|
@@ -1,7 +1,9 @@
|
1
|
1
|
<?php
|
2
|
|
-/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
2
|
+/*
|
|
3
|
+ * This Source Code Form is subject to the terms of the Mozilla Public
|
3
|
4
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
4
|
|
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
5
|
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
6
|
+ */
|
5
|
7
|
|
6
|
8
|
require_once __DIR__ . "/required.php";
|
7
|
9
|
|
|
@@ -10,166 +12,85 @@ if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_
|
10
|
12
|
header('Location: app.php');
|
11
|
13
|
}
|
12
|
14
|
|
13
|
|
-if (isset($_GET['permissionerror'])) {
|
14
|
|
- $alert = $Strings->get("no access permission", false);
|
15
|
|
-}
|
|
15
|
+if (!empty($_GET['logout'])) {
|
|
16
|
+ // Show a logout message instead of immediately redirecting to login flow
|
|
17
|
+ ?>
|
|
18
|
+ <!DOCTYPE html>
|
|
19
|
+ <meta charset="UTF-8">
|
|
20
|
+ <meta http-equiv="X-UA-Compatible" content="IE=edge">
|
|
21
|
+ <meta name="viewport" content="width=device-width, initial-scale=1">
|
16
|
22
|
|
17
|
|
-/* Authenticate user */
|
18
|
|
-$userpass_ok = false;
|
19
|
|
-$multiauth = false;
|
20
|
|
-if (Login::checkLoginServer()) {
|
21
|
|
- if (empty($VARS['progress'])) {
|
22
|
|
- // Easy way to remove "undefined" warnings.
|
23
|
|
- } else if ($VARS['progress'] == "1") {
|
24
|
|
- if (!$SETTINGS['captcha']['enabled'] || ($SETTINGS['captcha']['enabled'] && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], $SETTINGS['captcha']['server'] . "/api.php"))) {
|
25
|
|
- $autherror = "";
|
26
|
|
- $user = User::byUsername($VARS['username']);
|
27
|
|
- if ($user->exists()) {
|
28
|
|
- $status = $user->getStatus()->getString();
|
29
|
|
- switch ($status) {
|
30
|
|
- case "LOCKED_OR_DISABLED":
|
31
|
|
- $alert = $Strings->get("account locked", false);
|
32
|
|
- break;
|
33
|
|
- case "TERMINATED":
|
34
|
|
- $alert = $Strings->get("account terminated", false);
|
35
|
|
- break;
|
36
|
|
- case "CHANGE_PASSWORD":
|
37
|
|
- $alert = $Strings->get("password expired", false);
|
38
|
|
- break;
|
39
|
|
- case "NORMAL":
|
40
|
|
- $username_ok = true;
|
41
|
|
- break;
|
42
|
|
- case "ALERT_ON_ACCESS":
|
43
|
|
- $mail_resp = $user->sendAlertEmail();
|
44
|
|
- if ($SETTINGS['debug']) {
|
45
|
|
- var_dump($mail_resp);
|
46
|
|
- }
|
47
|
|
- $username_ok = true;
|
48
|
|
- break;
|
49
|
|
- default:
|
50
|
|
- if (!empty($error)) {
|
51
|
|
- $alert = $error;
|
52
|
|
- } else {
|
53
|
|
- $alert = $Strings->get("login error", false);
|
54
|
|
- }
|
55
|
|
- break;
|
56
|
|
- }
|
57
|
|
- if ($username_ok) {
|
58
|
|
- if ($user->checkPassword($VARS['password'])) {
|
59
|
|
- $_SESSION['passok'] = true; // stop logins using only username and authcode
|
60
|
|
- if ($user->has2fa()) {
|
61
|
|
- $multiauth = true;
|
62
|
|
- } else {
|
63
|
|
- Session::start($user);
|
64
|
|
- header('Location: app.php');
|
65
|
|
- die("Logged in, go to app.php");
|
66
|
|
- }
|
67
|
|
- } else {
|
68
|
|
- $alert = $Strings->get("login incorrect", false);
|
69
|
|
- }
|
70
|
|
- }
|
71
|
|
- } else { // User does not exist anywhere
|
72
|
|
- $alert = $Strings->get("login incorrect", false);
|
73
|
|
- }
|
74
|
|
- } else {
|
75
|
|
- $alert = $Strings->get("captcha error", false);
|
|
23
|
+ <title><?php echo $SETTINGS['site_title']; ?></title>
|
|
24
|
+
|
|
25
|
+ <link rel="icon" href="static/img/logo.svg">
|
|
26
|
+
|
|
27
|
+ <link href="static/css/bootstrap.min.css" rel="stylesheet">
|
|
28
|
+ <link href="static/css/svg-with-js.min.css" rel="stylesheet">
|
|
29
|
+ <style nonce="<?php echo $SECURE_NONCE; ?>">
|
|
30
|
+ .display-5 {
|
|
31
|
+ font-size: 3rem;
|
|
32
|
+ font-weight: 300;
|
|
33
|
+ line-height: 1.2;
|
76
|
34
|
}
|
77
|
|
- } else if ($VARS['progress'] == "2") {
|
78
|
|
- $user = User::byUsername($VARS['username']);
|
79
|
|
- if ($_SESSION['passok'] !== true) {
|
80
|
|
- // stop logins using only username and authcode
|
81
|
|
- sendError("Password integrity check failed!");
|
|
35
|
+ </style>
|
|
36
|
+
|
|
37
|
+ <div class="container mt-4">
|
|
38
|
+ <div class="row justify-content-center">
|
|
39
|
+ <div class="col-12 text-center">
|
|
40
|
+ <h1 class="display-5 mb-4"><?php $Strings->get("You have been logged out.") ?></h1>
|
|
41
|
+ </div>
|
|
42
|
+
|
|
43
|
+ <div class="col-12 col-sm-8 col-lg-6">
|
|
44
|
+ <div class="card mt-4">
|
|
45
|
+ <div class="card-body">
|
|
46
|
+ <a href="./index.php" class="btn btn-primary btn-block"><?php $Strings->get("Log in again"); ?></a>
|
|
47
|
+ </div>
|
|
48
|
+ </div>
|
|
49
|
+ </div>
|
|
50
|
+ </div>
|
|
51
|
+ </div>
|
|
52
|
+
|
|
53
|
+ <script src="static/js/fontawesome-all.min.js"></script>
|
|
54
|
+ <?php
|
|
55
|
+ die();
|
|
56
|
+}
|
|
57
|
+
|
|
58
|
+if (empty($_SESSION["login_code"])) {
|
|
59
|
+ $redirecttologin = true;
|
|
60
|
+} else {
|
|
61
|
+ try {
|
|
62
|
+ $uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);
|
|
63
|
+ if ($uidinfo["status"] == "ERROR") {
|
|
64
|
+ throw new Exception();
|
82
|
65
|
}
|
83
|
|
- if ($user->check2fa($VARS['authcode'])) {
|
|
66
|
+ if (is_numeric($uidinfo['uid'])) {
|
|
67
|
+ $user = new User($uidinfo['uid'] * 1);
|
84
|
68
|
Session::start($user);
|
|
69
|
+ $_SESSION["login_code"] = null;
|
85
|
70
|
header('Location: app.php');
|
86
|
71
|
die("Logged in, go to app.php");
|
87
|
72
|
} else {
|
88
|
|
- $alert = $Strings->get("2fa incorrect", false);
|
|
73
|
+ throw new Exception();
|
89
|
74
|
}
|
|
75
|
+ } catch (Exception $ex) {
|
|
76
|
+ $redirecttologin = true;
|
90
|
77
|
}
|
91
|
|
-} else {
|
92
|
|
- $alert = $Strings->get("login server unavailable", false);
|
93
|
78
|
}
|
94
|
|
-header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
|
95
|
|
-header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
|
96
|
|
-header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
|
97
|
|
-header("Link: <static/css/index.css>; rel=preload; as=style", false);
|
98
|
|
-header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
|
99
|
|
-header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", false);
|
100
|
|
-?>
|
101
|
|
-<!DOCTYPE html>
|
102
|
|
-<html>
|
103
|
|
- <head>
|
104
|
|
- <meta charset="UTF-8">
|
105
|
|
- <meta http-equiv="X-UA-Compatible" content="IE=edge">
|
106
|
|
- <meta name="viewport" content="width=device-width, initial-scale=1">
|
107
|
79
|
|
108
|
|
- <title><?php echo $SETTINGS['site_title']; ?></title>
|
|
80
|
+if ($redirecttologin) {
|
|
81
|
+ try {
|
|
82
|
+ $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"]]);
|
109
|
83
|
|
110
|
|
- <link rel="icon" href="static/img/logo.svg">
|
|
84
|
+ if ($codedata['status'] != "OK") {
|
|
85
|
+ throw new Exception($Strings->get("login server unavailable", false));
|
|
86
|
+ }
|
111
|
87
|
|
112
|
|
- <link href="static/css/bootstrap.min.css" rel="stylesheet">
|
113
|
|
- <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
|
114
|
|
- <link href="static/css/index.css" rel="stylesheet">
|
115
|
|
- <?php if ($SETTINGS['captcha']['enabled']) { ?>
|
116
|
|
- <script src="<?php echo $SETTINGS['captcha']['server'] ?>/captcheck.dist.js"></script>
|
117
|
|
- <?php } ?>
|
118
|
|
- </head>
|
119
|
|
- <body>
|
120
|
|
- <div class="row justify-content-center">
|
121
|
|
- <div class="col-auto">
|
122
|
|
- <img class="banner-image" src="static/img/logo.svg" />
|
123
|
|
- </div>
|
124
|
|
- </div>
|
125
|
|
- <div class="row justify-content-center">
|
126
|
|
- <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
|
127
|
|
- <div class="card-body">
|
128
|
|
- <h5 class="card-title"><?php $Strings->get("sign in"); ?></h5>
|
129
|
|
- <form action="" method="POST">
|
130
|
|
- <?php
|
131
|
|
- if (!empty($alert)) {
|
132
|
|
- ?>
|
133
|
|
- <div class="alert alert-danger">
|
134
|
|
- <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
|
135
|
|
- </div>
|
136
|
|
- <?php
|
137
|
|
- }
|
|
88
|
+ $redirecturl = $url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "") . $_SERVER['REQUEST_URI'];
|
138
|
89
|
|
139
|
|
- if ($multiauth != true) {
|
140
|
|
- ?>
|
141
|
|
- <input type="text" class="form-control" name="username" placeholder="<?php $Strings->get("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
|
142
|
|
- <input type="password" class="form-control" name="password" placeholder="<?php $Strings->get("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
|
143
|
|
- <?php if ($SETTINGS['captcha']['enabled']) { ?>
|
144
|
|
- <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
|
145
|
|
- <br />
|
146
|
|
- <?php } ?>
|
147
|
|
- <input type="hidden" name="progress" value="1" />
|
148
|
|
- <?php
|
149
|
|
- } else if ($multiauth) {
|
150
|
|
- ?>
|
151
|
|
- <div class="alert alert-info">
|
152
|
|
- <?php $Strings->get("2fa prompt"); ?>
|
153
|
|
- </div>
|
154
|
|
- <input type="text" class="form-control" name="authcode" placeholder="<?php $Strings->get("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
|
155
|
|
- <input type="hidden" name="progress" value="2" />
|
156
|
|
- <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
|
157
|
|
- <?php
|
158
|
|
- }
|
159
|
|
- ?>
|
160
|
|
- <button type="submit" class="btn btn-primary">
|
161
|
|
- <?php $Strings->get("continue"); ?>
|
162
|
|
- </button>
|
163
|
|
- </form>
|
164
|
|
- </div>
|
165
|
|
- </div>
|
166
|
|
- </div>
|
167
|
|
- <div class="footer">
|
168
|
|
- <?php echo $SETTINGS['footer_text']; ?><br />
|
169
|
|
- Copyright © <?php echo date('Y'); ?> <?php echo $SETTINGS['copyright']; ?>
|
170
|
|
- </div>
|
171
|
|
- </div>
|
172
|
|
- <script src="static/js/jquery-3.3.1.min.js"></script>
|
173
|
|
- <script src="static/js/bootstrap.bundle.min.js"></script>
|
174
|
|
-</body>
|
175
|
|
-</html>
|
|
90
|
+ $_SESSION["login_code"] = $codedata["code"];
|
|
91
|
+
|
|
92
|
+ header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl));
|
|
93
|
+ } catch (Exception $ex) {
|
|
94
|
+ sendError($ex->getMessage());
|
|
95
|
+ }
|
|
96
|
+}
|