LDAPAccountManager/lam/templates/login.php

611 lines
22 KiB
PHP
Raw Normal View History

<?php
2017-03-06 18:32:30 +00:00
namespace LAM\LOGIN;
2017-02-11 18:39:05 +00:00
use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
2017-03-06 18:32:30 +00:00
use \LAMConfig;
use \LAMCfgMain;
use \htmlSpacer;
use \htmlOutputText;
use \htmlSelect;
use \htmlInputField;
use \htmlGroup;
use \htmlInputCheckbox;
use \htmlButton;
use \htmlStatusMessage;
use \Ldap;
2017-10-31 14:22:34 +00:00
use \htmlResponsiveRow;
use \htmlDiv;
2003-03-13 19:48:49 +00:00
/*
$Id$
2009-10-27 18:47:12 +00:00
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
2006-03-03 17:30:35 +00:00
Copyright (C) 2003 - 2006 Michael Duergner
2017-03-06 18:32:30 +00:00
2005 - 2017 Roland Gruber
2003-03-13 19:48:49 +00:00
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
2003-03-14 11:32:28 +00:00
2003-03-13 19:48:49 +00:00
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
2003-03-14 11:32:28 +00:00
2003-03-13 19:48:49 +00:00
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
2005-07-20 18:07:10 +00:00
*/
2003-03-14 11:32:28 +00:00
2005-07-20 18:07:10 +00:00
/**
* Login form of LDAP Account Manager.
*
* @author Michael Duergner
2010-01-25 16:38:36 +00:00
* @author Roland Gruber
2005-07-20 18:07:10 +00:00
* @package main
2003-03-13 19:48:49 +00:00
*/
2003-03-18 20:55:43 +00:00
2005-11-03 12:31:16 +00:00
/** status messages */
include_once("../lib/status.inc");
2008-02-21 19:24:37 +00:00
/** check environment */
include '../lib/checkEnvironment.inc';
2008-02-21 19:24:37 +00:00
2006-04-23 16:33:25 +00:00
/** security functions */
include_once("../lib/security.inc");
/** self service functions */
include_once("../lib/selfService.inc");
2005-07-20 18:07:10 +00:00
/** access to configuration options */
2016-08-21 09:16:44 +00:00
include_once("../lib/config.inc");
2017-03-06 18:32:30 +00:00
$licenseValidator = null;
2016-08-21 09:16:44 +00:00
if (isLAMProVersion()) {
include_once("../lib/env.inc");
2016-10-25 17:50:46 +00:00
$licenseValidator = new \LAM\ENV\LAMLicenseValidator();
$licenseValidator->validateAndRedirect('config/mainlogin.php?invalidLicense=1', 'config/mainlogin.php?invalidLicense=2');
2016-08-21 09:16:44 +00:00
}
2012-10-28 14:37:54 +00:00
/** Upgrade functions */
include_once("../lib/upgrade.inc");
2009-07-08 18:03:28 +00:00
// set session save path
if (strtolower(session_module_name()) == 'files') {
2010-02-06 11:50:26 +00:00
session_save_path(dirname(__FILE__) . '/../sess');
2009-07-08 18:03:28 +00:00
}
2010-02-06 11:50:26 +00:00
// start empty session and change ID for security reasons
session_start();
session_destroy();
2015-12-19 09:12:47 +00:00
session_set_cookie_params(0, '/', null, null, true);
2010-02-06 11:50:26 +00:00
session_start();
session_regenerate_id(true);
2013-01-10 18:11:29 +00:00
$profiles = getConfigProfiles();
2008-05-25 16:25:09 +00:00
// save last selected login profile
2013-07-21 10:05:16 +00:00
if (isset($_GET['useProfile'])) {
2013-01-10 18:11:29 +00:00
if (in_array($_GET['useProfile'], $profiles)) {
2015-12-19 09:12:47 +00:00
setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24, '/', null, null, true);
2010-07-30 16:08:20 +00:00
}
else {
unset($_GET['useProfile']);
}
2008-05-25 16:25:09 +00:00
}
2013-07-21 10:05:16 +00:00
// save last selected language
if (isset($_POST['language'])) {
2015-12-19 09:12:47 +00:00
setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24, '/', null, null, true);
2013-07-21 10:05:16 +00:00
}
2010-02-06 11:50:26 +00:00
// init some session variables
$default_Config = new LAMCfgMain();
$_SESSION["cfgMain"] = $default_Config;
setSSLCaCert();
2010-02-06 11:50:26 +00:00
$default_Profile = $default_Config->default;
2013-01-10 18:11:29 +00:00
if(isset($_COOKIE["lam_default_profile"]) && in_array($_COOKIE["lam_default_profile"], $profiles)) {
2010-02-06 11:50:26 +00:00
$default_Profile = $_COOKIE["lam_default_profile"];
}
// Reload loginpage after a profile change
2013-01-10 18:11:29 +00:00
if(isset($_GET['useProfile']) && in_array($_GET['useProfile'], $profiles)) {
2010-07-30 16:08:20 +00:00
logNewMessage(LOG_DEBUG, "Change server profile to " . $_GET['useProfile']);
$_SESSION['config'] = new LAMConfig($_GET['useProfile']); // Recreate the config object with the submited
2010-02-06 11:50:26 +00:00
}
// Load login page
2013-01-10 18:11:29 +00:00
elseif (!empty($default_Profile) && in_array($default_Profile, $profiles)) {
2010-02-06 11:50:26 +00:00
$_SESSION["config"] = new LAMConfig($default_Profile); // Create new Config object
}
2013-01-10 18:11:29 +00:00
else if (sizeof($profiles) > 0) {
// use first profile as fallback
$_SESSION["config"] = new LAMConfig($profiles[0]);
}
2013-01-12 11:28:43 +00:00
else {
$_SESSION["config"] = null;
}
2013-01-10 18:11:29 +00:00
2017-05-06 11:48:48 +00:00
$error_message = null;
2013-01-10 18:11:29 +00:00
if (!isset($default_Config->default) || !in_array($default_Config->default, $profiles)) {
$error_message = _('No default profile set. Please set it in the server profile configuration.');
}
2010-02-06 11:50:26 +00:00
2014-02-02 12:36:12 +00:00
$possibleLanguages = getLanguages();
$encoding = 'UTF-8';
2013-07-21 10:05:16 +00:00
if (isset($_COOKIE['lam_last_language'])) {
2014-02-02 12:36:12 +00:00
foreach ($possibleLanguages as $lang) {
if (strpos($_COOKIE['lam_last_language'], $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
2013-07-21 10:05:16 +00:00
}
elseif (!empty($_SESSION["config"])) {
2014-02-02 12:36:12 +00:00
$defaultLang = $_SESSION["config"]->get_defaultLanguage();
foreach ($possibleLanguages as $lang) {
if (strpos($defaultLang, $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
2013-01-05 16:22:58 +00:00
}
else {
2014-02-02 12:36:12 +00:00
$_SESSION['language'] = 'en_GB.utf8';
2013-01-05 16:22:58 +00:00
}
2010-02-06 11:50:26 +00:00
if (isset($_POST['language'])) {
2014-02-02 12:36:12 +00:00
foreach ($possibleLanguages as $lang) {
if (strpos($_POST['language'], $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
2010-02-06 11:50:26 +00:00
}
2014-02-02 12:36:12 +00:00
2010-02-06 11:50:26 +00:00
$_SESSION['header'] = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\n";
$_SESSION['header'] .= "<html>\n<head>\n";
2014-02-02 12:36:12 +00:00
$_SESSION['header'] .= "<meta http-equiv=\"content-type\" content=\"text/html; charset=" . $encoding . "\">\n";
2010-02-06 11:50:26 +00:00
$_SESSION['header'] .= "<meta http-equiv=\"pragma\" content=\"no-cache\">\n <meta http-equiv=\"cache-control\" content=\"no-cache\">";
/**
* Displays the login window.
*
2017-03-06 18:32:30 +00:00
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
* @param string $error_message error message to display
*/
2018-01-16 17:31:52 +00:00
function display_LoginPage($licenseValidator, $error_message) {
$config_object = $_SESSION['config'];
$cfgMain = $_SESSION["cfgMain"];
2010-01-25 16:38:36 +00:00
logNewMessage(LOG_DEBUG, "Display login page");
// generate 256 bit key and initialization vector for user/passwd-encryption
2017-04-02 17:37:06 +00:00
if(function_exists('openssl_random_pseudo_bytes') && ($cfgMain->encryptSession == 'true')) {
$key = openssl_random_pseudo_bytes(32);
$iv = openssl_random_pseudo_bytes(16);
// save both in cookie
2015-12-19 09:12:47 +00:00
setcookie("Key", base64_encode($key), 0, "/", null, null, true);
setcookie("IV", base64_encode($iv), 0, "/", null, null, true);
2003-10-02 17:54:04 +00:00
}
2015-08-02 19:16:46 +00:00
2003-07-14 21:59:09 +00:00
$profiles = getConfigProfiles();
setlanguage(); // setting correct language
echo $_SESSION["header"];
2017-11-04 10:29:38 +00:00
printHeaderContents('LDAP Account Manager', '..');
?>
</head>
2017-11-24 18:22:11 +00:00
<body class="admin">
2005-05-15 13:14:45 +00:00
<?php
2010-07-30 16:08:20 +00:00
// include all JavaScript files
2017-11-04 10:29:38 +00:00
printJsIncludes('..');
2015-08-02 19:16:46 +00:00
2012-10-28 14:37:54 +00:00
// upgrade if pdf/profiles contain single files
if (containsFiles('../config/profiles') || containsFiles('../config/pdf')) {
$result = testPermissions();
if (sizeof($result) > 0) {
StatusMessage('ERROR', 'Unable to migrate configuration files. Please allow write access to these paths:', implode('<br>', $result));
}
else {
2013-01-10 18:11:29 +00:00
upgradeConfigToServerProfileFolders($profiles);
2012-10-29 19:41:22 +00:00
StatusMessage('INFO', 'Config file migration finished.');
2012-10-28 14:37:54 +00:00
}
}
2015-08-02 19:16:46 +00:00
2016-10-25 17:50:46 +00:00
if (isLAMProVersion() && $licenseValidator->isEvaluationLicense()) {
StatusMessage('INFO', _('Evaluation Licence'));
}
2005-05-15 13:14:45 +00:00
?>
2010-07-30 16:08:20 +00:00
2010-08-31 18:05:17 +00:00
<table border=0 width="100%" class="lamHeader ui-corner-all">
<tr>
2017-11-23 17:40:04 +00:00
<td align="left" height="30" width="34%">
2017-10-31 14:22:34 +00:00
<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">
2017-12-15 15:58:54 +00:00
LAM
2017-10-31 14:22:34 +00:00
<?php
if (isLAMProVersion()) {
echo 'Pro ';
}
echo ' - ' . LAMVersion();
?>
</a>
2009-05-03 18:23:25 +00:00
</td>
2017-11-23 17:40:04 +00:00
<td align="center" height=30 width="34%">
<span class="hide-for-small">
<a href="http://www.ldap-account-manager.org/lamcms/lamPro"> <?php if (!isLAMProVersion()) { echo (_("Want more features? Get LAM Pro!"));} ?> </a>
</span>
</td>
<td align="right" height=30 width="34%">
<a class="margin-right5" href="./config/index.php"><IMG alt="configuration" src="../graphics/tools.png">&nbsp;<span class="hide-for-small"><?php echo _("LAM configuration") ?></span></a>
</td>
</tr>
</table>
2015-08-02 19:16:46 +00:00
2017-10-31 14:22:34 +00:00
<br>
2010-07-30 16:08:20 +00:00
2003-10-18 11:26:49 +00:00
<?php
2013-01-05 16:08:51 +00:00
if (!empty($config_object)) {
2013-01-05 16:22:58 +00:00
// check extensions
$extList = getRequiredExtensions();
2017-10-24 19:06:18 +00:00
foreach ($extList as $extension) {
if (!extension_loaded($extension)) {
StatusMessage("ERROR", "A required PHP extension is missing!", $extension);
2013-01-05 16:22:58 +00:00
echo "<br>";
}
}
// check TLS
2013-01-05 16:08:51 +00:00
$useTLS = $config_object->getUseTLS();
if (isset($useTLS) && ($useTLS == "yes")) {
if (!function_exists('ldap_start_tls')) {
StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!");
echo "<br>";
}
2009-05-03 17:31:39 +00:00
}
}
2013-01-12 11:28:43 +00:00
else {
StatusMessage('WARN', _('Please enter the configuration and create a server profile.'));
}
2006-05-01 08:56:40 +00:00
// check if session expired
if (isset($_GET['expired'])) {
StatusMessage("ERROR", _("Your session expired, please log in again."));
echo "<br>";
}
2010-05-28 08:48:57 +00:00
// check if main config was saved
if (isset($_GET['confMainSavedOk'])) {
StatusMessage("INFO", _("Your settings were successfully saved."));
echo "<br>";
}
2010-05-28 13:45:34 +00:00
// check if a server profile was saved
if (isset($_GET['configSaveOk'])) {
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['configSaveFile']));
echo "<br>";
}
elseif (isset($_GET['configSaveFailed'])) {
StatusMessage("ERROR", _("Cannot open config file!"), htmlspecialchars($_GET['configSaveFile']));
echo "<br>";
}
2010-08-28 13:00:12 +00:00
// check if self service was saved
if (isset($_GET['selfserviceSaveOk'])) {
2011-08-16 17:14:49 +00:00
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk']));
2010-08-28 13:00:12 +00:00
echo "<br>";
2017-02-11 21:07:38 +00:00
}
if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication."));
echo "<br>";
}
elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found."));
echo "<br>";
2010-08-28 13:00:12 +00:00
}
2013-01-05 16:08:51 +00:00
if (!empty($config_object)) {
?>
<br><br>
2015-08-02 19:16:46 +00:00
<div class="centeredTable">
2017-10-31 14:22:34 +00:00
<div class="roundedShadowBox limitWidth" style="position:relative; z-index:5;">
<table border="0" rules="none" bgcolor="white" class="ui-corner-all">
2005-01-15 12:11:03 +00:00
<tr>
2017-10-31 14:22:34 +00:00
<td class="loginLogo hide-for-small" style="border-style:none" rowspan="3">
2005-01-15 12:11:03 +00:00
</td>
2015-08-02 19:16:46 +00:00
<td style="border-style:none">
2005-01-15 12:11:03 +00:00
<form action="login.php" method="post">
<?php
2017-10-31 14:22:34 +00:00
$tabindex = 1;
$row = new htmlResponsiveRow();
$row->add(new htmlSpacer(null, '30px'), 0, 12, 12);
// user name
2017-10-31 14:22:34 +00:00
$row->addLabel(new htmlOutputText(_("User name")));
if ($config_object->getLoginMethod() == LAMConfig::LOGIN_LIST) {
$admins = $config_object->get_Admins();
$adminList = array();
2017-10-24 19:06:18 +00:00
foreach ($admins as $admin) {
$text = explode(",", $admin);
$text = explode("=", $text[0]);
if (isset($text[1])) {
2017-10-24 19:06:18 +00:00
$adminList[$text[1]] = $admin;
}
else {
2017-10-24 19:06:18 +00:00
$adminList[$text[0]] = $admin;
}
}
2013-05-25 13:24:55 +00:00
$selectedAdmin = array();
if (isset($_POST['username']) && in_array($_POST['username'], $adminList)) {
$selectedAdmin = array($_POST['username']);
}
$userSelect = new htmlSelect('username', $adminList, $selectedAdmin);
$userSelect->setHasDescriptiveElements(true);
2017-10-31 14:22:34 +00:00
$userSelect->setTransformSingleSelect(false);
2017-11-24 18:22:11 +00:00
if (empty($_COOKIE['lam_login_name'])) {
$userSelect->setCSSClasses(array('lam-initial-focus'));
}
2017-11-04 10:29:38 +00:00
$row->addField(new htmlDiv(null, $userSelect));
}
else {
if ($config_object->getHttpAuthentication() == 'true') {
2017-10-31 14:22:34 +00:00
$httpAuth = new htmlDiv(null, new htmlOutputText($_SERVER['PHP_AUTH_USER'] . '&nbsp;', false));
$httpAuth->setCSSClasses(array('text-left', 'margin3'));
$row->addField($httpAuth);
}
else {
2013-01-20 19:13:27 +00:00
$user = '';
if (isset($_COOKIE["lam_login_name"])) {
$user = $_COOKIE["lam_login_name"];
}
2017-11-24 18:22:11 +00:00
$userNameInput = new htmlInputField('username', $user);
if (empty($_COOKIE['lam_login_name'])) {
$userNameInput->setCSSClasses(array('lam-initial-focus'));
}
$userInput = new htmlDiv(null, $userNameInput);
2017-10-31 14:22:34 +00:00
$row->addField($userInput);
}
}
// password
2017-10-31 14:22:34 +00:00
$row->addLabel(new \htmlOutputText(_("Password")));
if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($config_object->getHttpAuthentication() == 'true')) {
2017-10-31 14:22:34 +00:00
$passwordInputFake = new htmlDiv(null, new htmlOutputText('**********'));
$passwordInputFake->setCSSClasses(array('text-left', 'margin3'));
$row->addField($passwordInputFake);
}
else {
$passwordInput = new htmlInputField('passwd');
$passwordInput->setIsPassword(true);
2017-11-24 18:22:11 +00:00
if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !empty($_COOKIE['lam_login_name'])) {
$passwordInput->setCSSClasses(array('lam-initial-focus'));
}
2017-10-31 14:22:34 +00:00
$row->addField($passwordInput);
}
// language
2017-10-31 14:22:34 +00:00
$row->addLabel(new htmlOutputText(_("Language")));
2014-02-02 12:36:12 +00:00
$possibleLanguages = getLanguages();
$languageList = array();
$defaultLanguage = array();
2014-02-02 12:36:12 +00:00
foreach ($possibleLanguages as $lang) {
$languageList[$lang->description] = $lang->code;
if (strpos(trim($_SESSION["language"]), $lang->code) === 0) {
$defaultLanguage[] = $lang->code;
}
}
$languageSelect = new htmlSelect('language', $languageList, $defaultLanguage);
$languageSelect->setHasDescriptiveElements(true);
2017-10-31 14:22:34 +00:00
$row->addField($languageSelect, true);
2013-01-20 19:13:27 +00:00
// remember login user
if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !($config_object->getHttpAuthentication() == 'true')) {
2017-10-31 14:22:34 +00:00
$row->add(new htmlOutputText('&nbsp;', false), 0, 6, 6);
2013-01-20 19:13:27 +00:00
$rememberGroup = new htmlGroup();
$doRemember = false;
if (isset($_COOKIE["lam_login_name"])) {
$doRemember = true;
}
$rememberGroup->addElement(new htmlInputCheckbox('rememberLogin', $doRemember));
$rememberGroup->addElement(new htmlSpacer('1px', null));
$rememberGroup->addElement(new htmlOutputText(_('Remember user name')));
2017-10-31 14:22:34 +00:00
$rememberDiv = new htmlDiv(null, $rememberGroup);
$rememberDiv->setCSSClasses(array('text-left', 'margin3'));
$row->add($rememberDiv, 12, 6, 6);
2013-01-20 19:13:27 +00:00
}
// login button
2017-10-31 14:22:34 +00:00
$row->add(new htmlSpacer(null, '20px'), 12);
$row->add(new htmlButton('checklogin', _("Login")), 12);
// error message
2017-03-06 18:32:30 +00:00
if(!empty($error_message)) {
2017-10-31 14:22:34 +00:00
$row->add(new \htmlSpacer(null, '5px'), 12);
$message = new htmlStatusMessage('ERROR', $error_message);
$message->colspan = 3;
2017-10-31 14:22:34 +00:00
$row->add($message, 12);
}
2015-08-02 19:16:46 +00:00
2017-10-31 14:22:34 +00:00
parseHtml(null, $row, array(), false, $tabindex, 'user');
?>
2005-01-15 12:11:03 +00:00
</form>
2004-02-16 17:02:01 +00:00
</td>
2017-10-31 14:22:34 +00:00
<td class="loginRightBox hide-for-small" style="border-style:none">
</td>
</tr>
<tr>
<td colspan="2" style="border-style:none;">
<hr class="margin20">
</td>
2005-01-15 12:11:03 +00:00
</tr>
<tr>
2017-10-31 14:22:34 +00:00
<td style="border-style:none;">
2005-01-15 12:11:03 +00:00
<form action="login.php" method="post">
<?php
2017-10-31 14:22:34 +00:00
$row = new htmlResponsiveRow();
$row->addLabel(new htmlOutputText(_("LDAP server")));
$serverUrl = new htmlOutputText($config_object->getServerDisplayNameGUI());
$serverUrlDiv = new htmlDiv(null, $serverUrl);
$serverUrlDiv->setCSSClasses(array('text-left', 'margin3'));
$row->addField($serverUrlDiv);
$row->addLabel(new htmlOutputText(_("Server profile")));
$profileSelect = new htmlSelect('profile', $profiles, array($_SESSION['config']->getName()));
$profileSelect->setOnchangeEvent('loginProfileChanged(this)');
2017-10-31 14:22:34 +00:00
$row->addField($profileSelect);
2017-10-31 14:22:34 +00:00
parseHtml(null, $row, array(), true, $tabindex, 'user');
?>
2005-01-15 12:11:03 +00:00
</form>
2004-02-16 17:02:01 +00:00
</td>
2017-10-31 14:22:34 +00:00
<td class="loginRightBox hide-for-small" style="border-style:none">
</td>
2005-01-15 12:11:03 +00:00
</tr>
</table>
2008-07-30 20:34:19 +00:00
</div>
2015-08-02 19:16:46 +00:00
</div>
2013-01-05 16:08:51 +00:00
<?php
}
?>
<br><br>
2017-10-31 14:22:34 +00:00
<?PHP
if (isLAMProVersion() && $licenseValidator->isExpiringSoon()) {
$licenseMessage = sprintf(_('Your licence expires on %s.'), $licenseValidator->getLicense()->getExpirationDate()->format('Y-m-d'));
StatusMessage('WARN', $licenseMessage);
}
?>
<br><br>
</body>
</html>
<?php
}
2003-03-14 11:32:28 +00:00
// checking if the submitted username/password is correct.
2017-10-31 14:22:34 +00:00
if(isset($_POST['checklogin'])) {
include_once("../lib/ldap.inc"); // Include ldap.php which provides Ldap class
2003-08-13 19:21:36 +00:00
$_SESSION['ldap'] = new Ldap($_SESSION['config']); // Create new Ldap object
2015-08-02 19:16:46 +00:00
2011-08-23 19:05:05 +00:00
$clientSource = $_SERVER['REMOTE_ADDR'];
if (isset($_SERVER['REMOTE_HOST'])) {
$clientSource .= '/' . $_SERVER['REMOTE_HOST'];
}
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
2003-03-14 11:32:28 +00:00
}
2009-05-03 15:40:14 +00:00
else {
2013-01-20 19:13:27 +00:00
if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
2015-12-19 09:12:47 +00:00
setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365, '/', null, null, true);
2013-01-20 19:13:27 +00:00
}
2013-01-20 19:28:14 +00:00
else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
2015-12-19 09:12:47 +00:00
setcookie('lam_login_name', '', time() + 60*60*24*365, '/', null, null, true);
2013-01-20 19:13:27 +00:00
}
2011-08-23 19:05:05 +00:00
if($_POST['passwd'] == "") {
logNewMessage(LOG_DEBUG, "Empty password for login");
$error_message = _("Empty password submitted. Please try again.");
2018-01-16 17:31:52 +00:00
display_LoginPage($licenseValidator, $error_message); // Empty password submitted. Return to login page.
2011-08-23 19:05:05 +00:00
exit();
2010-05-07 19:12:06 +00:00
}
2009-03-07 18:17:57 +00:00
$username = $_POST['username'];
2011-08-23 19:05:05 +00:00
$password = $_POST['passwd'];
}
// search user in LDAP if needed
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
2011-12-03 19:02:28 +00:00
$searchDN = '';
$searchPassword = '';
2017-09-18 17:39:08 +00:00
if (!empty($_SESSION['config']->getLoginSearchDN())) {
2011-12-03 19:02:28 +00:00
$searchDN = $_SESSION['config']->getLoginSearchDN();
$searchPassword = $_SESSION['config']->getLoginSearchPassword();
}
2011-08-23 19:05:05 +00:00
$searchSuccess = true;
$searchError = '';
$searchLDAP = new Ldap($_SESSION['config']);
2011-12-03 19:02:28 +00:00
$searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
2011-08-23 19:05:05 +00:00
if (! ($searchLDAPResult == 0)) {
$searchSuccess = false;
2013-10-16 17:37:17 +00:00
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . getDefaultLDAPErrorString($searchLDAP->server());
2011-08-23 19:05:05 +00:00
}
else {
2017-10-24 18:48:34 +00:00
$searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
2011-08-23 19:05:05 +00:00
if ($searchResult) {
2017-10-24 18:48:34 +00:00
$searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
2011-08-23 19:05:05 +00:00
if ($searchInfo) {
cleanLDAPResult($searchInfo);
if (sizeof($searchInfo) == 0) {
$searchSuccess = false;
$searchError = _('Wrong password/user name combination. Please try again.');
2009-03-07 18:17:57 +00:00
}
2011-08-23 19:05:05 +00:00
elseif (sizeof($searchInfo) > 1) {
2009-11-03 20:57:53 +00:00
$searchSuccess = false;
2011-08-23 19:05:05 +00:00
$searchError = _('The given user name matches multiple LDAP entries.');
}
else {
$username = $searchInfo[0]['dn'];
2009-03-07 18:17:57 +00:00
}
}
else {
$searchSuccess = false;
2009-11-03 20:57:53 +00:00
$searchError = _('Unable to find the user name in LDAP.');
2013-10-16 17:37:17 +00:00
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
2009-03-07 18:17:57 +00:00
}
}
2011-08-23 19:05:05 +00:00
else {
$searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.');
2013-10-16 17:37:17 +00:00
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
2009-03-07 18:17:57 +00:00
}
2011-08-23 19:05:05 +00:00
}
if (!$searchSuccess) {
$error_message = $searchError;
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
2009-03-07 18:17:57 +00:00
$searchLDAP->close();
2018-01-16 17:31:52 +00:00
display_LoginPage($licenseValidator, $error_message);
2011-08-23 19:05:05 +00:00
exit();
}
$searchLDAP->close();
}
// try to connect to LDAP
$result = $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifing username/password
if($result === 0) {// Username/password correct. Do some configuration and load main frame.
$_SESSION['loggedIn'] = true;
// set security settings for session
$_SESSION['sec_session_id'] = session_id();
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['sec_sessionTime'] = time();
2015-05-14 09:18:45 +00:00
addSecurityTokenToSession();
2011-08-23 19:05:05 +00:00
// logging
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
2017-02-11 18:39:05 +00:00
// Load main frame or 2 factor page
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
metaRefresh("./main.php");
}
else {
$_SESSION['2factorRequired'] = true;
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
}
else {
$_SESSION['user2factor'] = $_POST['username'];
}
metaRefresh("./login2Factor.php");
}
2011-08-23 19:05:05 +00:00
die();
}
else {
if ($result === False) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
}
elseif ($result == 81) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
2009-03-07 18:17:57 +00:00
}
2011-08-23 19:05:05 +00:00
elseif ($result == 49) {
// user name/password invalid. Return to login page.
$error_message = _("Wrong password/user name combination. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (wrong password).');
2003-03-15 12:13:49 +00:00
}
2009-03-07 18:17:57 +00:00
else {
2011-08-23 19:05:05 +00:00
// other errors
$error_message = _("LDAP error, server says:") . "\n<br>($result) " . ldap_err2str($result);
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
2003-03-15 12:13:49 +00:00
}
2018-01-16 17:31:52 +00:00
display_LoginPage($licenseValidator, $error_message);
2011-08-23 19:05:05 +00:00
exit();
2003-03-14 11:32:28 +00:00
}
}
2012-10-28 14:37:54 +00:00
//displays the login window
2018-01-16 17:31:52 +00:00
display_LoginPage($licenseValidator, $error_message);
?>