QwikClock is an employee time tracking app.
您最多选择25个主题 主题必须以字母或数字开头,可以包含连字符 (-),并且长度不得超过35个字符

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164
  1. <?php
  2. /* This Source Code Form is subject to the terms of the Mozilla Public
  3. * License, v. 2.0. If a copy of the MPL was not distributed with this
  4. * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
  5. require_once __DIR__ . "/required.php";
  6. require_once __DIR__ . "/lib/login.php";
  7. // if we're logged in, we don't need to be here.
  8. if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {
  9. header('Location: app.php');
  10. }
  11. if (isset($_GET['permissionerror'])) {
  12. $alert = lang("no access permission", false);
  13. }
  14. /* Authenticate user */
  15. $userpass_ok = false;
  16. $multiauth = false;
  17. if (checkLoginServer()) {
  18. if (!empty($VARS['progress']) && $VARS['progress'] == "1") {
  19. if (!CAPTCHA_ENABLED || (CAPTCHA_ENABLED && verifyCaptcheck($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], CAPTCHA_SERVER . "/api.php"))) {
  20. $errmsg = "";
  21. if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
  22. switch (get_account_status($VARS['username'])) {
  23. case "LOCKED_OR_DISABLED":
  24. $alert = lang("account locked", false);
  25. break;
  26. case "TERMINATED":
  27. $alert = lang("account terminated", false);
  28. break;
  29. case "CHANGE_PASSWORD":
  30. $alert = lang("password expired", false);
  31. case "NORMAL":
  32. $userpass_ok = true;
  33. break;
  34. case "ALERT_ON_ACCESS":
  35. sendLoginAlertEmail($VARS['username']);
  36. $userpass_ok = true;
  37. break;
  38. }
  39. if ($userpass_ok) {
  40. $_SESSION['passok'] = true; // stop logins using only username and authcode
  41. if (userHasTOTP($VARS['username'])) {
  42. $multiauth = true;
  43. } else {
  44. doLoginUser($VARS['username'], $VARS['password']);
  45. header('Location: app.php');
  46. die("Logged in, go to app.php");
  47. }
  48. }
  49. } else {
  50. if (!is_empty($errmsg)) {
  51. $alert = lang2("login server error", ['arg' => $errmsg], false);
  52. } else {
  53. $alert = lang("login incorrect", false);
  54. }
  55. }
  56. } else {
  57. $alert = lang("captcha error", false);
  58. }
  59. } else if (!empty($VARS['progress']) && $VARS['progress'] == "2") {
  60. if ($_SESSION['passok'] !== true) {
  61. // stop logins using only username and authcode
  62. sendError("Password integrity check failed!");
  63. }
  64. if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
  65. if (doLoginUser($VARS['username'])) {
  66. header('Location: app.php');
  67. die("Logged in, go to app.php");
  68. } else {
  69. $alert = lang("login server user data error", false);
  70. }
  71. } else {
  72. $alert = lang("2fa incorrect", false);
  73. }
  74. }
  75. } else {
  76. $alert = lang("login server unavailable", false);
  77. }
  78. header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false);
  79. header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
  80. header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
  81. header("Link: <static/css/index.css>; rel=preload; as=style", false);
  82. header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
  83. header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
  84. ?>
  85. <!DOCTYPE html>
  86. <html>
  87. <head>
  88. <meta charset="UTF-8">
  89. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  90. <meta name="viewport" content="width=device-width, initial-scale=1">
  91. <title><?php echo SITE_TITLE; ?></title>
  92. <link rel="icon" href="static/img/logo.svg">
  93. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  94. <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
  95. <link href="static/css/index.css" rel="stylesheet">
  96. <?php if (CAPTCHA_ENABLED) { ?>
  97. <script src="<?php echo CAPTCHA_SERVER ?>/captcheck.dist.js"></script>
  98. <?php } ?>
  99. </head>
  100. <body>
  101. <div class="row justify-content-center">
  102. <div class="col-auto">
  103. <img class="banner-image" src="static/img/logo.svg" />
  104. </div>
  105. </div>
  106. <div class="row justify-content-center">
  107. <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
  108. <div class="card-body">
  109. <h5 class="card-title"><?php lang("sign in"); ?></h5>
  110. <form action="" method="POST">
  111. <?php
  112. if (!empty($alert)) {
  113. ?>
  114. <div class="alert alert-danger">
  115. <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
  116. </div>
  117. <?php
  118. }
  119. if ($multiauth != true) {
  120. ?>
  121. <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  122. <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
  123. <?php if (CAPTCHA_ENABLED) { ?>
  124. <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div>
  125. <br />
  126. <?php } ?>
  127. <input type="hidden" name="progress" value="1" />
  128. <?php
  129. } else if ($multiauth) {
  130. ?>
  131. <div class="alert alert-info">
  132. <?php lang("2fa prompt"); ?>
  133. </div>
  134. <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  135. <input type="hidden" name="progress" value="2" />
  136. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  137. <?php
  138. }
  139. ?>
  140. <button type="submit" class="btn btn-primary">
  141. <?php lang("continue"); ?>
  142. </button>
  143. </form>
  144. </div>
  145. </div>
  146. </div>
  147. <div class="footer">
  148. <?php echo FOOTER_TEXT; ?><br />
  149. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  150. </div>
  151. </div>
  152. <script src="static/js/jquery-3.3.1.min.js"></script>
  153. <script src="static/js/bootstrap.min.js"></script>
  154. </body>
  155. </html>