loginwebpage.class.inc.php 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311
  1. <?php
  2. // Copyright (C) 2010 Combodo SARL
  3. //
  4. // This program is free software; you can redistribute it and/or modify
  5. // it under the terms of the GNU General Public License as published by
  6. // the Free Software Foundation; version 3 of the License.
  7. //
  8. // This program is distributed in the hope that it will be useful,
  9. // but WITHOUT ANY WARRANTY; without even the implied warranty of
  10. // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  11. // GNU General Public License for more details.
  12. //
  13. // You should have received a copy of the GNU General Public License
  14. // along with this program; if not, write to the Free Software
  15. // Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  16. /**
  17. * Class LoginWebPage
  18. *
  19. * @author Erwan Taloc <erwan.taloc@combodo.com>
  20. * @author Romain Quetiez <romain.quetiez@combodo.com>
  21. * @author Denis Flaven <denis.flaven@combodo.com>
  22. * @license http://www.opensource.org/licenses/gpl-3.0.html LGPL
  23. */
  24. require_once("../application/nicewebpage.class.inc.php");
  25. /**
  26. * Web page used for displaying the login form
  27. */
  28. class LoginWebPage extends NiceWebPage
  29. {
  30. public function __construct()
  31. {
  32. parent::__construct("iTop Login");
  33. $this->add_style(<<<EOF
  34. body {
  35. background: #eee;
  36. margin: 0;
  37. padding: 0;
  38. }
  39. #login-logo {
  40. margin-top: 150px;
  41. width: 300px;
  42. padding-left: 20px;
  43. padding-right: 20px;
  44. padding-top: 10px;
  45. padding-bottom: 10px;
  46. margin-left: auto;
  47. margin-right: auto;
  48. background: #f6f6f1;
  49. height: 54px;
  50. border-top: 1px solid #000;
  51. border-left: 1px solid #000;
  52. border-right: 1px solid #000;
  53. border-bottom: 0;
  54. text-align: center;
  55. }
  56. #login-logo img {
  57. border: 0;
  58. }
  59. #login {
  60. width: 300px;
  61. margin-left: auto;
  62. margin-right: auto;
  63. padding: 20px;
  64. background-color: #fff;
  65. border-bottom: 1px solid #000;
  66. border-left: 1px solid #000;
  67. border-right: 1px solid #000;
  68. border-top: 0;
  69. }
  70. .center {
  71. text-align: center;
  72. }
  73. h1 {
  74. color: #1C94C4;
  75. font-size: 16pt;
  76. }
  77. .v-spacer {
  78. padding-top: 1em;
  79. }
  80. EOF
  81. );
  82. }
  83. public function DisplayLoginForm($bFailedLogin = false)
  84. {
  85. $sAuthUser = utils::ReadParam('auth_user', '');
  86. $sAuthPwd = utils::ReadParam('suggest_pwd', '');
  87. $sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_VERSION);
  88. $this->add("<div id=\"login-logo\"><a href=\"http://www.combodo.com/itop\"><img title=\"$sVersionShort\" src=\"../images/itop-logo.png\"></a></div>\n");
  89. $this->add("<div id=\"login\">\n");
  90. $this->add("<h1>".Dict::S('UI:Login:Welcome')."</h1>\n");
  91. if ($bFailedLogin)
  92. {
  93. $this->add("<p class=\"hilite\">".Dict::S('UI:Login:IncorrectLoginPassword')."</p>\n");
  94. }
  95. else
  96. {
  97. $this->add("<p>".Dict::S('UI:Login:IdentifyYourself')."</p>\n");
  98. }
  99. $this->add("<form method=\"post\">\n");
  100. $this->add("<table>\n");
  101. $this->add("<tr><td><label for=\"user\">".Dict::S('UI:Login:UserNamePrompt').":</label></td><td><input id=\"user\" type=\"text\" name=\"auth_user\" value=\"$sAuthUser\" /></td></tr>\n");
  102. $this->add("<tr><td><label for=\"pwd\">".Dict::S('UI:Login:PasswordPrompt').":</label></td><td><input id=\"pwd\" type=\"password\" name=\"auth_pwd\" value=\"$sAuthPwd\" /></td></tr>\n");
  103. $this->add("<tr><td colspan=\"2\" class=\"center v-spacer\"> <input type=\"submit\" value=\"".Dict::S('UI:Button:Login')."\" /></td></tr>\n");
  104. $this->add("</table>\n");
  105. $this->add("<input type=\"hidden\" name=\"loginop\" value=\"login\" />\n");
  106. $this->add("</form>\n");
  107. $this->add("</div>\n");
  108. }
  109. public function DisplayChangePwdForm($bFailedLogin = false)
  110. {
  111. $sAuthUser = utils::ReadParam('auth_user', '');
  112. $sAuthPwd = utils::ReadParam('suggest_pwd', '');
  113. $sVersionShort = Dict::Format('UI:iTopVersion:Short', ITOP_VERSION);
  114. $sInconsistenPwdMsg = Dict::S('UI:Login:RetypePwdDoesNotMatch');
  115. $this->add_script(<<<EOF
  116. function GoBack()
  117. {
  118. window.history.back();
  119. }
  120. function DoCheckPwd()
  121. {
  122. if ($('#new_pwd').val() != $('#retype_new_pwd').val())
  123. {
  124. alert('$sInconsistenPwdMsg');
  125. return false;
  126. }
  127. return true;
  128. }
  129. EOF
  130. );
  131. $this->add("<div id=\"login-logo\"><a href=\"http://www.combodo.com/itop\"><img title=\"$sVersionShort\" src=\"../images/itop-logo.png\"></a></div>\n");
  132. $this->add("<div id=\"login\">\n");
  133. $this->add("<h1>".Dict::S('UI:Login:ChangeYourPassword')."</h1>\n");
  134. if ($bFailedLogin)
  135. {
  136. $this->add("<p class=\"hilite\">".Dict::S('UI:Login:IncorrectOldPassword')."</p>\n");
  137. }
  138. $this->add("<form method=\"post\">\n");
  139. $this->add("<table>\n");
  140. $this->add("<tr><td><label for=\"old_pwd\">".Dict::S('UI:Login:OldPasswordPrompt').":</label></td><td><input type=\"password\" id=\"old_pwd\" name=\"old_pwd\" value=\"\" /></td></tr>\n");
  141. $this->add("<tr><td><label for=\"new_pwd\">".Dict::S('UI:Login:NewPasswordPrompt').":</label></td><td><input type=\"password\" id=\"new_pwd\" name=\"new_pwd\" value=\"\" /></td></tr>\n");
  142. $this->add("<tr><td><label for=\"retype_new_pwd\">".Dict::S('UI:Login:RetypeNewPasswordPrompt').":</label></td><td><input type=\"password\" id=\"retype_new_pwd\" name=\"retype_new_pwd\" value=\"\" /></td></tr>\n");
  143. $this->add("<tr><td colspan=\"2\" class=\"center v-spacer\"> <input type=\"button\" onClick=\"GoBack();\" value=\"".Dict::S('UI:Button:Cancel')."\" />&nbsp;&nbsp;<input type=\"submit\" onClick=\"return DoCheckPwd();\" value=\"".Dict::S('UI:Button:ChangePassword')."\" /></td></tr>\n");
  144. $this->add("</table>\n");
  145. $this->add("<input type=\"hidden\" name=\"loginop\" value=\"do_change_pwd\" />\n");
  146. $this->add("</form>\n");
  147. $this->add("</div>\n");
  148. }
  149. static protected function ResetSession()
  150. {
  151. // Unset all of the session variables.
  152. $_SESSION = array();
  153. // If it's desired to kill the session, also delete the session cookie.
  154. // Note: This will destroy the session, and not just the session data!
  155. if (isset($_COOKIE[session_name()]))
  156. {
  157. setcookie(session_name(), '', time()-3600, '/');
  158. }
  159. // Finally, destroy the session.
  160. session_destroy();
  161. }
  162. static function SecureConnectionRequired()
  163. {
  164. $oConfig = new Config(ITOP_CONFIG_FILE);
  165. return $oConfig->GetSecureConnectionRequired();
  166. }
  167. static function IsConnectionSecure()
  168. {
  169. $bSecured = false;
  170. if ( !empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS']!= 'off') )
  171. {
  172. $bSecured = true;
  173. }
  174. return $bSecured;
  175. }
  176. static function DoLogin()
  177. {
  178. if (self::SecureConnectionRequired() && !self::IsConnectionSecure())
  179. {
  180. // Non secured URL... redirect to a secured one
  181. $sUrl = Utils::GetAbsoluteUrl(true /* query string */, true /* force HTTPS */);
  182. header("Location: $sUrl");
  183. exit;
  184. }
  185. $bHTTPBasicAuthentication = (utils::ReadParam('auth', '', 'get') == 'http_basic');
  186. if ($bHTTPBasicAuthentication)
  187. {
  188. // Basic HTTP/PHP authentication mecanism
  189. //
  190. // meme avec ca c'est pourri - return;
  191. if (!isset($_SERVER['PHP_AUTH_USER']))
  192. {
  193. header('WWW-Authenticate: Basic realm="iTop access is restricted"');
  194. header('HTTP/1.0 401 Unauthorized');
  195. // Note: accessed when the user will click on Cancel
  196. echo '<p><strong>'.Dict::S('UI:Login:Error:AccessRestricted').'</strong></p>';
  197. exit;
  198. }
  199. else
  200. {
  201. $sAuthUser = $_SERVER['PHP_AUTH_USER'];
  202. $sAuthPwd = $_SERVER['PHP_AUTH_PW'];
  203. if (!UserRights::Login($sAuthUser, $sAuthPwd))
  204. {
  205. header('WWW-Authenticate: Basic realm="Unknown user \''.$sAuthUser.'\'"');
  206. header('HTTP/1.0 401 Unauthorized');
  207. // Note: accessed when the user will click on Cancel
  208. // Todo: count the attempts
  209. echo '<p><strong>'.Dict::S('UI:Login:Error:AccessRestricted').'</strong></p>';
  210. exit;
  211. }
  212. }
  213. return;
  214. }
  215. // Home-made authentication mecanism
  216. //
  217. $operation = utils::ReadParam('loginop', '');
  218. session_start();
  219. if ($operation == 'logoff')
  220. {
  221. self::ResetSession();
  222. }
  223. if ($operation == 'change_pwd')
  224. {
  225. $sAuthUser = $_SESSION['auth_user'];
  226. $sAuthPwd = $_SESSION['auth_pwd'];
  227. UserRights::Login($sAuthUser, $sAuthPwd); // Set the user's language
  228. $oPage = new LoginWebPage();
  229. $oPage->DisplayChangePwdForm();
  230. $oPage->output();
  231. exit;
  232. }
  233. if ($operation == 'do_change_pwd')
  234. {
  235. $sAuthUser = $_SESSION['auth_user'];
  236. $sAuthPwd = $_SESSION['auth_pwd'];
  237. UserRights::Login($sAuthUser, $sAuthPwd); // Set the user's language
  238. $sOldPwd = utils::ReadPostedParam('old_pwd');
  239. $sNewPwd = utils::ReadPostedParam('new_pwd');
  240. if (UserRights::CanChangePassword() && ((!UserRights::Login($sAuthUser, $sOldPwd)) || (!UserRights::ChangePassword($sOldPwd, $sNewPwd))))
  241. {
  242. $oPage = new LoginWebPage();
  243. $oPage->DisplayChangePwdForm(true); // old pwd was wrong
  244. $oPage->output();
  245. exit;
  246. }
  247. else
  248. {
  249. // Remember the changed password
  250. $_SESSION['auth_pwd'] = $sNewPwd;
  251. return;
  252. }
  253. }
  254. if (!isset($_SESSION['auth_user']) || !isset($_SESSION['auth_pwd']))
  255. {
  256. if ($operation == 'loginurl')
  257. {
  258. $sAuthUser = utils::ReadParam('auth_user', '', 'get');
  259. $sAuthPwd = utils::ReadParam('auth_pwd', '', 'get');
  260. }
  261. else if ($operation == 'login')
  262. {
  263. $sAuthUser = utils::ReadParam('auth_user', '', 'post');
  264. $sAuthPwd = utils::ReadParam('auth_pwd', '', 'post');
  265. }
  266. else
  267. {
  268. $oPage = new LoginWebPage();
  269. $oPage->DisplayLoginForm();
  270. $oPage->output();
  271. exit;
  272. }
  273. }
  274. else
  275. {
  276. $sAuthUser = $_SESSION['auth_user'];
  277. $sAuthPwd = $_SESSION['auth_pwd'];
  278. }
  279. if (!UserRights::Login($sAuthUser, $sAuthPwd))
  280. {
  281. self::ResetSession();
  282. $oPage = new LoginWebPage();
  283. $oPage->DisplayLoginForm( true /* failed attempt */);
  284. $oPage->output();
  285. exit;
  286. }
  287. else
  288. {
  289. $_SESSION['auth_user'] = $sAuthUser ;
  290. $_SESSION['auth_pwd'] = $sAuthPwd;
  291. }
  292. }
  293. } // End of class
  294. ?>