LDAPAccountManager/lam/templates/login2Factor.php

<?php
namespace LAM\LOGIN;
use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
use \htmlResponsiveRow;
use \htmlGroup;
use \htmlOutputText;
use \htmlSpacer;
use \htmlSelect;
use \htmlInputField;
use \htmlButton;
/*
$Id$

  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
  Copyright (C) 2017  Roland Gruber

  This program is free software; you can redistribute it and/or modify
  it under the terms of the GNU General Public License as published by
  the Free Software Foundation; either version 2 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU General Public License for more details.

  You should have received a copy of the GNU General Public License
  along with this program; if not, write to the Free Software
  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA

*/

/**
* This page redirects to the correct start page after checking 2nd factor.
*
* @package main
* @author Roland Gruber
*/

/** config object */
include_once '../lib/config.inc';

// start session
startSecureSession();

setlanguage();

$config = $_SESSION['config'];
$ldap = $_SESSION['ldap'];
$credentials = $ldap->decrypt_login();
$password = $credentials[1];
$user = $_SESSION['user2factor'];
if (get_preg($user, 'dn')) {
	$user = extractRDNValue($user);
}

// get serials
try {
	$service = new TwoFactorProviderService($config);
	$provider = $service->getProvider();
	$serials = $provider->getSerials($user, $password);
}
catch (\Exception $e) {
	logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());
	metaRefresh("login.php?2factor=error");
	die();
}

$twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel();
$twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig;

if (sizeof($serials) == 0) {
	if ($config->getTwoFactorAuthenticationOptional()) {
		unset($_SESSION['2factorRequired']);
		unset($_SESSION['user2factor']);
		metaRefresh("main.php");
		die();
	}
	else {
		metaRefresh("login.php?2factor=noToken");
		die();
	}
}

if (isset($_POST['logout'])) {
	// destroy session
	session_destroy();
	unset($_SESSION);
	// redirect to login page
	metaRefresh("login.php");
	exit();
}

if (isset($_POST['submit'])) {
	$twoFactorInput = $_POST['2factor'];
	$serial = $_POST['serial'];
	if (empty($twoFactorInput) || !in_array($serial, $serials)) {
		$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));
	}
	else {
		$twoFactorValid = false;
		try {
			$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);
		}
		catch (\Exception $e) {
			logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());
		}
		if ($twoFactorValid) {
			unset($_SESSION['2factorRequired']);
			unset($_SESSION['user2factor']);
			metaRefresh("main.php");
			die();
		}
		else {
			$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));
		}
	}
}

?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html class="no-js">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="pragma" content="no-cache">
		<meta http-equiv="cache-control" content="no-cache">
	<title><?php echo _("Login"); ?></title>
	<link rel="stylesheet" type="text/css" href="../style/responsive/105_normalize.css">
	<link rel="stylesheet" type="text/css" href="../style/responsive/110_foundation.css">
	<link rel="stylesheet" type="text/css" href="../style/responsive/120_lam.css">
	<?php
		// include all CSS files
		$cssDirName = dirname(__FILE__) . '/../style';
		$cssDir = dir($cssDirName);
		$cssFiles = array();
		$cssEntry = $cssDir->read();
		while ($cssEntry !== false) {
			if (substr($cssEntry, strlen($cssEntry) - 4, 4) == '.css') {
				$cssFiles[] = $cssEntry;
			}
			$cssEntry = $cssDir->read();
		}
		sort($cssFiles);
		foreach ($cssFiles as $cssEntry) {
			echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../style/" . $cssEntry . "\">\n";
		}
	?>
</head>
<body class="admin">
<?php

// include all JavaScript files
$jsDirName = dirname(__FILE__) . '/lib';
$jsDir = dir($jsDirName);
$jsFiles = array();
while ($jsEntry = $jsDir->read()) {
	if (substr($jsEntry, strlen($jsEntry) - 3, 3) != '.js') continue;
	$jsFiles[] = $jsEntry;
}
sort($jsFiles);
foreach ($jsFiles as $jsEntry) {
	echo "<script type=\"text/javascript\" src=\"lib/" . $jsEntry . "\"></script>\n";
}
?>

	<table border=0 width="100%" class="lamHeader ui-corner-all">
		<tr>
			<td align="left" height="30">
				<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>
			</td>
		<td align="right" height=20>
		</td>
		</tr>
	</table>

	<br><br>

	<form enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">
<?php
echo $config->getTwoFactorAuthenticationCaption();

?>
	<div class="centeredTable">
	<div class="roundedShadowBox limitWidth">
<?php

	$group = new htmlGroup();
	$row = new htmlResponsiveRow();
	// error
	if (!empty($errorMessage)) {
		$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);
		$row->add(new htmlSpacer('1em', '1em'), 12);
	}
	// serial
	$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');
	$serialSelect = new htmlSelect('serial', $serials);
	$row->add($serialSelect, 12);
	// token
	$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');
	$twoFactorInput = new htmlInputField('2factor', '');
	$twoFactorInput->setFieldSize(null);
	$twoFactorInput->setIsPassword(true);
	$row->add($twoFactorInput, 12);
	$row->add(new htmlSpacer('1em', '1em'), 12);
	$submit = new htmlButton('submit', _("Submit"));
	$submit->setCSSClasses(array('fullwidth'));
	$row->add($submit, 12, 12, 12, 'fullwidth');
	$row->add(new htmlSpacer('0.5em', '0.5em'), 12);
	$logout = new htmlButton('logout', _("Cancel"));
	$logout->setCSSClasses(array('fullwidth'));
	$row->add($logout, 12);
	$group->addElement($row);

	$tabindex = 1;
	addSecurityTokenToMetaHTML($group);
	parseHtml(null, $group, array(), false, $tabindex, 'user');

?>
	</div>
	</div>
	</form>
	<br><br>

	<script type="text/javascript">
		$(document).foundation();
		myElement = document.getElementsByName('2factor')[0];
		myElement.focus();
	</script>
</body>
</html>
2-factor 2017-02-11 21:07:38 +00:00			`<?php`
			`namespace LAM\LOGIN;`
			`use \LAM\LIB\TWO_FACTOR\TwoFactorProviderService;`
			`use \htmlResponsiveRow;`
			`use \htmlGroup;`
			`use \htmlOutputText;`
			`use \htmlSpacer;`
			`use \htmlSelect;`
			`use \htmlInputField;`
			`use \htmlButton;`
			`/*`
			$Id$

			`This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)`
			`Copyright (C) 2017 Roland Gruber`

			`This program is free software; you can redistribute it and/or modify`
			`it under the terms of the GNU General Public License as published by`
			`the Free Software Foundation; either version 2 of the License, or`
			`(at your option) any later version.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`GNU General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; if not, write to the Free Software`
			`Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA`

			`*/`

			`/**`
			`* This page redirects to the correct start page after checking 2nd factor.`
			`*`
			`* @package main`
			`* @author Roland Gruber`
			`*/`

			`/** config object */`
			`include_once '../lib/config.inc';`

			`// start session`
			`startSecureSession();`

			`setlanguage();`

			`$config = $_SESSION['config'];`
			`$ldap = $_SESSION['ldap'];`
			`$credentials = $ldap->decrypt_login();`
			`$password = $credentials[1];`
			`$user = $_SESSION['user2factor'];`
			`if (get_preg($user, 'dn')) {`
			`$user = extractRDNValue($user);`
			`}`

			`// get serials`
			`try {`
			`$service = new TwoFactorProviderService($config);`
			`$provider = $service->getProvider();`
			`$serials = $provider->getSerials($user, $password);`
			`}`
			`catch (\Exception $e) {`
			`logNewMessage(LOG_ERR, 'Unable to get 2-factor serials for ' . $user . ' ' . $e->getMessage());`
			`metaRefresh("login.php?2factor=error");`
			`die();`
			`}`

fixed issues with empty (#26) 2017-03-08 16:19:44 +00:00			`$twoFactorLabelConfig = $config->getTwoFactorAuthenticationLabel();`
			`$twoFactorLabel = empty($twoFactorLabelConfig) ? _('PIN+Token') : $twoFactorLabelConfig;`
2-factor 2017-02-11 21:07:38 +00:00
			`if (sizeof($serials) == 0) {`
			`if ($config->getTwoFactorAuthenticationOptional()) {`
			`unset($_SESSION['2factorRequired']);`
			`unset($_SESSION['user2factor']);`
			`metaRefresh("main.php");`
			`die();`
			`}`
			`else {`
			`metaRefresh("login.php?2factor=noToken");`
			`die();`
			`}`
			`}`

			`if (isset($_POST['logout'])) {`
			`// destroy session`
			`session_destroy();`
			`unset($_SESSION);`
			`// redirect to login page`
			`metaRefresh("login.php");`
			`exit();`
			`}`

			`if (isset($_POST['submit'])) {`
			`$twoFactorInput = $_POST['2factor'];`
			`$serial = $_POST['serial'];`
			`if (empty($twoFactorInput) \|\| !in_array($serial, $serials)) {`
			`$errorMessage = _(sprintf('Please enter "%s".', $twoFactorLabel));`
			`}`
			`else {`
			`$twoFactorValid = false;`
			`try {`
			`$twoFactorValid = $provider->verify2ndFactor($user, $password, $serial, $twoFactorInput);`
			`}`
			`catch (\Exception $e) {`
			`logNewMessage(LOG_WARNING, '2-factor verification failed: ' . $e->getMessage());`
			`}`
			`if ($twoFactorValid) {`
			`unset($_SESSION['2factorRequired']);`
			`unset($_SESSION['user2factor']);`
			`metaRefresh("main.php");`
			`die();`
			`}`
			`else {`
			`$errorMessage = _(sprintf('Verification failed.', $twoFactorLabel));`
			`}`
			`}`
			`}`

			`?>`
			`<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">`
			`<html class="no-js">`
			`<head>`
			`<meta http-equiv="content-type" content="text/html; charset=UTF-8">`
			`<meta name="viewport" content="width=device-width, initial-scale=1.0">`
			`<meta http-equiv="pragma" content="no-cache">`
			`<meta http-equiv="cache-control" content="no-cache">`
			`<title><?php echo _("Login"); ?></title>`
			`<link rel="stylesheet" type="text/css" href="../style/responsive/105_normalize.css">`
			`<link rel="stylesheet" type="text/css" href="../style/responsive/110_foundation.css">`
moved responsive CSS classes to separate file 2017-11-01 12:55:02 +00:00			`<link rel="stylesheet" type="text/css" href="../style/responsive/120_lam.css">`
2-factor 2017-02-11 21:07:38 +00:00			`<?php`
			`// include all CSS files`
			`$cssDirName = dirname(__FILE__) . '/../style';`
			`$cssDir = dir($cssDirName);`
			`$cssFiles = array();`
			`$cssEntry = $cssDir->read();`
			`while ($cssEntry !== false) {`
			`if (substr($cssEntry, strlen($cssEntry) - 4, 4) == '.css') {`
			`$cssFiles[] = $cssEntry;`
			`}`
			`$cssEntry = $cssDir->read();`
			`}`
			`sort($cssFiles);`
			`foreach ($cssFiles as $cssEntry) {`
			`echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"../style/" . $cssEntry . "\">\n";`
			`}`
			`?>`
			`</head>`
			`<body class="admin">`
			`<?php`

			`// include all JavaScript files`
			`$jsDirName = dirname(__FILE__) . '/lib';`
			`$jsDir = dir($jsDirName);`
			`$jsFiles = array();`
			`while ($jsEntry = $jsDir->read()) {`
			`if (substr($jsEntry, strlen($jsEntry) - 3, 3) != '.js') continue;`
			`$jsFiles[] = $jsEntry;`
			`}`
			`sort($jsFiles);`
			`foreach ($jsFiles as $jsEntry) {`
			`echo "<script type=\"text/javascript\" src=\"lib/" . $jsEntry . "\"></script>\n";`
			`}`
			`?>`

			`<table border=0 width="100%" class="lamHeader ui-corner-all">`
			`<tr>`
			`<td align="left" height="30">`
			`<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">LDAP Account Manager</a>`
			`</td>`
			`<td align="right" height=20>`
			`</td>`
			`</tr>`
			`</table>`

			`<br><br>`

			`<form enctype="multipart/form-data" action="login2Factor.php" method="post" autocomplete="off">`
			`<?php`
			`echo $config->getTwoFactorAuthenticationCaption();`

			`?>`
			`<div class="centeredTable">`
			`<div class="roundedShadowBox limitWidth">`
			`<?php`

			`$group = new htmlGroup();`
			`$row = new htmlResponsiveRow();`
			`// error`
			`if (!empty($errorMessage)) {`
			`$row->add(new \htmlStatusMessage('ERROR', $errorMessage), 12);`
			`$row->add(new htmlSpacer('1em', '1em'), 12);`
			`}`
			`// serial`
			`$row->add(new htmlOutputText(_('Serial number')), 12, 12, 12, 'text-left');`
			`$serialSelect = new htmlSelect('serial', $serials);`
			`$row->add($serialSelect, 12);`
			`// token`
			`$row->add(new htmlOutputText($twoFactorLabel), 12, 12, 12, 'text-left');`
			`$twoFactorInput = new htmlInputField('2factor', '');`
			`$twoFactorInput->setFieldSize(null);`
			`$twoFactorInput->setIsPassword(true);`
			`$row->add($twoFactorInput, 12);`
			`$row->add(new htmlSpacer('1em', '1em'), 12);`
			`$submit = new htmlButton('submit', _("Submit"));`
			`$submit->setCSSClasses(array('fullwidth'));`
			`$row->add($submit, 12, 12, 12, 'fullwidth');`
			`$row->add(new htmlSpacer('0.5em', '0.5em'), 12);`
			`$logout = new htmlButton('logout', _("Cancel"));`
			`$logout->setCSSClasses(array('fullwidth'));`
			`$row->add($logout, 12);`
			`$group->addElement($row);`

			`$tabindex = 1;`
			`addSecurityTokenToMetaHTML($group);`
			`parseHtml(null, $group, array(), false, $tabindex, 'user');`

			`?>`
			`</div>`
			`</div>`
			`</form>`
			`<br><br>`

			`<script type="text/javascript">`
			`$(document).foundation();`
			`myElement = document.getElementsByName('2factor')[0];`
			`myElement.focus();`
			`</script>`
			`</body>`
			`</html>`