From a559901ac04f320d0e75370638692de466175228 Mon Sep 17 00:00:00 2001 From: Skylar Ittner Date: Sat, 22 Dec 2018 16:57:45 -0700 Subject: [PATCH] Redirect to AccountHub for user login --- action.php | 2 +- index.php | 223 +++++++++++++++------------------------------ langs/en/core.json | 14 +-- 3 files changed, 75 insertions(+), 164 deletions(-) diff --git a/action.php b/action.php index d1ea966..67b230b 100644 --- a/action.php +++ b/action.php @@ -33,6 +33,6 @@ function returnToSender($msg, $arg = "") { switch ($VARS['action']) { case "signout": session_destroy(); - header('Location: index.php'); + header('Location: index.php?logout=1'); die("Logged out."); } \ No newline at end of file diff --git a/index.php b/index.php index f3a816c..9e9468e 100644 --- a/index.php +++ b/index.php @@ -1,7 +1,9 @@ get("no access permission", false); -} +if (!empty($_GET['logout'])) { + // Show a logout message instead of immediately redirecting to login flow + ?> + + + + -/* Authenticate user */ -$userpass_ok = false; -$multiauth = false; -if (Login::checkLoginServer()) { - if (empty($VARS['progress'])) { - // Easy way to remove "undefined" warnings. - } else if ($VARS['progress'] == "1") { - if (!$SETTINGS['captcha']['enabled'] || ($SETTINGS['captcha']['enabled'] && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], $SETTINGS['captcha']['server'] . "/api.php"))) { - $autherror = ""; - $user = User::byUsername($VARS['username']); - if ($user->exists()) { - $status = $user->getStatus()->getString(); - switch ($status) { - case "LOCKED_OR_DISABLED": - $alert = $Strings->get("account locked", false); - break; - case "TERMINATED": - $alert = $Strings->get("account terminated", false); - break; - case "CHANGE_PASSWORD": - $alert = $Strings->get("password expired", false); - break; - case "NORMAL": - $username_ok = true; - break; - case "ALERT_ON_ACCESS": - $mail_resp = $user->sendAlertEmail(); - if ($SETTINGS['debug']) { - var_dump($mail_resp); - } - $username_ok = true; - break; - default: - if (!empty($error)) { - $alert = $error; - } else { - $alert = $Strings->get("login error", false); - } - break; - } - if ($username_ok) { - if ($user->checkPassword($VARS['password'])) { - $_SESSION['passok'] = true; // stop logins using only username and authcode - if ($user->has2fa()) { - $multiauth = true; - } else { - Session::start($user); - header('Location: app.php'); - die("Logged in, go to app.php"); - } - } else { - $alert = $Strings->get("login incorrect", false); - } - } - } else { // User does not exist anywhere - $alert = $Strings->get("login incorrect", false); - } - } else { - $alert = $Strings->get("captcha error", false); + <?php echo $SETTINGS['site_title']; ?> + + + + + + + +
+
+
+

get("You have been logged out.") ?>

+
+ +
+
+
+ get("Log in again"); ?> +
+
+
+
+
+ + + $_SESSION["login_code"]]); + if ($uidinfo["status"] == "ERROR") { + throw new Exception(); } - if ($user->check2fa($VARS['authcode'])) { + if (is_numeric($uidinfo['uid'])) { + $user = new User($uidinfo['uid'] * 1); Session::start($user); + $_SESSION["login_code"] = null; header('Location: app.php'); die("Logged in, go to app.php"); } else { - $alert = $Strings->get("2fa incorrect", false); + throw new Exception(); } + } catch (Exception $ex) { + $redirecttologin = true; } -} else { - $alert = $Strings->get("login server unavailable", false); } -header("Link: ; rel=preload; as=style", false); -header("Link: ; rel=preload; as=style", false); -header("Link: ; rel=preload; as=style", false); -header("Link: ; rel=preload; as=style", false); -header("Link: ; rel=preload; as=script", false); -header("Link: ; rel=preload; as=script", false); -?> - - - - - - - <?php echo $SETTINGS['site_title']; ?> +if ($redirecttologin) { + try { + $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"]]); - + if ($codedata['status'] != "OK") { + throw new Exception($Strings->get("login server unavailable", false)); + } - - - - - - - - -
-
- -
-
-
-
-
-
get("sign in"); ?>
-
- -
- -
- - " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
- " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" />
- -
-
- - - -
- get("2fa prompt"); ?> -
- " required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus />
- - - - -
-
-
-
-
-
- Copyright © -
- - - - - \ No newline at end of file + $_SESSION["login_code"] = $codedata["code"]; + + header("Location: " . $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl)); + } catch (Exception $ex) { + sendError($ex->getMessage()); + } +} \ No newline at end of file diff --git a/langs/en/core.json b/langs/en/core.json index 5e55996..20eac0a 100644 --- a/langs/en/core.json +++ b/langs/en/core.json @@ -1,17 +1,7 @@ { - "sign in": "Sign In", - "username": "Username", - "password": "Password", - "continue": "Continue", - "authcode": "Authentication code", - "2fa prompt": "Enter the six-digit code from your mobile authenticator app.", - "2fa incorrect": "Authentication code incorrect.", - "login incorrect": "Login incorrect.", + "You have been logged out.": "You have been logged out.", + "Log in again": "Log in again", "login server unavailable": "Login server unavailable. Try again later or contact technical support.", - "account locked": "This account has been disabled. Contact technical support.", - "password expired": "You must change your password before continuing.", - "account terminated": "Account terminated. Access denied.", - "account state error": "Your account state is not stable. Log out, restart your browser, and try again.", "welcome user": "Welcome, {user}!", "sign out": "Sign out", "settings": "Settings",