projects / authserver.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
check session and login in authorize request
[authserver.git] / index.php
CommitLineData
133aecbe
RK		 1<?php
2/* This Source Code Form is subject to the terms of the Mozilla Public
3 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
4 * You can obtain one at http://mozilla.org/MPL/2.0/. */
5
6// Include the common auth system files (including the OAuth2 Server object).
7require_once(__DIR__.'/authsystem.inc.php');
8
9// Start HTML document as a DOM object.
10extract(ExtendedDocument::initHTML5()); // sets $document, $html, $head, $title, $body
11$document->formatOutput = true; // we want a nice output
12
13$style = $head->appendElement('link');
14$style->setAttribute('rel', 'stylesheet');
15$style->setAttribute('href', 'authsystem.css');
d26d08a1 16$head->appendJSFile('authsystem.js');
133aecbe
RK		 17$title->appendText('KaiRo.at Authentication Server');
18$h1 = $body->appendElement('h1', 'KaiRo.at Authentication Server');
19
4c6d8064 20$errors = $utils->checkForSecureConnection();
d26d08a1
RK		 21
22$para = $body->appendElement('p', _('This login system does not work without JavaScript. Please activate JavaScript for this site to log in.'));
23$para->setAttribute('id', 'jswarning');
24$para->setAttribute('class', 'warn');
25
26if (!count($errors)) {
4c6d8064 27 $session = $utils->initSession(); // Read session or create new session and set cookie.
d26d08a1 28 $user = array('id' => 0, 'email' => '');
b19743bc 29 $pagetype = 'default';
4c6d8064
RK		 30 if (is_null($session)) {
31 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
32 }
33 elseif (array_key_exists('logout', $_GET)) {
34 $result = $db->prepare('UPDATE `auth_sessions` SET `logged_in` = FALSE WHERE `id` = :sessid;');
35 if (!$result->execute(array(':sessid' => $session['id']))) {
36 $utils->log('logout_failure', 'session: '.$session['id']);
37 $errors[] = _('The email address is invalid.');
38 }
39 $session['logged_in'] = 0;
40 }
41 elseif (array_key_exists('email', $_POST)) {
42 if (!preg_match('/^[^@]+@[^@]+\.[^@]+$/', $_POST['email'])) {
43 $errors[] = _('The email address is invalid.');
44 }
45 elseif ($utils->verifyTimeCode(@$_POST['tcode'], $session)) {
46 $result = $db->prepare('SELECT `id`, `pwdhash`, `email`, `status`, `verify_hash` FROM `auth_users` WHERE `email` = :email;');
47 $result->execute(array(':email' => $_POST['email']));
48 $user = $result->fetch(PDO::FETCH_ASSOC);
49 if ($user['id'] && array_key_exists('pwd', $_POST)) {
50 // existing user, check password
51 if (($user['status'] == 'ok') && $utils->pwdVerify(@$_POST['pwd'], $user)) {
52 // Check if a newer hashing algorithm is available
53 // or the cost has changed
54 if ($utils->pwdNeedsRehash($user)) {
55 // If so, create a new hash, and replace the old one
56 $newHash = $utils->pwdHash($_POST['pwd']);
57 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash WHERE `id` = :userid;');
58 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $user['id']))) {
59 $utils->log('user_hash_save_failure', 'user: '.$user['id']);
60 }
61 else {
62 $utils->log('pwd_rehash_success', 'user: '.$user['id']);
63 }
64 }
d26d08a1 65
4c6d8064
RK		 66 // Log user in - update session key for that, see https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines#Login
67 $utils->log('login', 'user: '.$user['id']);
68 $sesskey = $utils->createSessionKey();
69 setcookie('sessionkey', $sesskey, 0, "", "", !$utils->running_on_localhost, true); // Last two params are secure and httponly, secure is not set on localhost.
70 // If the session has a user set, create a new one - otherwise take existing session entry.
71 if (intval($session['user'])) {
72 $result = $db->prepare('INSERT INTO `auth_sessions` (`sesskey`, `time_expire`, `user`, `logged_in`) VALUES (:sesskey, :expire, :userid, TRUE);');
73 $result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day'))));
74 // After insert, actually fetch the session row from the DB so we have all values.
75 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
76 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
77 $row = $result->fetch(PDO::FETCH_ASSOC);
78 if ($row) {
79 $session = $row;
d26d08a1
RK		 80 }
81 else {
4c6d8064
RK		 82 $utils->log('create_session_failure', 'at login, prev session: '.$session['id'].', new user: '.$user['id']);
83 $errors[] = _('The session system is not working. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
d26d08a1
RK		 84 }
85 }
86 else {
4c6d8064
RK		 87 $result = $db->prepare('UPDATE `auth_sessions` SET `sesskey` = :sesskey, `user` = :userid, `logged_in` = TRUE, `time_expire` = :expire WHERE `id` = :sessid;');
88 if (!$result->execute(array(':sesskey' => $sesskey, ':userid' => $user['id'], ':expire' => gmdate('Y-m-d H:i:s', strtotime('+1 day')), ':sessid' => $session['id']))) {
89 $utils->log('login_failure', 'session: '.$session['id'].', user: '.$user['id']);
90 $errors[] = _('Login failed unexpectedly. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
d26d08a1 91 }
4c6d8064
RK		 92 else {
93 // After update, actually fetch the session row from the DB so we have all values.
94 $result = $db->prepare('SELECT * FROM auth_sessions WHERE `sesskey` = :sesskey AND `time_expire` > :expire;');
95 $result->execute(array(':sesskey' => $sesskey, ':expire' => gmdate('Y-m-d H:i:s')));
96 $row = $result->fetch(PDO::FETCH_ASSOC);
97 if ($row) {
98 $session = $row;
b19743bc 99 }
d26d08a1
RK		 100 }
101 }
4c6d8064
RK		 102 // If a verify_hash if set on a verified user, a password reset had been requested. As a login works right now, cancel that reset request by deleting the hash.
103 if (strlen(@$user['verify_hash'])) {
104 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\' WHERE `id` = :userid;');
105 if (!$result->execute(array(':userid' => $user['id']))) {
106 $utils->log('empty_vhash_failure', 'user: '.$user['id']);
107 }
108 else {
109 $user['verify_hash'] = '';
110 }
111 }
d26d08a1 112 }
89975cb9 113 else {
4c6d8064 114 $errors[] = _('This password is invalid or your email is not verified yet. Did you type them correctly?');
89975cb9 115 }
d26d08a1 116 }
4c6d8064
RK		 117 else {
118 // new user: check password, create user and send verification; existing users: re-send verification or send password change instructions
119 if (array_key_exists('pwd', $_POST)) {
120 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $_POST['email']);
121 }
122 if (!count($errors)) {
123 // Put user into the DB
e876642c 124 if (!$user['id']) {
4c6d8064
RK		 125 $newHash = $utils->pwdHash($_POST['pwd']);
126 $vcode = $utils->createVerificationCode();
127 $result = $db->prepare('INSERT INTO `auth_users` (`email`, `pwdhash`, `status`, `verify_hash`) VALUES (:email, :pwdhash, \'unverified\', :vcode);');
128 if (!$result->execute(array(':email' => $_POST['email'], ':pwdhash' => $newHash, ':vcode' => $vcode))) {
129 $utils->log('user_insert_failure', 'email: '.$_POST['email']);
130 $errors[] = _('Could not add user. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
131 }
132 $user = array('id' => $db->lastInsertId(),
133 'email' => $_POST['email'],
134 'pwdhash' => $newHash,
135 'status' => 'unverified',
136 'verify_hash' => $vcode);
137 $utils->log('new_user', 'user: '.$user['id'].', email: '.$user['email']);
e876642c 138 }
4c6d8064
RK		 139 if ($user['status'] == 'unverified') {
140 // Send email for verification and show message to point to it.
141 $mail = new email();
142 $mail->setCharset('utf-8');
143 $mail->addHeader('X-KAIRO-AUTH', 'email_verification');
144 $mail->addRecipient($user['email']);
145 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
146 $mail->setSubject('Email Verification for KaiRo.at Authentication');
147 $mail->addMailText(_('Welcome!')."\n\n");
148 $mail->addMailText(sprintf(_('This email address, %s, has been used for registration on "%s".'),
149 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
150 $mail->addMailText(_('Please confirm that registration by clicking the following link (or calling it up in your browser):')."\n");
151 $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
152 .'?email='.rawurlencode($user['email']).'&verification_code='.rawurlencode($user['verify_hash'])."\n\n");
153 $mail->addMailText(_('With this confirmation, you accept that we handle your data for the purpose of logging you into other websites when you request that.')."\n");
154 $mail->addMailText(_('Those websites will get to know your email address but not your password, which we store securely.')."\n");
155 $mail->addMailText(_('If you do not call this confirmation link within 72 hours, your data will be deleted from our database.')."\n\n");
156 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
157 //$mail->setDebugAddress("robert@localhost");
158 $mailsent = $mail->send();
159 if ($mailsent) {
160 $pagetype = 'verification_sent';
161 }
162 else {
163 $utils->log('verify_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
164 $errors[] = _('The confirmation email could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
165 }
b19743bc 166 }
4c6d8064
RK		 167 else {
168 // Password reset requested with "Password forgotten?" function.
169 $vcode = $utils->createVerificationCode();
170 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
171 if (!$result->execute(array(':vcode' => $vcode, ':userid' => $user['id']))) {
172 $utils->log('vhash_set_failure', 'user: '.$user['id']);
173 $errors[] = _('Could not initiate reset request. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
174 }
175 else {
176 $utils->log('pwd_reset_request', 'user: '.$user['id'].', email: '.$user['email']);
177 $resetcode = $vcode.dechex($user['id'] + $session['id']).'_'.$utils->createTimeCode($session, null, 60);
178 // Send email with instructions for resetting the password.
179 $mail = new email();
180 $mail->setCharset('utf-8');
181 $mail->addHeader('X-KAIRO-AUTH', 'password_reset');
182 $mail->addRecipient($user['email']);
183 $mail->setSender('noreply@auth.kairo.at', _('KaiRo.at Authentication Service'));
184 $mail->setSubject('How to reset your password for KaiRo.at Authentication');
185 $mail->addMailText(_('Hi,')."\n\n");
186 $mail->addMailText(sprintf(_('A request for setting a new password for this email address, %s, has been submitted on "%s".'),
187 $user['email'], _('KaiRo.at Authentication Service'))."\n\n");
188 $mail->addMailText(_('You can set a new password by clicking the following link (or calling it up in your browser):')."\n");
189 $mail->addMailText(($utils->running_on_localhost?'http':'https').'://'.$_SERVER['SERVER_NAME'].strstr($_SERVER['REQUEST_URI'], '?', true)
190 .'?email='.rawurlencode($user['email']).'&reset_code='.rawurlencode($resetcode)."\n\n");
191 $mail->addMailText(_('If you do not call this confirmation link within 1 hour, this link expires and the existing password is being kept in place.')."\n\n");
192 $mail->addMailText(sprintf(_('The %s team'), 'KaiRo.at'));
193 //$mail->setDebugAddress("robert@localhost");
194 $mailsent = $mail->send();
195 if ($mailsent) {
196 $pagetype = 'resetmail_sent';
197 }
198 else {
199 $utils->log('pwd_reset_mail_failure', 'user: '.$user['id'].', email: '.$user['email']);
200 $errors[] = _('The email with password reset instructions could not be sent to you. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
89975cb9
RK		 201 }
202 }
203 }
204 }
89975cb9 205 }
4c6d8064
RK		 206 }
207 else {
208 $errors[] = _('The form you used was not valid. Possibly it has expired and you need to initiate the action again.');
209 }
210 }
211 elseif (array_key_exists('reset', $_GET)) {
212 if ($session['logged_in']) {
213 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `id` = :userid;');
214 $result->execute(array(':userid' => $session['user']));
215 $user = $result->fetch(PDO::FETCH_ASSOC);
216 if (!$user['id']) {
217 $utils->log('reset_user_read_failure', 'user: '.$session['user']);
218 }
219 $pagetype = 'resetpwd';
220 }
221 else {
222 // Display form for entering email.
223 $pagetype = 'resetstart';
224 }
225 }
226 elseif (array_key_exists('verification_code', $_GET)) {
227 $result = $db->prepare('SELECT `id`,`email` FROM `auth_users` WHERE `email` = :email AND `status` = \'unverified\' AND `verify_hash` = :vcode;');
228 $result->execute(array(':email' => @$_GET['email'], ':vcode' => $_GET['verification_code']));
229 $user = $result->fetch(PDO::FETCH_ASSOC);
230 if ($user['id']) {
231 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = \'\', `status` = \'ok\' WHERE `id` = :userid;');
232 if (!$result->execute(array(':userid' => $user['id']))) {
233 $utils->log('verification_save_failure', 'user: '.$user['id']);
234 $errors[] = _('Could not save confirmation. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
235 }
236 $pagetype = 'verification_done';
237 }
238 else {
239 $errors[] = _('The confirmation link you called is not valid. Possibly it has expired and you need to try registering again.');
240 }
241 }
242 elseif (array_key_exists('reset_code', $_GET)) {
243 $reset_fail = true;
244 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `email` = :email');
245 $result->execute(array(':email' => @$_GET['email']));
246 $user = $result->fetch(PDO::FETCH_ASSOC);
247 if ($user['id']) {
248 // Deconstruct reset code and verify it.
249 if (preg_match('/^([0-9a-f]{'.strlen($user['verify_hash']).'})([0-9a-f]+)_(\d+\.\d+)$/', $_GET['reset_code'], $regs)) {
250 $tcode_sessid = hexdec($regs[2]) - $user['id'];
251 $result = $db->prepare('SELECT `id`,`sesskey` FROM `auth_sessions` WHERE `id` = :sessid;');
252 $result->execute(array(':sessid' => $tcode_sessid));
253 $row = $result->fetch(PDO::FETCH_ASSOC);
254 if ($row) {
255 $tcode_session = $row;
256 if (($regs[1] == $user['verify_hash']) &&
257 $utils->verifyTimeCode($regs[3], $session, 60)) {
258 // Set a new verify_hash for the actual password reset.
259 $user['verify_hash'] = $utils->createVerificationCode();
260 $result = $db->prepare('UPDATE `auth_users` SET `verify_hash` = :vcode WHERE `id` = :userid;');
261 if (!$result->execute(array(':vcode' => $user['verify_hash'], ':userid' => $user['id']))) {
262 $utils->log('vhash_reset_failure', 'user: '.$user['id']);
e876642c 263 }
4c6d8064
RK		 264 $result = $db->prepare('UPDATE `auth_sessions` SET `user` = :userid WHERE `id` = :sessid;');
265 if (!$result->execute(array(':userid' => $user['id'], ':sessid' => $session['id']))) {
266 $utils->log('reset_session_set_user_failure', 'session: '.$session['id']);
e876642c 267 }
4c6d8064
RK		 268 $pagetype = 'resetpwd';
269 $reset_fail = false;
e876642c
RK		 270 }
271 }
b19743bc 272 }
d26d08a1 273 }
4c6d8064
RK		 274 if ($reset_fail) {
275 $errors[] = _('The password reset link you called is not valid. Possibly it has expired and you need to call the "Password forgotten?" function again.');
276 }
d26d08a1 277 }
4c6d8064
RK		 278 elseif (intval($session['user'])) {
279 $result = $db->prepare('SELECT `id`,`email`,`verify_hash` FROM `auth_users` WHERE `id` = :userid;');
280 $result->execute(array(':userid' => $session['user']));
281 $user = $result->fetch(PDO::FETCH_ASSOC);
282 if (!$user['id']) {
283 $utils->log('user_read_failure', 'user: '.$session['user']);
d26d08a1 284 }
4c6d8064
RK		 285 // Password reset requested.
286 if (array_key_exists('pwd', $_POST) && array_key_exists('reset', $_POST) && array_key_exists('tcode', $_POST)) {
287 // If not logged in, a password reset needs to have the proper vcode set.
288 if (!$session['logged_in'] && (!strlen(@$_POST['vcode']) || ($_POST['vcode'] != $user['verify_hash']))) {
289 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
290 }
291 // If not logged in, a password reset also needs to have the proper email set.
292 if (!$session['logged_in'] && !count($errors) && (@$_POST['email_hidden'] != $user['email'])) {
293 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
294 }
295 // Check validity of time code.
296 if (!count($errors) && !$utils->verifyTimeCode($_POST['tcode'], $session)) {
297 $errors[] = _('Password reset failed. The reset form you used was not valid. Possibly it has expired and you need to initiate the password reset again.');
298 }
299 $errors += $utils->checkPasswordConstraints(strval($_POST['pwd']), $user['email']);
300 if (!count($errors)) {
301 $newHash = $utils->pwdHash($_POST['pwd']);
302 $result = $db->prepare('UPDATE `auth_users` SET `pwdhash` = :pwdhash, `verify_hash` = \'\' WHERE `id` = :userid;');
303 if (!$result->execute(array(':pwdhash' => $newHash, ':userid' => $session['user']))) {
304 $utils->log('pwd_reset_failure', 'user: '.$session['user']);
305 $errors[] = _('Password reset failed. Please <a href="https://www.kairo.at/contact">contact KaiRo.at</a> and tell the team about this.');
306 }
307 else {
308 $pagetype = 'reset_done';
309 }
310 }
b19743bc 311 }
d26d08a1
RK		 312 }
313}
314
315if (!count($errors)) {
b19743bc
RK		 316 if ($pagetype == 'verification_sent') {
317 $para = $body->appendElement('p', sprintf(_('An email for confirmation has been sent to %s. Please follow the link provided there to complete the process.'), $user['email']));
318 $para->setAttribute('class', 'verifyinfo pending');
319 }
89975cb9
RK		 320 elseif ($pagetype == 'resetmail_sent') {
321 $para = $body->appendElement('p',
322 _('An email has been sent to the requested account with further information. If you do not receive an email then please confirm you have entered the same email address used during account registration.'));
323 $para->setAttribute('class', 'resetinfo pending');
324 }
b19743bc
RK		 325 elseif ($pagetype == 'resetstart') {
326 $para = $body->appendElement('p', _('If you forgot your password or didn\'t receive the registration confirmation, please enter your email here.'));
327 $para->setAttribute('class', '');
77f0f9ff 328 $form = $body->appendForm('./?reset', 'POST', 'resetform');
b19743bc
RK		 329 $form->setAttribute('id', 'loginform');
330 $form->setAttribute('class', 'loginarea hidden');
331 $ulist = $form->appendElement('ul');
332 $ulist->setAttribute('class', 'flat login');
333 $litem = $ulist->appendElement('li');
334 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email');
335 $inptxt->setAttribute('autocomplete', 'email');
336 $inptxt->setAttribute('required', '');
337 $inptxt->setAttribute('placeholder', _('Email'));
338 $litem = $ulist->appendElement('li');
ac442755 339 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
b19743bc
RK		 340 $submit = $litem->appendInputSubmit(_('Send instructions to email'));
341 }
342 elseif ($pagetype == 'resetpwd') {
89975cb9 343 $para = $body->appendElement('p', sprintf(_('You can set a new password for %s here.'), $user['email']));
b19743bc 344 $para->setAttribute('class', '');
77f0f9ff 345 $form = $body->appendForm('./', 'POST', 'newpwdform');
b19743bc
RK		 346 $form->setAttribute('id', 'loginform');
347 $form->setAttribute('class', 'loginarea hidden');
348 $ulist = $form->appendElement('ul');
349 $ulist->setAttribute('class', 'flat login');
350 $litem = $ulist->appendElement('li');
e876642c
RK		 351 $litem->setAttribute('class', 'donotshow');
352 $inptxt = $litem->appendInputEmail('email_hidden', 30, 20, 'login_email', $user['email']);
353 $inptxt->setAttribute('autocomplete', 'email');
354 $inptxt->setAttribute('placeholder', _('Email'));
355 $litem = $ulist->appendElement('li');
b19743bc
RK		 356 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
357 $inptxt->setAttribute('required', '');
358 $inptxt->setAttribute('placeholder', _('Password'));
359 $inptxt->setAttribute('class', 'login');
360 $litem = $ulist->appendElement('li');
e876642c 361 $litem->appendInputHidden('reset', '');
ac442755 362 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
89975cb9
RK		 363 if (!$session['logged_in'] && strlen(@$user['verify_hash'])) {
364 $litem->appendInputHidden('vcode', $user['verify_hash']);
365 }
b19743bc
RK		 366 $submit = $litem->appendInputSubmit(_('Save password'));
367 }
368 elseif ($session['logged_in']) {
e876642c
RK		 369 if ($pagetype == 'reset_done') {
370 $para = $body->appendElement('p', _('Your password has successfully been reset.'));
371 $para->setAttribute('class', 'resetinfo done');
372 }
d26d08a1
RK		 373 $div = $body->appendElement('div', $user['email']);
374 $div->setAttribute('class', 'loginheader');
375 $div = $body->appendElement('div');
376 $div->setAttribute('class', 'loginlinks');
b19743bc
RK		 377 $ulist = $div->appendElement('ul');
378 $ulist->setAttribute('class', 'flat');
379 $litem = $ulist->appendElement('li');
77f0f9ff 380 $link = $litem->appendLink('./?logout', _('Log out'));
b19743bc 381 $litem = $ulist->appendElement('li');
77f0f9ff 382 $litem->appendLink('./?reset', _('Set new password'));
d26d08a1
RK		 383 }
384 else { // not logged in
b19743bc
RK		 385 if ($pagetype == 'verification_done') {
386 $para = $body->appendElement('p', _('Hooray! Your email was successfully confirmed! You can log in now.'));
387 $para->setAttribute('class', 'verifyinfo done');
388 }
e876642c
RK		 389 elseif ($pagetype == 'reset_done') {
390 $para = $body->appendElement('p', _('Your password has successfully been reset. You can log in now with the new password.'));
391 $para->setAttribute('class', 'resetinfo done');
392 }
77f0f9ff 393 $form = $body->appendForm('./', 'POST', 'loginform');
d26d08a1
RK		 394 $form->setAttribute('id', 'loginform');
395 $form->setAttribute('class', 'loginarea hidden');
396 $ulist = $form->appendElement('ul');
397 $ulist->setAttribute('class', 'flat login');
398 $litem = $ulist->appendElement('li');
399 $inptxt = $litem->appendInputEmail('email', 30, 20, 'login_email', (intval($user['id'])?$user['email']:''));
400 $inptxt->setAttribute('autocomplete', 'email');
401 $inptxt->setAttribute('required', '');
402 $inptxt->setAttribute('placeholder', _('Email'));
403 $inptxt->setAttribute('class', 'login');
404 $litem = $ulist->appendElement('li');
405 $inptxt = $litem->appendInputPassword('pwd', 20, 20, 'login_pwd', '');
b19743bc 406 $inptxt->setAttribute('required', '');
d26d08a1
RK		 407 $inptxt->setAttribute('placeholder', _('Password'));
408 $inptxt->setAttribute('class', 'login');
409 $litem = $ulist->appendElement('li');
77f0f9ff 410 $litem->appendLink('./?reset', _('Forgot password?'));
b19743bc 411 $litem = $ulist->appendElement('li');
d26d08a1
RK		 412 $cbox = $litem->appendInputCheckbox('remember', 'login_remember', 'true', false);
413 $cbox->setAttribute('class', 'logincheck');
414 $label = $litem->appendLabel('login_remember', _('Remember me'));
415 $label->setAttribute('id', 'rememprompt');
416 $label->setAttribute('class', 'loginprompt');
417 $litem = $ulist->appendElement('li');
ac442755 418 $litem->appendInputHidden('tcode', $utils->createTimeCode($session));
e876642c 419 $submit = $litem->appendInputSubmit(_('Log in / Register'));
d26d08a1
RK		 420 $submit->setAttribute('class', 'loginbutton');
421 }
422}
423
424if (count($errors)) {
425 $body->appendElement('p', ((count($errors) <= 1)
426 ?_('The following error was detected')
427 :_('The following errors were detected')).':');
428 $list = $body->appendElement('ul');
429 $list->setAttribute('class', 'flat warn');
430 foreach ($errors as $msg) {
431 $item = $list->appendElement('li', $msg);
432 }
b19743bc 433 $body->appendButton(_('Back'), 'history.back();');
133aecbe
RK		 434}
435
436// Send HTML to client.
437print($document->saveHTML());
438?>
OAuth2-capable authorization/login server