<?php
session_start();
ob_start();
// INCLUDES
require_once("include/defines.php");
require_once("include/error.php");
require_once("include/html.php");
require_once("modules/project.php");
require_once("modules/user.php");
require_once("db_mysql/db.php");
require_once("db_mysql/table_user.php");
date_default_timezone_set( DATE_DEFAULT_TIMEZONE );
if( ! isset( $_SESSION["failed_login_counter"] ) )
$_SESSION["failed_login_counter"] = 0;
if( isset( $_SESSION["failed_login_time"] ) )
{
if( date("H") * 60 + date("i") - $_SESSION["failed_login_time"] >
FAILING_LOGINS_MINUTES_BLOCKED )
{
$_SESSION["failed_login_counter"] = 0;
unset( $_SESSION["failed_login_time"] );
}
}
// ***************************************************************************
// for refreshing the HTML form
// ***************************************************************************
function refresh( $user, $pwd, $project, $role = "",
$login_button = NO_LOGIN_BUTTON , $error = "" )
{
$form = file_get_contents("index.tpl");
if( isset( $_GET["error"] ) ) $error = getFailures( intval( $_GET["error"] ) );
elseif( $error != "" ) $error = "<BR><div id=error>".$error."</div>";
$form = str_replace( "###ERROR###", $error, $form );
$form = str_replace( "###NAME###", $user, $form );
$form = str_replace( "###PASSWORD###", $pwd, $form );
$form = str_replace( "###PROJECTS###", $project, $form );
$form = str_replace( "###ROLES###", $role, $form );
$form = str_replace( "###LOGIN_BUTTON###", $login_button, $form );
$form = str_replace( "###VERSION###", VERSION_AND_DATE, $form );
$contact_email = "mailto:".CONTACT_EMAIL."?subject=".CONTACT_SUBJECT.
"&body=".CONTACT_BODY;
$contact_email = str_replace( " ", "%20", $contact_email );
$form = str_replace( "###CONTACT###", $contact_email, $form );
return $form;
} // refresh
// ***************************************************************************
// *** Index script is starting here...
// ***************************************************************************
// buttons and fields
define("LOGIN_BUTTON", "<input name=\"submit\" type=\"submit\" class=\"button\" value=\"Log in\" />");
define("NO_LOGIN_BUTTON", "<input name=\"no_login_button\" type=\"reset\" class=\"button_without_border\" value=\"\" />");
define("USER_INPUT_FIELD", "<input name=\"name\" type=\"text\" size=\"20\" maxlength=\"".USER_NAME_MAX_LENGTH."\" />");
define("PW_INPUT_FIELD", "<input name=\"pwd\" type=\"password\" size=\"20\" />");
// Variable $html_form will have the content (in HTML)
// for the login page to be shown
$html_form = "NOT DEFINED !!!";
// Now check the input data
if( ! isset( $_POST["reset_button"] ) &&
$_SESSION["failed_login_counter"] < AMOUNT_OF_ALLOWED_FAILING_LOGINS )
{
if( isset( $_POST["submit"] ) )
{ // Data was submitted!
// Check if ROOT is logging in
if( isset( $_POST["name"] ) && $_POST["name"] == USER_NAME_ROOT )
{
if( isset( $_POST["pwd"] ) && $_POST["pwd"] )
{
// Okay, ROOT is logging in!
$_SESSION["name"] = $_POST["name"];
$_SESSION["pw"] = $_POST["pwd"];
$db_return = db_connect( FALSE ); // FALSE=do not die, get error
if( $db_return == ERR_NOT_LOGGED_IN &&
stristr( mysql_error(), "Unknown database '".MYSQL_DATABASE."'" ) )
{
// Database and probably standard user do not exist yet, create them
$error_text = "";
if( MYSQL_USER != MYSQL_ROOT &&
! db_checkIfDbUserExists( MYSQL_USER ) )
{
// "Standard" user doesn't exist -> therefore let's create him!
$error_text = db_createDbUser( MYSQL_SERVER, MYSQL_USER,
MYSQL_PASSWORD );
if( $error_text != "" )
$html_form = refresh(
USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON, $error_text );
}
if( $error_text == "" && ! db_checkIfDbExists( MYSQL_DATABASE ) )
{
// DB doesn't exist -> therefore let's create it!
$error_text = db_createDb( MYSQL_DATABASE );
if( $error_text != "" )
$html_form = refresh(
USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON, $error_text );
}
if( $error_text == "" )
{
$html_form = refresh(
USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON,
"Successfully created new MySQL standard user and ".
"DB.<br /><br />Please login again as root ".
"to create ISTT projects and user." );
}
}
elseif( $db_return == NO_ERROR )
{
// ***************************************************************
// Database connected successfully OR DB created successfully
// ***************************************************************
$_SESSION["user_name"] = $_POST["name"];
$_SESSION["user_id"] = USER_NAME_ROOT;
$_SESSION["user_roleID"] = ROLE_ID_ROOT;
// Delete other session data
unset( $_SESSION["project"] );
unset( $_SESSION["user_pwd"] );
unset( $_SESSION["user_email"] );
unset( $_SESSION["user_roleBegin"] );
unset( $_SESSION["user_roleEnd"] );
unset( $_SESSION["failed_login_counter"] );
header ("Location: ./root.php");
// ***************************************************************
} // if( mysql_connect(MYSQL_SERVER, $_POST["name"], $_POST["pwd"]) )
elseif( $db_return == ERR_WRONG_PASSWORD ||
$db_return == ERR_NO_ACCESS )
{
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_INCORRECT_ROOT_PW );
$_SESSION["failed_login_counter"]++;
if( $_SESSION["failed_login_counter"] >=
AMOUNT_OF_ALLOWED_FAILING_LOGINS )
{
$myprojects = LOGIN_ERR_TOO_MANY_FAILED_LOGINS;
$_SESSION["failed_login_time"] = date("H") * 60 + date("i");
}
}
else
{
$html_form = refresh(
USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON,
sprintf(ERR_DB_CONNECT_ROOT_SPRINTF1,mysql_error()) );
}
}
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_ROOT_PW );
}
} // if( isset( $_POST["name"] ) && $_POST["name"] == USER_NAME_ROOT )
else
{
//----------------------------------------------------------------------
// Normal user is logging in!
//----------------------------------------------------------------------
$db_return = db_connect( FALSE ); // FALSE = do not die, get error
if( $db_return == NO_ERROR )
{
// DB is there -> Check if user login data was submitted
if( ( ! isset( $_POST["name"] ) || ! $_POST["name"] ) &&
( ! isset( $_POST["pwd"] ) || ! $_POST["pwd"] ) )
{
// No input for user name and password
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_USERNAME_AND_PSW );
}
elseif( ( ! isset( $_POST["name"] ) || ! $_POST["name"] ) &&
( ! isset( $_SESSION["name"] ) || $_SESSION["name"] != USER_NAME_ROOT ) )
{
// No input for user name
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_USERNAME );
}
elseif( ! isset( $_POST["pwd"] ) || ! $_POST["pwd"] )
{
// No input for password
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_PASSWORD );
}
else
{
//------------------------------------------------------------------
// User login is tried -> check the data!
//------------------------------------------------------------------
// login data check TBD !!!
// Here assume everything was ok...
// Save user data
$_SESSION["name"] = $_POST["name"];
$_SESSION["input1"] = $_POST["name"];
$_SESSION["pw"] = md5( $_POST["pwd"] );
// Delete other session data
$_SESSION["project"] = "";
$_SESSION["user_id"] = "";
$_SESSION["user_name"] = "";
$_SESSION["user_pwd"] = "";
$_SESSION["user_email"] = "";
$_SESSION["user_roleID"] = "";
$_SESSION["user_roleBegin"] = "";
$_SESSION["user_roleEnd"] = "";
// Ask now for the project
$myprojects = project_GetProjectsForUser( $_SESSION["name"],
$_SESSION["pw"] );
if( is_array( $myprojects ) )
{
if( count( $myprojects ) > 1 )
{
sort( $myprojects );
$projects = "<tr>
<td>Project:</td>
<td><select name=\"selectedproject\" size=\"1\"
onchange=\"submit()\">
<option>- please select -</option>";
$count = count( $myprojects ); // NEVER USE COUNT() IN CYCLES!
for( $i = 0; $i < $count; $i++ )
{
$projects.="<option>".$myprojects[$i]."</option>";
} //for
$projects.="</select></td></tr>";
$html_form = refresh( htmlspecialchars($_SESSION["input1"]),
"*****", $projects );
}
elseif( count($myprojects) == 1 )
{
$_SESSION["project"] = $myprojects[0];
}
else
{
// Access denied!!!
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_ACCESS_DENIED);
}
// As login was successful clear the failed login counter
unset( $_SESSION["failed_login_counter"] );
}
else
{ // $myprojects includes an error string!
if( $myprojects == ERR_DB_NO_PROJECT_FOR_USER )
{
$myprojects = LOGIN_ERR_WRONG_LOGIN;
}
$_SESSION["failed_login_counter"]++;
if( $_SESSION["failed_login_counter"] >=
AMOUNT_OF_ALLOWED_FAILING_LOGINS )
{
$myprojects = LOGIN_ERR_TOO_MANY_FAILED_LOGINS;
$_SESSION["failed_login_time"] = date("H") * 60 + date("i");
}
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON, $myprojects );
}
} // else User login data available
} // if( db_connect() )
elseif( $db_return == ERR_NO_ACCESS )
{
$html_form = refresh(
USER_INPUT_FIELD, PW_INPUT_FIELD,
"", "", LOGIN_BUTTON,
sprintf(ERR_DB_GRANT_ACCESS_SPRINTF1, mysql_error()) );
}
else
{ // NO DB available !
$html_form = refresh( USER_INPUT_FIELD, PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_DB );
}
} // else if ( root logs in )
} // if( isset( $_POST["submit"] ) )
else
{
// Show the login page again (e.g. after reload)
$html_form = refresh(USER_INPUT_FIELD,PW_INPUT_FIELD,"","",LOGIN_BUTTON);
}
//------------------------------------------------------------------
// User login DONE, now check if a project is selected...
//------------------------------------------------------------------
if( isset( $_SESSION["name"] ) && $_SESSION["name"] &&
$_SESSION["name"] != USER_NAME_ROOT &&
isset( $_SESSION["pw"] ) && $_SESSION["pw"] &&
( ( isset( $_POST["selectedproject"] ) && $_POST["selectedproject"] ) ||
( isset( $_SESSION["project"] ) && $_SESSION["project"] ) ) )
{
if( isset( $_POST["selectedproject"] ) && $_POST["selectedproject"] &&
! $_SESSION["project"] )
{
// Project was selected by the list
$_SESSION["project"] = $_POST["selectedproject"];
}
//------------------------------------------------------------------------
// Project available, prepare to select the role
//------------------------------------------------------------------------
$data = table_user_FetchBy_name_password( $_SESSION["name"],
$_SESSION["pw"] );
if( is_array( $data ) )
{
$myroles = array();
$count = count( $data ); // NEVER USE COUNT() IN CYCLES!
for( $i = 0; $i < $count; $i++ )
{
array_unshift( $myroles,
user_ID2role( $data[$i][TABLE_USER_ROLEID] ) );
}
if( count( $myroles ) != 0 )
{
if( count( $myroles ) == 1 )
{
// just one role available, therefore directly select it
$_SESSION["user_roleID"] = user_role2ID( $myroles[0] );
}
else
{
// sort( $myroles );
$role_html="<tr>
<td>Role:</td><td>
<select name=\"selected_role\" size=\"1\" onchange=\"submit()\">
<option>- please select -</option>";
$count = count( $myroles ); // NEVER USE COUNT() IN CYCLES!
for( $i = 0; $i < $count; $i++ )
{
$role_html.="<option>".$myroles[$i]."</option>";
} // for
$role_html.="</select>
</td>
</tr>";
$html_form = refresh(
htmlspecialchars( $_SESSION["input1"] ),
"*****",
"<tr><td>Project:</td><td>".$_SESSION["project"]."</td></tr>",
$role_html );
}
} // if( count( $myroles ) != 0 )
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_NO_ROLE );
}
} // if( is_array( $data ) )
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, getFailures( $data ) );
}
}
//------------------------------------------------------------------
// Project selection DONE, now check if a role is selected...
//------------------------------------------------------------------
if( isset( $_SESSION["name"] ) && $_SESSION["name"] &&
$_SESSION["name"] != USER_NAME_ROOT &&
isset( $_SESSION["pw"] ) && $_SESSION["pw"] &&
isset( $_SESSION["project"] ) && $_SESSION["project"] &&
( ( isset( $_POST["selected_role"] ) && $_POST["selected_role"] ) ||
( isset( $_SESSION["user_roleID"] ) && $_SESSION["user_roleID"] ) ) )
{
//------------------------------------------------------------------------
// Role available, check it...
//------------------------------------------------------------------------
if( isset( $_POST["selected_role"] ) && $_POST["selected_role"] &&
! $_SESSION["user_roleID"] )
{
// Role was selected by the list
$_SESSION["user_roleID"] = user_role2ID( $_POST["selected_role"] );
}
$data = table_user_FetchOneBy_name_roleID( $_SESSION["name"],
$_SESSION["user_roleID"] );
if( is_array( $data ) && count( $data ) )
{
$_SESSION["user_id"] = $data[ TABLE_USER_ID ];
$_SESSION["user_name"] = $data[ TABLE_USER_NAME ];
$_SESSION["user_pwd"] = $data[ TABLE_USER_PASSWORD ];
$_SESSION["user_email"] = $data[ TABLE_USER_EMAIL ];
$_SESSION["user_roleBegin"] = $data[ TABLE_USER_ROLEBEGIN ];
$_SESSION["user_roleEnd"] = $data[ TABLE_USER_ROLEEND ];
if( $_SESSION["user_roleEnd"] == "0000-00-00" ) // Empty in DB
{
$_SESSION["user_roleEnd"] = "";
}
if( user_EndDateValid( $_SESSION["user_roleEnd"] ) == TRUE )
{
$login_date = date("Y-m-d H:i:s");
table_user_UpdateLogin( $_SESSION["user_id"], $login_date );
if( $_SESSION["user_roleID"] == ROLE_ID_TEST_MANAGER )
{
header ("Location: ./manager.php");
}
else
{
header( "Location: ./".
strtolower( user_ID2role ( $_SESSION["user_roleID"] ) ).
".php");
}
}
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_ACCOUNT_EXPIRED );
} // else
}
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON,
"Got several user for this name and role!!!" );
}
}
} // if( ! isset( $_POST["reset_button"] ) )
elseif( isset( $_POST["reset_button"] ) )
{
// We got a reset...
unset( $_SESSION["name"] );
unset( $_SESSION["pw"] );
unset( $_SESSION["project"] );
unset( $_SESSION["user_id"] );
unset( $_SESSION["user_name"] );
unset( $_SESSION["user_pwd"] );
unset( $_SESSION["user_email"] );
unset( $_SESSION["user_roleID"] );
unset( $_SESSION["user_roleBegin"] );
unset( $_SESSION["user_roleEnd"] );
header( "Location: index.php" ); // To get rid of errors in the URL etc.
}
else
{
$html_form = refresh( USER_INPUT_FIELD,PW_INPUT_FIELD, "", "",
LOGIN_BUTTON, LOGIN_ERR_TOO_MANY_FAILED_LOGINS );
}
// Output
echo $html_form."<br />";
?>
