|
|
@ -3,11 +3,17 @@ require_once __DIR__ . "/required.php";
|
|
|
|
|
|
|
|
|
|
|
|
require_once __DIR__ . "/lib/login.php";
|
|
|
|
require_once __DIR__ . "/lib/login.php";
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// if we're logged in, we don't need to be here.
|
|
|
|
|
|
|
|
if ($_SESSION['loggedin']) {
|
|
|
|
|
|
|
|
header('Location: app.php');
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Authenticate user */
|
|
|
|
/* Authenticate user */
|
|
|
|
$userpass_ok = false;
|
|
|
|
$userpass_ok = false;
|
|
|
|
$multiauth = false;
|
|
|
|
$multiauth = false;
|
|
|
|
if (checkLoginServer()) {
|
|
|
|
if (checkLoginServer()) {
|
|
|
|
if ($VARS['progress'] == "1") {
|
|
|
|
if ($VARS['progress'] == "1") {
|
|
|
|
|
|
|
|
if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
|
|
|
|
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
|
|
|
if (authenticate_user($VARS['username'], $VARS['password'])) {
|
|
|
|
switch (get_account_status($VARS['username'])) {
|
|
|
|
switch (get_account_status($VARS['username'])) {
|
|
|
|
case "LOCKED_OR_DISABLED":
|
|
|
|
case "LOCKED_OR_DISABLED":
|
|
|
@ -27,6 +33,7 @@ if (checkLoginServer()) {
|
|
|
|
break;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($userpass_ok) {
|
|
|
|
if ($userpass_ok) {
|
|
|
|
|
|
|
|
$_SESSION['passok'] = true; // stop logins using only username and authcode
|
|
|
|
if (userHasTOTP($VARS['username'])) {
|
|
|
|
if (userHasTOTP($VARS['username'])) {
|
|
|
|
$multiauth = true;
|
|
|
|
$multiauth = true;
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
@ -38,7 +45,14 @@ if (checkLoginServer()) {
|
|
|
|
} else {
|
|
|
|
} else {
|
|
|
|
$alert = lang("login incorrect", false);
|
|
|
|
$alert = lang("login incorrect", false);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
} else {
|
|
|
|
|
|
|
|
$alert = lang("captcha error", false);
|
|
|
|
|
|
|
|
}
|
|
|
|
} else if ($VARS['progress'] == "2") {
|
|
|
|
} else if ($VARS['progress'] == "2") {
|
|
|
|
|
|
|
|
if ($_SESSION['passok'] !== true) {
|
|
|
|
|
|
|
|
// stop logins using only username and authcode
|
|
|
|
|
|
|
|
sendError("Password integrity check failed!");
|
|
|
|
|
|
|
|
}
|
|
|
|
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
|
|
|
|
if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
|
|
|
|
if (doLoginUser($VARS['username'])) {
|
|
|
|
if (doLoginUser($VARS['username'])) {
|
|
|
|
header('Location: app.php');
|
|
|
|
header('Location: app.php');
|
|
|
@ -66,6 +80,9 @@ if (checkLoginServer()) {
|
|
|
|
<link href="static/css/bootstrap.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/bootstrap.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/font-awesome.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/font-awesome.min.css" rel="stylesheet">
|
|
|
|
<link href="static/css/app.css" rel="stylesheet">
|
|
|
|
<link href="static/css/app.css" rel="stylesheet">
|
|
|
|
|
|
|
|
<?php if (RECAPTCHA_ENABLED) { ?>
|
|
|
|
|
|
|
|
<script src='https://www.google.com/recaptcha/api.js'></script>
|
|
|
|
|
|
|
|
<?php } ?>
|
|
|
|
</head>
|
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<body>
|
|
|
|
<div class="container">
|
|
|
|
<div class="container">
|
|
|
@ -97,6 +114,10 @@ if (checkLoginServer()) {
|
|
|
|
?>
|
|
|
|
?>
|
|
|
|
<input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br />
|
|
|
|
<input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br />
|
|
|
|
<input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br />
|
|
|
|
<input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br />
|
|
|
|
|
|
|
|
<?php if (RECAPTCHA_ENABLED) { ?>
|
|
|
|
|
|
|
|
<div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
|
|
|
|
|
|
|
|
<br />
|
|
|
|
|
|
|
|
<?php } ?>
|
|
|
|
<input type="hidden" name="progress" value="1" />
|
|
|
|
<input type="hidden" name="progress" value="1" />
|
|
|
|
<?php
|
|
|
|
<?php
|
|
|
|
} else if ($multiauth) {
|
|
|
|
} else if ($multiauth) {
|
|
|
|