login.php3 5.88 KB
Newer Older
1 2
<?php
#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
3
# EMULAB-COPYRIGHT
4
# Copyright (c) 2000-2008 University of Utah and the Flux Group.
Leigh B. Stoller's avatar
Leigh B. Stoller committed
5 6
# All rights reserved.
#
7 8
require("defs.php3");

9 10 11 12 13
#
# Verify page arguments.
#
$optargs = OptionalPageArguments("login",    PAGEARG_STRING,
				 "uid",      PAGEARG_STRING,
14
				 "password", PAGEARG_PASSWORD,
15 16 17 18 19
				 "key",      PAGEARG_STRING,
				 "vuid",     PAGEARG_STRING,
				 "simple",   PAGEARG_BOOLEAN,
				 "adminmode",PAGEARG_BOOLEAN,
				 "refer",    PAGEARG_BOOLEAN,
20 21
				 "referrer", PAGEARG_STRING,
				 "error",    PAGEARG_STRING);
22
				 
Leigh B. Stoller's avatar
Leigh B. Stoller committed
23
# Allow adminmode to be passed along to new login. Handy for letting admins
24 25 26 27
# log in when NOLOGINS() is on.
if (!isset($adminmode)) {
    $adminmode = 0;
}
28
# Display a simpler version of this page
29 30 31 32 33 34
if (! isset($simple)) {
    $simple = 0;
}
if (! isset($key)) {
    $key = null;
}
35 36
if (! isset($error)) {
    $error = null;
37
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
38 39

# See if referrer page requested that it be passed along so that it can be
40
# redisplayed after login. Save the referrer for form below.
41
if (isset($refer) &&
Leigh B. Stoller's avatar
Leigh B. Stoller committed
42 43
    isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != "") {
    $referrer = $_SERVER['HTTP_REFERER'];
44 45 46 47 48

    # In order to get the auth cookies, pages need to go through https. But,
    # the user may have visited the last page with http. If they did, send them
    # back through https
    $referrer = preg_replace("/^http:/i","https:",$referrer);
49 50 51 52
} else if (isset($referrer)) {
    $refer = true;
} else {
    $referrer = null;
53
}
54

55 56 57 58 59 60 61 62 63 64
#
# Turn off some of the decorations and menus for the simple view
#
if ($simple) {
    $view = array('hide_banner' => 1, 'hide_copyright' => 1,
	'hide_sidebar' => 1);
} else {
    $view = array();
}

65
#
66 67 68 69 70 71
# Must not be logged in already.
#
if (($this_user = CheckLogin($status))) {
    $this_webid = $this_user->webid();
    
    if ($status & CHECKLOGIN_LOGGEDIN) {
72
	#
Leigh B. Stoller's avatar
Leigh B. Stoller committed
73 74
	# If doing a verification for the logged in user, zap to that page.
	# If doing a verification for another user, then must login in again.
75
	#
76
	if (isset($key) && (!isset($vuid) || $vuid == $this_webid)) {
77 78 79 80
	    header("Location: $TBBASE/verifyusr.php3?key=$key");
	    return;
	}

81
	PAGEHEADER("Login",$view);
82 83 84 85 86

	echo "<h3>
              You are still logged in. Please log out first if you want
              to log in as another user!
              </h3>\n";
87 88

	PAGEFOOTER($view);
89
	die("");
90 91
    }
}
92 93 94

#
# Spit out the form.
95 96
#
# The uid can be an email address, and in fact defaults to that now. 
97
# 
98
function SPITFORM($uid, $key, $referrer, $error, $adminmode, $simple, $view)
99 100 101
{
    global $TBDB_UIDLEN, $TBBASE;
    
102
    PAGEHEADER("Login",$view);
103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125
 
    $premessage = "Please login to our secure server.";

    if ($error) {
	echo "<center>";
        echo "<font size=+1 color=red>";
    	switch ($error) {
        case "failed": 
            echo "Login attempt failed! Please try again.";
            break;
        case "notloggedin":
	    echo "You do not appear to be logged in!";
	    $premessage = "Please log in again.";
            break;
        case "timedout":
	    echo "Your login has timed out!";
	    $premessage = "Please log in again.";
	    break;
	default:
	    echo "Unknown Error ($error)!";
        }
        echo "</font>";
        echo "</center><br>\n";
126 127 128 129
    }

    echo "<center>
          <font size=+1>
130
          $premessage<br>
131 132 133 134
          (You must have cookies enabled)
          </font>
          </center>\n";

Leigh B. Stoller's avatar
Leigh B. Stoller committed
135 136 137
    $pagearg = "";
    if ($adminmode == 1)
	$pagearg  = "?adminmode=1";
138
    if ($key)
139
	$pagearg .= (($adminmode == 1) ? "&" : "?") . "key=$key";
140

141
    echo "<table align=center border=1>
Leigh B. Stoller's avatar
Leigh B. Stoller committed
142
          <form action='${TBBASE}/login.php3${pagearg}' method=post>
143
          <tr>
144 145
              <td>Email Address:<br>
                   <font size=-2>(or UserName)</font></td>
146 147
              <td><input type=text
                         value=\"$uid\"
148
                         name=uid size=30></td>
149
          </tr>
150
          <tr>
151 152 153 154 155 156
              <td>Password:</td>
              <td><input type=password name=password size=12></td>
          </tr>
          <tr>
             <td align=center colspan=2>
                 <b><input type=submit value=Login name=login></b></td>
157 158 159 160 161 162
          </tr>\n";
    
    if ($referrer) {
	echo "<input type=hidden name=referrer value=$referrer>\n";
    }

163 164 165 166
    if ($simple) {
	echo "<input type=hidden name=simple value=$simple>\n";
    }

167
    echo "</form>
168 169 170
          </table>\n";

    echo "<center><h2>
171
          <a href='password.php3'>Forgot your password?</a>
172
          </h2></center>\n";
173 174
}

175 176 177 178
#
# If not clicked, then put up a form.
#
if (! isset($login)) {
179 180 181 182 183 184 185 186 187
    # Allow page arg to override what we think is the UID to log in as.
    # Use email address now, for the login uid. Still allow real uid though.
    if (isset($vuid)) {
	# For login during verification step, from email message.
	$login_id = $vuid;
    }
    else {
	$login_id = REMEMBERED_ID();
    }
188 189

    SPITFORM($login_id, $key, $referrer, $error, $adminmode, $simple, $view);
190
    PAGEFOOTER($view);
191 192 193 194
    return;
}

#
195
# Login clicked.
196 197 198 199
#
$STATUS_LOGGEDIN  = 1;
$STATUS_LOGINFAIL = 2;
$login_status     = 0;
Leigh B. Stoller's avatar
Leigh B. Stoller committed
200
$adminmode        = (isset($adminmode) && $adminmode == 1);
201

Leigh B. Stoller's avatar
Leigh B. Stoller committed
202
if (!isset($uid) || $uid == "" || !isset($password) || $password == "") {
203 204 205
    $login_status = $STATUS_LOGINFAIL;
}
else {
206
    if (DOLOGIN($uid, $password, $adminmode)) {
207 208
	# Short delay.
	sleep(1);
209 210 211 212 213 214
	$login_status = $STATUS_LOGINFAIL;
    }
    else {
	$login_status = $STATUS_LOGGEDIN;
    }
}
215

216 217 218 219
#
# Failed, then try again with an error message.
# 
if ($login_status == $STATUS_LOGINFAIL) {
220
    SPITFORM($uid, $key, $referrer, "failed", $adminmode, $simple, $view);
221
    PAGEFOOTER($view);
222 223
    return;
}
224

Leigh B. Stoller's avatar
Leigh B. Stoller committed
225
if (isset($key)) {
226 227 228 229 230
    #
    # If doing a verification, zap to that page.
    #
    header("Location: $TBBASE/verifyusr.php3?key=$key");
}
Leigh B. Stoller's avatar
Leigh B. Stoller committed
231
elseif (isset($referrer)) {
232 233 234 235 236
    #
    # Zap back to page that started the login request.
    #
    header("Location: $referrer");
}
237 238 239 240 241 242
else {
    #
    # Zap back to front page in secure mode.
    # 
    header("Location: $TBBASE/");
}
243 244
return;

245
?>