1<?php
2/**
3 * @package tikiwiki
4 */
5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project
6//
7// All Rights Reserved. See copyright.txt for details and a complete list of authors.
8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
9// $Id$
10$inputConfiguration = [
11	[ 'staticKeyFilters' => [
12		'user' => 'text',
13	] ]
14];
15
16require_once('tiki-setup.php');
17$access->check_feature(['validateUsers','validateRegistration'], '', 'login', true);
18$isvalid = false;
19if (isset($_REQUEST["user"])) {
20	if (isset($_REQUEST["pass"])) {
21		if (empty($_REQUEST['pass']) && $tiki_p_admin_users === 'y') {// case: user invalidated his account with wrong password- no email was sent - admin must reactivate
22			$userlib->change_user_waiting($_REQUEST['user'], null);
23			$userlib->set_unsuccessful_logins($_REQUEST['user'], 0);
24			$smarty->assign('msg', tra("Account validated successfully."));
25			$smarty->assign('mid', 'tiki-information.tpl');
26			$smarty->display("tiki.tpl");
27			die;
28		} elseif (! empty($_SESSION['last_validation'])) {
29			if ($_SESSION['last_validation']['actpass'] == $_REQUEST["pass"] && $_SESSION['last_validation']['user'] == $_REQUEST["user"]) {
30				list($isvalid, $_REQUEST["user"], $error) = $userlib->validate_user($_REQUEST["user"], $_SESSION['last_validation']['actpass'], true);
31			} else {
32				$_SESSION['last_validation'] = null;
33			}
34		}
35		if (! $isvalid) {
36			list($isvalid, $_REQUEST["user"], $error) = $userlib->validate_user($_REQUEST["user"], $_REQUEST["pass"], true);
37			$_SESSION['last_validation'] = $isvalid ? ['user' => $_REQUEST["user"], 'actpass' => $_REQUEST["pass"]] : null;
38		}
39	} else {
40		$error = PASSWORD_INCORRECT;
41	}
42} else {
43	$error = USER_NOT_FOUND;
44}
45
46// disallow robots to index page:
47$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW');
48$userAutoLoggedIn = false;
49if ($isvalid) {
50	$wasAdminValidation = false;
51	$info = $userlib->get_user_info($_REQUEST['user']);
52	if ($info['waiting'] == 'a' && $prefs['validateUsers'] == 'y') { // admin validating -> need user email validation now
53		$userlib->send_validation_email($_REQUEST['user'], $info['valid'], $info['email'], '', 'y');
54		$userlib->change_user_waiting($_REQUEST['user'], 'u');
55		$wasAdminValidation = true;
56		$logslib->add_log('register', 'admin validation ' . $_REQUEST['user']);
57	} elseif ($info['waiting'] == 'a' && $prefs['validateRegistration'] == 'y') { //admin validating -> user can log in
58		$userlib->confirm_user($_REQUEST['user']);
59		$foo = parse_url($_SERVER["REQUEST_URI"]);
60		$foo1 = str_replace('tiki-login_validate', 'tiki-login_scr', $foo['path']);
61		$machine = $tikilib->httpPrefix(true) . $foo1;
62		$smarty->assign('mail_machine', $machine);
63		$smarty->assign('mail_site', $_SERVER['SERVER_NAME']);
64		$smarty->assign('mail_user', $_REQUEST['user']);
65		$email = $userlib->get_user_email($_REQUEST['user']);
66		include_once("lib/webmail/tikimaillib.php");
67		$mail = new TikiMail();
68		$mail->setText($smarty->fetch('mail/moderate_activation_mail.tpl'));
69		$mail->setSubject($smarty->fetch('mail/moderate_activation_mail_subject.tpl'));
70		$mail->send([$email]);
71		$logslib->add_log('register', 'validated account ' . $_REQUEST['user']);
72	} elseif (empty($user)) {
73		$userlib->confirm_user($_REQUEST['user']);
74		if ($info['pass_confirm'] == 0) {
75			if (! empty($info['provpass'])) {
76				$_SESSION['last_validation']['pass'] = $info['provpass'];
77			}
78			if (! empty($_SESSION['last_validation']['pass'])) {
79				$smarty->assign('oldpass', $_SESSION['last_validation']['pass']);
80			}
81			$smarty->assign('new_user_validation', 'y');
82			$smarty->assign('userlogin', $_REQUEST['user']);
83			if ($prefs['login_is_email'] === 'y') {
84				$smarty->assign('email', $_REQUEST['user']);
85			} else {
86				$smarty->assign('email', $info['email']);
87			}
88			$smarty->assign('mid', 'tiki-change_password.tpl');
89			$smarty->display("tiki.tpl");
90			die;
91		} else {
92			$user = $_REQUEST['user'];
93			$userAutoLoggedIn = true;
94			$_SESSION["$user_cookie_site"] = $user;
95			TikiLib::lib('menu')->empty_menu_cache();
96		}
97	}
98
99	if ($language = $tikilib->get_user_preference($user, 'language')) {
100		setLanguage($language);
101	}
102
103	if (! empty($prefs['url_after_validation']) && ! $wasAdminValidation) {
104		$target = $prefs['url_after_validation'];
105		$access->redirect($target);
106	} elseif ($userAutoLoggedIn == true) {
107		$access->redirect($prefs['tikiIndex'], tra("Account validated successfully."));
108	} else {
109		$smarty->assign('msg', tra("Account validated successfully."));
110		$smarty->assign('mid', 'tiki-information.tpl');
111		$smarty->display("tiki.tpl");
112		die;
113	}
114} else {
115	if ($error == PASSWORD_INCORRECT) {
116		$error = tra("Invalid username or password");
117	} elseif ($error == USER_NOT_FOUND) {
118		$error = tra("Invalid username or password");
119	} elseif ($error == ACCOUNT_DISABLED) {
120		$error = tra("Account requires administrator approval");
121	} elseif ($error == USER_AMBIGOUS) {
122		$error = tra("You must use the right case for your username");
123	} elseif ($error == USER_PREVIOUSLY_VALIDATED) {
124		$error = tra('You have already validated your account. Please log in.');
125		if ($prefs['forgotPass'] === 'y') {
126			$error .= '<br>' . tr(
127				'Or click %0here%1 to reset your password',
128				'<a href="tiki-remind_password.php" class="alert-link">', '</a>'
129			);
130		}
131	} elseif ($error == EMAIL_AMBIGUOUS) {
132		$error = tra("There is more than one user account with this email. Please contact the administrator.");
133	} else {
134		$error = tra('Invalid username or password');
135	}
136	$smarty->assign('errortype', 'no_redirect_login');
137	$smarty->assign('msg', $error);
138	$smarty->display("error.tpl");
139}
140