2017-02-11 21:07:38 +00:00
|
|
|
<?php
|
|
|
|
namespace LAM\LOGIN;
|
|
|
|
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
|
|
|
|
use \htmlResponsiveRow;
|
|
|
|
use \htmlGroup;
|
|
|
|
use \htmlOutputText;
|
|
|
|
use \htmlSpacer;
|
|
|
|
use \htmlSelect;
|
|
|
|
use \htmlInputField;
|
|
|
|
use \htmlButton;
|
|
|
|
/*
|
|
|
|
$Id$
|
|
|
|
|
|
|
|
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
|
|
|
|
Copyright (C) 2017 Roland Gruber
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
|
|
it under the terms of the GNU General Public License as published by
|
|
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
GNU General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; if not, write to the Free Software
|
|
|
|
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
|
|
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This page redirects to the correct start page after checking 2nd factor.
|
|
|
|
*
|
|
|
|
* @package main
|
|
|
|
* @author Roland Gruber
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** config object */
|
|
|
|
include_once '../lib/config.inc';
|
|
|
|
|
|
|
|
// start session
|
|
|
|
startSecureSession();
|
|
|
|
|
|
|
|
setlanguage();
|
|
|
|
|
|
|
|
$config = $_SESSION['config'];
|
|
|
|
$ldap = $_SESSION['ldap'];
|
|
|
|
$credentials = $ldap->decrypt_login();
|
|
|
|
$password = $credentials[1];
|
|
|
|
$user = $_SESSION['user2factor'];
|
|
|
|
if (get_preg($user, 'dn')) {
|
|
|
|
$user = extractRDNValue($user);
|
|
|
|
}
|
|
|
|
|
|
|
|
// get serials
|
|
|
|
try {
|
|
|
|
$service = new TwoFactorProviderService($config);
|
|
|
|
$provider = $service->getProvider();
|
|
|
|
$serials = $provider->getSerials($user, $password);
|
|
|
|
}
|
|
|
|
catch (\Exception $e) {
|
|
|
|
logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());
|
|
|
|
metaRefresh("login.php?2factor=error");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
|
2017-03-08 16:19:44 +00:00
|
|
|
$twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel();
|
|
|
|
$twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig;
|
2017-02-11 21:07:38 +00:00
|
|
|
|
|
|
|
if (sizeof($serials) == 0) {
|
|
|
|
if ($config->getTwoFactorAuthenticationOptional()) {
|
|
|
|
unset($_SESSION['2factorRequired']);
|
|
|
|
unset($_SESSION['user2factor']);
|
|
|
|
metaRefresh("main.php");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
metaRefresh("login.php?2factor=noToken");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST['logout'])) {
|
|
|
|
// destroy session
|
|
|
|
session_destroy();
|
|
|
|
unset($_SESSION);
|
|
|
|
// redirect to login page
|
|
|
|
metaRefresh("login.php");
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (isset($_POST['submit'])) {
|
|
|
|
$twoFactorInput = $_POST['2factor'];
|
|
|
|
$serial = $_POST['serial'];
|
|
|
|
if (empty($twoFactorInput) || !in_array($serial, $serials)) {
|
|
|
|
$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$twoFactorValid = false;
|
|
|
|
try {
|
|
|
|
$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);
|
|
|
|
}
|
|
|
|
catch (\Exception $e) {
|
|
|
|
logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());
|
|
|
|
}
|
|
|
|
if ($twoFactorValid) {
|
|
|
|
unset($_SESSION['2factorRequired']);
|
|
|
|
unset($_SESSION['user2factor']);
|
|
|
|
metaRefresh("main.php");
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2017-11-04 10:29:38 +00:00
|
|
|
echo $_SESSION['header'];
|
|
|
|
printHeaderContents(_("Login"), '..');
|
2017-02-11 21:07:38 +00:00
|
|
|
?>
|
|
|
|
</head>
|
|
|
|
<body class="admin">
|
|
|
|
<?php
|
|
|
|
|
|
|
|
// include all JavaScript files
|
2017-11-04 10:29:38 +00:00
|
|
|
printJsIncludes('..');
|
2017-02-11 21:07:38 +00:00
|
|
|
?>
|
|
|
|
|
|
|
|
<table border=0 width="100%" class="lamHeader ui-corner-all">
|
|
|
|
<tr>
|
|
|
|
<td align="left" height="30">
|
|
|
|
<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>
|
|
|
|
</td>
|
|
|
|
<td align="right" height=20>
|
|
|
|
</td>
|
|
|
|
</tr>
|
|
|
|
</table>
|
|
|
|
|
|
|
|
<br><br>
|
|
|
|
|
|
|
|
<form enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">
|
|
|
|
<?php
|
|
|
|
echo $config->getTwoFactorAuthenticationCaption();
|
|
|
|
|
|
|
|
?>
|
|
|
|
<div class="centeredTable">
|
|
|
|
<div class="roundedShadowBox limitWidth">
|
|
|
|
<?php
|
|
|
|
|
|
|
|
$group = new htmlGroup();
|
|
|
|
$row = new htmlResponsiveRow();
|
|
|
|
// error
|
|
|
|
if (!empty($errorMessage)) {
|
|
|
|
$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);
|
|
|
|
$row->add(new htmlSpacer('1em', '1em'), 12);
|
|
|
|
}
|
|
|
|
// serial
|
|
|
|
$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');
|
|
|
|
$serialSelect = new htmlSelect('serial', $serials);
|
|
|
|
$row->add($serialSelect, 12);
|
|
|
|
// token
|
|
|
|
$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');
|
|
|
|
$twoFactorInput = new htmlInputField('2factor', '');
|
|
|
|
$twoFactorInput->setFieldSize(null);
|
|
|
|
$twoFactorInput->setIsPassword(true);
|
|
|
|
$row->add($twoFactorInput, 12);
|
|
|
|
$row->add(new htmlSpacer('1em', '1em'), 12);
|
|
|
|
$submit = new htmlButton('submit', _("Submit"));
|
|
|
|
$submit->setCSSClasses(array('fullwidth'));
|
|
|
|
$row->add($submit, 12, 12, 12, 'fullwidth');
|
|
|
|
$row->add(new htmlSpacer('0.5em', '0.5em'), 12);
|
|
|
|
$logout = new htmlButton('logout', _("Cancel"));
|
|
|
|
$logout->setCSSClasses(array('fullwidth'));
|
|
|
|
$row->add($logout, 12);
|
|
|
|
$group->addElement($row);
|
|
|
|
|
|
|
|
$tabindex = 1;
|
|
|
|
addSecurityTokenToMetaHTML($group);
|
|
|
|
parseHtml(null, $group, array(), false, $tabindex, 'user');
|
|
|
|
|
|
|
|
?>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
|
|
</form>
|
|
|
|
<br><br>
|
|
|
|
|
|
|
|
<script type="text/javascript">
|
|
|
|
myElement = document.getElementsByName('2factor')[0];
|
|
|
|
myElement.focus();
|
|
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|