validateAndRedirect('config/mainlogin.php?invalidLicense=1', 'config/mainlogin.php?invalidLicense=2');
}
/** Upgrade functions */
include_once("../lib/upgrade.inc");
// set session save path
if (strtolower(session_module_name()) == 'files') {
session_save_path(dirname(__FILE__) . '/../sess');
}
// start empty session and change ID for security reasons
session_start();
session_destroy();
session_set_cookie_params(0, '/', null, null, true);
session_start();
session_regenerate_id(true);
$profiles = getConfigProfiles();
// save last selected login profile
if (isset($_GET['useProfile'])) {
if (in_array($_GET['useProfile'], $profiles)) {
setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24, '/', null, null, true);
}
else {
unset($_GET['useProfile']);
}
}
// save last selected language
if (isset($_POST['language'])) {
setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24, '/', null, null, true);
}
// init some session variables
$default_Config = new LAMCfgMain();
$_SESSION["cfgMain"] = $default_Config;
setSSLCaCert();
$default_Profile = $default_Config->default;
if(isset($_COOKIE["lam_default_profile"]) && in_array($_COOKIE["lam_default_profile"], $profiles)) {
$default_Profile = $_COOKIE["lam_default_profile"];
}
// Reload loginpage after a profile change
if(isset($_GET['useProfile']) && in_array($_GET['useProfile'], $profiles)) {
logNewMessage(LOG_DEBUG, "Change server profile to " . $_GET['useProfile']);
$_SESSION['config'] = new LAMConfig($_GET['useProfile']); // Recreate the config object with the submited
}
// Load login page
elseif (!empty($default_Profile) && in_array($default_Profile, $profiles)) {
$_SESSION["config"] = new LAMConfig($default_Profile); // Create new Config object
}
else if (sizeof($profiles) > 0) {
// use first profile as fallback
$_SESSION["config"] = new LAMConfig($profiles[0]);
}
else {
$_SESSION["config"] = null;
}
$error_message = null;
if (!isset($default_Config->default) || !in_array($default_Config->default, $profiles)) {
$error_message = _('No default profile set. Please set it in the server profile configuration.');
}
$possibleLanguages = getLanguages();
$encoding = 'UTF-8';
if (isset($_COOKIE['lam_last_language'])) {
foreach ($possibleLanguages as $lang) {
if (strpos($_COOKIE['lam_last_language'], $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
}
elseif (!empty($_SESSION["config"])) {
$defaultLang = $_SESSION["config"]->get_defaultLanguage();
foreach ($possibleLanguages as $lang) {
if (strpos($defaultLang, $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
}
else {
$_SESSION['language'] = 'en_GB.utf8';
}
if (isset($_POST['language'])) {
foreach ($possibleLanguages as $lang) {
if (strpos($_POST['language'], $lang->code) === 0) {
$_SESSION['language'] = $lang->code;
$encoding = $lang->encoding;
break;
}
}
}
$_SESSION['header'] = "\n\n";
$_SESSION['header'] .= "\n
\n";
$_SESSION['header'] .= "\n";
$_SESSION['header'] .= "\n ";
/**
* Displays the login window.
*
* @param LAMConfig $config_object current active configuration
* @param LAMCfgMain $cfgMain main configuration
* @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
* @param string $error_message error message to display
*/
function display_LoginPage(LAMConfig $config_object, LAMCfgMain $cfgMain, $licenseValidator, $error_message) {
logNewMessage(LOG_DEBUG, "Display login page");
// generate 256 bit key and initialization vector for user/passwd-encryption
if(function_exists('openssl_random_pseudo_bytes') && ($cfgMain->encryptSession == 'true')) {
$key = openssl_random_pseudo_bytes(32);
$iv = openssl_random_pseudo_bytes(16);
// save both in cookie
setcookie("Key", base64_encode($key), 0, "/", null, null, true);
setcookie("IV", base64_encode($iv), 0, "/", null, null, true);
}
$profiles = getConfigProfiles();
setlanguage(); // setting correct language
echo $_SESSION["header"];
?>
LDAP Account Manager
read();
while ($cssEntry !== false) {
if (substr($cssEntry, strlen($cssEntry) - 4, 4) == '.css') {
$cssFiles[] = $cssEntry;
}
$cssEntry = $cssDir->read();
}
sort($cssFiles);
foreach ($cssFiles as $cssEntry) {
echo "\n";
}
?>
read()) {
if (substr($jsEntry, strlen($jsEntry) - 3, 3) != '.js') continue;
$jsFiles[] = $jsEntry;
}
sort($jsFiles);
foreach ($jsFiles as $jsEntry) {
echo "\n";
}
// upgrade if pdf/profiles contain single files
if (containsFiles('../config/profiles') || containsFiles('../config/pdf')) {
$result = testPermissions();
if (sizeof($result) > 0) {
StatusMessage('ERROR', 'Unable to migrate configuration files. Please allow write access to these paths:', implode('
', $result));
}
else {
upgradeConfigToServerProfileFolders($profiles);
StatusMessage('INFO', 'Config file migration finished.');
}
}
if (isLAMProVersion() && $licenseValidator->isEvaluationLicense()) {
StatusMessage('INFO', _('Evaluation Licence'));
}
// set focus on password field
if (!empty($config_object)) {
echo "\n";
}
?>
";
}
}
// check TLS
$useTLS = $config_object->getUseTLS();
if (isset($useTLS) && ($useTLS == "yes")) {
if (!function_exists('ldap_start_tls')) {
StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!");
echo "
";
}
}
}
else {
StatusMessage('WARN', _('Please enter the configuration and create a server profile.'));
}
// check if session expired
if (isset($_GET['expired'])) {
StatusMessage("ERROR", _("Your session expired, please log in again."));
echo "
";
}
// check if main config was saved
if (isset($_GET['confMainSavedOk'])) {
StatusMessage("INFO", _("Your settings were successfully saved."));
echo "
";
}
// check if a server profile was saved
if (isset($_GET['configSaveOk'])) {
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['configSaveFile']));
echo "
";
}
elseif (isset($_GET['configSaveFailed'])) {
StatusMessage("ERROR", _("Cannot open config file!"), htmlspecialchars($_GET['configSaveFile']));
echo "
";
}
// check if self service was saved
if (isset($_GET['selfserviceSaveOk'])) {
StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk']));
echo "
";
}
if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication."));
echo "
";
}
elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) {
StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found."));
echo "
";
}
if (!empty($config_object)) {
?>
|
" . _("Want more features? Get LAM Pro!") . "";
}
elseif ($licenseValidator->isExpiringSoon()) {
echo '';
echo sprintf(_('Your licence expires on %s.'), $licenseValidator->getLicense()->getExpirationDate()->format('Y-m-d'));
echo '';
}
?>
|
|
getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$username = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
}
else {
if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365, '/', null, null, true);
}
else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
setcookie('lam_login_name', '', time() + 60*60*24*365, '/', null, null, true);
}
if($_POST['passwd'] == "") {
logNewMessage(LOG_DEBUG, "Empty password for login");
$error_message = _("Empty password submitted. Please try again.");
display_LoginPage($_SESSION['config'], $_SESSION["cfgMain"], $licenseValidator, $error_message); // Empty password submitted. Return to login page.
exit();
}
$username = $_POST['username'];
$password = $_POST['passwd'];
}
// search user in LDAP if needed
if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
$searchFilter = $_SESSION['config']->getLoginSearchFilter();
$searchFilter = str_replace('%USER%', $username ,$searchFilter);
$searchDN = '';
$searchPassword = '';
if (($_SESSION['config']->getLoginSearchDN() != null) && ($_SESSION['config']->getLoginSearchDN() != '')) {
$searchDN = $_SESSION['config']->getLoginSearchDN();
$searchPassword = $_SESSION['config']->getLoginSearchPassword();
}
$searchSuccess = true;
$searchError = '';
$searchLDAP = new Ldap($_SESSION['config']);
$searchLDAPResult = $searchLDAP->connect($searchDN, $searchPassword, true);
if (! ($searchLDAPResult == 0)) {
$searchSuccess = false;
$searchError = _('Cannot connect to specified LDAP server. Please try again.') . ' ' . getDefaultLDAPErrorString($searchLDAP->server());
}
else {
$searchResult = @ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
if ($searchResult) {
$searchInfo = @ldap_get_entries($searchLDAP->server(), $searchResult);
if ($searchInfo) {
cleanLDAPResult($searchInfo);
if (sizeof($searchInfo) == 0) {
$searchSuccess = false;
$searchError = _('Wrong password/user name combination. Please try again.');
}
elseif (sizeof($searchInfo) > 1) {
$searchSuccess = false;
$searchError = _('The given user name matches multiple LDAP entries.');
}
else {
$username = $searchInfo[0]['dn'];
}
}
else {
$searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
}
}
else {
$searchSuccess = false;
$searchError = _('Unable to find the user name in LDAP.');
if (ldap_errno($searchLDAP->server()) != 0) $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
}
}
if (!$searchSuccess) {
$error_message = $searchError;
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
$searchLDAP->close();
display_LoginPage($_SESSION['config'], $_SESSION["cfgMain"], $licenseValidator, $error_message);
exit();
}
$searchLDAP->close();
}
// try to connect to LDAP
$result = $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifing username/password
if($result === 0) {// Username/password correct. Do some configuration and load main frame.
$_SESSION['loggedIn'] = true;
// set security settings for session
$_SESSION['sec_session_id'] = session_id();
$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
$_SESSION['sec_sessionTime'] = time();
addSecurityTokenToSession();
// logging
logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
// Load main frame or 2 factor page
if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
metaRefresh("./main.php");
}
else {
$_SESSION['2factorRequired'] = true;
if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
$_SESSION['user2factor'] = $_SERVER['PHP_AUTH_USER'];
}
else {
$_SESSION['user2factor'] = $_POST['username'];
}
metaRefresh("./login2Factor.php");
}
die();
}
else {
if ($result === False) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
}
elseif ($result == 81) {
// connection failed
$error_message = _("Cannot connect to specified LDAP server. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
}
elseif ($result == 49) {
// user name/password invalid. Return to login page.
$error_message = _("Wrong password/user name combination. Please try again.");
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (wrong password).');
}
else {
// other errors
$error_message = _("LDAP error, server says:") . "\n
($result) " . ldap_err2str($result);
logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in (LDAP error: ' . ldap_err2str($result) . ').');
}
display_LoginPage($_SESSION['config'], $_SESSION["cfgMain"], $licenseValidator, $error_message);
exit();
}
}
//displays the login window
display_LoginPage($_SESSION["config"], $_SESSION["cfgMain"], $licenseValidator, $error_message);
?>