projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
log failures and some other actions
[authserver.git] / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
d26d08a1
RK		 9$errors = array();
10
133aecbe
RK		 11// Start HTML document as a DOM object.
12extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
13$document->formatOutput = true; // we want a nice output
14
15$style = $head->appendElement('link');
16$style->setAttribute('rel', 'stylesheet');
17$style->setAttribute('href', 'authsystem.css');
d26d08a1 18$head->appendJSFile('authsystem.js');
133aecbe
RK		 19$title->appendText('KaiRo.at Authentication Server');
20$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
21
d26d08a1
RK		 22$running_on_localhost = preg_match('/^((.+\.)?localhost|127\.0\.0\.\d+)$/', $_SERVER['SERVER_NAME']);
23if (($_SERVER['SERVER_PORT'] != 443) && !$running_on_localhost) {
24 $errors[] = _('You are not accessing this site on a secure connection, so authentication doesn\'t work.');
133aecbe 25}
d26d08a1
RK		 26
27$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
28$para->setAttribute('id', 'jswarning');
29$para->setAttribute('class', 'warn');
30
31if (!count($errors)) {
32 $session = null;
33 $user = array('id' => 0, 'email' => '');
b19743bc 34 $pagetype = 'default';
d26d08a1
RK		 35 $db->exec("SET time_zone='+00:00';"); // Execute directly on PDO object, set session to UTC to make our gmdate() values match correctly.
36 if (strlen(@$_COOKIE['sessionkey'])) {
37 // Fetch the session - or at least try to.
38 $result = $db->prepare('SELECT * FROM `auth_sessions` WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
39 $result->execute(array(':sesskey' => $_COOKIE['sessionkey'], ':expire' => gmdate('Y-m-d H:i:s')));
40 $row = $result->fetch(PDO::FETCH_ASSOC);
41 if ($row) {
42 $session = $row;
43
b19743bc
RK		 44 if (array_key_exists('logout', $_GET)) {
45 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
46 if (!$result->execute(array(':sessid' => $session['id']))) {
558e9862 47 $utils->log('logout_failure', 'session: '.$session['id']);
b19743bc
RK		 48 $errors[] = _('The email address is invalid.');
49 }
50 $session['logged_in'] = 0;
51 }
52 elseif (array_key_exists('email', $_POST)) {
d26d08a1
RK		 53 if (!preg_match('/^[^@]+@[^@]+\.[^@]+$/', $_POST['email'])) {
54 $errors[] = _('The email address is invalid.');
55 }
ac442755 56 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
d26d08a1
RK		 57 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash` FROM `auth_users` WHERE `email` = :email;');
58 $result->execute(array(':email' => $_POST['email']));
59 $user = $result->fetch(PDO::FETCH_ASSOC);
b19743bc 60 if ($user['id'] && array_key_exists('pwd', $_POST)) {
d26d08a1 61 // existing user, check password
ac442755 62 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
d26d08a1
RK		 63 // Check if a newer hashing algorithm is available
64 // or the cost has changed
ac442755 65 if ($utils->pwdNeedsRehash($user)) {
d26d08a1 66 // If so, create a new hash, and replace the old one
ac442755 67 $newHash = $utils->pwdHash($_POST['pwd']);
d26d08a1 68 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
b19743bc 69 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
558e9862
RK		 70 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
71 }
72 else {
73 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
b19743bc 74 }
d26d08a1
RK		 75 }
76
77 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
558e9862 78 $utils->log('login', 'user: '.$user['id']);
ac442755 79 $sesskey = $utils->createSessionKey();
d26d08a1 80 setcookie('sessionkey', $sesskey, 0, "", "", !$running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
b19743bc
RK		 81 // If the session has a user set, create a new one - otherwise take existing session entry.
82 if (intval($session['user'])) {
83 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`, `user`, `logged_in`) VALUES (:sesskey, :expire, :userid, TRUE);');
84 $result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day'))));
85 // After insert, actually fetch the session row from the DB so we have all values.
86 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
87 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
88 $row = $result->fetch(PDO::FETCH_ASSOC);
89 if ($row) {
90 $session = $row;
91 }
92 else {
558e9862 93 $utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$user['id']);
b19743bc
RK		 94 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
95 }
96 }
97 else {
98 $result = $db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
99 if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
558e9862 100 $utils->log('login_failure', 'session: '.$session['id'].', user: '.$user['id']);
b19743bc
RK		 101 $errors[] = _('Login failed unexpectedly. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
102 }
103 }
89975cb9
RK		 104 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
105 if (strlen(@$user['verify_hash'])) {
106 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
107 if (!$result->execute(array(':userid' => $user['id']))) {
558e9862 108 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
89975cb9
RK		 109 }
110 else {
111 $user['verify_hash'] = '';
112 }
113 }
d26d08a1
RK		 114 }
115 else {
116 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
117 }
118 }
119 else {
b19743bc
RK		 120 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
121 if (array_key_exists('pwd', $_POST)) {
ac442755 122 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
d26d08a1
RK		 123 }
124 if (!count($errors)) {
125 // Put user into the DB
b19743bc 126 if (!$user['id']) {
ac442755
RK		 127 $newHash = $utils->pwdHash($_POST['pwd']);
128 $vcode = $utils->createVerificationCode();
b19743bc
RK		 129 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
130 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
558e9862 131 $utils->log('user_insert_failure', 'email: '.$_POST['email']);
b19743bc
RK		 132 $errors[] = _('Could not add user. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
133 }
134 $user = array('id' => $db->lastInsertId(),
135 'email' => $_POST['email'],
136 'pwdhash' => $newHash,
137 'status' => 'unverified',
138 'verify_hash' => $vcode);
558e9862 139 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
b19743bc
RK		 140 }
141 if ($user['status'] == 'unverified') {
142 // Send email for verification and show message to point to it.
143 $mail = new email();
144 $mail->setCharset('utf-8');
145 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
146 $mail->addRecipient($user['email']);
147 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
148 $mail->setSubject('Email Verification for KaiRo.at Authentication');
149 $mail->addMailText(_('Welcome!')."\n\n");
150 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
151 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
152 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
153 $mail->addMailText(($running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
154 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
155 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
156 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
157 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
158 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
159 //$mail->setDebugAddress("robert@localhost");
160 $mailsent = $mail->send();
161 if ($mailsent) {
162 $pagetype = 'verification_sent';
163 }
164 else {
558e9862 165 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
b19743bc
RK		 166 $errors[] = _('The confirmation email could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
167 }
168 }
169 else {
89975cb9 170 // Password reset requested with "Password forgotten?" function.
ac442755 171 $vcode = $utils->createVerificationCode();
89975cb9
RK		 172 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
173 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
558e9862 174 $utils->log('vhash_set_failure', 'user: '.$user['id']);
89975cb9
RK		 175 $errors[] = _('Could not initiate reset request. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
176 }
177 else {
558e9862 178 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
ac442755 179 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
89975cb9
RK		 180 // Send email with instructions for resetting the password.
181 $mail = new email();
182 $mail->setCharset('utf-8');
183 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
184 $mail->addRecipient($user['email']);
185 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
186 $mail->setSubject('How to reset your password for KaiRo.at Authentication');
187 $mail->addMailText(_('Hi,')."\n\n");
188 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
189 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
190 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
191 $mail->addMailText(($running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
192 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
193 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
194 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
195 //$mail->setDebugAddress("robert@localhost");
196 $mailsent = $mail->send();
197 if ($mailsent) {
198 $pagetype = 'resetmail_sent';
199 }
200 else {
558e9862 201 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
89975cb9
RK		 202 $errors[] = _('The email with password reset instructions could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
203 }
204 }
b19743bc 205 }
d26d08a1
RK		 206 }
207 }
208 }
89975cb9
RK		 209 else {
210 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again.');
211 }
d26d08a1 212 }
b19743bc
RK		 213 elseif (array_key_exists('reset', $_GET)) {
214 if ($session['logged_in']) {
e876642c
RK		 215 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
216 $result->execute(array(':userid' => $session['user']));
217 $user = $result->fetch(PDO::FETCH_ASSOC);
218 if (!$user['id']) {
558e9862 219 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
e876642c 220 }
b19743bc
RK		 221 $pagetype = 'resetpwd';
222 }
223 else {
224 // Display form for entering email.
225 $pagetype = 'resetstart';
226 }
227 }
228 elseif (array_key_exists('verification_code', $_GET)) {
229 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
230 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
231 $user = $result->fetch(PDO::FETCH_ASSOC);
232 if ($user['id']) {
233 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
234 if (!$result->execute(array(':userid' => $user['id']))) {
558e9862 235 $utils->log('verification_save_failure', 'user: '.$user['id']);
b19743bc
RK		 236 $errors[] = _('Could not save confirmation. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
237 }
238 $pagetype = 'verification_done';
239 }
240 else {
241 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
242 }
243 }
89975cb9
RK		 244 elseif (array_key_exists('reset_code', $_GET)) {
245 $reset_fail = true;
246 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `email` = :email');
247 $result->execute(array(':email' => @$_GET['email']));
248 $user = $result->fetch(PDO::FETCH_ASSOC);
249 if ($user['id']) {
250 // Deconstruct reset code and verify it.
251 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
252 $tcode_sessid = hexdec($regs[2]) - $user['id'];
253 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
254 $result->execute(array(':sessid' => $tcode_sessid));
255 $row = $result->fetch(PDO::FETCH_ASSOC);
256 if ($row) {
257 $tcode_session = $row;
258 if (($regs[1] == $user['verify_hash']) &&
ac442755 259 $utils->verifyTimeCode($regs[3], $session, 60)) {
89975cb9 260 // Set a new verify_hash for the actual password reset.
ac442755 261 $user['verify_hash'] = $utils->createVerificationCode();
89975cb9
RK		 262 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
263 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
558e9862 264 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
89975cb9
RK		 265 }
266 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
267 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
558e9862 268 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
89975cb9
RK		 269 }
270 $pagetype = 'resetpwd';
271 $reset_fail = false;
272 }
273 }
274 }
275 }
276 if ($reset_fail) {
277 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
278 }
279 }
b19743bc 280 elseif (intval($session['user'])) {
89975cb9 281 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;');
b19743bc
RK		 282 $result->execute(array(':userid' => $session['user']));
283 $user = $result->fetch(PDO::FETCH_ASSOC);
284 if (!$user['id']) {
558e9862 285 $utils->log('user_read_failure', 'user: '.$session['user']);
b19743bc 286 }
e876642c
RK		 287 // Password reset requested.
288 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
89975cb9
RK		 289 // If not logged in, a password reset needs to have the proper vcode set.
290 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
291 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
292 }
293 // If not logged in, a password reset also needs to have the proper email set.
294 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
295 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
296 }
297 // Check validity of time code.
ac442755 298 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
89975cb9
RK		 299 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
300 }
ac442755 301 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
e876642c 302 if (!count($errors)) {
ac442755 303 $newHash = $utils->pwdHash($_POST['pwd']);
89975cb9 304 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
e876642c 305 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
558e9862 306 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
e876642c
RK		 307 $errors[] = _('Password reset failed. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
308 }
309 else {
89975cb9 310 $pagetype = 'reset_done';
e876642c
RK		 311 }
312 }
313 }
b19743bc 314 }
d26d08a1
RK		 315 }
316 }
317 if (is_null($session)) {
318 // Create new session and set cookie.
ac442755 319 $sesskey = $utils->createSessionKey();
d26d08a1
RK		 320 setcookie('sessionkey', $sesskey, 0, "", "", !$running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
321 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`) VALUES (:sesskey, :expire);');
322 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s', strtotime('+5 minutes'))));
323 // After insert, actually fetch the session row from the DB so we have all values.
324 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
325 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
326 $row = $result->fetch(PDO::FETCH_ASSOC);
327 if ($row) {
328 $session = $row;
329 }
b19743bc 330 else {
558e9862 331 $utils->log('session_create_failure', 'key: '.$sesskey);
b19743bc
RK		 332 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
333 }
d26d08a1
RK		 334 }
335}
336
337if (!count($errors)) {
b19743bc
RK		 338 if ($pagetype == 'verification_sent') {
339 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
340 $para->setAttribute('class', 'verifyinfo pending');
341 }
89975cb9
RK		 342 elseif ($pagetype == 'resetmail_sent') {
343 $para = $body->appendElement('p',
344 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
345 $para->setAttribute('class', 'resetinfo pending');
346 }
b19743bc
RK		 347 elseif ($pagetype == 'resetstart') {
348 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
349 $para->setAttribute('class', '');
350 $form = $body->appendForm('?reset', 'POST', 'resetform');
351 $form->setAttribute('id', 'loginform');
352 $form->setAttribute('class', 'loginarea hidden');
353 $ulist = $form->appendElement('ul');
354 $ulist->setAttribute('class', 'flat login');
355 $litem = $ulist->appendElement('li');
356 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
357 $inptxt->setAttribute('autocomplete', 'email');
358 $inptxt->setAttribute('required', '');
359 $inptxt->setAttribute('placeholder', _('Email'));
360 $litem = $ulist->appendElement('li');
ac442755 361 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc
RK		 362 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
363 }
364 elseif ($pagetype == 'resetpwd') {
89975cb9 365 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
b19743bc 366 $para->setAttribute('class', '');
e876642c 367 $form = $body->appendForm('?', 'POST', 'newpwdform');
b19743bc
RK		 368 $form->setAttribute('id', 'loginform');
369 $form->setAttribute('class', 'loginarea hidden');
370 $ulist = $form->appendElement('ul');
371 $ulist->setAttribute('class', 'flat login');
372 $litem = $ulist->appendElement('li');
e876642c
RK		 373 $litem->setAttribute('class', 'donotshow');
374 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
375 $inptxt->setAttribute('autocomplete', 'email');
376 $inptxt->setAttribute('placeholder', _('Email'));
377 $litem = $ulist->appendElement('li');
b19743bc
RK		 378 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
379 $inptxt->setAttribute('required', '');
380 $inptxt->setAttribute('placeholder', _('Password'));
381 $inptxt->setAttribute('class', 'login');
382 $litem = $ulist->appendElement('li');
e876642c 383 $litem->appendInputHidden('reset', '');
ac442755 384 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 385 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
386 $litem->appendInputHidden('vcode', $user['verify_hash']);
387 }
b19743bc
RK		 388 $submit = $litem->appendInputSubmit(_('Save password'));
389 }
390 elseif ($session['logged_in']) {
e876642c
RK		 391 if ($pagetype == 'reset_done') {
392 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
393 $para->setAttribute('class', 'resetinfo done');
394 }
d26d08a1
RK		 395 $div = $body->appendElement('div', $user['email']);
396 $div->setAttribute('class', 'loginheader');
397 $div = $body->appendElement('div');
398 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 399 $ulist = $div->appendElement('ul');
400 $ulist->setAttribute('class', 'flat');
401 $litem = $ulist->appendElement('li');
402 $link = $litem->appendLink('?logout', _('Log out'));
403 $litem = $ulist->appendElement('li');
404 $litem->appendLink('?reset', _('Set new password'));
d26d08a1
RK		 405 }
406 else { // not logged in
b19743bc
RK		 407 if ($pagetype == 'verification_done') {
408 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
409 $para->setAttribute('class', 'verifyinfo done');
410 }
e876642c
RK		 411 elseif ($pagetype == 'reset_done') {
412 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
413 $para->setAttribute('class', 'resetinfo done');
414 }
b19743bc 415 $form = $body->appendForm('?', 'POST', 'loginform');
d26d08a1
RK		 416 $form->setAttribute('id', 'loginform');
417 $form->setAttribute('class', 'loginarea hidden');
418 $ulist = $form->appendElement('ul');
419 $ulist->setAttribute('class', 'flat login');
420 $litem = $ulist->appendElement('li');
421 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'])?$user['email']:''));
422 $inptxt->setAttribute('autocomplete', 'email');
423 $inptxt->setAttribute('required', '');
424 $inptxt->setAttribute('placeholder', _('Email'));
425 $inptxt->setAttribute('class', 'login');
426 $litem = $ulist->appendElement('li');
427 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
b19743bc 428 $inptxt->setAttribute('required', '');
d26d08a1
RK		 429 $inptxt->setAttribute('placeholder', _('Password'));
430 $inptxt->setAttribute('class', 'login');
431 $litem = $ulist->appendElement('li');
b19743bc
RK		 432 $litem->appendLink('?reset', _('Forgot password?'));
433 $litem = $ulist->appendElement('li');
d26d08a1
RK		 434 $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
435 $cbox->setAttribute('class', 'logincheck');
436 $label = $litem->appendLabel('login_remember', _('Remember me'));
437 $label->setAttribute('id', 'rememprompt');
438 $label->setAttribute('class', 'loginprompt');
439 $litem = $ulist->appendElement('li');
ac442755 440 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
e876642c 441 $submit = $litem->appendInputSubmit(_('Log in / Register'));
d26d08a1
RK		 442 $submit->setAttribute('class', 'loginbutton');
443 }
444}
445
446if (count($errors)) {
447 $body->appendElement('p', ((count($errors) <= 1)
448 ?_('The following error was detected')
449 :_('The following errors were detected')).':');
450 $list = $body->appendElement('ul');
451 $list->setAttribute('class', 'flat warn');
452 foreach ($errors as $msg) {
453 $item = $list->appendElement('li', $msg);
454 }
b19743bc 455 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 456}
457
458// Send HTML to client.
459print($document->saveHTML());
460?>
OAuth2-capable authorization/login server