1<?php 2/** 3 * @package tikiwiki 4 */ 5// (c) Copyright by authors of the Tiki Wiki CMS Groupware Project 6// 7// All Rights Reserved. See copyright.txt for details and a complete list of authors. 8// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details. 9// $Id$ 10$inputConfiguration = [ 11 [ 'staticKeyFilters' => [ 12 'user' => 'text', 13 ] ] 14]; 15 16require_once('tiki-setup.php'); 17$access->check_feature(['validateUsers','validateRegistration'], '', 'login', true); 18$isvalid = false; 19if (isset($_REQUEST["user"])) { 20 if (isset($_REQUEST["pass"])) { 21 if (empty($_REQUEST['pass']) && $tiki_p_admin_users === 'y') {// case: user invalidated his account with wrong password- no email was sent - admin must reactivate 22 $userlib->change_user_waiting($_REQUEST['user'], null); 23 $userlib->set_unsuccessful_logins($_REQUEST['user'], 0); 24 $smarty->assign('msg', tra("Account validated successfully.")); 25 $smarty->assign('mid', 'tiki-information.tpl'); 26 $smarty->display("tiki.tpl"); 27 die; 28 } elseif (! empty($_SESSION['last_validation'])) { 29 if ($_SESSION['last_validation']['actpass'] == $_REQUEST["pass"] && $_SESSION['last_validation']['user'] == $_REQUEST["user"]) { 30 list($isvalid, $_REQUEST["user"], $error) = $userlib->validate_user($_REQUEST["user"], $_SESSION['last_validation']['actpass'], true); 31 } else { 32 $_SESSION['last_validation'] = null; 33 } 34 } 35 if (! $isvalid) { 36 list($isvalid, $_REQUEST["user"], $error) = $userlib->validate_user($_REQUEST["user"], $_REQUEST["pass"], true); 37 $_SESSION['last_validation'] = $isvalid ? ['user' => $_REQUEST["user"], 'actpass' => $_REQUEST["pass"]] : null; 38 } 39 } else { 40 $error = PASSWORD_INCORRECT; 41 } 42} else { 43 $error = USER_NOT_FOUND; 44} 45 46// disallow robots to index page: 47$smarty->assign('metatag_robots', 'NOINDEX, NOFOLLOW'); 48$userAutoLoggedIn = false; 49if ($isvalid) { 50 $wasAdminValidation = false; 51 $info = $userlib->get_user_info($_REQUEST['user']); 52 if ($info['waiting'] == 'a' && $prefs['validateUsers'] == 'y') { // admin validating -> need user email validation now 53 $userlib->send_validation_email($_REQUEST['user'], $info['valid'], $info['email'], '', 'y'); 54 $userlib->change_user_waiting($_REQUEST['user'], 'u'); 55 $wasAdminValidation = true; 56 $logslib->add_log('register', 'admin validation ' . $_REQUEST['user']); 57 } elseif ($info['waiting'] == 'a' && $prefs['validateRegistration'] == 'y') { //admin validating -> user can log in 58 $userlib->confirm_user($_REQUEST['user']); 59 $foo = parse_url($_SERVER["REQUEST_URI"]); 60 $foo1 = str_replace('tiki-login_validate', 'tiki-login_scr', $foo['path']); 61 $machine = $tikilib->httpPrefix(true) . $foo1; 62 $smarty->assign('mail_machine', $machine); 63 $smarty->assign('mail_site', $_SERVER['SERVER_NAME']); 64 $smarty->assign('mail_user', $_REQUEST['user']); 65 $email = $userlib->get_user_email($_REQUEST['user']); 66 include_once("lib/webmail/tikimaillib.php"); 67 $mail = new TikiMail(); 68 $mail->setText($smarty->fetch('mail/moderate_activation_mail.tpl')); 69 $mail->setSubject($smarty->fetch('mail/moderate_activation_mail_subject.tpl')); 70 $mail->send([$email]); 71 $logslib->add_log('register', 'validated account ' . $_REQUEST['user']); 72 } elseif (empty($user)) { 73 $userlib->confirm_user($_REQUEST['user']); 74 if ($info['pass_confirm'] == 0) { 75 if (! empty($info['provpass'])) { 76 $_SESSION['last_validation']['pass'] = $info['provpass']; 77 } 78 if (! empty($_SESSION['last_validation']['pass'])) { 79 $smarty->assign('oldpass', $_SESSION['last_validation']['pass']); 80 } 81 $smarty->assign('new_user_validation', 'y'); 82 $smarty->assign('userlogin', $_REQUEST['user']); 83 if ($prefs['login_is_email'] === 'y') { 84 $smarty->assign('email', $_REQUEST['user']); 85 } else { 86 $smarty->assign('email', $info['email']); 87 } 88 $smarty->assign('mid', 'tiki-change_password.tpl'); 89 $smarty->display("tiki.tpl"); 90 die; 91 } else { 92 $user = $_REQUEST['user']; 93 $userAutoLoggedIn = true; 94 $_SESSION["$user_cookie_site"] = $user; 95 TikiLib::lib('menu')->empty_menu_cache(); 96 } 97 } 98 99 if ($language = $tikilib->get_user_preference($user, 'language')) { 100 setLanguage($language); 101 } 102 103 if (! empty($prefs['url_after_validation']) && ! $wasAdminValidation) { 104 $target = $prefs['url_after_validation']; 105 $access->redirect($target); 106 } elseif ($userAutoLoggedIn == true) { 107 $access->redirect($prefs['tikiIndex'], tra("Account validated successfully.")); 108 } else { 109 $smarty->assign('msg', tra("Account validated successfully.")); 110 $smarty->assign('mid', 'tiki-information.tpl'); 111 $smarty->display("tiki.tpl"); 112 die; 113 } 114} else { 115 if ($error == PASSWORD_INCORRECT) { 116 $error = tra("Invalid username or password"); 117 } elseif ($error == USER_NOT_FOUND) { 118 $error = tra("Invalid username or password"); 119 } elseif ($error == ACCOUNT_DISABLED) { 120 $error = tra("Account requires administrator approval"); 121 } elseif ($error == USER_AMBIGOUS) { 122 $error = tra("You must use the right case for your username"); 123 } elseif ($error == USER_PREVIOUSLY_VALIDATED) { 124 $error = tra('You have already validated your account. Please log in.'); 125 if ($prefs['forgotPass'] === 'y') { 126 $error .= '<br>' . tr( 127 'Or click %0here%1 to reset your password', 128 '<a href="tiki-remind_password.php" class="alert-link">', '</a>' 129 ); 130 } 131 } elseif ($error == EMAIL_AMBIGUOUS) { 132 $error = tra("There is more than one user account with this email. Please contact the administrator."); 133 } else { 134 $error = tra('Invalid username or password'); 135 } 136 $smarty->assign('errortype', 'no_redirect_login'); 137 $smarty->assign('msg', $error); 138 $smarty->display("error.tpl"); 139} 140