/
login.php
81 lines (69 loc) · 2.14 KB
/
login.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
<?php
/**
* Postfix Admin
*
* LICENSE
* This source file is subject to the GPL license that is bundled with
* this package in the file LICENSE.TXT.
*
* Further details on the project are available at http://postfixadmin.sf.net
*
* @version $Id$
* @license GNU GPL v2 or later.
*
* File: login.php
* Used to authenticate want-to-be users.
* Template File: login.tpl
*
* Template Variables:
*
* tUsername
*
* Form POST \ GET Variables:
*
* fUsername
* fPassword
* token
* lang
*/
$rel_path = '../';
require_once("../common.php");
$smarty = PFASmarty::getInstance();
$smarty->configureTheme('../');
check_db_version(); # check if the database layout is up to date (and error out if not)
$error = null;
if ($_SERVER['REQUEST_METHOD'] == "POST") {
if (safepost('token') != $_SESSION['PFA_token']) {
die('Invalid token!');
}
$lang = safepost('lang');
$fUsername = trim(safepost('fUsername'));
$fPassword = safepost('fPassword');
if ($lang != check_language(false)) { # only set cookie if language selection was changed
setcookie('lang', $lang, time() + 60*60*24*30); # language cookie, lifetime 30 days
# (language preference cookie is processed even if username and/or password are invalid)
}
$login = new Login('mailbox');
;
if ($login->login($fUsername, $fPassword)) {
init_session($fUsername, false);
header("Location: main.php");
exit;
} else {
error_log("PostfixAdmin user login failed (username: $fUsername, ip_address: {$_SERVER['REMOTE_ADDR']})");
$error = $PALANG['pLogin_failed'];
}
}
session_unset();
session_destroy();
session_start();
if ($error) {
flash_error($error);
}
$_SESSION['PFA_token'] = md5(random_bytes(8) . uniqid('pfa', true));
$smarty->assign('language_selector', language_selector(), false);
$smarty->assign('smarty_template', 'login');
$smarty->assign('logintype', 'user');
$smarty->assign('forgotten_password_reset', Config::read('forgotten_user_password_reset') && !Config::read('mailbox_postpassword_script'));
$smarty->display('index.tpl');
/* vim: set expandtab softtabstop=3 tabstop=3 shiftwidth=3: */