session->username ." from ". $_SERVER['REMOTE_ADDR']); $gallery->session->username = ''; $gallery->session->language = ''; destroyGallerySession(); // Prevent the 'you have to be logged in' error message // when the user logs out of a protected album createGallerySession(); $gallery->session->gRedirDone = true; header("Location: $g1_return"); } if (!empty($username) && !empty($gallerypassword) && !empty($login)) { $userLogins = new Logins(); $userLogins->load(); $tmpUser = $gallery->userDB->getUserByUsername($username); if ($userLogins->userIslocked($username)) { $loginFailure[] = array( 'type' => 'error', 'text' => gTranslate('core', "This account is locked due too much wrong login attempts. Wait for automatic unlock, or contact an administrator.") ); } elseif ($tmpUser && $tmpUser->isCorrectPassword($gallerypassword)) { // User is successfully logged in, regenerate a new // session ID to prevent session fixation attacks createGallerySession(true); // Perform the login $tmpUser->log("login"); $tmpUser->save(); $gallery->session->username = $username; gallery_syslog("Successful login for $username from " . $_SERVER['REMOTE_ADDR']); if ($tmpUser->getDefaultLanguage() != "") { $gallery->session->language = $tmpUser->getDefaultLanguage(); } $userLogins->reset($username); $userLogins->save(); if (!$gallery->session->offline) { header("Location: $g1_return"); } else { echo ''. gTranslate('core', "SUCCEEDED") . '
';
return;
}
}
elseif($tmpUser) {
$loginFailure[] = array(
'type' => 'error',
'text' => gTranslate('core', "Invalid username or password.")
);
$userLogins->addLoginTry($username);
$userLogins->save();
$gallerypassword = null;
gallery_syslog("Failed login for $username from " . $_SERVER['REMOTE_ADDR']);
}
else {
$loginFailure[] = array(
'type' => 'error',
'text' => gTranslate('core', "Invalid username or password.")
);
$gallerypassword = null;
gallery_syslog("Failed login attempt with an invalid username from " . $_SERVER['REMOTE_ADDR']);
$userLogins->addLoginTry($username);
$userLogins->save();
}
}
elseif (!empty($login) && empty($forgot)) {
$loginFailure[] = array(
'type' => 'information',
'text' => gTranslate('core', "Please enter username and password!")
);
}
elseif (!empty($forgot) && empty($reset_username)) {
$resetInfo[] = array(
'type' => 'information',
'text' => gTranslate('core', "Please enter your username.")
);
}
elseif (!empty($forgot) && !empty($reset_username)) {
$tmpUser = $gallery->userDB->getUserByUsername($reset_username);
if ($tmpUser) {
if (check_email($tmpUser->getEmail())) {
if (gallery_mail(
$tmpUser->email,
gTranslate('core', "New password request"),
sprintf(gTranslate('core', "Someone requested a new password for user %s from Gallery '%s' on %s. You can create a password by visiting the link below. If you didn't request a password, please ignore this mail. "), $reset_username, $gallery->app->galleryTitle, $gallery->app->photoAlbumURL) . "\n\n" .
sprintf(gTranslate('core', "Click to reset your password: %s"),
$tmpUser->genRecoverPasswordHash()) . "\n",
sprintf(gTranslate('core', "New password request %s"), $reset_username)))
{
$tmpUser->log("new_password_request");
$tmpUser->save();
}
else {
$resetInfo[] = array(
'type' => 'error',
'text' => gTranslate('core', "Email could not be sent.") .
"
" .
sprintf(gTranslate('core', "Please contact %s administrators for a new password."), $gallery->app->galleryTitle)
);
}
}
}
if(empty($resetInfo) && empty($loginFailure)) {
$resetInfo[] = array(
'type' => 'information',
'text' => sprintf(gTranslate('core', "If there is a valid email-address for this user, then an email has been sent to the address stored for %s. Follow the instructions to change your password. If you do not receive this email, please contact the Gallery administrators."), $reset_username)
);
}
}
$title = sprintf(gTranslate('core', "Login to %s"), $gallery->app->galleryTitle);
if (!$GALLERY_EMBEDDED_INSIDE) {
doctype();
?>