Browse Source

Redirect to AccountHub for user login

master
Skylar Ittner 4 months ago
parent
commit
a559901ac0
3 changed files with 75 additions and 164 deletions
  1. 1
    1
      action.php
  2. 72
    151
      index.php
  3. 2
    12
      langs/en/core.json

+ 1
- 1
action.php View File

@@ -33,6 +33,6 @@ function returnToSender($msg, $arg = "") {
33 33
 switch ($VARS['action']) {
34 34
     case "signout":
35 35
         session_destroy();
36
-        header('Location: index.php');
36
+        header('Location: index.php?logout=1');
37 37
         die("Logged out.");
38 38
 }

+ 72
- 151
index.php View File

@@ -1,7 +1,9 @@
1 1
 <?php
2
-/* This Source Code Form is subject to the terms of the Mozilla Public
2
+/*
3
+ * This Source Code Form is subject to the terms of the Mozilla Public
3 4
  * License, v. 2.0. If a copy of the MPL was not distributed with this
4
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
5
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
+ */
5 7
 
6 8
 require_once __DIR__ . "/required.php";
7 9
 
@@ -10,166 +12,85 @@ if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_
10 12
     header('Location: app.php');
11 13
 }
12 14
 
13
-if (isset($_GET['permissionerror'])) {
14
-    $alert = $Strings->get("no access permission", false);
15
-}
15
+if (!empty($_GET['logout'])) {
16
+    // Show a logout message instead of immediately redirecting to login flow
17
+    ?>
18
+    <!DOCTYPE html>
19
+    <meta charset="UTF-8">
20
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
21
+    <meta name="viewport" content="width=device-width, initial-scale=1">
16 22
 
17
-/* Authenticate user */
18
-$userpass_ok = false;
19
-$multiauth = false;
20
-if (Login::checkLoginServer()) {
21
-    if (empty($VARS['progress'])) {
22
-        // Easy way to remove "undefined" warnings.
23
-    } else if ($VARS['progress'] == "1") {
24
-        if (!$SETTINGS['captcha']['enabled'] || ($SETTINGS['captcha']['enabled'] && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], $SETTINGS['captcha']['server'] . "/api.php"))) {
25
-            $autherror = "";
26
-            $user = User::byUsername($VARS['username']);
27
-            if ($user->exists()) {
28
-                $status = $user->getStatus()->getString();
29
-                switch ($status) {
30
-                    case "LOCKED_OR_DISABLED":
31
-                        $alert = $Strings->get("account locked", false);
32
-                        break;
33
-                    case "TERMINATED":
34
-                        $alert = $Strings->get("account terminated", false);
35
-                        break;
36
-                    case "CHANGE_PASSWORD":
37
-                        $alert = $Strings->get("password expired", false);
38
-                        break;
39
-                    case "NORMAL":
40
-                        $username_ok = true;
41
-                        break;
42
-                    case "ALERT_ON_ACCESS":
43
-                        $mail_resp = $user->sendAlertEmail();
44
-                        if ($SETTINGS['debug']) {
45
-                            var_dump($mail_resp);
46
-                        }
47
-                        $username_ok = true;
48
-                        break;
49
-                    default:
50
-                        if (!empty($error)) {
51
-                            $alert = $error;
52
-                        } else {
53
-                            $alert = $Strings->get("login error", false);
54
-                        }
55
-                        break;
56
-                }
57
-                if ($username_ok) {
58
-                    if ($user->checkPassword($VARS['password'])) {
59
-                        $_SESSION['passok'] = true; // stop logins using only username and authcode
60
-                        if ($user->has2fa()) {
61
-                            $multiauth = true;
62
-                        } else {
63
-                            Session::start($user);
64
-                            header('Location: app.php');
65
-                            die("Logged in, go to app.php");
66
-                        }
67
-                    } else {
68
-                        $alert = $Strings->get("login incorrect", false);
69
-                    }
70
-                }
71
-            } else { // User does not exist anywhere
72
-                $alert = $Strings->get("login incorrect", false);
73
-            }
74
-        } else {
75
-            $alert = $Strings->get("captcha error", false);
23
+    <title><?php echo $SETTINGS['site_title']; ?></title>
24
+
25
+    <link rel="icon" href="static/img/logo.svg">
26
+
27
+    <link href="static/css/bootstrap.min.css" rel="stylesheet">
28
+    <link href="static/css/svg-with-js.min.css" rel="stylesheet">
29
+    <style nonce="<?php echo $SECURE_NONCE; ?>">
30
+        .display-5 {
31
+            font-size: 3rem;
32
+            font-weight: 300;
33
+            line-height: 1.2;
76 34
         }
77
-    } else if ($VARS['progress'] == "2") {
78
-        $user = User::byUsername($VARS['username']);
79
-        if ($_SESSION['passok'] !== true) {
80
-            // stop logins using only username and authcode
81
-            sendError("Password integrity check failed!");
35
+    </style>
36
+
37
+    <div class="container mt-4">
38
+        <div class="row justify-content-center">
39
+            <div class="col-12 text-center">
40
+                <h1 class="display-5 mb-4"><?php $Strings->get("You have been logged out.") ?></h1>
41
+            </div>
42
+
43
+            <div class="col-12 col-sm-8 col-lg-6">
44
+                <div class="card mt-4">
45
+                    <div class="card-body">
46
+                        <a href="./index.php" class="btn btn-primary btn-block"><?php $Strings->get("Log in again"); ?></a>
47
+                    </div>
48
+                </div>
49
+            </div>
50
+        </div>
51
+    </div>
52
+
53
+    <script src="static/js/fontawesome-all.min.js"></script>
54
+    <?php
55
+    die();
56
+}
57
+
58
+if (empty($_SESSION["login_code"])) {
59
+    $redirecttologin = true;
60
+} else {
61
+    try {
62
+        $uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);
63
+        if ($uidinfo["status"] == "ERROR") {
64
+            throw new Exception();
82 65
         }
83
-        if ($user->check2fa($VARS['authcode'])) {
66
+        if (is_numeric($uidinfo['uid'])) {
67
+            $user = new User($uidinfo['uid'] * 1);
84 68
             Session::start($user);
69
+            $_SESSION["login_code"] = null;
85 70
             header('Location: app.php');
86 71
             die("Logged in, go to app.php");
87 72
         } else {
88
-            $alert = $Strings->get("2fa incorrect", false);
73
+            throw new Exception();
89 74
         }
75
+    } catch (Exception $ex) {
76
+        $redirecttologin = true;
90 77
     }
91
-} else {
92
-    $alert = $Strings->get("login server unavailable", false);
93 78
 }
94
-header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
95
-header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
96
-header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
97
-header("Link: <static/css/index.css>; rel=preload; as=style", false);
98
-header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
99
-header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", false);
100
-?>
101
-<!DOCTYPE html>
102
-<html>
103
-    <head>
104
-        <meta charset="UTF-8">
105
-        <meta http-equiv="X-UA-Compatible" content="IE=edge">
106
-        <meta name="viewport" content="width=device-width, initial-scale=1">
107 79
 
108
-        <title><?php echo $SETTINGS['site_title']; ?></title>
80
+if ($redirecttologin) {
81
+    try {
82
+        $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"]]);
109 83
 
110
-        <link rel="icon" href="static/img/logo.svg">
84
+        if ($codedata['status'] != "OK") {
85
+            throw new Exception($Strings->get("login server unavailable", false));
86
+        }
111 87
 
112
-        <link href="static/css/bootstrap.min.css" rel="stylesheet">
113
-        <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
114
-        <link href="static/css/index.css" rel="stylesheet">
115
-        <?php if ($SETTINGS['captcha']['enabled']) { ?>
116
-            <script src="<?php echo $SETTINGS['captcha']['server'] ?>/captcheck.dist.js"></script>
117
-        <?php } ?>
118
-    </head>
119
-    <body>
120
-        <div class="row justify-content-center">
121
-            <div class="col-auto">
122
-                <img class="banner-image" src="static/img/logo.svg" />
123
-            </div>
124
-        </div>
125
-        <div class="row justify-content-center">
126
-            <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
127
-                <div class="card-body">
128
-                    <h5 class="card-title"><?php $Strings->get("sign in"); ?></h5>
129
-                    <form action="" method="POST">
130
-                        <?php
131
-                        if (!empty($alert)) {
132
-                            ?>
133
-                            <div class="alert alert-danger">
134
-                                <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
135
-                            </div>
136
-                            <?php
137
-                        }
88
+        $redirecturl = $url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "") . $_SERVER['REQUEST_URI'];
138 89
 
139
-                        if ($multiauth != true) {
140
-                            ?>
141
-                            <input type="text" class="form-control" name="username" placeholder="<?php $Strings->get("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
142
-                            <input type="password" class="form-control" name="password" placeholder="<?php $Strings->get("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
143
-                            <?php if ($SETTINGS['captcha']['enabled']) { ?>
144
-                                <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
145
-                                <br />
146
-                            <?php } ?>
147
-                            <input type="hidden" name="progress" value="1" />
148
-                            <?php
149
-                        } else if ($multiauth) {
150
-                            ?>
151
-                            <div class="alert alert-info">
152
-                                <?php $Strings->get("2fa prompt"); ?>
153
-                            </div>
154
-                            <input type="text" class="form-control" name="authcode" placeholder="<?php $Strings->get("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
155
-                            <input type="hidden" name="progress" value="2" />
156
-                            <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
157
-                            <?php
158
-                        }
159
-                        ?>
160
-                        <button type="submit" class="btn btn-primary">
161
-                            <?php $Strings->get("continue"); ?>
162
-                        </button>
163
-                    </form>
164
-                </div>
165
-            </div>
166
-        </div>
167
-        <div class="footer">
168
-            <?php echo $SETTINGS['footer_text']; ?><br />
169
-            Copyright &copy; <?php echo date('Y'); ?> <?php echo $SETTINGS['copyright']; ?>
170
-        </div>
171
-    </div>
172
-    <script src="static/js/jquery-3.3.1.min.js"></script>
173
-    <script src="static/js/bootstrap.bundle.min.js"></script>
174
-</body>
175
-</html>
90
+        $_SESSION["login_code"] = $codedata["code"];
91
+
92
+        header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl));
93
+    } catch (Exception $ex) {
94
+        sendError($ex->getMessage());
95
+    }
96
+}

+ 2
- 12
langs/en/core.json View File

@@ -1,17 +1,7 @@
1 1
 {
2
-    "sign in": "Sign In",
3
-    "username": "Username",
4
-    "password": "Password",
5
-    "continue": "Continue",
6
-    "authcode": "Authentication code",
7
-    "2fa prompt": "Enter the six-digit code from your mobile authenticator app.",
8
-    "2fa incorrect": "Authentication code incorrect.",
9
-    "login incorrect": "Login incorrect.",
2
+    "You have been logged out.": "You have been logged out.",
3
+    "Log in again": "Log in again",
10 4
     "login server unavailable": "Login server unavailable.  Try again later or contact technical support.",
11
-    "account locked": "This account has been disabled. Contact technical support.",
12
-    "password expired": "You must change your password before continuing.",
13
-    "account terminated": "Account terminated.  Access denied.",
14
-    "account state error": "Your account state is not stable.  Log out, restart your browser, and try again.",
15 5
     "welcome user": "Welcome, {user}!",
16 6
     "sign out": "Sign out",
17 7
     "settings": "Settings",

Loading…
Cancel
Save