diff --git a/index.php b/index.php index 1eab30a..f7cd0df 100644 --- a/index.php +++ b/index.php @@ -3,42 +3,56 @@ require_once __DIR__ . "/required.php"; require_once __DIR__ . "/lib/login.php"; +// if we're logged in, we don't need to be here. +if ($_SESSION['loggedin']) { + header('Location: app.php'); +} + /* Authenticate user */ $userpass_ok = false; $multiauth = false; if (checkLoginServer()) { if ($VARS['progress'] == "1") { - if (authenticate_user($VARS['username'], $VARS['password'])) { - switch (get_account_status($VARS['username'])) { - case "LOCKED_OR_DISABLED": - $alert = lang("account locked", false); - break; - case "TERMINATED": - $alert = lang("account terminated", false); - break; - case "CHANGE_PASSWORD": - $alert = lang("password expired", false); - case "NORMAL": - $userpass_ok = true; - break; - case "ALERT_ON_ACCESS": - sendLoginAlertEmail($VARS['username']); - $userpass_ok = true; - break; - } - if ($userpass_ok) { - if (userHasTOTP($VARS['username'])) { - $multiauth = true; - } else { - doLoginUser($VARS['username'], $VARS['password']); - header('Location: app.php'); - die("Logged in, go to app.php"); + if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) { + if (authenticate_user($VARS['username'], $VARS['password'])) { + switch (get_account_status($VARS['username'])) { + case "LOCKED_OR_DISABLED": + $alert = lang("account locked", false); + break; + case "TERMINATED": + $alert = lang("account terminated", false); + break; + case "CHANGE_PASSWORD": + $alert = lang("password expired", false); + case "NORMAL": + $userpass_ok = true; + break; + case "ALERT_ON_ACCESS": + sendLoginAlertEmail($VARS['username']); + $userpass_ok = true; + break; } + if ($userpass_ok) { + $_SESSION['passok'] = true; // stop logins using only username and authcode + if (userHasTOTP($VARS['username'])) { + $multiauth = true; + } else { + doLoginUser($VARS['username'], $VARS['password']); + header('Location: app.php'); + die("Logged in, go to app.php"); + } + } + } else { + $alert = lang("login incorrect", false); } } else { - $alert = lang("login incorrect", false); + $alert = lang("captcha error", false); } } else if ($VARS['progress'] == "2") { + if ($_SESSION['passok'] !== true) { + // stop logins using only username and authcode + sendError("Password integrity check failed!"); + } if (verifyTOTP($VARS['username'], $VARS['authcode'])) { if (doLoginUser($VARS['username'])) { header('Location: app.php'); @@ -66,6 +80,9 @@ if (checkLoginServer()) { + + +