peer_login.php 2.76 KB
Newer Older
1 2 3
<?php
#
# Copyright (c) 2000-2011 University of Utah and the Flux Group.
4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
# 
# {{{EMULAB-LICENSE
# 
# This file is part of the Emulab network testbed software.
# 
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
# 
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public
# License for more details.
# 
# You should have received a copy of the GNU Affero General Public License
# along with this file.  If not, see <http://www.gnu.org/licenses/>.
# 
# }}}
23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103
#
require("defs.php3");

#
# Verify page arguments.
#
$reqargs = RequiredPageArguments("user",       PAGEARG_USER,
				 "key",        PAGEARG_STRING);
$optargs = OptionalPageArguments("redirected", PAGEARG_BOOLEAN);

if (! $PORTAL_ENABLE) {
    USERERROR("No Portal", 1);
}

#
# Need this extra redirect so that the cookies get set properly. 
#
if (!isset($redirected) || $redirected == 0) {
    $uri = $_SERVER['REQUEST_URI'] . "&redirected=1";

    header("Location: https://$WWWHOST". $uri);
    return;
}

#
# Check the login table for the user, and see if the key is really
# the md5 of the login hash. If so, do a login. 
#
$target_uid = $user->uid();
$safe_key   = addslashes($key);

$query_result =
    DBQueryFatal("select * from login ".
		 "where uid='$target_uid' and hashhash='$safe_key' and ".
		 "      timeout > UNIX_TIMESTAMP(now())");
if (!mysql_num_rows($query_result)) {
    # Short delay.
    sleep(1);

    PAGEERROR("Invalid peer login request");
}
# Delete the entry so it cannot be reused, even on failure.
DBQueryFatal("delete from login ".
	     "where uid='$target_uid' and hashhash='$safe_key'");

#
# Now do the login, which can still fail.
#  
$dologin_status = DOLOGIN($user->uid(), "", 0, 1);

if ($dologin_status == DOLOGIN_STATUS_WEBFREEZE) {
    # Short delay.
    sleep(1);

    PAGEHEADER("Login");
    echo "<h3>
              Your account has been frozen due to earlier login attempt
              failures. You must contact $TBMAILADDR to have your account
              restored. <br> <br>
              Please do not attempt to login again; it will not work!
              </h3>\n";
    PAGEFOOTER();
    die("");
}
else if ($dologin_status != DOLOGIN_STATUS_OKAY) {
    # Short delay.
    sleep(1);
    PAGEHEADER("Login");

    echo "<h3>Peer login failed. Please contact $TBMAILADDR</h3>\n";
    PAGEFOOTER();
    die("");
}
else {
    #
    # Zap back to front page in secure mode.
    # 
    header("Location: $TBBASE/showuser.php3?user=$target_uid");
}

?>