1<?php
2/* $Id: index.php,v 1.139 2004/05/24 13:52:37 liedekef Exp $ */
3
4// This line is not standard module a line...do not use it elsewhere
5// --------------------------------------------------------------------
6if(!file_exists("config.inc.php")) exit("<html><head><title>Error</title><link rel='stylesheet' type='text/css' href='./setup/templates/default/css/setup.css'></head><body bgcolor='#c8c9d4'><table align='center' width='500'><tr><td><br /><table border='0' cellpadding='6' cellspacing='1' bgcolor='black'><tr><td align='center' bgcolor='#ededed'style='font: 12px Arial;'><strong>ERROR</strong></td></tr><tr><td bgcolor='#ededed'style='font: 12px Arial;'><br />Please <a href='setup/index.php'>run setup</a> first.<br /><br />Have a <a href='docs/html/en/index.html'>look at the manual</a> for more information. Chances are, that you need to <a href='http://www.moregroupware.org/manual/mgw-manual-en.tar.gz'>download</a> it first - or <a href='http://www.moregroupware.org/manual/en/index.html'>read it online</a>.</td></tr></table></td></tr></table></body></html>");
7// --------------------------------------------------------------------
8
9$myEnv["module"] = "general";
10$myEnv["output"] = "html";
11$myEnv["translate"] = true;
12$myEnv["stdsmenu"] = false;
13$myEnv["auth"] = false;
14
15include('config.inc.php');
16include(INCLUDEPATH ."container.inc.php");
17
18$num = 0;
19$conn = connect_database();
20
21// change language setting
22if($_SERVER["REQUEST_METHOD"] == "POST"){
23    $loginlang = $_POST["language"];
24    $lsql = "SELECT charset FROM mgw_languages WHERE langcode=".$conn->QMagic($_POST["language"]);
25    if (!$lres = $conn->Execute($lsql)) exit(showSQLerror($lsql, $conn->ErrorMsg(), __LINE__, __FILE__));
26    $lrow = $lres->FetchRow();
27    $logincharset = $lrow["charset"];
28}
29else{
30    $loginlang = $appconf["def_language"];
31    $logincharset = $appconf["def_charset"];
32}
33Lang::setLocaledText($loginlang,"general");
34if (!$appconf["encrypt_pwd"]) { $smarty->assign("encrypt_pwd","hex_md5"); }
35// send header for used charset
36header('Content-Type: text/html; charset='.$logincharset);
37$smarty->assign("charset",$logincharset);
38
39// logout
40if(isset($_GET["view"]) && $_GET["view"]=="logout"){
41    $_SESSION = array();
42    $_SESSION["MGW"]= new MGW();
43    session_destroy();
44}
45
46// NTLM auth
47elseif (isset($_SERVER["REMOTE_USER"]) && $appconf["use_ntlm_auth"]) {
48    // FIXME move NTLM auth code into this file, might make more
49    // sense?!?
50    redirect("index_ntlm.php");
51}
52
53// already logged in
54elseif (isset($_SESSION['MGW']) && isset($_SESSION['MGW']->userid) && !empty($_SESSION["MGW"]->userid) && !isset($_POST["login"])) {
55    redirect(ROOTURL."modules/".$_SESSION["MGW"]->settings["def_module"]."/index.php?".SID);
56}
57
58// process login
59elseif (isset($_POST["login"])) {
60    $row = false;
61    $login = $_POST["login"];
62    $password = (isset($_POST["password"]) ? $_POST["password"] : "");
63    $encrypted_pwd = (isset($_POST["encrypted_pwd"]) ? $_POST["encrypted_pwd"] : "");
64
65    // check for user being in the database
66    $sql = "SELECT id, is_ldap FROM mgw_users WHERE username=".$conn->QMagic($login);
67    if (($res = $conn->GetRow($sql))===false) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
68
69    if (isset($res['is_ldap']) && $res['is_ldap']==0)
70	// we want to use SQL auth for this user (enable admin from db)
71	include(INCLUDEPATH ."Auth/sql.inc.php");
72    else
73	// use the preferred auth method
74	include(INCLUDEPATH ."Auth/". $appconf["auth_method"] . ".inc.php");
75
76    if (count($res)==0) { //the username is not present in the database
77	if (isset($appconf["create_accounts_on_login"]) && $appconf["create_accounts_on_login"]) {
78	    if (authentify_user($login, $password, $encrypted_pwd)) {
79		//user does not exists, but was authentified
80		//lets create an account for this user if create_accounts_on_login
81		// is defined in the config
82		create_user_account_on_login($login);
83		$row = get_user_info($login);
84	    }
85	}
86	else { //the user is not allow to create a new account
87	    $smarty->assign('loginerrortext', Lang::getLanguageString("loginerror"));
88	}
89    }
90    elseif(authentify_user($login, $password, $encrypted_pwd)) {
91	$row = get_user_info($login);
92    }
93    else{
94	$smarty->assign('loginerrortext', Lang::getLanguageString("loginerror"));
95    }
96
97    if(is_array($row)) {
98        // Login sucessful
99        $_SESSION = array();
100        $_SESSION["MGW"]= new MGW();
101
102        $_SESSION["lastin"] = $conn->UnixTimeStamp($row["lastin"]);
103        $sql = "UPDATE mgw_users SET lu_date=lu_date, lastin=".$conn->DBTimeStamp(time())." WHERE id=".(int)$row["id"];
104        if (!$conn->Execute($sql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
105
106        $_SESSION["checkip"] = (isset($_POST["checkip"]) && $_POST["checkip"]==1) ? 1 : 0;
107        $_SESSION["remoteip"] = get_remote_addr();
108        $_SESSION["http_user_agent"] = $_SERVER["HTTP_USER_AGENT"];
109        if($row["lang"] != "login"){
110            $_SESSION["MGW"]->spkz = $row["lang"];
111            $_SESSION["MGW"]->charset = $row["charset"];
112        }
113        else{
114            $_SESSION["MGW"]->spkz = $_POST["language"];
115            $lsql = "SELECT charset FROM mgw_languages WHERE langcode=".$conn->QMagic($_POST["language"]);
116            if (!$lres = $conn->Execute($lsql)) exit(showSQLerror($sql, $conn->ErrorMsg(), __LINE__, __FILE__));
117            $lrow = $lres->FetchRow();
118            $_SESSION["MGW"]->charset = $lrow["charset"];
119        }
120        $_SESSION["MGW"]->fullusername = $row["firstname"] . " " . $row["lastname"];
121	$_SESSION["MGW"]->email = $row["email"];
122        $_SESSION["MGW"]->username = $row["username"];
123        $_SESSION["MGW"]->userid   = $row["id"];
124        $_SESSION["MGW"]->login = $login;
125        $_SESSION["MGW"]->password = $password;
126        $_SESSION["MGW"]->modules = array();
127        $_SESSION["MGW"]->modules = getInstalledModules();
128        $_SESSION["MGW"]->groups = get_user_groups();
129	$_SESSION["MGW"]->groups_names = get_user_groups_names();
130        $_SESSION["MGW"]->browser = browser_detect();
131        $smarty->assign("charset", $_SESSION["MGW"]->charset);
132
133        getUserSettings();
134
135        redirect("modules/".$_SESSION["MGW"]->settings["def_module"]."/index.php?".SID);
136    }
137    // Login not successfull
138    else {
139	$_SESSION = array();
140	$_SESSION['MGW']=new MGW();
141	$smarty->assign('loginerrortext', Lang::getLanguageString("loginerror"));
142    }
143}
144
145// plain GET request, no logout, no login
146include(INCLUDEPATH . "mSelectBox.class.php");
147
148$lsb = new mSelectBox("language");
149$lsb->setContentType("sql");
150$lsb->setSQLvalue("langcode");
151$lsb->setSQLcontent("description");
152$lsb->addContent("SELECT langcode, description FROM mgw_languages ORDER BY description");
153$smarty->assign("lsb", $lsb->draw($loginlang, 'onchange="document.f1.submit()"'));
154
155$smarty->display("login.tpl");
156?>
157