribute('class', 'resetinfo pending');
343 }
b19743bc
RK		 344 elseif ($pagetype == 'resetstart') {
345 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
346 $para->setAttribute('class', '');
77f0f9ff 347 $form = $body->appendForm('./?reset', 'POST', 'resetform');
b19743bc
RK		 348 $form->setAttribute('id', 'loginform');
349 $form->setAttribute('class', 'loginarea hidden');
350 $ulist = $form->appendElement('ul');
351 $ulist->setAttribute('class', 'flat login');
352 $litem = $ulist->appendElement('li');
353 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
354 $inptxt->setAttribute('autocomplete', 'email');
355 $inptxt->setAttribute('required', '');
356 $inptxt->setAttribute('placeholder', _('Email'));
357 $litem = $ulist->appendElement('li');
ac442755 358 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc
RK		 359 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
360 }
361 elseif ($pagetype == 'resetpwd') {
89975cb9 362 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
b19743bc 363 $para->setAttribute('class', '');
77f0f9ff 364 $form = $body->appendForm('./', 'POST', 'newpwdform');
b19743bc
RK		 365 $form->setAttribute('id', 'loginform');
366 $form->setAttribute('class', 'loginarea hidden');
367 $ulist = $form->appendElement('ul');
368 $ulist->setAttribute('class', 'flat login');
369 $litem = $ulist->appendElement('li');
e876642c
RK		 370 $litem->setAttribute('class', 'donotshow');
371 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
372 $inptxt->setAttribute('autocomplete', 'email');
373 $inptxt->setAttribute('placeholder', _('Email'));
374 $litem = $ulist->appendElement('li');
b19743bc
RK		 375 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
376 $inptxt->setAttribute('required', '');
377 $inptxt->setAttribute('placeholder', _('Password'));
378 $inptxt->setAttribute('class', 'login');
379 $litem = $ulist->appendElement('li');
e876642c 380 $litem->appendInputHidden('reset', '');
ac442755 381 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 382 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
383 $litem->appendInputHidden('vcode', $user['verify_hash']);
384 }
b19743bc
RK		 385 $submit = $litem->appendInputSubmit(_('Save password'));
386 }
387 elseif ($session['logged_in']) {
e876642c
RK		 388 if ($pagetype == 'reset_done') {
389 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
390 $para->setAttribute('class', 'resetinfo done');
391 }
d26d08a1
RK		 392 $div = $body->appendElement('div', $user['email']);
393 $div->setAttribute('class', 'loginheader');
394 $div = $body->appendElement('div');
395 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 396 $ulist = $div->appendElement('ul');
397 $ulist->setAttribute('class', 'flat');
398 $litem = $ulist->appendElement('li');
77f0f9ff 399 $link = $litem->appendLink('./?logout', _('Log out'));
b19743bc 400 $litem = $ulist->appendElement('li');
77f0f9ff 401 $litem->appendLink('./?reset', _('Set new password'));
d26d08a1
RK		 402 }
403 else { // not logged in
b19743bc
RK		 404 if ($pagetype == 'verification_done') {
405 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
406 $para->setAttribute('class', 'verifyinfo done');
407 }
e876642c
RK		 408 elseif ($pagetype == 'reset_done') {
409 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
410 $para->setAttribute('class', 'resetinfo done');
411 }
77f0f9ff 412 $form = $body->appendForm('./', 'POST', 'loginform');
d26d08a1
RK		 413 $form->setAttribute('id', 'loginform');
414 $form->setAttribute('class', 'loginarea hidden');
415 $ulist = $form->appendElement('ul');
416 $ulist->setAttribute('class', 'flat login');
417 $litem = $ulist->appendElement('li');
418 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'])?$user['email']:''));
419 $inptxt->setAttribute('autocomplete', 'email');
420 $inptxt->setAttribute('required', '');
421 $inptxt->setAttribute('placeholder', _('Email'));
422 $inptxt->setAttribute('class', 'login');
423 $litem = $ulist->appendElement('li');
424 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
b19743bc 425 $inptxt->setAttribute('required', '');
d26d08a1
RK		 426 $inptxt->setAttribute('placeholder', _('Password'));
427 $inptxt->setAttribute('class', 'login');
428 $litem = $ulist->appendElement('li');
77f0f9ff 429 $litem->appendLink('./?reset', _('Forgot password?'));
b19743bc 430 $litem = $ulist->appendElement('li');
d26d08a1
RK		 431 $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
432 $cbox->setAttribute('class', 'logincheck');
433 $label = $litem->appendLabel('login_remember', _('Remember me'));
434 $label->setAttribute('id', 'rememprompt');
435 $label->setAttribute('class', 'loginprompt');
436 $litem = $ulist->appendElement('li');
ac442755 437 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
e876642c 438 $submit = $litem->appendInputSubmit(_('Log in / Register'));
d26d08a1
RK		 439 $submit->setAttribute('class', 'loginbutton');
440 }
441}
442
443if (count($errors)) {
444 $body->appendElement('p', ((count($errors) <= 1)
445 ?_('The following error was detected')
446 :_('The following errors were detected')).':');
447 $list = $body->appendElement('ul');
448 $list->setAttribute('class', 'flat warn');
449 foreach ($errors as $msg) {
450 $item = $list->appendElement('li', $msg);
451 }
b19743bc 452 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 453}
454
455// Send HTML to client.
456print($document->saveHTML());
457?>
OAuth2-capable authorization/login server