| [ Index ] |
|
Code source de eGroupWare 1.2.106-2 |
1 <?php 2 /**************************************************************************\ 3 * eGroupWare login * 4 * http://www.egroupware.org * 5 * Originaly written by Dan Kuykendall <seek3r@phpgroupware.org> * 6 * Joseph Engo <jengo@phpgroupware.org> * 7 * -------------------------------------------- * 8 * This program is free software; you can redistribute it and/or modify it * 9 * under the terms of the GNU General Public License as published by the * 10 * Free Software Foundation; either version 2 of the License, or (at your * 11 * option) any later version. * 12 \**************************************************************************/ 13 14 /* $Id: login.php 22646 2006-10-16 20:45:15Z nelius_weiss $ */ 15 16 $submit = False; // set to some initial value 17 18 $GLOBALS['egw_info'] = array('flags' => array( 19 'disable_Template_class' => True, 20 'login' => True, 21 'currentapp' => 'login', 22 'noheader' => True 23 )); 24 25 if(file_exists('./header.inc.php')) 26 { 27 include('./header.inc.php'); 28 if(!function_exists('CreateObject')) 29 { 30 Header('Location: setup/index.php'); 31 exit; 32 } 33 } 34 else 35 { 36 Header('Location: setup/index.php'); 37 exit; 38 } 39 40 $GLOBALS['egw_info']['server']['template_dir'] = EGW_SERVER_ROOT . '/phpgwapi/templates/' . $GLOBALS['egw_info']['login_template_set']; 41 $tmpl = CreateObject('phpgwapi.Template', $GLOBALS['egw_info']['server']['template_dir']); 42 43 // read the images from the login-template-set, not the (maybe not even set) users template-set 44 $GLOBALS['egw_info']['user']['preferences']['common']['template_set'] = $GLOBALS['egw_info']['login_template_set']; 45 46 // This is used for system downtime, to prevent new logins. 47 if($GLOBALS['egw_info']['server']['deny_all_logins']) 48 { 49 $deny_msg=lang('Oops! You caught us in the middle of system maintainance.<br/> 50 Please, check back with us shortly.'); 51 52 $tmpl->set_file(array 53 ( 54 'login_form' => 'login_denylogin.tpl' 55 )); 56 57 $tmpl->set_var('template_set','default'); 58 $tmpl->set_var('deny_msg',$deny_msg); 59 $tmpl->pfp('loginout','login_form'); 60 exit; 61 } 62 $tmpl->set_file(array('login_form' => 'login.tpl')); 63 64 // !! NOTE !! 65 // Do NOT and I repeat, do NOT touch ANYTHING to do with lang in this file. 66 // If there is a problem, tell me and I will fix it. (jengo) 67 68 // whoooo scaring 69 /* 70 if($GLOBALS['egw_info']['server']['usecookies'] == True) 71 { 72 $GLOBALS['egw']->session->phpgw_setcookie('eGroupWareLoginTime', time()); 73 } 74 */ 75 /* 76 if($_GET['cd'] != 10 && $GLOBALS['egw_info']['server']['usecookies'] == False) 77 { 78 $GLOBALS['egw']->session->setcookie('sessionid'); 79 $GLOBALS['egw']->session->setcookie('kp3'); 80 $GLOBALS['egw']->session->setcookie('domain'); 81 } 82 */ 83 84 /* This is not working yet because I need to figure out a way to clear the $cd =1 85 if(isset($_SERVER['PHP_AUTH_USER']) && $_GET['cd'] == '1') 86 { 87 Header('HTTP/1.0 401 Unauthorized'); 88 Header('WWW-Authenticate: Basic realm="phpGroupWare"'); 89 echo 'You have to re-authentificate yourself'; 90 exit; 91 } 92 */ 93 94 function check_logoutcode($code) 95 { 96 switch($code) 97 { 98 case 1: 99 return lang('You have been successfully logged out'); 100 break; 101 case 2: 102 return lang('Sorry, your login has expired'); 103 break; 104 case 4: 105 return lang('Cookies are required to login to this site.'); 106 break; 107 case 5: 108 return '<font color="FF0000">' . lang('Bad login or password') . '</font>'; 109 break; 110 case 98: 111 return '<font color="FF0000">' . lang('Account is expired') . '</font>'; 112 break; 113 case 99: 114 return '<font color="FF0000">' . lang('Blocked, too many attempts') . '</font>'; 115 break; 116 case 10: 117 $GLOBALS['egw']->session->phpgw_setcookie('sessionid'); 118 $GLOBALS['egw']->session->phpgw_setcookie('kp3'); 119 $GLOBALS['egw']->session->phpgw_setcookie('domain'); 120 121 //fix for bug php4 expired sessions bug 122 if(substr($GLOBALS['egw_info']['server']['sessions_type'],0,4) == 'php4') 123 { 124 $GLOBALS['egw']->session->phpgw_setcookie(EGW_PHPSESSID); 125 } 126 127 return '<font color="#FF0000">' . lang('Your session could not be verified.') . '</font>'; 128 break; 129 default: 130 return ' '; 131 } 132 } 133 134 /* Program starts here */ 135 136 if($GLOBALS['egw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER'])) 137 { 138 $submit = True; 139 $login = $_SERVER['PHP_AUTH_USER']; 140 $passwd = $_SERVER['PHP_AUTH_PW']; 141 $passwd_type = 'text'; 142 } 143 else 144 { 145 $passwd = $_POST['passwd']; 146 $passwd_type = $_POST['passwd_type']; 147 148 if($GLOBALS['egw_info']['server']['allow_cookie_auth']) 149 { 150 $eGW_remember = explode('::::',stripslashes($_COOKIE['eGW_remember'])); 151 152 if($eGW_remember[0] && $eGW_remember[1] && $eGW_remember[2]) 153 { 154 $_SERVER['PHP_AUTH_USER'] = $login = $eGW_remember[0]; 155 $_SERVER['PHP_AUTH_PW'] = $passwd = $eGW_remember[1]; 156 $passwd_type = $eGW_remember[2]; 157 $submit = True; 158 } 159 } 160 if(!$passwd && ($GLOBALS['egw_info']['server']['auto_anon_login']) && !$_GET['cd']) 161 { 162 $_SERVER['PHP_AUTH_USER'] = $login = 'anonymous'; 163 $_SERVER['PHP_AUTH_PW'] = $passwd = 'anonymous'; 164 $passwd_type = 'text'; 165 $submit = True; 166 } 167 } 168 169 # Apache + mod_ssl style SSL certificate authentication 170 # Certificate (chain) verification occurs inside mod_ssl 171 if($GLOBALS['egw_info']['server']['auth_type'] == 'sqlssl' && isset($_SERVER['SSL_CLIENT_S_DN']) && !isset($_GET['cd'])) 172 { 173 # an X.509 subject looks like: 174 # /CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/ 175 # the username is deliberately lowercase, to ease LDAP integration 176 $sslattribs = explode('/',$_SERVER['SSL_CLIENT_S_DN']); 177 # skip the part in front of the first '/' (nothing) 178 while(($sslattrib = next($sslattribs))) 179 { 180 list($key,$val) = explode('=',$sslattrib); 181 $sslattributes[$key] = $val; 182 } 183 184 if(isset($sslattributes['Email'])) 185 { 186 $submit = True; 187 188 # login will be set here if the user logged out and uses a different username with 189 # the same SSL-certificate. 190 if(!isset($_POST['login'])&&isset($sslattributes['Email'])) 191 { 192 $login = $sslattributes['Email']; 193 # not checked against the database, but delivered to authentication module 194 $passwd = $_SERVER['SSL_CLIENT_S_DN']; 195 } 196 } 197 unset($key); 198 unset($val); 199 unset($sslattributes); 200 } 201 202 if(isset($passwd_type) || $_POST['submitit_x'] || $_POST['submitit_y'] || $submit) 203 // isset($_POST['passwd']) && $_POST['passwd']) // enable konqueror to login via Return 204 { 205 if(getenv('REQUEST_METHOD') != 'POST' && $_SERVER['REQUEST_METHOD'] != 'POST' && 206 !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN'])) 207 { 208 $GLOBALS['egw']->session->phpgw_setcookie('eGW_remember'); 209 $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/login.php','cd=5')); 210 } 211 #if(!isset($_COOKIE['eGroupWareLoginTime'])) 212 #{ 213 # $GLOBALS['egw']->redirect($GLOBALS['egw']->link('/login.php','cd=4')); 214 #} 215 216 // don't get login data again when $submit is true 217 if($submit == false) 218 { 219 $login = $_POST['login']; 220 } 221 222 //conference - for strings like vinicius@thyamad.com@default , allows 223 //that user have a login that is his e-mail. (viniciuscb) 224 $login_parts = explode('@',$login); 225 $got_login = false; 226 if (count($login_parts) > 1) 227 { 228 //Last part of login string, when separated by @, is a domain name 229 if (array_key_exists(array_pop($login_parts),$GLOBALS['egw_domain'])) 230 { 231 $got_login = true; 232 } 233 } 234 235 if (!$got_login) 236 { 237 if(isset($_POST['logindomain'])) 238 { 239 $login .= '@' . $_POST['logindomain']; 240 } 241 elseif(!isset($GLOBALS['egw_domain'][$GLOBALS['egw_info']['user']['domain']])) 242 { 243 $login .= '@'.$GLOBALS['egw_info']['server']['default_domain']; 244 } 245 } 246 $GLOBALS['sessionid'] = $GLOBALS['egw']->session->create($login,$passwd,$passwd_type,'u'); 247 248 if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid']) 249 { 250 $GLOBALS['egw']->session->phpgw_setcookie('eGW_remember'); 251 $GLOBALS['egw']->redirect($GLOBALS['egw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['egw']->session->cd_reason); 252 } 253 else 254 { 255 /* set auth_cookie */ 256 if($GLOBALS['egw_info']['server']['allow_cookie_auth'] && $_POST['remember_me'] && $_POST['passwd']) 257 { 258 switch ($_POST['remember_me']) 259 { 260 case '1hour' : 261 $remember_time = time()+60*60; 262 break; 263 case '1day' : 264 $remember_time = time()+60*60*24; 265 break; 266 case '1week' : 267 $remember_time = time()+60*60*24*7; 268 break; 269 case '1month' : 270 $remember_time = time()+60*60*24*30; 271 break; 272 case 'forever' : 273 default: 274 $remember_time = 2147483647; 275 break; 276 } 277 $GLOBALS['egw']->session->phpgw_setcookie('eGW_remember',implode('::::',array( 278 'login' => $login, 279 'passwd' => $passwd, 280 'passwd_type' => $passwd_type)), 281 $remember_time); 282 } 283 284 if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2}){0,1}$/',$_POST['lang']) && 285 $_POST['lang'] != $GLOBALS['egw_info']['user']['preferences']['common']['lang']) 286 { 287 $GLOBALS['egw']->preferences->add('common','lang',$_POST['lang'],'session'); 288 } 289 290 if(!$GLOBALS['egw_info']['server']['disable_autoload_langfiles']) 291 { 292 $GLOBALS['egw']->translation->autoload_changed_langfiles(); 293 } 294 $forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']; 295 if (!$forward) 296 { 297 $extra_vars['cd'] = 'yes'; 298 if($GLOBALS['egw']->hooks->single('hasUpdates', 'home')) 299 { 300 $extra_vars['hasupdates'] = 'yes'; 301 } 302 $forward = '/index.php'; 303 } 304 else 305 { 306 list($forward,$extra_vars) = explode('?',$forward,2); 307 } 308 //echo "redirecting to ".$GLOBALS['egw']->link($forward,$extra_vars); 309 310 $GLOBALS['egw']->redirect_link($forward,$extra_vars); 311 } 312 } 313 else 314 { 315 // !!! DONT CHANGE THESE LINES !!! 316 // If there is something wrong with this code TELL ME! 317 // Commenting out the code will not fix it. (jengo) 318 if(isset($_COOKIE['last_loginid'])) 319 { 320 $accounts =& CreateObject('phpgwapi.accounts'); 321 $prefs =& CreateObject('phpgwapi.preferences', $accounts->name2id($_COOKIE['last_loginid'])); 322 323 if($prefs->account_id) 324 { 325 $GLOBALS['egw_info']['user']['preferences'] = $prefs->read_repository(); 326 } 327 } 328 if ($_GET['lang']) 329 { 330 $GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $_GET['lang']; 331 } 332 elseif(!isset($_COOKIE['last_loginid']) || !$prefs->account_id) 333 { 334 // If the lastloginid cookies isn't set, we will default to the first language, 335 // the users browser accepts. 336 list($lang) = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']); 337 if(strlen($lang) > 2) 338 { 339 $lang = substr($lang,0,2); 340 } 341 $GLOBALS['egw_info']['user']['preferences']['common']['lang'] = $lang; 342 } 343 #print 'LANG:' . $GLOBALS['egw_info']['user']['preferences']['common']['lang'] . '<br>'; 344 345 $GLOBALS['egw']->translation->init(); // this will set the language according to the (new) set prefs 346 $GLOBALS['egw']->translation->add_app('login'); 347 $GLOBALS['egw']->translation->add_app('loginscreen'); 348 if(lang('loginscreen_message') == 'loginscreen_message*') 349 { 350 $GLOBALS['egw']->translation->add_app('loginscreen','en'); // trying the en one 351 } 352 if(lang('loginscreen_message') != 'loginscreen_message*') 353 { 354 $tmpl->set_var('lang_message',stripslashes(lang('loginscreen_message'))); 355 } 356 } 357 358 $tmpl->set_block('login_form','domain_selection'); 359 $domain_select = ' '; 360 $lang_domain_select = ' '; 361 $last_loginid = $_COOKIE['last_loginid']; 362 if($GLOBALS['egw_info']['server']['show_domain_selectbox']) 363 { 364 $domain_select = "<select name=\"logindomain\">\n"; 365 foreach($GLOBALS['egw_domain'] as $domain_name => $domain_vars) 366 { 367 $domain_select .= '<option value="' . $domain_name . '"'; 368 369 if($domain_name == $_COOKIE['last_domain']) 370 { 371 $domain_select .= ' selected'; 372 } 373 $domain_select .= '>' . $domain_name . "</option>\n"; 374 } 375 $domain_select .= "</select>\n"; 376 $lang_domain_select = lang('Domain'); 377 } 378 elseif($last_loginid !== '') 379 { 380 reset($GLOBALS['egw_domain']); 381 list($default_domain) = each($GLOBALS['egw_domain']); 382 383 if($_COOKIE['last_domain'] != $default_domain && !empty($_COOKIE['last_domain'])) 384 { 385 $last_loginid .= '@' . $_COOKIE['last_domain']; 386 } 387 } 388 $tmpl->set_var('lang_select_domain',$lang_domain_select); 389 $tmpl->set_var('select_domain',$domain_select); 390 391 if(!$GLOBALS['egw_info']['server']['show_domain_selectbox']) 392 { 393 /* trick to make domain section disapear */ 394 $tmpl->set_var('domain_selection',$GLOBALS['egw_info']['user']['domain'] ? 395 '<input type="hidden" name="logindomain" value="'.htmlspecialchars($GLOBALS['egw_info']['user']['domain']).'" />' : ''); 396 } 397 398 foreach($_GET as $name => $value) 399 { 400 if(ereg('phpgw_',$name)) 401 { 402 $extra_vars .= '&' . $name . '=' . urlencode($value); 403 } 404 } 405 406 if($extra_vars) 407 { 408 $extra_vars = '?' . substr($extra_vars,1); 409 } 410 411 /********************************************************\ 412 * Check is the registration app is installed, activated * 413 * And if the register link must be placed * 414 \********************************************************/ 415 416 $cnf_reg =& CreateObject('phpgwapi.config','registration'); 417 $cnf_reg->read_repository(); 418 $config_reg = $cnf_reg->config_data; 419 420 if($config_reg[enable_registration]=='True') 421 { 422 if ($config_reg[register_link]=='True') 423 { 424 $reg_link=' <a href="'. $GLOBALS['egw']->link('/registration/index.php'). '">'.lang('Not a user yet? Register now').'</a><br/>'; 425 } 426 if ($config_reg[lostpassword_link]=='True') 427 { 428 $lostpw_link=' <a href="'. $GLOBALS['egw']->link('/registration/index.php','menuaction=registration.boreg.lostpw1'). '">'.lang('Lost password').'</a><br/>'; 429 } 430 if ($config_reg[lostid_link]=='True') 431 { 432 $lostid_link=' <a href="'. $GLOBALS['egw']->link('/registration/index.php','menuaction=registration.boreg.lostid1'). '">'.lang('Lost Login Id').'</a><br/>'; 433 } 434 435 /* if at least one option of "registration" is activated display the registration section */ 436 if($config_reg[register_link]=='True' || $config_reg[lostpassword_link]=='True' || $config_reg[lostid_link]=='True') 437 { 438 $tmpl->set_var('register_link',$reg_link); 439 $tmpl->set_var('lostpassword_link',$lostpw_link); 440 $tmpl->set_var('lostid_link',$lostid_link) ; 441 442 //$tmpl->set_var('registration_url',$GLOBALS['egw_info']['server']['webserver_url'] . '/registration/'); 443 } 444 else 445 { 446 /* trick to make registration section disapear */ 447 $tmpl->set_block('login_form','registration'); 448 $tmpl->set_var('registration',''); 449 } 450 } 451 452 // add a content-type header to overwrite an existing default charset in apache (AddDefaultCharset directiv) 453 header('Content-type: text/html; charset='.$GLOBALS['egw']->translation->charset()); 454 455 $GLOBALS['egw_info']['server']['template_set'] = $GLOBALS['egw_info']['login_template_set']; 456 457 $tmpl->set_var('charset',$GLOBALS['egw']->translation->charset()); 458 $tmpl->set_var('login_url', $GLOBALS['egw_info']['server']['webserver_url'] . '/login.php' . $extra_vars); 459 $tmpl->set_var('version',$GLOBALS['egw_info']['server']['versions']['phpgwapi']); 460 $tmpl->set_var('cd',check_logoutcode($_GET['cd'])); 461 $tmpl->set_var('cookie',$last_loginid); 462 463 $tmpl->set_var('lang_username',lang('username')); 464 $tmpl->set_var('lang_password',lang('password')); 465 $tmpl->set_var('lang_login',lang('login')); 466 467 $tmpl->set_var('website_title', $GLOBALS['egw_info']['server']['site_title']); 468 $tmpl->set_var('template_set',$GLOBALS['egw_info']['login_template_set']); 469 $tmpl->set_var('bg_color',($GLOBALS['egw_info']['server']['login_bg_color']?$GLOBALS['egw_info']['server']['login_bg_color']:'FFFFFF')); 470 $tmpl->set_var('bg_color_title',($GLOBALS['egw_info']['server']['login_bg_color_title']?$GLOBALS['egw_info']['server']['login_bg_color_title']:'486591')); 471 472 if (substr($GLOBALS['egw_info']['server']['login_logo_file'],0,4) == 'http') 473 { 474 $var['logo_file'] = $GLOBALS['egw_info']['server']['login_logo_file']; 475 } 476 else 477 { 478 $var['logo_file'] = $GLOBALS['egw']->common->image('phpgwapi',$GLOBALS['egw_info']['server']['login_logo_file']?$GLOBALS['egw_info']['server']['login_logo_file']:'logo'); 479 } 480 $var['logo_url'] = $GLOBALS['egw_info']['server']['login_logo_url']?$GLOBALS['egw_info']['server']['login_logo_url']:'http://www.eGroupWare.org'; 481 if (substr($var['logo_url'],0,4) != 'http') 482 { 483 $var['logo_url'] = 'http://'.$var['logo_url']; 484 } 485 $var['logo_title'] = $GLOBALS['egw_info']['server']['login_logo_title']?$GLOBALS['egw_info']['server']['login_logo_title']:'www.eGroupWare.org'; 486 $tmpl->set_var($var); 487 488 /* language section if activated in site config */ 489 if (@$GLOBALS['egw_info']['server']['login_show_language_selection']) 490 { 491 $select_lang = '<select name="lang" onchange="'."if (this.form.login.value && this.form.passwd.value) this.form.submit(); else location.href=location.href+(location.search?'&':'?')+'lang='+this.value".'">'; 492 foreach ($GLOBALS['egw']->translation->get_installed_langs() as $key => $name) // if we have a translation use it 493 { 494 $select_lang .= "\n\t".'<option value="'.$key.'"'.($key == $GLOBALS['egw_info']['user']['preferences']['common']['lang'] ? ' selected="selected"' : '').'>'.$name.'</option>'; 495 } 496 $select_lang .= "\n</select>\n"; 497 $tmpl->set_var(array( 498 'lang_language' => lang('Language'), 499 'select_language' => $select_lang, 500 )); 501 } 502 else 503 { 504 $tmpl->set_block('login_form','language_select'); 505 $tmpl->set_var('language_select',''); 506 } 507 508 /********************************************************\ 509 * Check if authentification via cookies is allowed * 510 * and place a time selectbox, how long cookie is valid * 511 \********************************************************/ 512 513 if($GLOBALS['egw_info']['server']['allow_cookie_auth']) 514 { 515 $html =& CreateObject('phpgwapi.html'); /* Why the hell was nobody useing this here before??? */ 516 $tmpl->set_block('login_form','remember_me_selection'); 517 $tmpl->set_var('lang_remember_me',lang('Remember me')); 518 $tmpl->set_var('select_remember_me',$html->select('remember_me', 'forever', array( 519 false => lang('not'), 520 '1hour' => lang('1 Hour'), 521 '1day' => lang('1 Day'), 522 '1week'=> lang('1 Week'), 523 '1month' => lang('1 Month'), 524 'forever' => lang('Forever')),true 525 )); 526 } 527 else 528 { 529 /* trick to make remember_me section disapear */ 530 $tmpl->set_block('login_form','remember_me_selection'); 531 $tmpl->set_var('remember_me_selection',''); 532 } 533 534 $tmpl->set_var('autocomplete', ($GLOBALS['egw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : '')); 535 536 $tmpl->pfp('loginout','login_form'); 537 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Sun Feb 25 17:20:01 2007 | par Balluche grâce à PHPXref 0.7 |