QwikClock is an employee time tracking app.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

index.php 6.8KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155
  1. <?php
  2. require_once __DIR__ . "/required.php";
  3. require_once __DIR__ . "/lib/login.php";
  4. // if we're logged in, we don't need to be here.
  5. if ($_SESSION['loggedin']) {
  6. header('Location: app.php');
  7. }
  8. /* Authenticate user */
  9. $userpass_ok = false;
  10. $multiauth = false;
  11. if (checkLoginServer()) {
  12. if ($VARS['progress'] == "1") {
  13. if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
  14. $errmsg = "";
  15. if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
  16. switch (get_account_status($VARS['username'])) {
  17. case "LOCKED_OR_DISABLED":
  18. $alert = lang("account locked", false);
  19. break;
  20. case "TERMINATED":
  21. $alert = lang("account terminated", false);
  22. break;
  23. case "CHANGE_PASSWORD":
  24. $alert = lang("password expired", false);
  25. case "NORMAL":
  26. $userpass_ok = true;
  27. break;
  28. case "ALERT_ON_ACCESS":
  29. sendLoginAlertEmail($VARS['username']);
  30. $userpass_ok = true;
  31. break;
  32. }
  33. if ($userpass_ok) {
  34. $_SESSION['passok'] = true; // stop logins using only username and authcode
  35. if (userHasTOTP($VARS['username'])) {
  36. $multiauth = true;
  37. } else {
  38. doLoginUser($VARS['username'], $VARS['password']);
  39. header('Location: app.php');
  40. die("Logged in, go to app.php");
  41. }
  42. }
  43. } else {
  44. if (!is_empty($errmsg)) {
  45. $alert = lang2("login server error", ['arg' => $errmsg], false);
  46. } else {
  47. $alert = lang("login incorrect", false);
  48. }
  49. }
  50. } else {
  51. $alert = lang("captcha error", false);
  52. }
  53. } else if ($VARS['progress'] == "2") {
  54. if ($_SESSION['passok'] !== true) {
  55. // stop logins using only username and authcode
  56. sendError("Password integrity check failed!");
  57. }
  58. if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
  59. if (doLoginUser($VARS['username'])) {
  60. header('Location: app.php');
  61. die("Logged in, go to app.php");
  62. } else {
  63. $alert = lang("login server user data error", false);
  64. }
  65. } else {
  66. $alert = lang("2fa incorrect", false);
  67. }
  68. }
  69. } else {
  70. $alert = lang("login server unavailable", false);
  71. }
  72. header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false);
  73. header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false);
  74. header("Link: <static/css/index.css>; rel=preload; as=style", false);
  75. header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false);
  76. header("Link: <static/js/bootstrap.min.js>; rel=preload; as=script", false);
  77. ?>
  78. <!DOCTYPE html>
  79. <html>
  80. <head>
  81. <meta charset="UTF-8">
  82. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  83. <meta name="viewport" content="width=device-width, initial-scale=1">
  84. <title><?php echo SITE_TITLE; ?></title>
  85. <link rel="icon" href="static/img/logo.svg">
  86. <link href="static/css/bootstrap.min.css" rel="stylesheet">
  87. <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
  88. <link href="static/css/index.css" rel="stylesheet">
  89. <?php if (RECAPTCHA_ENABLED) { ?>
  90. <script src='https://www.google.com/recaptcha/api.js'></script>
  91. <?php } ?>
  92. </head>
  93. <body>
  94. <div class="row justify-content-center">
  95. <div class="col-auto">
  96. <img class="banner-image" src="static/img/logo.png" />
  97. </div>
  98. </div>
  99. <div class="row justify-content-center">
  100. <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
  101. <div class="card-body">
  102. <h5 class="card-title"><?php lang("sign in"); ?></h5>
  103. <form action="" method="POST">
  104. <?php
  105. if (!is_empty($alert)) {
  106. ?>
  107. <div class="alert alert-danger">
  108. <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
  109. </div>
  110. <?php
  111. }
  112. if ($multiauth != true) {
  113. ?>
  114. <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  115. <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
  116. <?php if (RECAPTCHA_ENABLED) { ?>
  117. <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
  118. <br />
  119. <?php } ?>
  120. <input type="hidden" name="progress" value="1" />
  121. <?php
  122. } else if ($multiauth) {
  123. ?>
  124. <div class="alert alert-info">
  125. <?php lang("2fa prompt"); ?>
  126. </div>
  127. <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
  128. <input type="hidden" name="progress" value="2" />
  129. <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
  130. <?php
  131. }
  132. ?>
  133. <button type="submit" class="btn btn-primary">
  134. <?php lang("continue"); ?>
  135. </button>
  136. </form>
  137. </div>
  138. </div>
  139. </div>
  140. <div class="footer">
  141. <?php echo FOOTER_TEXT; ?><br />
  142. Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
  143. </div>
  144. </div>
  145. <script src="static/js/jquery-3.3.1.min.js"></script>
  146. <script src="static/js/bootstrap.min.js"></script>
  147. </body>
  148. </html>