[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phpgroupware-cvs] CVS: phpgroupware login.php,1.93,1.94
|
From: |
Ralf Becker <address@hidden> |
|
Subject: |
[Phpgroupware-cvs] CVS: phpgroupware login.php,1.93,1.94 |
|
Date: |
Sun, 18 May 2003 15:19:00 -0400 |
Update of /cvsroot/phpgroupware/phpgroupware
In directory subversions:/tmp/cvs-serv32588
Modified Files:
login.php
Log Message:
merged sesson-functions for .16, incl. the brute-force stuffe and cacheing the
data from other session in the appsession
fixed multidomain logins for register_globals off
Index: login.php
===================================================================
RCS file: /cvsroot/phpgroupware/phpgroupware/login.php,v
retrieving revision 1.93
retrieving revision 1.94
diff -C2 -r1.93 -r1.94
*** login.php 1 Apr 2003 09:58:47 -0000 1.93
--- login.php 18 May 2003 19:18:58 -0000 1.94
***************
*** 12,16 ****
\**************************************************************************/
/* $Id$ */
! $phpgw_info = array();
$GLOBALS['phpgw_info']['flags'] = array
(
--- 12,16 ----
\**************************************************************************/
/* $Id$ */
! $GLOBALS['phpgw_info'] = array();
$GLOBALS['phpgw_info']['flags'] = array
(
***************
*** 23,26 ****
--- 23,27 ----
{
include('./header.inc.php');
+ $GLOBALS['phpgw']->sessions = createObject('phpgwapi.sessions');
}
else
***************
*** 66,81 ****
$data['login_standard']['loginscreen'] = True;
- function show_cookie()
- {
- /* This needs to be this way, because if someone doesnt want to
use cookies, we shouldnt sneak one in */
- if ($GLOBALS['HTTP_GET_VARS']['code'] != 5 &&
(isset($GLOBALS['phpgw_info']['server']['usecookies']) &&
$GLOBALS['phpgw_info']['server']['usecookies']))
- {
- return $GLOBALS['HTTP_COOKIE_VARS']['last_loginid'];
- }
- }
-
function check_logoutcode()
{
! switch($GLOBALS['HTTP_GET_VARS']['code'])
{
case 1:
--- 67,73 ----
$data['login_standard']['loginscreen'] = True;
function check_logoutcode()
{
! switch($_GET['code'])
{
case 1:
***************
*** 88,99 ****
$GLOBALS['phpgw_info']['flags']['msgbox_data']['Bad login or password'] = False;
break;
case 10:
!
if($GLOBALS['phpgw_info']['server']['usecookies'])
{
! Setcookie('sessionid');
! Setcookie('kp3');
! Setcookie('domain');
}
-
$GLOBALS['phpgw_info']['flags']['msgbox_data']['Your session could not be
verified'] = False;
break;
}
--- 80,98 ----
$GLOBALS['phpgw_info']['flags']['msgbox_data']['Bad login or password'] = False;
break;
+ case 99:
+
$GLOBALS['phpgw_info']['flags']['msgbox_data']['Blocked, too many attempts'] =
False;
+ break;
case 10:
!
$GLOBALS['phpgw_info']['flags']['msgbox_data']['Your session could not be
verified'] = False;
!
!
$GLOBALS['phpgw']->sessions->phpgw_setcookie('sessionid');
!
$GLOBALS['phpgw']->sessions->phpgw_setcookie('kp3');
!
$GLOBALS['phpgw']->sessions->phpgw_setcookie('domain');
!
! //fix for bug php4 expired sessions bug
!
if($GLOBALS['phpgw_info']['server']['sessions_type'] == 'php4')
{
!
$GLOBALS['phpgw']->sessions->phpgw_setcookie(PHPGW_PHPSESSID);
}
break;
}
***************
*** 140,150 ****
$GLOBALS['phpgw_setup']->detection->check_lang(false); // get
installed langs
$langs = $GLOBALS['phpgw_info']['setup']['installed_langs'];
! while (list($lang) = each($langs))
{
$langs[$lang] = $lang;
}
! $GLOBALS['HTTP_POST_VARS']['submit'] = true;
! $GLOBALS['HTTP_POST_VARS']['lang_selected'] = $langs;
! $GLOBALS['HTTP_POST_VARS']['upgrademethod'] = 'dumpold';
$included = 'from_login';
--- 139,149 ----
$GLOBALS['phpgw_setup']->detection->check_lang(false); // get
installed langs
$langs = $GLOBALS['phpgw_info']['setup']['installed_langs'];
! while (list($lang) = @each($langs))
{
$langs[$lang] = $lang;
}
! $_POST['submit'] = true;
! $_POST['lang_selected'] = $langs;
! $_POST['upgrademethod'] = 'dumpold';
$included = 'from_login';
***************
*** 153,171 ****
/* Program starts here */
! if ($GLOBALS['phpgw_info']['server']['auth_type'] == 'http' &&
isset($PHP_AUTH_USER))
{
$submit = True;
! $login = $PHP_AUTH_USER;
! $passwd = $PHP_AUTH_PW;
}
# Apache + mod_ssl style SSL certificate authentication
# Certificate (chain) verification occurs inside mod_ssl
! if ($GLOBALS['phpgw_info']['server']['auth_type'] == 'sqlssl' &&
isset($HTTP_SERVER_VARS['SSL_CLIENT_S_DN']) &&
!isset($GLOBALS['HTTP_GET_VARS']['code']))
{
# an X.509 subject looks like:
#
/CN=john.doe/OU=Department/O=Company/C=xx/address@hidden/L=City/
# the username is deliberately lowercase, to ease LDAP
integration
! $sslattribs = explode('/',$HTTP_SERVER_VARS['SSL_CLIENT_S_DN']);
# skip the part in front of the first '/' (nothing)
while ($sslattrib = next($sslattribs))
--- 152,170 ----
/* Program starts here */
! if ($GLOBALS['phpgw_info']['server']['auth_type'] == 'http' &&
isset($_SERVER['PHP_AUTH_USER']))
{
$submit = True;
! $login = $_SERVER['PHP_AUTH_USER'];
! $passwd = $_SERVER['PHP_AUTH_PW'];
}
# Apache + mod_ssl style SSL certificate authentication
# Certificate (chain) verification occurs inside mod_ssl
! if ($GLOBALS['phpgw_info']['server']['auth_type'] == 'sqlssl' &&
isset($_SERVER['SSL_CLIENT_S_DN']) && !isset($_GET['code']))
{
# an X.509 subject looks like:
#
/CN=john.doe/OU=Department/O=Company/C=xx/address@hidden/L=City/
# the username is deliberately lowercase, to ease LDAP
integration
! $sslattribs = explode('/',$_SERVER['SSL_CLIENT_S_DN']);
# skip the part in front of the first '/' (nothing)
while ($sslattrib = next($sslattribs))
***************
*** 181,189 ****
# login will be set here if the user logged out and
uses a different username with
# the same SSL-certificate.
! if (!isset($login)&&isset($sslattributes['Email']))
! {
$login = $sslattributes['Email'];
# not checked against the database, but
delivered to authentication module
! $passwd = $HTTP_SERVER_VARS['SSL_CLIENT_S_DN'];
}
}
--- 180,187 ----
# login will be set here if the user logged out and
uses a different username with
# the same SSL-certificate.
! if
(!isset($_POST['login'])&&isset($sslattributes['Email'])) {
$login = $sslattributes['Email'];
# not checked against the database, but
delivered to authentication module
! $passwd = $_SERVER['SSL_CLIENT_S_DN'];
}
}
***************
*** 192,208 ****
unset($sslattributes);
}
! if (isset($GLOBALS['HTTP_POST_VARS']['passwd_type']) || $submit_x ||
$submit_y)
! // isset($GLOBALS['HTTP_POST_VARS']['passwd']) &&
$GLOBALS['HTTP_POST_VARS']['passwd']) // enable konqueror to login via Return
{
if (getenv(REQUEST_METHOD) != 'POST' &&
$_SERVER['REQUEST_METHOD'] != 'POST'
! && !isset($PHP_AUTH_USER) &&
!isset($HTTP_SERVER_VARS['SSL_CLIENT_S_DN']))
{
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','code=5'));
}
! $GLOBALS['sessionid'] =
$GLOBALS['phpgw']->session->create($GLOBALS['HTTP_POST_VARS']['login'],$GLOBALS['HTTP_POST_VARS']['passwd'],$GLOBALS['HTTP_POST_VARS']['passwd_type']);
if(!isset($GLOBALS['sessionid']) || !$GLOBALS['sessionid'])
{
!
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] .
'/login.php?code=5');
}
else
--- 190,212 ----
unset($sslattributes);
}
!
! if (isset($_POST['passwd_type']) || $submit_x || $submit_y)
! // isset($_POST['passwd']) && $_POST['passwd']) // enable
konqueror to login via Return
{
if (getenv(REQUEST_METHOD) != 'POST' &&
$_SERVER['REQUEST_METHOD'] != 'POST'
! && !isset($_SERVER['PHP_AUTH_USER']) &&
!isset($_SERVER['SSL_CLIENT_S_DN']))
{
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','code=5'));
}
! $login = $_POST['login'];
! if (strstr($login,'@') === False &&
isset($_POST['logindomain']))
! {
! $login .= '@' . $_POST['logindomain'];
! }
! $GLOBALS['sessionid'] =
$GLOBALS['phpgw']->session->create($login,$_POST['passwd'],$_POST['passwd_type']);
if(!isset($GLOBALS['sessionid']) || !$GLOBALS['sessionid'])
{
!
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] .
'/login.php?code=' . $GLOBALS['phpgw']->session->cd_reason);
}
else
***************
*** 210,214 ****
if ($GLOBALS['phpgw_forward'])
{
! while (list($name,$value) =
each($GLOBALS['HTTP_GET_VARS']))
{
if (ereg('phpgw_',$name))
--- 214,218 ----
if ($GLOBALS['phpgw_forward'])
{
! while (list($name,$value) = each($_GET))
{
if (ereg('phpgw_',$name))
***************
*** 220,224 ****
check_langs();
!
$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/home.php','code=yes' .
$extra_vars,True));
}
}
--- 224,228 ----
check_langs();
! $GLOBALS['phpgw']->redirect_link('/home.php','cd=yes' .
$extra_vars);
}
}
***************
*** 228,235 ****
// If there is something wrong with this code TELL ME!
// Commenting out the code will not fix it. (jengo)
! if (isset($GLOBALS['HTTP_COOKIE_VARS']['last_loginid']))
{
$accounts = CreateObject('phpgwapi.accounts');
! $prefs = CreateObject('phpgwapi.preferences',
$accounts->name2id($last_loginid));
if (! $prefs->account_id)
--- 232,239 ----
// If there is something wrong with this code TELL ME!
// Commenting out the code will not fix it. (jengo)
! if (isset($_COOKIE['last_loginid']))
{
$accounts = CreateObject('phpgwapi.accounts');
! $prefs = CreateObject('phpgwapi.preferences',
$accounts->name2id($_COOKIE['last_loginid']));
if (! $prefs->account_id)
***************
*** 242,251 ****
}
#print 'LANG:' .
$GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] . '<br>';
- $GLOBALS['phpgw']->translation->add_app('login');
- $GLOBALS['phpgw']->translation->add_app('loginscreen');
- if (lang('loginscreen_message') !=
'loginscreen_message*')
- {
-
$data['login_standard']['phpgw_loginscreen_message'] =
stripslashes(lang('loginscreen_message'));
- }
}
else
--- 246,249 ----
***************
*** 254,271 ****
// Change this if you need.
$GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = 'en';
! $GLOBALS['phpgw']->translation->add_app('login');
! $GLOBALS['phpgw']->translation->add_app('loginscreen');
! if (lang('loginscreen_message') !=
'loginscreen_message*')
! {
!
$data['login_standard']['phpgw_loginscreen_message'] =
stripslashes(lang('loginscreen_message'));
! }
}
}
! if (!isset($GLOBALS['HTTP_GET_VARS']['code']) ||
!$GLOBALS['HTTP_GET_VARS']['code'])
! {
! $GLOBALS['HTTP_GET_VARS']['code'] = '';
! }
!
if ($GLOBALS['phpgw_info']['server']['show_domain_selectbox'])
{
--- 252,265 ----
// Change this if you need.
$GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = 'en';
! }
! $GLOBALS['phpgw']->translation->add_app('login');
! $GLOBALS['phpgw']->translation->add_app('loginscreen');
! if (lang('loginscreen_message') != 'loginscreen_message*')
! {
! $data['login_standard']['phpgw_loginscreen_message'] =
stripslashes(lang('loginscreen_message'));
}
}
! $last_loginid = $_COOKIE['last_loginid'];
if ($GLOBALS['phpgw_info']['server']['show_domain_selectbox'])
{
***************
*** 273,286 ****
{
$ds = array('domain' => $domain);
! if ($domain == $last_domain)
{
! $ds += array('selected' => 'selected');
}
-
$data['login_standard']['domain_select'][] = $ds;
}
}
! while (list($name,$value) = each($GLOBALS['HTTP_GET_VARS']))
{
if (ereg('phpgw_',$name))
--- 267,288 ----
{
$ds = array('domain' => $domain);
! if ($domain == $_COOKIE['last_domain'])
{
! $ds['selected'] = 'selected';
}
$data['login_standard']['domain_select'][] = $ds;
}
}
+ elseif ($last_loginid !== '')
+ {
+ reset($GLOBALS['phpgw_domain']);
+ list($default_domain) = each($GLOBALS['phpgw_domain']);
+ if ($_COOKIE['last_domain'] != $default_domain)
+ {
+ $last_loginid .= '@' . $_COOKIE['last_domain'];
+ }
+ }
! while (list($name,$value) = each($_GET))
{
if (ereg('phpgw_',$name))
***************
*** 306,310 ****
$data['login_standard']['website_title'] =
$GLOBALS['phpgw_info']['server']['site_title'];
$data['login_standard']['login_url'] = 'login.php' .
$extra_vars;
! $data['login_standard']['cookie'] = show_cookie();
$data['login_standard']['lang_username'] = lang('username');
$data['login_standard']['lang_powered_by'] = lang('powered by');
--- 308,312 ----
$data['login_standard']['website_title'] =
$GLOBALS['phpgw_info']['server']['site_title'];
$data['login_standard']['login_url'] = 'login.php' .
$extra_vars;
! $data['login_standard']['cookie'] = $last_loginid;
$data['login_standard']['lang_username'] = lang('username');
$data['login_standard']['lang_powered_by'] = lang('powered by');
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phpgroupware-cvs] CVS: phpgroupware login.php,1.93,1.94,
Ralf Becker <address@hidden> <=
- Prev by Date:
[Phpgroupware-cvs] CVS: admin/setup phpgw_de.lang,1.24,1.25 phpgw_en.lang,1.38,1.39
- Next by Date:
[Phpgroupware-cvs] CVS: admin/inc class.boaccess_history.inc.php,1.3,1.4 class.bocurrentsessions.inc.php,1.8,1.9 class.soaccess_history.inc.php,1.3,1.4 class.uiaccess_history.inc.php,1.8,1.9 class.uicurrentsessions.inc.php,1.6,1.7class.uilog.inc.php,1.9,1.10
- Previous by thread:
[Phpgroupware-cvs] CVS: admin/setup phpgw_de.lang,1.24,1.25 phpgw_en.lang,1.38,1.39
- Next by thread:
[Phpgroupware-cvs] CVS: admin/inc class.boaccess_history.inc.php,1.3,1.4 class.bocurrentsessions.inc.php,1.8,1.9 class.soaccess_history.inc.php,1.3,1.4 class.uiaccess_history.inc.php,1.8,1.9 class.uicurrentsessions.inc.php,1.6,1.7class.uilog.inc.php,1.9,1.10
- Index(es):