* @author Romain Quetiez * @author Denis Flaven * @license http://www.opensource.org/licenses/gpl-3.0.html LGPL */ require_once("../application/nicewebpage.class.inc.php"); /** * Web page used for displaying the login form */ class LoginWebPage extends NiceWebPage { public function __construct() { parent::__construct("iTop Login"); $this->add_style(<<add("\n"); $this->add("

\n"); $this->add("

".Dict::S('UI:Login:Welcome')."

\n"); if ($bFailedLogin) { $this->add("

".Dict::S('UI:Login:IncorrectLoginPassword')."

\n"); } else { $this->add("

".Dict::S('UI:Login:IdentifyYourself')."

\n"); } $this->add("\n"); $this->add("

\n"); } static protected function ResetSession() { // Unset all of the session variables. $_SESSION = array(); // If it's desired to kill the session, also delete the session cookie. // Note: This will destroy the session, and not just the session data! if (isset($_COOKIE[session_name()])) { setcookie(session_name(), '', time()-3600, '/'); } // Finally, destroy the session. session_destroy(); } static function SecureConnectionRequired() { $oConfig = new Config(ITOP_CONFIG_FILE); return $oConfig->GetSecureConnectionRequired(); } static function IsConnectionSecure() { $bSecured = false; if ( !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!= 'off') ) { $bSecured = true; } return $bSecured; } static function DoLogin() { if (self::SecureConnectionRequired() && !self::IsConnectionSecure()) { // Non secured URL... redirect to a secured one $sUrl = Utils::GetAbsoluteUrl(true /* query string */, true /* force HTTPS */); header("Location: $sUrl"); exit; } $bHTTPBasicAuthentication = (utils::ReadParam('auth', '', 'get') == 'http_basic'); if ($bHTTPBasicAuthentication) { // Basic HTTP/PHP authentication mecanism // // meme avec ca c'est pourri - return; if (!isset($_SERVER['PHP_AUTH_USER'])) { header('WWW-Authenticate: Basic realm="iTop access is restricted"'); header('HTTP/1.0 401 Unauthorized'); // Note: accessed when the user will click on Cancel echo '

'.Dict::S('UI:Login:Error:AccessRestricted').'

'; exit; } else { $sAuthUser = $_SERVER['PHP_AUTH_USER']; $sAuthPwd = $_SERVER['PHP_AUTH_PW']; if (!UserRights::Login($sAuthUser, $sAuthPwd)) { header('WWW-Authenticate: Basic realm="Unknown user \''.$sAuthUser.'\'"'); header('HTTP/1.0 401 Unauthorized'); // Note: accessed when the user will click on Cancel // Todo: count the attempts echo '

'.Dict::S('UI:Login:Error:AccessRestricted').'

'; exit; } } return; } // Home-made authentication mecanism // $operation = utils::ReadParam('loginop', ''); session_start(); if ($operation == 'logoff') { self::ResetSession(); } if (!isset($_SESSION['auth_user']) || !isset($_SESSION['auth_pwd'])) { if ($operation == 'loginurl') { $sAuthUser = utils::ReadParam('auth_user', '', 'get'); $sAuthPwd = utils::ReadParam('auth_pwd', '', 'get'); } else if ($operation == 'login') { $sAuthUser = utils::ReadParam('auth_user', '', 'post'); $sAuthPwd = utils::ReadParam('auth_pwd', '', 'post'); } else { $oPage = new LoginWebPage(); $oPage->DisplayLoginForm(); $oPage->output(); exit; } } else { $sAuthUser = $_SESSION['auth_user']; $sAuthPwd = $_SESSION['auth_pwd']; } if (!UserRights::Login($sAuthUser, $sAuthPwd)) { self::ResetSession(); $oPage = new LoginWebPage(); $oPage->DisplayLoginForm( true /* failed attempt */); $oPage->output(); exit; } else { $_SESSION['auth_user'] = $sAuthUser ; $_SESSION['auth_pwd'] = $sAuthPwd; } } } // End of class ?>

".Dict::S('UI:Login:UserNamePrompt').":
".Dict::S('UI:Login:PasswordPrompt').":