<?php
// PukiWiki - Yet another WikiWikiWeb clone
-// Copyright 2015-2017 PukiWiki Development Team
+// Copyright 2015-2022 PukiWiki Development Team
// License: GPL v2 or (at your option) any later version
//
// "Login form" plugin
function plugin_loginform_inline()
{
- $logout_param = '?plugin=basicauthlogout';
+ global $vars, $read_auth, $edit_auth;
+ $page = isset($vars['page']) ? $vars['page'] : '';
+ if (! is_pagename($page)) {
+ $page = '';
+ }
+ if (! ($read_auth || $edit_auth)) {
+ // non auth site
+ return 'Note: loginform is for auth enabled site';
+ }
+ $logout_param = '?plugin=loginform&pcmd=logout&page=' . pagename_urlencode($page);
return '<a href="' . htmlsc(get_base_uri() . $logout_param) . '">Log out</a>';
}
function plugin_loginform_convert()
{
- return '<div>' . plugin_basicauthlogout_inline() . '</div>';
+ return '<div>' . plugin_loginform_inline() . '</div>';
}
function plugin_loginform_action()
{
global $auth_user, $auth_type, $_loginform_messages;
+ global $read_auth, $edit_auth;
$page = isset($_GET['page']) ? $_GET['page'] : '';
$pcmd = isset($_GET['pcmd']) ? $_GET['pcmd'] : '';
+ if (! is_pagename($page)) {
+ $page = '';
+ }
+ if (! ($read_auth || $edit_auth)) {
+ // non auth site
+ die_message('Invalid action');
+ exit;
+ }
$url_after_login = isset($_GET['url_after_login']) ? $_GET['url_after_login'] : '';
$page_after_login = $page;
if (!$url_after_login) {
if ($username && $password && form_auth($username, $password)) {
// Sign in successfully completed
form_auth_redirect($url_after_login, $page_after_login);
- return;
+ exit; // or 'return FALSE;' - Don't double check for FORM_AUTH
}
if ($pcmd === 'logout') {
// logout
break;
}
$auth_user = '';
+ $page_link = '';
+ if ($page) {
+ $page_link = '<br>' . make_pagelink($page);
+ }
return array(
'msg' => 'Log out',
- 'body' => 'Logged out completely<br>'
- . '<a href="'. get_page_uri($page) . '">'
- . $page . '</a>'
+ 'body' => 'Logged out completely' . $page_link,
);
} else {
// login
<script><!--
window.addEventListener && window.addEventListener("DOMContentLoaded", function() {
var f = window.document.forms.loginform;
- console.log(f);
- console.log(f.username);
- console.log(f.password);
if (f && f.username && f.password) {
if (f.username.value) {
f.password.focus && f.password.focus();