BMLT Root Server
Functions | Variables
c_comdef_login.php File Reference

This presents a login dialog to the user, vets the login, and establishes a session. More...

Go to the source code of this file.

Functions

 url_origin ($s, $use_forwarded_host=false)
 Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php. More...
 
 full_url ($s, $use_forwarded_host=false)
 Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php. More...
 
 GetServerInfo ()
 This function parses the main server version from the XML file. More...
 
 c_comdef_LoginForm (&$in_server)
 Returns HTML for the login form. If the user is not logged in, then they get the form. Otherwise, the login is processed, or the user is vetted. More...
 

Variables

 $t_server = c_comdef_server::MakeServer()
 
 $lang_enum = $t_server->GetServer()->GetLocalLang()
 
if(isset($_COOKIE)&&isset($_COOKIE['bmlt_admin_lang_pref'])&&$_COOKIE['bmlt_admin_lang_pref']) if(isset($http_vars['lang_enum'])&&$http_vars['lang_enum']) if(isset($g_enable_language_selector)&&$g_enable_language_selector) if(!isset($_SESSION)) if((isset($_GET['admin_action'])&&($_GET['admin_action']== 'logout'))||(isset($_POST['admin_action'])&&($_POST['admin_action']== 'logout'))||(isset($_POST['admin_action'])&&($_POST['admin_action']== 'login'))) if(isset($_SESSION[$admin_session_name])) else
 

Detailed Description

This presents a login dialog to the user, vets the login, and establishes a session.

We track admin logins through the use of PHP sessions. This allows the login data to remain on the server. It also allows the login data to be carried into AJAX calls.

We're pretty anal about checking user credentials. We don't allow any changes to happen to the DB unless the user has been vetted at the time the DB access is made, but we do a lot of checking along the way.

If you include this file at the top of any file that does admin, it will check the session. If the session is not there, it will replace the output with a login form, and will continue along the way, once the user has logged in. If the session is set, it simply makes sure that the session reflects a user that has a system login (it does not check the user level), and stays out of the way.

If the user authentication fails, then it does a PHP die(), and scrags the whole thing. This prevents execution of any code beyond the bare minimum necessary to authenticate.

Cookies and JavaScript (and AJAX) are required to administer the server (but not to use it as a regular site visitor). This form checks to see if JavaScript is enabled, and if cookies are enabled.

You should link to the c_comdef_login.css file for this form.

This file is part of the Basic Meeting List Toolbox (BMLT).

Find out more at: https://bmlt.app

BMLT is free software: you can redistribute it and/or modify it under the terms of the MIT License.

BMLT is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the MIT License for more details.

You should have received a copy of the MIT License along with this code. If not, see https://opensource.org/licenses/MIT.

Definition in file c_comdef_login.php.

Function Documentation

c_comdef_LoginForm ( $in_server)

Returns HTML for the login form. If the user is not logged in, then they get the form. Otherwise, the login is processed, or the user is vetted.

Returns
a string, containing the form HTML.
Parameters
$in_serverA reference to an instance of c_comdef_server

Definition at line 234 of file c_comdef_login.php.

References $_GET, $comdef_global_language, $http_vars, $ret, c_comdef_htmlspecialchars(), defined, full_url(), c_comdef_server\GetLocalStrings(), c_comdef_server\GetServer(), and GetServerInfo().

236 {
237  include(dirname(dirname(dirname(__FILE__))).'/server/config/get-config.php');
238 
239  $http_vars = array_merge($_GET, $_POST);
240 
241  $localized_strings = c_comdef_server::GetLocalStrings();
242  $server_info = GetServerInfo();
243 
245 
246  if (isset($http_vars) && is_array($http_vars) && count($http_vars) && isset($http_vars['lang_enum'])) {
247  $lang_name = $http_vars['lang_enum'];
248 
249  if (file_exists(dirname(__FILE__)."/lang/".$lang_name."/name.txt")) {
250  $comdef_global_language = $lang_name;
251  }
252  } elseif (isset($_SESSION) && is_array($_SESSION) && isset($_SESSION['lang_enum'])) {
253  $lang_name = $_SESSION['lang_enum'];
254 
255  if (file_exists(dirname(__FILE__)."/lang/".$lang_name."/name.txt")) {
256  $comdef_global_language = $lang_name;
257  }
258  }
259 
260  if (isset($_SESSION) && is_array($_SESSION)) {
261  $_SESSION['lang_enum'] = $comdef_global_language;
262  }
263 
264  $ret = '<div class="c_comdef_admin_login_form_container_div">';
265  // If there is no JavaScript, then this message is displayed, and the form will not be revealed.
266  $ret .= '<noscript><h1>'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['noscript']).'</h1></noscript>';
267  $ret .= '<h1 class="login_form_main_banner_h1">'.c_comdef_htmlspecialchars($server_info['title']).'</h1>';
268  $ret .= '<h2 class="login_form_secondary_banner_h2">'.c_comdef_htmlspecialchars($server_info['banner_text']).'</h2>';
269  $ret .= '<form method="post" class="c_comdef_admin_login_form" id="c_comdef_admin_login_form" action="'.c_comdef_htmlspecialchars($_SERVER['SCRIPT_NAME']);
270  $ret_temp = '';
271  foreach ($http_vars as $key => $value) {
272  switch ($key) {
273  // Skip these.
274  case 'c_comdef_admin_login':
275  case 'c_comdef_admin_password':
276  case 'admin_action':
277  case 'login':
278  break;
279 
280  default:
281  // Arrays need to be concatenated strings.
282  if (is_array($value)) {
283  $value = join(",", $value);
284  }
285  if ($ret_temp) {
286  $ret_temp .= '&amp;';
287  } else {
288  $ret_temp = '?';
289  }
290  $ret_temp .= c_comdef_htmlspecialchars($key).'='.c_comdef_htmlspecialchars($value);
291  break;
292  }
293  }
294  $ret .= '">'; // Only the login will go through post.
295  $ret .= '<input id="admin_action" type="hidden" name="admin_action" value="login" />';
296  $attempted_url = full_url($_SERVER);
297 
298  if (!preg_match('|logout|', $attempted_url)) {
299  $ret .= '<input id="attemptedurl" type="hidden" name="attemptedurl" value="'.c_comdef_htmlspecialchars($attempted_url).'" />';
300  }
301 
302  $ret .= '<div style="display:none" id="c_comdef_admin_login_form_inner_container_div" class="c_comdef_admin_login_form_inner_container_div">';
303  $ret .= '<div class="c_comdef_admin_login_form_line_div">';
304  $ret .= '<div class="c_comdef_admin_login_form_prompt">'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['title']).'</div>';
305  $ret .= '<label for="c_comdef_admin_login">'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['login']).$localized_strings['prompt_delimiter'].'</label>';
306  $ret .= '<input id="c_comdef_admin_login" type="text" name="c_comdef_admin_login" value="" />';
307  $ret .= '</div>';
308  $ret .= '<div class="c_comdef_admin_login_form_line_div">';
309  $ret .= '<label for="c_comdef_admin_password">'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['password']).$localized_strings['prompt_delimiter'].'</label>';
310  $ret .= '<input type="password" id="c_comdef_admin_password" name="c_comdef_admin_password" value="" />';
311  $ret .= '</div>';
312  if (isset($g_enable_language_selector) && $g_enable_language_selector) {
313  $ret .= '<div id="lang_enum_select_div" class="c_comdef_admin_login_form_line_div">';
314  $ret .= '<select id="lang_enum_select" name="lang_enum">'.(defined('__DEBUG_MODE__') ? "\n" : '');
315  $lang_array = c_comdef_server::GetServer()->GetServerLangs();
316  foreach ($lang_array as $id => $name) {
317  if ($id && $name) {
318  $ret .= '<option value="'.c_comdef_htmlspecialchars($id).'"';
319  if ($comdef_global_language == $id) {
320  $ret .= ' selected="selected"';
321  }
322  $ret.= '>'.c_comdef_htmlspecialchars($name).'</option>'.(defined('__DEBUG_MODE__') ? "\n" : '');
323  }
324  }
325  $ret .= '</select>'.(defined('__DEBUG_MODE__') ? "\n" : '');
326  $ret .= '<div id="cookie_notice_div" class="bmlt_cookie_notice_div">'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['cookie_monster']).'</div>';
327  $ret .= '</div>';
328  }
329  $ret .= '<div class="c_comdef_admin_login_form_submit_div">';
330  $ret .= '<input type="submit" value="'.c_comdef_htmlspecialchars($localized_strings['comdef_server_admin_strings']['button']).'" />';
331  $ret .= '</div>';
332  $ret .= '<div class="server_version_display_login">';
333  $ret .= htmlspecialchars($server_info['version']);
334  $ret .= '</div>';
335  $ret .= '</div>';
336  // This is how we check for JavaScript availability and enabled cookies (Cookies are required for sessions).
337  // We reveal the form using JavaScript (It stays invisible if no JS), and we set a transitory cookie with JS to be read upon login.
338  $ret .= '</form>
339  <script type="text/javascript">
340  document.getElementById(\'c_comdef_admin_login_form_inner_container_div\').style.display=\'block\';
341  document.getElementById(\'c_comdef_admin_login\').focus();
342  document.cookie=\'comdef_test=test\';
343  </script>';
344  $ret .= '</div>';
345 
346  return $ret;
347 }
static GetLocalStrings($in_lang_enum=null)
This gets the appropriate language files, and puts all the the strings into an associative array...
$ret
Definition: contact.php:226
global $comdef_global_language
The local server language enum (Will default to English)
GetServerInfo()
This function parses the main server version from the XML file.
global $http_vars
Definition: index.php:21
c_comdef_htmlspecialchars($in_string)
This function creates a displayable string.
defined('BMLT_EXEC') or define('BMLT_EXEC'
Definition: index.php:3
full_url($s, $use_forwarded_host=false)
Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php.
$_GET['switcher']
full_url (   $s,
  $use_forwarded_host = false 
)

Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php.

Returns
a string, with the full URI.

Definition at line 181 of file c_comdef_login.php.

References url_origin().

Referenced by c_comdef_LoginForm().

182 {
183  return url_origin($s, $use_forwarded_host) . $s['REQUEST_URI'];
184 }
url_origin($s, $use_forwarded_host=false)
Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php.
GetServerInfo ( )

This function parses the main server version from the XML file.

Returns
a string, containing the version info and banner.

Definition at line 190 of file c_comdef_login.php.

References $config_file_path, $ret, and c_comdef_server\GetLocalStrings().

Referenced by c_comdef_LoginForm().

191 {
192  $ret = null;
193 
194  if (file_exists(dirname(dirname(dirname(__FILE__))).'/client_interface/serverInfo.xml')) {
195  $info_file = new DOMDocument;
196  if ($info_file instanceof DOMDocument) {
197  if (@$info_file->load(dirname(dirname(dirname(__FILE__))).'/client_interface/serverInfo.xml')) {
198  $has_info = $info_file->getElementsByTagName("bmltInfo");
199 
200  if (($has_info instanceof domnodelist) && $has_info->length) {
201  $ret['version'] = $has_info->item(0)->nodeValue;
202  }
203  }
204  }
205  }
206 
207  $config_file_path = dirname(dirname(dirname(__FILE__))).'/server/config/get-config.php';
208 
209  if (file_exists($config_file_path)) {
210  include($config_file_path);
211  $localized_strings = c_comdef_server::GetLocalStrings();
212  if (isset($bmlt_title) && trim($bmlt_title)) {
213  $ret['title'] = trim($bmlt_title);
214  } else {
215  $ret['title'] = $localized_strings['comdef_server_admin_strings']['login_banner'];
216  }
217  if (isset($banner_text) && trim($banner_text)) {
218  $ret['banner_text'] = trim($banner_text);
219  } else {
220  $ret['banner_text'] = $localized_strings['comdef_server_admin_strings']['login_underbanner'];
221  }
222  }
223 
224  return $ret;
225 }
static GetLocalStrings($in_lang_enum=null)
This gets the appropriate language files, and puts all the the strings into an associative array...
$ret
Definition: contact.php:226
$config_file_path
Definition: index.php:58
url_origin (   $s,
  $use_forwarded_host = false 
)

Copied verbatim from here: http://stackoverflow.com/questions/6768793/get-the-full-url-in-php.

Returns
a string, with the full URI.

Definition at line 165 of file c_comdef_login.php.

Referenced by full_url().

166 {
167  $ssl = ( !empty($s['HTTPS']) && $s['HTTPS'] == 'on' ) ? true:false;
168  $sp = strtolower($s['SERVER_PROTOCOL']);
169  $protocol = substr($sp, 0, strpos($sp, '/')) . ( ( $ssl ) ? 's' : '' );
170  $port = $s['SERVER_PORT'];
171  $port = ( (!$ssl && $port=='80') || ($ssl && $port=='443') ) ? '' : ':'.$port;
172  $host = ( $use_forwarded_host && isset($s['HTTP_X_FORWARDED_HOST']) ) ? $s['HTTP_X_FORWARDED_HOST'] : (isset($s['HTTP_HOST']) ? $s['HTTP_HOST'] : null);
173  $host = isset($host) ? $host : $s['SERVER_NAME'] . $port;
174  return $protocol . '://' . $host;
175 }

Variable Documentation

$lang_enum = $t_server->GetServer()->GetLocalLang()

Definition at line 57 of file c_comdef_login.php.

Definition at line 55 of file c_comdef_login.php.

if (isset($_COOKIE)&&isset($_COOKIE['bmlt_admin_lang_pref'])&&$_COOKIE['bmlt_admin_lang_pref']) if (isset($http_vars['lang_enum'])&&$http_vars['lang_enum']) if (isset($g_enable_language_selector)&&$g_enable_language_selector) if (!isset($_SESSION)) if ((isset($_GET['admin_action'])&&($_GET['admin_action']== 'logout'))||(isset($_POST['admin_action'])&&($_POST['admin_action']== 'logout'))||(isset($_POST['admin_action'])&&($_POST['admin_action']== 'login'))) if (isset($_SESSION[$admin_session_name])) else
Initial value:
{
$t_server
c_comdef_LoginForm(&$in_server)
Returns HTML for the login form. If the user is not logged in, then they get the form. Otherwise, the login is processed, or the user is vetted.

Definition at line 155 of file c_comdef_login.php.