QwikClock is an employee time tracking app.
Vous ne pouvez pas sélectionner plus de 25 sujets Les noms de sujets doivent commencer par une lettre ou un nombre, peuvent contenir des tirets ('-') et peuvent comporter jusqu'à 35 caractères.

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. require_once __DIR__ . "/required.php";
  6. require_once __DIR__ . "/lib/login.php";
  7. // if we're logged in, we don't need to be here.
  8. if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {
  9. header('Location: app.php');
  10. }
  11. if (isset($_GET['permissionerror'])) {
  12. $alert = lang("no access permission", false);
  13. }
  14. /* Authenticate user */
  15. $userpass_ok = false;
  16. $multiauth = false;
  17. if (checkLoginServer()) {
  18. if (!empty($VARS['progress']) && $VARS['progress'] == "1") {
  19. if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
  20. $errmsg = "";
  21. if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
  22. switch (get_account_status($VARS['username'])) {
  23. case "LOCKED_OR_DISABLED":
  24. $alert = lang("account locked", false);
  25. break;
  26. case "TERMINATED":
  27. $alert = lang("account terminated", false);
  28. break;
  29. case "CHANGE_PASSWORD":
  30. $alert = lang("password expired", false);
  31. case "NORMAL":
  32. $userpass_ok = true;
  33. break;
  34. case "ALERT_ON_ACCESS":
  35. sendLoginAlertEmail($VARS['username']);
  36. $userpass_ok = true;
  37. break;
  38. }
  39. if ($userpass_ok) {
  40. $_SESSION['passok'] = true; // stop logins using only username and authcode
  41. if (userHasTOTP($VARS['username'])) {
  42. $multiauth = true;
  43. } else {
  44. doLoginUser($VARS['username'], $VARS['password']);
  45. header('Location: app.php');
  46. die("Logged in, go to app.php");
  47. }
  48. }
  49. } else {
  50. if (!is_empty($errmsg)) {
  51. $alert = lang2("login server error", ['arg' => $errmsg], false);
  52. } else {
  53. $alert = lang("login incorrect", false);
  54. }
  55. }
  56. } else {
  57. $alert = lang("captcha error", false);
  58. }
  59. } else if (!empty($VARS['progress']) && $VARS['progress'] == "2") {
  60. if ($_SESSION['passok'] !== true) {
  61. // stop logins using only username and authcode
  62. sendError("Password integrity check failed!");
  63. }
  64. if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
  65. if (doLoginUser($VARS['username'])) {
  66. header('Location: app.php');
  67. die("Logged in, go to app.php");
  68. } else {
  69. $alert = lang("login server user data error", false);
  70. }
  71. } else {
  72. $alert = lang("2fa incorrect", false);
  73. }
  74. }
  75. } else {
  76. $alert = lang("login server unavailable", false);
  77. }
  78. header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
  79. header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
  80. header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
  81. header("Link: <static/css/index.css>; rel=preload; as=style", false);
  82. header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
  83. header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
  84. ?>
  85. <!DOCTYPE html>
  86. <html>
  87. <head>
  88. <meta charset="UTF-8">
  89. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  90. <meta name="viewport" content="width=device-width, initial-scale=1">
  91. <title><?php echo SITE_TITLE; ?></title>
  92. <link rel="icon" href="static/img/logo.svg">
  93. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  94. <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
  95. <link href="static/css/index.css" rel="stylesheet">
  96. <?php if (CAPTCHA_ENABLED) { ?>
  97. <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.dist.js"></script>
  98. <?php } ?>
  99. </head>
  100. <body>
  101. <div class="row justify-content-center">
  102. <div class="col-auto">
  103. <img class="banner-image" src="static/img/logo.svg" />
  104. </div>
  105. </div>
  106. <div class="row justify-content-center">
  107. <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
  108. <div class="card-body">
  109. <h5 class="card-title"><?php lang("sign in"); ?></h5>
  110. <form action="" method="POST">
  111. <?php
  112. if (!empty($alert)) {
  113. ?>
  114. <div class="alert alert-danger">
  115. <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
  116. </div>
  117. <?php
  118. }
  119. if ($multiauth != true) {
  120. ?>
  121. <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  122. <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
  123. <?php if (CAPTCHA_ENABLED) { ?>
  124. <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
  125. <br />
  126. <?php } ?>
  127. <input type="hidden" name="progress" value="1" />
  128. <?php
  129. } else if ($multiauth) {
  130. ?>
  131. <div class="alert alert-info">
  132. <?php lang("2fa prompt"); ?>
  133. </div>
  134. <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  135. <input type="hidden" name="progress" value="2" />
  136. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  137. <?php
  138. }
  139. ?>
  140. <button type="submit" class="btn btn-primary">
  141. <?php lang("continue"); ?>
  142. </button>
  143. </form>
  144. </div>
  145. </div>
  146. </div>
  147. <div class="footer">
  148. <?php echo FOOTER_TEXT; ?><br />
  149. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  150. </div>
  151. </div>
  152. <script src="static/js/jquery-3.3.1.min.js"></script>
  153. <script src="static/js/bootstrap.min.js"></script>
  154. </body>
  155. </html>