1<?php 2/* Force https */ 3/* 4if (!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") { 5 $name = basename($_SERVER["SCRIPT_NAME"]); 6 if ($name === 'login.php') { 7 header("Location: https://master.php.net/" . $name); 8 } else { 9 header("Location: https://master.php.net/manage/" . $name); 10 } 11 exit; 12} 13 */ 14 15session_start(); 16/* $Id$ */ 17 18require 'cvs-auth.inc'; 19require 'functions.inc'; 20 21// User not logged in 22$cuser = $cpw = FALSE; 23 24if (isset($_POST["user"], $_POST["pw"])) { 25 list($cuser, $cpw) = [$_POST['user'], $_POST['pw']]; 26} elseif (isset($_SESSION["credentials"]) && count($_SESSION["credentials"]) == 2) { 27 list($cuser, $cpw) = $_SESSION["credentials"]; 28} 29 30// Login form, if the user is not yet logged in 31if (!$cuser || !$cpw || !verify_password($cuser,$cpw)) { 32 $_SESSION = []; 33 session_destroy(); 34 35 // IS_DEV was 1 or 0 until 22 Feb 2012. It's now a @php.net username hint. 36 $cuser = ''; 37 if (isset($_COOKIE['IS_DEV']) && !is_numeric($_COOKIE['IS_DEV'])) { 38 $cuser = hsc($_COOKIE['IS_DEV']); 39 } else { 40 if (!empty($_POST['user'])) { 41 $cuser = hsc($_POST['user']); 42 } 43 } 44?> 45 46<html> 47<head> 48 <title>You must log in!</title> 49</head> 50<body> 51<form method="post" action="<?php echo $_SERVER['SCRIPT_NAME'], query_string();?>"> 52<?php preserve_form_fields();?> 53<input type="hidden" name="save" value="1" /> 54<table> 55 <tr> 56 <th align="right">Username:</th> 57 <td><input type="text" name="user" value="<?php echo $cuser;?>" />@php.net 58 </tr> 59 <tr> 60 <th align="right">Password:</th> 61 <td><input type="password" name="pw" value="<?php echo hsc($cpw);?>" /> 62<?php if ($cpw): ?> 63 <a href="/forgot.php" /> Forgot your password?</a> 64<?php endif ?> 65 </td> 66 </tr> 67 <tr> 68 <td></td><td><input type="submit" value="Login" /></td> 69 </tr> 70<?php if ($cpw): ?> 71<?php 72 $msgs = [ 73 "Nope.. Wrong (username?) password", 74 "Nope.. Thats not it", 75 "This isn't going very well..", 76 ]; 77 shuffle($msgs); 78 $msg = array_pop($msgs); 79?> 80 <tr> 81 <td colspan="2"><?php echo $msg ?></td> 82 </tr> 83<?php endif ?> 84</table> 85</form> 86</body> 87</html> 88<?php 89 exit; 90} 91 92session_regenerate_id(); 93// At this point, we have logged in successfully 94$_SESSION["credentials"] = [$cuser, $cpw]; 95$_SESSION["username"] = $cuser; 96 97// Killing magic cookie 98setcookie("MAGIC_COOKIE","",$ts-3600,'/','.php.net'); 99setcookie("MAGIC_COOKIE","",$ts-3600,'/'); 100 101// Set a cookie to tell various .php.net services that the user is probably logged in 102// The username is saved here so we can automagically fill it in during login prompts 103setcookie("IS_DEV", $cuser, $ts+3600*24*12, '/', '.php.net', false, true); 104 105 106 107// ---------------------------------------------------------------------------------- 108 109function query_string() 110{ 111 if (!empty($_SERVER['QUERY_STRING'])) { 112 return hsc("?{$_SERVER['QUERY_STRING']}"); 113 } 114} 115 116function preserve_form_fields() 117{ 118 if (isset($_POST['in']) && is_array($_POST['in'])) { 119 foreach ($_POST['in'] as $k => $v) { 120 echo "<input type=\"hidden\" name=\"in[", hsc($k), 121 "]\" value=\"", hsc($v), "\" />\n"; 122 } 123 } 124} 125