. */ namespace Fisharebest\Webtrees; use Fisharebest\Webtrees\Controller\PageController; use Fisharebest\Webtrees\Functions\Functions; use Rhumsaa\Uuid\Uuid; /** * Defined in session.php * * @global Tree $WT_TREE */ global $WT_TREE; define('WT_SCRIPT_NAME', 'login.php'); require './includes/session.php'; // If we are already logged in, then go to the “Home page” if (Auth::check() && $WT_TREE) { header('Location: ' . WT_BASE_URL); return; } $controller = new PageController; $action = Filter::post('action'); $user_realname = Filter::post('user_realname'); $user_name = Filter::post('user_name'); $user_email = Filter::postEmail('user_email'); $user_password01 = Filter::post('user_password01', WT_REGEX_PASSWORD); $user_password02 = Filter::post('user_password02', WT_REGEX_PASSWORD); $user_comments = Filter::post('user_comments'); $user_password = Filter::post('user_password'); $user_hashcode = Filter::post('user_hashcode'); $url = Filter::post('url'); // Not actually a URL - just a path $username = Filter::post('username'); $password = Filter::post('password'); // These parameters may come from the URL which is emailed to users. if (!$action) { $action = Filter::get('action'); } if (!$user_name) { $user_name = Filter::get('user_name'); } if (!$user_hashcode) { $user_hashcode = Filter::get('user_hashcode'); } if (!$url) { $url = Filter::get('url'); } $message = ''; switch ($action) { case 'login': try { if (!$_COOKIE) { Log::addAuthenticationLog('Login failed (no session cookies): ' . $username); throw new \Exception(I18N::translate('You cannot sign in because your browser does not accept cookies.')); } $user = User::findByIdentifier($username); if (!$user) { Log::addAuthenticationLog('Login failed (no such user/email): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->checkPassword($password)) { Log::addAuthenticationLog('Login failed (incorrect password): ' . $username); throw new \Exception(I18N::translate('The username or password is incorrect.')); } if (!$user->getPreference('verified')) { Log::addAuthenticationLog('Login failed (not verified by user): ' . $username); throw new \Exception(I18N::translate('This account has not been verified. Please check your email for a verification message.')); } if (!$user->getPreference('verified_by_admin')) { Log::addAuthenticationLog('Login failed (not approved by admin): ' . $username); throw new \Exception(I18N::translate('This account has not been approved. Please wait for an administrator to approve it.')); } Auth::login($user); Log::addAuthenticationLog('Login: ' . Auth::user()->getUserName() . '/' . Auth::user()->getRealName()); Auth::user()->setPreference('sessiontime', WT_TIMESTAMP); Session::put('locale', Auth::user()->getPreference('language')); Session::put('theme_id', Auth::user()->getPreference('theme')); I18N::init(Auth::user()->getPreference('language')); // We're logging in as an administrator if (Auth::isAdmin()) { // Check for updates $latest_version_txt = Functions::fetchLatestVersion(); if (preg_match('/^[0-9.]+\|[0-9.]+\|/', $latest_version_txt)) { list($latest_version, $earliest_version, $download_url) = explode('|', $latest_version_txt); if (version_compare(WT_VERSION, $latest_version) < 0) { FlashMessages::addMessage( I18N::translate('A new version of webtrees is available.') . ' ' . I18N::translate('Upgrade to webtrees %s.', '' . $latest_version . '') . '' ); } } } // If we were on a "home page", redirect to "my page" if ($url === '' || strpos($url, 'index.php?ctype=gedcom') === 0) { $url = 'index.php?ctype=user'; // Switch to a tree where we have a genealogy record (or keep to the current/default). $tree = Database::prepare( "SELECT gedcom_name FROM `##gedcom` JOIN `##user_gedcom_setting` USING (gedcom_id)" . " WHERE setting_name = 'gedcomid' AND user_id = :user_id" . " ORDER BY gedcom_id = :tree_id DESC" )->execute(array( 'user_id' => Auth::user()->getUserId(), 'tree_id' => $WT_TREE->getTreeId(), ))->fetchOne(); $url .= '&ged=' . Filter::escapeUrl($tree); } // Redirect to the target URL header('Location: ' . WT_BASE_URL . $url); return; } catch (\Exception $ex) { $message = $ex->getMessage(); } // No break; default: $controller ->setPageTitle(I18N::translate('Sign in')) ->pageHeader() ->addInlineJavascript(' jQuery("#new_passwd_form").hide(); jQuery("#passwd_click").click(function() { jQuery("#new_passwd_form").slideToggle(100, function() { jQuery("#new_passwd_username").focus() }); return false; }); '); echo '
' . I18N::translate('Welcome to this genealogy website') . '
'; switch (Site::getPreference('WELCOME_TEXT_AUTH_MODE')) { case 1: echo '' . I18N::translate('Anyone with a user account can access this website.') . ' ' . I18N::translate('You can apply for an account using the link below.') . '
'; break; case 2: echo '' . I18N::translate('You need to be an authorized user to access this website.') . ' ' . I18N::translate('You can apply for an account using the link below.') . '
'; break; case 3: echo '' . I18N::translate('You need to be a family member to access this website.') . ' ' . I18N::translate('You can apply for an account using the link below.') . '
'; break; case 4: echo '', Site::getPreference('WELCOME_TEXT_AUTH_MODE_' . WT_LOCALE), '
'; break; } echo '', $message, '
'; } echo ''; // hidden New Password block echo '', I18N::translate('Hello %s…
Thank you for your registration.', $user->getRealNameHtml()), '
', I18N::translate('We will now send a confirmation email to the address %s. You must verify your account request by following instructions in the confirmation email. If you do not confirm your account request within seven days, your application will be rejected automatically. You will have to apply again.
After you have followed the instructions in the confirmation email, the administrator still has to approve your request before your account can be used.
To sign in to this website, you will need to know your username and password.', $user->getEmail()), '
', I18N::translate('You have confirmed your request to become a registered user.'), '
'; echo '', I18N::translate('The administrator has been informed. As soon as they give you permission to sign in, you can sign in with your username and password.'), '
'; } else { echo ''; echo I18N::translate('Could not verify the information you entered. Please try again or contact the site administrator for more information.'); echo '
'; } echo '