authenticateUserByName($name, $pw));
if ($returnObject->success !== false) {
return json_decode(json_encode($returnObject->result), JSON_OBJECT_AS_ARRAY);
} else {
return false;
}
}
function redirectToLogin ($name = "") {
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
header ("Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/login.php?name=".$name);
}
else {
header ("Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/login.php?name=".$name);
}
die;
}
?>
';
?>
Login
";
echo "";
$name = $_REQUEST["name"];
$password = $_REQUEST["password"];
if(!isset($name) || $name == ''){
echo "";
}
else{
echo "";
}
?>
";
echo "";
if(!isset($name) || $name == '' || !isset($password) || $password == ''){
echo "";
}
if(isset($name) && $name != '' && isset($password) && $password != ''){
require_once dirname(__FILE__)."/../../core/system.php";
$sql_count = "SELECT mb_user_login_count FROM mb_user WHERE mb_user_name = $1";
$params = array($name);
$types = array('s');
$res_count = db_prep_query($sql_count,$params,$types);
if($row = db_fetch_array($res_count)){
if($row["mb_user_login_count"] > MAXLOGIN){
echo "Permission denied. Login failed ".MAXLOGIN." times. Your account has been deactivated. Please contact your administrator!";
die;
}
}
require_once dirname(__FILE__)."/../../lib/class_Mapbender.php";
require_once dirname(__FILE__)."/../../lib/class_Mapbender_session.php";
$row = auth_user($name, $password);
// if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
if($row){
require_once dirname(__FILE__) . "/../../core/globalSettings.php";
# These lines will create a new session if a user logs in who is not the owner
# of the session. However, in Geoportal-RLP this is intended,
#
# if (Mapbender::session()->get("mb_user_id") !== false && $row["mb_user_id"] !== Mapbender::session()->get("mb_user_id")) {
# session_write_close();
# session_id(sha1(mt_rand()));
# session_start();
# }
include(dirname(__FILE__) . "/../../conf/session.conf");
} else {
# not needed anymore, this is done in class user
#$sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = $1";
#$v = array($name);
#$t = array('s');
#db_prep_query($sql_set_cnt,$v,$t);
redirectToLogin($name);
}
if(Mapbender::session()->get("mb_user_id")){
if($row["mb_user_login_count"] <= MAXLOGIN){
$sql_del_cnt = "UPDATE mb_user SET mb_user_login_count = 0 WHERE mb_user_id = $1";
$v = array(Mapbender::session()->get('mb_user_id'));
$t = array("i");
db_prep_query($sql_del_cnt, $v, $t);
require_once(dirname(__FILE__)."/../php/mb_getGUIs.php");
$arrayGUIs = mb_getGUIs($row["mb_user_id"]);
new mb_notice("login.setSession.mb_user_guis: ".serialize($arrayGUIs)." in session: " .session_id());
Mapbender::session()->set("mb_user_guis",$arrayGUIs);
Mapbender::session()->set("mb_login",$login);
# a gui is explicitly ordered
if((isset($_REQUEST["mb_user_myGui"]) || Mapbender::session()->get("mb_user_myGui")) && in_array($_REQUEST["mb_user_myGui"], $arrayGUIs)){
unset($arrayGUIs);
if(isset($_REQUEST["mb_user_myGui"])){ $arrayGUIs[0] = $_REQUEST["mb_user_myGui"];}
else{ $arrayGUIs[0] = Mapbender::session()->set("mb_user_myGui");}
}
#only one gui is provided
if(count($arrayGUIs) == 1){
if (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") {
$myURL = "Location: https://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php?".strip_tags (SID)."&gui_id=".$arrayGUIs[0];
}
else {
$myURL = "Location: http://".$_SERVER['HTTP_HOST'].dirname($_SERVER['SCRIPT_NAME'])."/index.php?".strip_tags (SID)."&gui_id=".$arrayGUIs[0];
}
# remove name and password from url, because url params are parsed later and written in javascript
$cleanUrl = preg_replace("/name=[^&]*&/","",$_SERVER["QUERY_STRING"]);
$cleanUrl = preg_replace("/password=[^&]*&/","",$cleanUrl);
$myURL .= "&".$cleanUrl;
header ($myURL);
die;
}
# list all guis of this user and his groups
else{
require_once(dirname(__FILE__)."/../php/mb_listGUIs.php");
mb_listGUIs($arrayGUIs);
}
}
} else {
Mapbender::session()->kill();
$sql_set_cnt = "UPDATE mb_user SET mb_user_login_count = (mb_user_login_count + 1) WHERE mb_user_name = $1";
$v = array($name);
$t = array('s');
db_prep_query($sql_set_cnt,$v,$t);
redirectToLogin($name);
}
}
?>