Index: openacs-4/packages/acs-subsite/www/register/login-include.tcl
===================================================================
RCS file: /usr/local/cvsroot/openacs-4/packages/acs-subsite/www/register/Attic/login-include.tcl,v
diff -u -r1.2 -r1.3
--- openacs-4/packages/acs-subsite/www/register/login-include.tcl	28 Aug 2003 09:41:42 -0000	1.2
+++ openacs-4/packages/acs-subsite/www/register/login-include.tcl	29 Aug 2003 12:47:21 -0000	1.3
@@ -1,29 +1,38 @@
 # Present a login box
 #
 # Expects:
-#   package_id - optional
-#   return_url - optional 
-#   email - optional
+#   subsite_id - optional, defaults to nearest subsite
+#   return_url - optional, defaults to Your Account
+#   
 
 if { ![exists_and_not_null package_id] } {
-    set package_id [ad_conn package_id]
+    set subsite_id [subsite::get_element -element object_id]
 }
 
-if { ![exists_and_not_null email] } {
-    set email {}
-}
 
-set allow_persistent_login_p [parameter::get -package_id $package_id -parameter AllowPersistentLoginP -default 1]
-set persistent_login_p [parameter::get -package_id $package_id -parameter AllowPersistentLoginP -default 1]
 
-set email_forgotten_password_p [parameter::get -package_id $package_id -parameter EmailForgottenPasswordP -default 1]
 
-if {![info exists return_url]} {
-    set return_url [ad_pvt_home]
+# Persistent login
+# The logic is: 
+#  1. Allowed if allowed both site-wide (on acs-kernel) and on the subsite
+#  2. Default setting is in acs-kernel
+
+set allow_persistent_login_p [parameter::get -parameter AllowPersistentLoginP -package_id [ad_acs_kernel_id] -default 1]
+if { $allow_persistent_login_p } {
+    set allow_persistent_login_p [parameter::get -package_id $subsite_id -parameter AllowPersistentLoginP -default 1]
 }
+if { $allow_persistent_login_p } {
+    set default_persistent_login_p [parameter::get -parameter DefaultPersistentLoginP -package_id [ad_acs_kernel_id] -default 1]
+}
 
+
+set subsite_url [subsite::get_element -element url]
 set system_name [ad_system_name]
 
+if { ![exists_and_not_null return_url] } {
+    set return_url [ad_pvt_home]
+}
+
 # One common problem with login is that people can hit the back button
 # after a user logs out and relogin by using the cached password in
 # the browser. We generate a unique hashed timestamp so that users
@@ -34,4 +43,117 @@
 set token [sec_get_token $token_id]
 set hash [ns_sha1 "$time$token_id$token"]
 
-set export_vars [export_vars -form {return_url time token_id hash}]
+
+# TODO: Move this into a library proc
+set authority_options [db_list_of_lists select_authorities {
+    select pretty_name, authority_id
+    from   auth_authorities
+    where  enabled_p = 't'
+    and    auth_impl_id is not null
+    order  by sort_order
+}]
+
+set forgotten_pwd_url [auth::password::get_forgotten_url]
+
+ad_form -name login -html { style "margin: 0px;" } -form {
+    {return_url:text(hidden)}
+    {time:text(hidden)}
+    {token_id:text(hidden)}
+    {hash:text(hidden)}
+} 
+
+if { [llength $authority_options] > 1 } {
+    ad_form -extend -name login -form {
+        {authority_id:integer(select) 
+            {label "Authority"} 
+            {options $authority_options}
+        }
+    }
+}
+
+ad_form -extend -name login -form {
+    {username:text
+        {label "Username"}
+    }
+    {password:text(password) 
+        {label "Password"}
+    }
+}
+
+if { $allow_persistent_login_p } {
+    ad_form -extend -name login -form {
+        {persistent_p:text(checkbox)
+            {label ""}
+            {options { { "Remember my login on this computer" "t" } }}
+            {value {[ad_decode $default_persistent_login_p 1 "t" ""]}}
+        }
+    }
+}
+
+ad_form -extend -name login -on_request {
+    # Populate fields
+} -on_submit {
+    if { ![exists_and_not_null authority_id] } {
+        # Will be defaulted to local authority
+        set authority_id {}
+    }
+
+    if { ![exists_and_not_null persistent_p] } {
+        set persistent_p "f"
+    }
+    
+    array set auth_info [auth::authenticate \
+                             -authority_id $authority_id \
+                             -username $username \
+                             -password $password \
+                             -persistent=[expr $allow_persistent_login_p && [template::util::is_true $persistent_p]]]
+    
+    # Handle authentication problems
+    switch $auth_info(auth_status) {
+        ok {
+            # Continue below
+        }
+        bad_password {
+            form set_error login password $auth_info(auth_message)
+            break
+        }
+        default {
+            form set_error login username $auth_info(auth_message)
+            break
+        }
+    }
+
+
+    # Handle account status
+    switch $auth_info(account_status) {
+        ok {
+            # Continue below
+        }
+        default {
+            # Display the message on a separate page
+            set page_title "Login denied"
+            set context [list [list "." [_ acs-subsite.Log_In]] "Login denied"]
+            set message $auth_info(account_message)
+            ad_return_template "display-message"
+            break
+        }
+    }
+} -after_submit {
+
+    # We're logged in
+
+    # Handle account_message
+    if { [exists_and_not_null auth_info(account_message)] } {
+        set page_title "Logged In"
+        set context [list [list "." [_ acs-subsite.Log_In]] "Logged in"]
+        set message $auth_info(account_message)
+        set continue_url $return_url
+        set continue_label "Continue working with [ad_system_name]"
+        ad_return_template "display-message"
+        return    
+    } else {
+        # No message
+        ad_returnredirect $return_url
+        ad_script_abort
+   }
+}