<?php
// script header will go here
include_once("./includes/maj_all_includes.php");
// if (!$_POST) echo $MAJ_ip;
if ($MAJ_offer_to_remember_login_username)  {
   if ($_COOKIE['username'] != "")  {
      $remember_username = "yes";
      $username = $_COOKIE['username'];
   }
}
if (isset($_POST['submit']))  {
   // process the form                       
   $form_passes = TRUE;
   $username = maj_clean(trim($_POST['username']), 125);
   $password = maj_clean(trim($_POST['password']), 25);
   $password = trim($_POST['password']);
   // validate form entries
   if ($username !="")  {                             
      	                                                              
      if (!maj_check_if_new_username($username))  {
      }  else  {   	                                              
      	                                                              
         $form_passes = FALSE;                                                                             
         $form_error_message[] = "The username you entered is not in the database. Please try again.";	      	        
	  
      }  // check for new username
   }  else  {   	                                              
      	                                                              
      $form_passes = FALSE;                                                                             
      $form_error_message[] = "The username was blank!";	      	        
	  
   }  // check for blank username
   if ($password =="")  {                             
      	                                                              
      $form_passes = FALSE;                                                                             
      $form_error_message[] = "The password was blank!";	      	        
	  
   }  // check for blank password
   if ($form_passes)  {
      if (maj_match_username_password($username, $password))  {
         if (!maj_check_active($username))  {
            $form_passes = FALSE;
            $form_error_message[] = "This account has been deactivated. Please contact the administrator for more information.";
         }  // end if check active
      }  else  { 
         $form_error_message[] = "Incorrect password. Please try again.";
         $form_passes = FALSE;
         if ($MAJ_dont_log_attempted_passwords_at_login) $password = "********";
	 maj_log_login($username, $password, "failed", $MAJ_number_of_failed_logins_for_lock, $MAJ_ip);  // Note: will change url if user gets locked out
      } // end if match username and password
      if ($form_passes)  {
         if ($MAJ_offer_to_remember_login_username)  {
            if ($_POST['remember_username'] == "on")  {
               $cookie_time = time()+60*60*24*90;
	       
               setcookie("username",$username, $cookie_time);
            }  else  {
               setcookie("username","");
            }
         }
         $config_web_alias = $MAJ_web_alias;
         session_start();
         $MAJ_userid = maj_get_userid($username);
         $_SESSION['MAJ_userid'] = $MAJ_userid;
         $_SESSION['MAJ_web_alias'] = $config_web_alias;
         
         //check and see if they need to compete a software agreement form

         $query = "SELECT COUNT(id) FROM software_agreement
                   WHERE is_current_agreement = 'y'
                     AND active = 'y'
                     AND id NOT IN (SELECT software_agreement_id
                                    FROM jsiteuser_software_agreement
                                    WHERE siteuser_id = '$MAJ_userid'
                                       AND active = 'y'
                                   )
                  ";

         $agreement_needed_count = maj_get_value($query);

         if ($agreement_needed_count > 0) $_SESSION['require_software_agreement'] = true;
         
         $ask_to_change_password = maj_get_value("SELECT ask_to_change_password FROM siteuser WHERE id = '$MAJ_userid'");
         if (preg_match("/$username/",$password) || $ask_to_change_password == 'y')  {
            header("Location: $MAJ_site_root/change_password.$MAJ_file_extension");
         }  else if ($_SESSION['send_to'] != "" && !preg_match("/_file\.html/", $_SESSION['send_to']))  { // people were getting stuck on view_file.html and download_file.html
            header("Location: {$_SESSION['send_to']}");
         }  else  {
            header("Location: $MAJ_site_root/mainmenu.$MAJ_file_extension");
         }
         if ($MAJ_dont_log_attempted_passwords_at_login) $password = "********";
         maj_log_login($username, $password, "success", $MAJ_number_of_failed_logins_for_lock, $MAJ_ip);
      
         exit;  // shouldn't make it past here
      }   
   }
} // end if form submitted
// start form content
$content = "<h2>Log in to $MAJ_companyname $MAJ_appname</h2>\n\n";
if ($form_error_message)  {
   include_once("$MAJ_include_path/code/display_form_error_messages.php");
}
// start form
$content .= "";
$content .= "<form action='$PHP_SELF' name='login_form' method='post'>\n";
$content .= "<table class='login' cellpadding='4'>\n";
$content .= "<tr><td>Username:</td>\n";
$content .= "<td><input type='text' name='username' value='$username' maxlength='20' class='text'></td></tr>\n";
$content .= "<tr><td>Password:</td>\n";
$content .= "<td><input type='password' name='password' value='' maxlength='20' class='text'></td></tr>\n";
if ($MAJ_offer_to_remember_login_username) {
   $content .= "<tr><td colspan='2'><input type='checkbox' name='remember_username'";
   if ($remember_username == "yes") $content .= " CHECKED ";
   $content .= ">&nbsp;&nbsp;Remember my username on this computer</td></tr>\n";
}
$content .= "<tr><td colspan='2'><center><input type='submit' name='submit' value='Login' class='button'></center></td></tr>\n";
$content .= "</table></form>\n";
$title = "$MAJ_companyname $MAJ_appname  | Login";
if (($MAJ_offer_to_remember_login_username && $remember_username=="yes") || ($username != "" && !$d))  {
   $body_tag = "onLoad='window.document.login_form.password.focus();'";
}   else  {
   $body_tag = "onLoad='window.document.login_form.username.focus();'";
}
if ($MAJ_offer_to_email_forgotten_password) $content .= "<p><a href='forgot_password.$MAJ_file_extension'>Forgot your password?</a></p>";
$bottom_links=FALSE;
include_once("$MAJ_include_path/code/display_page.php");
?>