Forgot your password?");
define('STR_ERR_BAD_VERIFICATION', "We're sorry, the verification code in your email was not correct. Please re-send it and try again.");
define('STR_ERR_NEED_TO_VERIFY', "The grace-period has ended... to keep the site honest for everyone, you need to confirm your email address before logging in again. If you have lost the confirmation email, we can re-send it to you. Sorry for the inconvenience!");
define('STR_USERNAME', 'username');
define('STR_PASSWORD', 'password');
class LoginModule extends Module{
private $isConfirmation;
private $confirmName;
private $confirmHash;
private $failed;
private $returnTo;
private $showSignUp; // if the module should show a link to sign up.
public function LoginModule($isConfirmation = false, $confirmName='', $confirmHash='', $failed=false, $returnTo=''){
$this->isConfirmation = $isConfirmation;
if($this->isConfirmation){
$title = STR_VERIFYING;
} else {
$title = ucfirst(STR_LOGIN);
}
parent::Module('login', $title, "key.png" );
$this->confirmName = $confirmName;
$this->confirmHash = $confirmHash;
$this->failed = $failed;
$this->showSignUp = false;
if( $returnTo =="" ){
$this->returnTo = (getVal($_GET, 'returnTo', getPost('returnTo', getCodePath()."/home.php")));
}else{
$this->returnTo = $returnTo;
}
}
public function showSignUp($showIt){$this->showSignUp = $showIt;}
public function setReturnTo($ret){$this->returnTo = $ret;}
public function getContent(){
ob_start();
if($this->isConfirmation){
print STR_LOGIN_TO_VERIFY;
}
$init_username = ((isset($_POST['dil_username']))?$_POST['dil_username']:'');
$init_password = ((isset($_POST['dil_password']))?$_POST['dil_password']:'');
$returnTo = $this->returnTo;
$index = getVal($_GET, 'index'); // used when showing page inside of verify()
$action = ($returnTo==""?$index:$returnTo);
$action = ($action=="")?$_SERVER['REQUEST_URI']:$action; // REQUEST_URI to keep sub-pages in tact
$action = str_replace("logout=true", "",$action); // loging into a logout page is not a desired effect
// Precalculate the error message if there was a failed login (allows auto-correcting of some fields... for example, in the case of redirects).
// Actual message will be displayed BELOW the form (though it may be best to move it, some people have reported that they don't actually read the message).
if($this->failed){
$msg = STR_ERR_BAD_LOGIN;
$dir = $_SERVER['PHP_SELF'];
$dir = substr($dir, 0, strrpos($dir, "/")+1); // So it will work regardless of what dir this code is in
$username = getPost('dil_username');
$resendLink = "http://".$_SERVER['SERVER_NAME'].$dir."verify.php?sendConfirm=$username&index=".$_SERVER['PHP_SELF'];
if(getPost('dil_verify_code') != ''){
$test_user = getPost('dil_username');
$test_pass = md5(getPost('dil_password'));
$loginWasCorrect = (0 < simpleQuery("SELECT COUNT(*) FROM users WHERE username='$test_user' AND password='$test_pass'"));
if($loginWasCorrect){
$msg = str_replace("%LINK%", $resendLink, STR_ERR_BAD_VERIFICATION);
}
} else {
// If they have passed the grace-period for verifying their email, tell them that they have to verify it to login.
$user = new User();
$user->loadByUsername(getPost('dil_username'));
if($user->needsToVerify()){
$msg = str_replace("%LINK%", $resendLink, STR_ERR_NEED_TO_VERIFY);
} else {
// SWC 20070630 - If they are logging in using a now-redirected username, inform them.
$potentiallyRedirected = (0 == simpleQuery("SELECT COUNT(*) FROM users WHERE username='$username'"));
if($potentiallyRedirected){
$redirect = simpleQuery("SELECT redirectTo FROM profileRedirects WHERE username='$username'");
if($redirect != ""){
$msg = "This username is no longer valid. Please login with the new username \"$redirect\".";
$init_username = $redirect; // fill it out for them
}
}
}
}
//dispError($msg); // displayed later
$loginErrorMsg = $msg; // 'msg' is really generic, this will make it more likely to persist below the form even if other code is changed.
}
?>
showSignUp){
?>failed){
dispError($loginErrorMsg);
}
$content = ob_get_contents();
ob_end_clean();
return $content;
}
} // end class LoginModule
?>