login.php3 8.09 KB
Newer Older
1 2
<?php
#
3
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
Leigh Stoller's avatar
Leigh Stoller committed
23
#
24 25
require("defs.php3");

26 27 28 29 30
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("login",    PAGEARG_STRING,
				 "uid",      PAGEARG_STRING,
31
				 "password", PAGEARG_PASSWORD,
32 33 34 35 36
				 "key",      PAGEARG_STRING,
				 "vuid",     PAGEARG_STRING,
				 "simple",   PAGEARG_BOOLEAN,
				 "adminmode",PAGEARG_BOOLEAN,
				 "refer",    PAGEARG_BOOLEAN,
37 38
				 "referrer", PAGEARG_STRING,
				 "error",    PAGEARG_STRING);
39
				 
Leigh Stoller's avatar
Leigh Stoller committed
40
# Allow adminmode to be passed along to new login. Handy for letting admins
41 42 43 44
# log in when NOLOGINS() is on.
if (!isset($adminmode)) {
    $adminmode = 0;
}
45
# Display a simpler version of this page
46 47 48 49 50 51
if (! isset($simple)) {
    $simple = 0;
}
if (! isset($key)) {
    $key = null;
}
52 53
if (! isset($error)) {
    $error = null;
54
}
55 56
# For redirect from the geni tool login.
$isgenitool = 0;
Leigh Stoller's avatar
Leigh Stoller committed
57 58

# See if referrer page requested that it be passed along so that it can be
59
# redisplayed after login. Save the referrer for form below.
60
if (isset($refer) &&
Leigh Stoller's avatar
Leigh Stoller committed
61 62
    isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != "") {
    $referrer = $_SERVER['HTTP_REFERER'];
63 64 65 66 67

    # In order to get the auth cookies, pages need to go through https. But,
    # the user may have visited the last page with http. If they did, send them
    # back through https
    $referrer = preg_replace("/^http:/i","https:",$referrer);
68
} else if (! isset($referrer)) {
69
    $referrer = null;
70
}
71

72 73 74 75 76
# If redirecting from the geni tool, show a different message.
if (isset($referrer) && preg_match("/getsslcertjs/", $referrer)) {
    $isgenitool = 1;
}

77 78 79 80 81 82 83 84 85 86
#
# Turn off some of the decorations and menus for the simple view
#
if ($simple) {
    $view = array('hide_banner' => 1, 'hide_copyright' => 1,
	'hide_sidebar' => 1);
} else {
    $view = array();
}

87 88 89 90 91 92 93 94 95 96
if (NOLOGINS() && !$adminmode) {
    PAGEHEADER("Login", $view);

    USERERROR("Sorry. The Web Interface is ".
	      "<a href=nologins.php3>Temporarily Unavailable!</a>", 1);

    PAGEFOOTER($view);
    die("");
}

97
#
98 99 100 101 102 103
# Must not be logged in already.
#
if (($this_user = CheckLogin($status))) {
    $this_webid = $this_user->webid();
    
    if ($status & CHECKLOGIN_LOGGEDIN) {
104
	#
Leigh Stoller's avatar
Leigh Stoller committed
105 106
	# If doing a verification for the logged in user, zap to that page.
	# If doing a verification for another user, then must login in again.
107
	#
108
	if (isset($key) && (!isset($vuid) || $vuid == $this_webid)) {
109 110 111 112
	    header("Location: $TBBASE/verifyusr.php3?key=$key");
	    return;
	}

113
	PAGEHEADER("Login",$view);
114 115 116 117 118

	echo "<h3>
              You are still logged in. Please log out first if you want
              to log in as another user!
              </h3>\n";
119 120

	PAGEFOOTER($view);
121
	die("");
122 123
    }
}
124 125 126

#
# Spit out the form.
127 128
#
# The uid can be an email address, and in fact defaults to that now. 
129
# 
130
function SPITFORM($uid, $key, $referrer, $error, $adminmode, $simple, $view)
131 132
{
    global $TBDB_UIDLEN, $TBBASE;
133
    global $isgenitool;
134
    
135
    PAGEHEADER("Login",$view);
136 137 138 139 140 141 142

    if ($isgenitool) {
	$premessage = "A request from a <b>Geni Tool</b> requres you to login<br>";
    }
    else {
	$premessage = "Please login to our secure server.";
    }
143 144 145 146 147 148 149 150 151

    if ($error) {
	echo "<center>";
        echo "<font size=+1 color=red>";
    	switch ($error) {
        case "failed": 
            echo "Login attempt failed! Please try again.";
            break;
        case "notloggedin":
152 153 154 155
	    if (! $isgenitool) {
		echo "You do not appear to be logged in!";
		$premessage = "Please log in again.";
	    }
156 157 158
            break;
        case "timedout":
	    echo "Your login has timed out!";
159 160 161
	    if (! $isgenitool) {
		$premessage = "Please log in again.";
	    }
162 163 164 165 166 167
	    break;
	default:
	    echo "Unknown Error ($error)!";
        }
        echo "</font>";
        echo "</center><br>\n";
168 169 170 171
    }

    echo "<center>
          <font size=+1>
172
          $premessage<br>
173 174 175 176
          (You must have cookies enabled)
          </font>
          </center>\n";

Leigh Stoller's avatar
Leigh Stoller committed
177 178 179
    $pagearg = "";
    if ($adminmode == 1)
	$pagearg  = "?adminmode=1";
180
    if ($key)
181
	$pagearg .= (($adminmode == 1) ? "&" : "?") . "key=$key";
182

183
    echo "<table align=center border=1>
Leigh Stoller's avatar
Leigh Stoller committed
184
          <form action='${TBBASE}/login.php3${pagearg}' method=post>
185
          <tr>
186 187
              <td>Email Address:<br>
                   <font size=-2>(or UserName)</font></td>
188 189
              <td><input type=text
                         value=\"$uid\"
190
                         name=uid size=30></td>
191
          </tr>
192
          <tr>
193 194 195 196 197 198
              <td>Password:</td>
              <td><input type=password name=password size=12></td>
          </tr>
          <tr>
             <td align=center colspan=2>
                 <b><input type=submit value=Login name=login></b></td>
199 200 201 202 203 204
          </tr>\n";
    
    if ($referrer) {
	echo "<input type=hidden name=referrer value=$referrer>\n";
    }

205 206 207 208
    if ($simple) {
	echo "<input type=hidden name=simple value=$simple>\n";
    }

209
    echo "</form>
210 211 212
          </table>\n";

    echo "<center><h2>
213
          <a href='password.php3'>Forgot your password?</a>
214
          </h2></center>\n";
215 216
}

217 218 219 220
#
# If not clicked, then put up a form.
#
if (! isset($login)) {
221 222 223 224 225 226 227 228 229
    # Allow page arg to override what we think is the UID to log in as.
    # Use email address now, for the login uid. Still allow real uid though.
    if (isset($vuid)) {
	# For login during verification step, from email message.
	$login_id = $vuid;
    }
    else {
	$login_id = REMEMBERED_ID();
    }
230 231

    SPITFORM($login_id, $key, $referrer, $error, $adminmode, $simple, $view);
232
    PAGEFOOTER($view);
233 234 235 236
    return;
}

#
237
# Login clicked.
238 239 240 241
#
$STATUS_LOGGEDIN  = 1;
$STATUS_LOGINFAIL = 2;
$login_status     = 0;
Leigh Stoller's avatar
Leigh Stoller committed
242
$adminmode        = (isset($adminmode) && $adminmode == 1);
243

Leigh Stoller's avatar
Leigh Stoller committed
244
if (!isset($uid) || $uid == "" || !isset($password) || $password == "") {
245 246 247
    $login_status = $STATUS_LOGINFAIL;
}
else {
Leigh Stoller's avatar
Leigh Stoller committed
248 249 250
    $dologin_status = DOLOGIN($uid, $password, $adminmode);

    if ($dologin_status == DOLOGIN_STATUS_WEBFREEZE) {
251 252
	# Short delay.
	sleep(1);
Leigh Stoller's avatar
Leigh Stoller committed
253 254

	PAGEHEADER("Login", $view);
255
	echo "<h4>
Leigh Stoller's avatar
Leigh Stoller committed
256 257 258 259
              Your account has been frozen due to earlier login attempt
              failures. You must contact $TBMAILADDR to have your account
              restored. <br> <br>
              Please do not attempt to login again; it will not work!
260 261 262 263 264 265 266 267 268 269
              </h4>\n";
	PAGEFOOTER($view);
	die("");
    }
    else if ($dologin_status == DOLOGIN_STATUS_INACTIVE) {
	# Short delay.
	sleep(1);

	PAGEHEADER("Login", $view);
	echo "<h4>
270 271
              Your account has gone <b>inactive</b> since it has been so
              long since your last login. Please contact $TBMAILADDR 
272 273 274
              to have your account restored. <br> <br>
              Please do not attempt to login again; it will not work!
              </h4>\n";
Leigh Stoller's avatar
Leigh Stoller committed
275 276
	PAGEFOOTER($view);
	die("");
277
    }
Leigh Stoller's avatar
Leigh Stoller committed
278
    else if ($dologin_status == DOLOGIN_STATUS_OKAY) {
279 280
	$login_status = $STATUS_LOGGEDIN;
    }
Leigh Stoller's avatar
Leigh Stoller committed
281 282 283 284 285
    else {
	# Short delay.
	sleep(1);
	$login_status = $STATUS_LOGINFAIL;
    }
286
}
287

288 289 290 291
#
# Failed, then try again with an error message.
# 
if ($login_status == $STATUS_LOGINFAIL) {
292
    SPITFORM($uid, $key, $referrer, "failed", $adminmode, $simple, $view);
293
    PAGEFOOTER($view);
294 295
    return;
}
296

Leigh Stoller's avatar
Leigh Stoller committed
297
if (isset($key)) {
298 299 300 301 302
    #
    # If doing a verification, zap to that page.
    #
    header("Location: $TBBASE/verifyusr.php3?key=$key");
}
Leigh Stoller's avatar
Leigh Stoller committed
303
elseif (isset($referrer)) {
304 305 306 307 308
    #
    # Zap back to page that started the login request.
    #
    header("Location: $referrer");
}
309 310 311 312 313 314
else {
    #
    # Zap back to front page in secure mode.
    # 
    header("Location: $TBBASE/");
}
315 316
return;

317
?>