login.php3 5.24 KB
Newer Older
1 2
<?php
#
Leigh Stoller's avatar
Leigh Stoller committed
3
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2003, 2006 University of Utah and the Flux Group.
Leigh Stoller's avatar
Leigh Stoller committed
5 6
# All rights reserved.
#
7 8
require("defs.php3");

Leigh Stoller's avatar
Leigh Stoller committed
9 10 11 12 13 14
# Page arguments. First two are for verification passthru.
$key	   = $_GET['key'];
$vuid      = $_GET['vuid'];
# Allow adminmode to be passed along to new login. Handy for letting admins
# log in when NOLOGINS() is on. 
$adminmode = $_GET['adminmode'];
15 16 17 18
# Display a simpler version of this page
if (isset($_REQUEST['simple'])) {
    $simple = $_REQUEST['simple'];
}
Leigh Stoller's avatar
Leigh Stoller committed
19 20 21 22 23 24 25 26
# Form arguments.
$login     = $_POST['login'];
$uid       = $_POST['uid'];
$password  = $_POST['password'];
# Allow referrer to be passed along to new login.
$referrer  = $_POST['referrer'];

# See if referrer page requested that it be passed along so that it can be
27
# redisplayed after login. Save the referrer for form below.
Leigh Stoller's avatar
Leigh Stoller committed
28 29 30
if (isset($_GET['refer']) && $_GET['refer'] &&
    isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != "") {
    $referrer = $_SERVER['HTTP_REFERER'];
31 32 33 34 35

    # In order to get the auth cookies, pages need to go through https. But,
    # the user may have visited the last page with http. If they did, send them
    # back through https
    $referrer = preg_replace("/^http:/i","https:",$referrer);
36
}
37

38 39 40 41 42 43 44 45 46 47 48
#
# Turn off some of the decorations and menus for the simple view
#
if ($simple) {
    $view = array('hide_banner' => 1, 'hide_copyright' => 1,
	'hide_sidebar' => 1);
} else {
    $view = array();
}


49
#
50 51 52 53 54 55
# Must not be logged in already.
#
if (($this_user = CheckLogin($status))) {
    $this_webid = $this_user->webid();
    
    if ($status & CHECKLOGIN_LOGGEDIN) {
56
	#
Leigh Stoller's avatar
Leigh Stoller committed
57 58
	# If doing a verification for the logged in user, zap to that page.
	# If doing a verification for another user, then must login in again.
59
	#
60
	if (isset($key) && (!isset($vuid) || $vuid == $this_webid)) {
61 62 63 64
	    header("Location: $TBBASE/verifyusr.php3?key=$key");
	    return;
	}

65
	PAGEHEADER("Login",$view);
66 67 68 69 70

	echo "<h3>
              You are still logged in. Please log out first if you want
              to log in as another user!
              </h3>\n";
71 72

	PAGEFOOTER($view);
73
	die("");
74 75
    }
}
76 77 78

#
# Spit out the form.
79 80
#
# The uid can be an email address, and in fact defaults to that now. 
81
# 
82
function SPITFORM($uid, $key, $referrer, $failed, $adminmode, $simple, $view)
83 84 85
{
    global $TBDB_UIDLEN, $TBBASE;
    
86
    PAGEHEADER("Login",$view);
87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102

    if ($failed) {
	echo "<center>
              <font size=+1 color=red>
	      Login attempt failed! Please try again.
              </font>
              </center><br>\n";
    }

    echo "<center>
          <font size=+1>
          Please login to our secure server.<br>
          (You must have cookies enabled)
          </font>
          </center>\n";

Leigh Stoller's avatar
Leigh Stoller committed
103 104 105
    $pagearg = "";
    if ($adminmode == 1)
	$pagearg  = "?adminmode=1";
106
    if ($key)
107
	$pagearg .= (($adminmode == 1) ? "&" : "?") . "key=$key";
108

109
    echo "<table align=center border=1>
Leigh Stoller's avatar
Leigh Stoller committed
110
          <form action='${TBBASE}/login.php3${pagearg}' method=post>
111
          <tr>
112 113
              <td>Email Address:<br>
                   <font size=-2>(or UserName)</font></td>
114 115
              <td><input type=text
                         value=\"$uid\"
116
                         name=uid size=30></td>
117
          </tr>
118
          <tr>
119 120 121 122 123 124
              <td>Password:</td>
              <td><input type=password name=password size=12></td>
          </tr>
          <tr>
             <td align=center colspan=2>
                 <b><input type=submit value=Login name=login></b></td>
125 126 127 128 129 130
          </tr>\n";
    
    if ($referrer) {
	echo "<input type=hidden name=referrer value=$referrer>\n";
    }

131 132 133 134
    if ($simple) {
	echo "<input type=hidden name=simple value=$simple>\n";
    }

135
    echo "</form>
136 137 138
          </table>\n";

    echo "<center><h2>
139
          <a href='password.php3'>Forgot your password?</a>
140
          </h2></center>\n";
141 142
}

143 144 145 146
#
# If not clicked, then put up a form.
#
if (! isset($login)) {
147 148 149 150 151 152 153 154 155 156 157
    # Allow page arg to override what we think is the UID to log in as.
    # Use email address now, for the login uid. Still allow real uid though.
    if (isset($vuid)) {
	# For login during verification step, from email message.
	$login_id = $vuid;
    }
    else {
	$login_id = REMEMBERED_ID();
    }
    
    SPITFORM($login_id, $key, $referrer, 0, $adminmode, $simple, $view);
158
    PAGEFOOTER($view);
159 160 161 162
    return;
}

#
163
# Login clicked.
164 165 166 167
#
$STATUS_LOGGEDIN  = 1;
$STATUS_LOGINFAIL = 2;
$login_status     = 0;
Leigh Stoller's avatar
Leigh Stoller committed
168
$adminmode        = (isset($adminmode) && $adminmode == 1);
169

Leigh Stoller's avatar
Leigh Stoller committed
170
if (!isset($uid) || $uid == "" || !isset($password) || $password == "") {
171 172 173
    $login_status = $STATUS_LOGINFAIL;
}
else {
174
    if (DOLOGIN($uid, $password, $adminmode)) {
175 176
	# Short delay.
	sleep(1);
177 178 179 180 181 182
	$login_status = $STATUS_LOGINFAIL;
    }
    else {
	$login_status = $STATUS_LOGGEDIN;
    }
}
183

184 185 186 187
#
# Failed, then try again with an error message.
# 
if ($login_status == $STATUS_LOGINFAIL) {
188 189
    SPITFORM($uid, $key, $referrer, 1, $adminmode, $simple, $view);
    PAGEFOOTER($view);
190 191
    return;
}
192

Leigh Stoller's avatar
Leigh Stoller committed
193
if (isset($key)) {
194 195 196 197 198
    #
    # If doing a verification, zap to that page.
    #
    header("Location: $TBBASE/verifyusr.php3?key=$key");
}
Leigh Stoller's avatar
Leigh Stoller committed
199
elseif (isset($referrer)) {
200 201 202 203 204
    #
    # Zap back to page that started the login request.
    #
    header("Location: $referrer");
}
205 206 207 208 209 210
else {
    #
    # Zap back to front page in secure mode.
    # 
    header("Location: $TBBASE/");
}
211 212
return;

213
?>