Source for file validate.php
Documentation is available at validate.php
* @copyright (c) 2004-15 bitweaver.org
$bypass_siteclose_check = 'y';
* this is a dirty hack to allow admins to log in when we require a visit to the installer
* used in kernel/setup_inc.php - xing - Friday Oct 03, 2008 16:44:48 CEST
define( 'LOGIN_VALIDATE', TRUE );
require_once( '../kernel/setup_inc.php' );
//Remember where user is logging in from and send them back later; using session variable for those of us who use WebISO services
//do not use session loginfrom with login.php or register.php - only "inline" login forms display in perm denied fatals, etc.
if( !empty( $_SESSION['returnto'] ) ) {
// we have been explicitly told where we want to return
$_SESSION['loginfrom'] = $_SESSION['returnto'];
} elseif( isset ( $_SERVER['HTTP_REFERER'] ) && strpos( $_SERVER['HTTP_REFERER'], 'login.php' ) === FALSE && strpos( $_SERVER['HTTP_REFERER'], 'register.php' ) === FALSE ) {
$from = parse_url( $_SERVER['HTTP_REFERER'] );
$_SESSION['loginfrom'] = (!empty($from['path']) ? $from['path'] : ''). ( !empty( $from['query'] ) ? '?'. $from['query'] : '' );
} elseif( !empty( $_SESSION['loginfrom'] ) ) {
unset ( $_SESSION['loginfrom'] );
// Added check for IIS $_SERVER['HTTPS'] uses 'off' value - wolff_borg
$https_mode = !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off';
if( $gBitSystem->isLive() && $gBitSystem->isFeatureActive( 'site_https_login_required' ) && !$https_mode) {
$url = $gBitSystem->getConfig( 'site_https_domain', $_SERVER['HTTP_HOST'] );
$site_https_port = $gBitSystem->getConfig('site_https_port', $site_https_port);
if ($site_https_port != 443) {
$url .= ':' . $site_https_port;
$url .= $gBitSystem->getConfig( 'site_https_prefix' ) . $gBitSystem->getDefaultPage();
header("Location: https://$url");
$user = isset ($_REQUEST['user']) ? $_REQUEST['user'] : false;
$pass = isset ($_REQUEST['pass']) ? $_REQUEST['pass'] : false;
$challenge = isset ($_REQUEST['challenge']) ? $_REQUEST['challenge'] : false;
$response = isset ($_REQUEST['response']) ? $_REQUEST['response'] : false;
// if $referer is set, login() will return the user to whence he came
$url = $gBitUser->login( $user, $pass, $challenge, $response );
// but if we came from a login page, let's go home (except if we got an error when login in)
if(( strpos( $url, 'login.php?' ) || strpos( $url, 'remind_password.php' )) && strpos( $url, 'login.php?error=' ) == - 1 ) {
$url = $gBitSystem->getDefaultPage();
|