From 5d794db32d43389faa0f4cf8db403dcd9ea6f746 Mon Sep 17 00:00:00 2001 From: Nate Jones Date: Tue, 14 Apr 2015 01:36:01 +0000 Subject: [PATCH] Login: Display error message on invalid login credentials. --- login.php | 27 +++++++++++++++++++++------ resources/check_auth.php | 2 ++ 2 files changed, 23 insertions(+), 6 deletions(-) diff --git a/login.php b/login.php index 6975d81eaa..fef2dde1fa 100644 --- a/login.php +++ b/login.php @@ -25,24 +25,35 @@ */ include "root.php"; -//clear the session variables +//start session session_start(); + +//retain message + $message_mood = $_SESSION["message_mood"]; + $message = $_SESSION["message"]; + +//destroy session session_unset(); session_destroy(); //if config.php file does not exist then redirect to the install page if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/resources/config.php")) { //do nothing - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/resources/config.php")) { + } + else if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/resources/config.php")) { //original directory - } elseif (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/includes/config.php")) { + } + else if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/includes/config.php")) { //move config.php from the includes to resources directory. rename($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/includes/config.php", $_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/resources/config.php"); - } elseif (file_exists("/etc/fusionpbx/config.php")){ + } + else if (file_exists("/etc/fusionpbx/config.php")){ //linux - } elseif (file_exists("/usr/local/etc/fusionpbx/config.php")){ + } + else if (file_exists("/usr/local/etc/fusionpbx/config.php")){ //bsd - } else { + } + else { header("Location: ".PROJECT_PATH."/resources/install.php"); exit; } @@ -50,6 +61,10 @@ include "root.php"; //adds multiple includes require_once "resources/require.php"; +//restore message + $_SESSION["message_mood"] = $message_mood; + $_SESSION["message"] = $message; + //use custom login, if present, otherwise use default login if (file_exists($_SERVER['DOCUMENT_ROOT'].PROJECT_PATH."/themes/".$_SESSION['domain']['template']['name']."/login.php")){ require_once "themes/".$_SESSION['domain']['template']['name']."/login.php"; diff --git a/resources/check_auth.php b/resources/check_auth.php index af23992db0..a557309694 100644 --- a/resources/check_auth.php +++ b/resources/check_auth.php @@ -47,6 +47,7 @@ require_once "resources/require.php"; //if the username is not provided then send to login.php if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) { $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"]; + $_SESSION["message_mood"] = "negative"; $_SESSION["message"] = "Invalid Username and/or Password"; header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path)); exit; @@ -280,6 +281,7 @@ require_once "resources/require.php"; closelog(); //redirect the user to the login page $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["PHP_SELF"]; + $_SESSION["message_mood"] = "negative"; $_SESSION["message"] = "Invalid Username and/or Password"; header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($target_path)); exit;