Single-sign-on and self-serve account management. https://netsyms.biz/apps/accounthub
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 5.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133
  1. <?php
  2. require_once __DIR__ . "/required.php";
  3. require_once __DIR__ . "/lib/login.php";
  4. /* Authenticate user */
  5. $userpass_ok = false;
  6. $multiauth = false;
  7. if ($VARS['progress'] == "1") {
  8. if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
  9. if (authenticate_user($VARS['username'], $VARS['password'])) {
  10. switch (get_account_status($VARS['username'])) {
  11. case "LOCKED_OR_DISABLED":
  12. $alert = lang("account locked", false);
  13. break;
  14. case "TERMINATED":
  15. $alert = lang("account terminated", false);
  16. break;
  17. case "CHANGE_PASSWORD":
  18. $alert = lang("password expired", false);
  19. case "NORMAL":
  20. $userpass_ok = true;
  21. break;
  22. case "ALERT_ON_ACCESS":
  23. sendLoginAlertEmail($VARS['username']);
  24. $userpass_ok = true;
  25. break;
  26. }
  27. if ($userpass_ok) {
  28. if (userHasTOTP($VARS['username'])) {
  29. $multiauth = true;
  30. } else {
  31. doLoginUser($VARS['username'], $VARS['password']);
  32. insertAuthLog(1, $_SESSION['uid']);
  33. header('Location: home.php');
  34. die("Logged in, go to home.php");
  35. }
  36. }
  37. } else {
  38. $alert = lang("login incorrect", false);
  39. insertAuthLog(2);
  40. }
  41. } else {
  42. $alert = lang("captcha error", false);
  43. insertAuthLog(8);
  44. }
  45. } else if ($VARS['progress'] == "2") {
  46. if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
  47. doLoginUser($VARS['username'], $VARS['password']);
  48. insertAuthLog(1, $_SESSION['uid']);
  49. header('Location: home.php');
  50. die("Logged in, go to home.php");
  51. } else {
  52. $alert = lang("2fa incorrect", false);
  53. insertAuthLog(6);
  54. }
  55. }
  56. ?>
  57. <!DOCTYPE html>
  58. <html>
  59. <head>
  60. <meta charset="UTF-8">
  61. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  62. <meta name="viewport" contgreent="width=device-width, initial-scale=1">
  63. <title><?php echo SITE_TITLE; ?></title>
  64. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  65. <link href="static/css/app.css" rel="stylesheet">
  66. <?php if (RECAPTCHA_ENABLED) { ?>
  67. <script src='https://www.google.com/recaptcha/api.js'></script>
  68. <?php } ?>
  69. </head>
  70. <body>
  71. <div class="container">
  72. <div class="row">
  73. <div class="col-xs-12 col-sm-6 col-md-4 col-lg-4 col-sm-offset-3 col-md-offset-4 col-lg-offset-4">
  74. <div>
  75. <img class="img-responsive banner-image" src="static/img/logo.svg" />
  76. </div>
  77. <div class="panel panel-primary">
  78. <div class="panel-heading">
  79. <h3 class="panel-title"><?php lang("sign in"); ?></h3>
  80. </div>
  81. <div class="panel-body">
  82. <form action="" method="POST">
  83. <?php
  84. if (!is_empty($alert)) {
  85. ?>
  86. <div class="alert alert-danger">
  87. <?php echo $alert; ?>
  88. </div>
  89. <?php
  90. }
  91. if ($multiauth != true) {
  92. ?>
  93. <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autofocus /><br />
  94. <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" /><br />
  95. <?php if (RECAPTCHA_ENABLED) { ?>
  96. <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
  97. <br />
  98. <?php } ?>
  99. <input type="hidden" name="progress" value="1" />
  100. <?php
  101. } else if ($multiauth) {
  102. ?>
  103. <div class="alert alert-info">
  104. <?php lang("2fa prompt"); ?>
  105. </div>
  106. <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autofocus /><br />
  107. <input type="hidden" name="progress" value="2" />
  108. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  109. <?php
  110. }
  111. ?>
  112. <button type="submit" class="btn btn-primary">
  113. <?php lang("continue"); ?>
  114. </button>
  115. </form>
  116. </div>
  117. </div>
  118. </div>
  119. </div>
  120. <div class="footer">
  121. <?php echo LICENSE_TEXT; ?><br />
  122. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  123. </div>
  124. </div>
  125. <script src="static/js/jquery-3.2.1.min.js"></script>
  126. <script src="static/js/bootstrap.min.js"></script>
  127. </body>
  128. </html>