commit | author | age
|
11b3da
|
1 |
<?php |
T |
2 |
|
|
3 |
/* |
b79c5b
|
4 |
Copyright (c) 2005 - 2015, Till Brehm, ISPConfig UG |
11b3da
|
5 |
All rights reserved. |
T |
6 |
|
|
7 |
Redistribution and use in source and binary forms, with or without modification, |
|
8 |
are permitted provided that the following conditions are met: |
|
9 |
|
|
10 |
* Redistributions of source code must retain the above copyright notice, |
|
11 |
this list of conditions and the following disclaimer. |
|
12 |
* Redistributions in binary form must reproduce the above copyright notice, |
|
13 |
this list of conditions and the following disclaimer in the documentation |
|
14 |
and/or other materials provided with the distribution. |
|
15 |
* Neither the name of ISPConfig nor the names of its contributors |
|
16 |
may be used to endorse or promote products derived from this software without |
|
17 |
specific prior written permission. |
|
18 |
|
|
19 |
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND |
|
20 |
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
|
21 |
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. |
|
22 |
IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, |
|
23 |
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, |
|
24 |
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
|
25 |
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY |
|
26 |
OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING |
|
27 |
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, |
|
28 |
EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
|
29 |
*/ |
|
30 |
|
b79c5b
|
31 |
require_once '../../lib/config.inc.php'; |
TB |
32 |
require_once '../../lib/app.inc.php'; |
11b3da
|
33 |
|
b79c5b
|
34 |
// Check if we have an active users ession and no login_as. |
TB |
35 |
if($_SESSION['s']['user']['active'] == 1 && @$_POST['login_as'] != 1) { |
|
36 |
header('Location: /index.php'); |
|
37 |
die(); |
|
38 |
} |
11b3da
|
39 |
|
b79c5b
|
40 |
$app->uses('tpl'); |
TB |
41 |
$app->tpl->newTemplate('main_login.tpl.htm'); |
|
42 |
$app->tpl->setInclude('content_tpl', 'templates/index.htm'); |
816e7e
|
43 |
|
b79c5b
|
44 |
$error = ''; |
816e7e
|
45 |
|
b79c5b
|
46 |
$app->load_language_file('web/login/lib/lang/'.$conf["language"].'.lng'); |
816e7e
|
47 |
|
b79c5b
|
48 |
// Maintenance mode |
TB |
49 |
$maintenance_mode = false; |
|
50 |
$maintenance_mode_error = ''; |
|
51 |
$app->uses('ini_parser,getconf'); |
|
52 |
$server_config_array = $app->getconf->get_global_config('misc'); |
|
53 |
if($server_config_array['maintenance_mode'] == 'y'){ |
|
54 |
$maintenance_mode = true; |
|
55 |
$maintenance_mode_error = $app->lng('error_maintenance_mode'); |
|
56 |
} |
816e7e
|
57 |
|
b79c5b
|
58 |
//* Login Form was sent |
TB |
59 |
if(count($_POST) > 0) { |
816e7e
|
60 |
|
b79c5b
|
61 |
//** Check variables |
TB |
62 |
if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error'); |
dc67af
|
63 |
if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length'); |
816e7e
|
64 |
|
b79c5b
|
65 |
//** importing variables |
TB |
66 |
$ip = ip2long($_SERVER['REMOTE_ADDR']); |
|
67 |
$username = $_POST['username']; |
|
68 |
$password = $_POST['password']; |
|
69 |
$loginAs = false; |
|
70 |
$time = time(); |
816e7e
|
71 |
|
b79c5b
|
72 |
if($username != '' && $password != '' && $error == '') { |
TB |
73 |
/* |
|
74 |
* Check, if there is a "login as" instead of a "normal" login |
|
75 |
*/ |
|
76 |
if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){ |
|
77 |
/* |
|
78 |
* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we |
|
79 |
* open the startpage (after killing the old session), so the user |
|
80 |
* is logout and has to start again! |
|
81 |
*/ |
|
82 |
if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) { |
11b3da
|
83 |
/* |
b79c5b
|
84 |
* The actual user is NOT a admin or reseller, but maybe he |
TB |
85 |
* has logged in as "normal" user before... |
11b3da
|
86 |
*/ |
b79c5b
|
87 |
|
TB |
88 |
if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' || $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){ |
|
89 |
/* The "old" user is admin or reseller, so everything is ok |
|
90 |
* if he is reseller, we need to check if he logs in to one of his clients |
11b3da
|
91 |
*/ |
b79c5b
|
92 |
if($_SESSION['s_old']['user']['typ'] != 'admin') { |
c6f36f
|
93 |
|
b79c5b
|
94 |
/* this is the one currently logged in (normal user) */ |
TB |
95 |
$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
|
96 |
$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id); |
c6f36f
|
97 |
|
b79c5b
|
98 |
/* this is the reseller, that shall be re-logged in */ |
cc7a82
|
99 |
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"; |
b79c5b
|
100 |
$tmp = $app->db->queryOneRecord($sql, $username, $password); |
TB |
101 |
$client_group_id = $app->functions->intval($tmp['default_group']); |
|
102 |
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id); |
c6f36f
|
103 |
|
b79c5b
|
104 |
if(!$tmp_client || $old_client["parent_client_id"] != $tmp_client["client_id"] || $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) { |
TB |
105 |
die("You don't have the right to 'login as' this user!"); |
c6f36f
|
106 |
} |
b79c5b
|
107 |
unset($old_client); |
c6f36f
|
108 |
unset($tmp_client); |
b79c5b
|
109 |
unset($tmp); |
11b3da
|
110 |
} |
T |
111 |
} |
|
112 |
else { |
b79c5b
|
113 |
die("You don't have the right to 'login as'!"); |
11b3da
|
114 |
} |
b79c5b
|
115 |
} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) || $_SESSION['s_old']['user']['typ'] != 'admin')) { |
TB |
116 |
/* a reseller wants to 'login as', we need to check if he is allowed to */ |
|
117 |
$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]); |
|
118 |
$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id); |
|
119 |
|
|
120 |
/* this is the user the reseller wants to 'login as' */ |
|
121 |
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"; |
|
122 |
$tmp = $app->db->queryOneRecord($sql, $username, $password); |
|
123 |
$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]); |
|
124 |
|
|
125 |
if(!$tmp || $tmp_client["parent_client_id"] != $res_client["client_id"]) { |
|
126 |
die("You don't have the right to login as this user!"); |
|
127 |
} |
|
128 |
unset($res_client); |
|
129 |
unset($tmp); |
|
130 |
unset($tmp_client); |
|
131 |
} |
|
132 |
$loginAs = true; |
|
133 |
|
|
134 |
} else { |
|
135 |
/* normal login */ |
|
136 |
$loginAs = false; |
|
137 |
} |
|
138 |
|
|
139 |
//* Check if there are already wrong logins |
|
140 |
$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1"; |
|
141 |
$alreadyfailed = $app->db->queryOneRecord($sql, $ip); |
|
142 |
|
|
143 |
//* too many failedlogins |
|
144 |
if($alreadyfailed['times'] > 5) { |
|
145 |
$error = $app->lng('error_user_too_many_logins'); |
|
146 |
} else { |
11b3da
|
147 |
|
b79c5b
|
148 |
if ($loginAs){ |
TB |
149 |
$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?"; |
|
150 |
$user = $app->db->queryOneRecord($sql, $username, $password); |
|
151 |
} else { |
|
152 |
|
|
153 |
if(stristr($username, '@')) { |
|
154 |
//* mailuser login |
|
155 |
$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?"; |
|
156 |
$mailuser = $app->db->queryOneRecord($sql, $username, $username); |
|
157 |
$user = false; |
|
158 |
if($mailuser) { |
|
159 |
$saved_password = stripslashes($mailuser['password']); |
|
160 |
//* Check if mailuser password is correct |
a4f0db
|
161 |
if(crypt(stripslashes($password), $saved_password) == $saved_password) { |
b79c5b
|
162 |
//* we build a fake user here which has access to the mailuser module only and userid 0 |
TB |
163 |
$user = array(); |
|
164 |
$user['userid'] = 0; |
|
165 |
$user['active'] = 1; |
|
166 |
$user['startmodule'] = 'mailuser'; |
|
167 |
$user['modules'] = 'mailuser'; |
|
168 |
$user['typ'] = 'user'; |
|
169 |
$user['email'] = $mailuser['email']; |
|
170 |
$user['username'] = $username; |
|
171 |
$user['language'] = $conf['language']; |
|
172 |
$user['theme'] = $conf['theme']; |
|
173 |
$user['app_theme'] = $conf['theme']; |
|
174 |
$user['mailuser_id'] = $mailuser['mailuser_id']; |
|
175 |
$user['default_group'] = $mailuser['sys_groupid']; |
11b3da
|
176 |
} |
T |
177 |
} |
b79c5b
|
178 |
} else { |
TB |
179 |
//* normal cp user login |
|
180 |
$sql = "SELECT * FROM sys_user WHERE USERNAME = ?"; |
|
181 |
$user = $app->db->queryOneRecord($sql, $username); |
7fe908
|
182 |
if($user) { |
b79c5b
|
183 |
$saved_password = stripslashes($user['passwort']); |
a4f0db
|
184 |
if(substr($saved_password, 0, 1) == '$') { |
MB |
185 |
//* The password is encrypted with crypt |
|
186 |
if(crypt(stripslashes($password), $saved_password) != $saved_password) { |
b79c5b
|
187 |
$user = false; |
11b3da
|
188 |
} |
7fe908
|
189 |
} else { |
a4f0db
|
190 |
//* The password is md5 encrypted |
b79c5b
|
191 |
if(md5($password) != $saved_password) { |
a4f0db
|
192 |
$user = false; |
b79c5b
|
193 |
} |
7fe908
|
194 |
} |
MC |
195 |
} else { |
b79c5b
|
196 |
$user = false; |
TB |
197 |
} |
|
198 |
} |
|
199 |
} |
|
200 |
|
|
201 |
if($user) { |
|
202 |
if($user['active'] == 1) { |
|
203 |
// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin |
|
204 |
if(!$maintenance_mode || $user['typ'] == 'admin'){ |
|
205 |
|
|
206 |
// User login right, so attempts can be deleted |
|
207 |
$sql = "DELETE FROM `attempts_login` WHERE `ip`=?"; |
|
208 |
$app->db->query($sql, $ip); |
|
209 |
$user = $app->db->toLower($user); |
|
210 |
|
|
211 |
if ($loginAs) $oldSession = $_SESSION['s']; |
501445
|
212 |
// Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827 |
TB |
213 |
//if (!$loginAs) session_regenerate_id(true); |
b79c5b
|
214 |
$_SESSION = array(); |
TB |
215 |
if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back! |
|
216 |
$_SESSION['s']['user'] = $user; |
|
217 |
$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default'; |
|
218 |
$_SESSION['s']['language'] = $user['language']; |
|
219 |
$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme']; |
2be1de
|
220 |
if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache']; |
b79c5b
|
221 |
|
b2ba0d
|
222 |
if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) { |
MB |
223 |
include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php'; |
b79c5b
|
224 |
$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d'; |
TB |
225 |
if (is_dir($menu_dir)) { |
|
226 |
if ($dh = opendir($menu_dir)) { |
|
227 |
//** Go through all files in the menu dir |
|
228 |
while (($file = readdir($dh)) !== false) { |
|
229 |
if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') { |
|
230 |
include_once $menu_dir . '/' . $file; |
|
231 |
} |
|
232 |
} |
|
233 |
} |
|
234 |
} |
|
235 |
$_SESSION['s']['module'] = $module; |
7fe908
|
236 |
} |
b79c5b
|
237 |
// check if the user theme is valid |
TB |
238 |
if($_SESSION['s']['user']['theme'] != 'default') { |
|
239 |
$tmp_path = ISPC_THEMES_PATH."/".$_SESSION['s']['user']['theme']; |
|
240 |
if(!@is_dir($tmp_path) || !@file_exists($tmp_path."/ispconfig_version") || trim(file_get_contents($tmp_path."/ispconfig_version")) != ISPC_APP_VERSION) { |
|
241 |
// fall back to default theme if this one is not compatible with current ispc version |
|
242 |
$_SESSION['s']['user']['theme'] = 'default'; |
|
243 |
$_SESSION['s']['theme'] = 'default'; |
|
244 |
$_SESSION['show_error_msg'] = $app->lng('theme_not_compatible'); |
|
245 |
} |
|
246 |
} |
|
247 |
|
|
248 |
$app->plugin->raiseEvent('login', $this); |
|
249 |
|
|
250 |
//* Save successfull login message to var |
|
251 |
$authlog = 'Successful login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s'); |
a8ccf6
|
252 |
$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a'); |
M |
253 |
fwrite($authlog_handle, $authlog ."\n"); |
|
254 |
fclose($authlog_handle); |
b79c5b
|
255 |
|
TB |
256 |
/* |
|
257 |
* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the |
|
258 |
* new theme, if the logged-in user has another |
|
259 |
*/ |
|
260 |
|
|
261 |
if ($loginAs){ |
|
262 |
echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage']; |
|
263 |
exit; |
|
264 |
} else { |
648d51
|
265 |
header('Location: ../index.php'); |
b79c5b
|
266 |
die(); |
TB |
267 |
} |
7fe908
|
268 |
} |
b79c5b
|
269 |
} else { |
TB |
270 |
$error = $app->lng('error_user_blocked'); |
7fe908
|
271 |
} |
MC |
272 |
} else { |
b79c5b
|
273 |
if(!$alreadyfailed['times'] ) |
TB |
274 |
{ |
|
275 |
//* user login the first time wrong |
|
276 |
$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())"; |
|
277 |
$app->db->query($sql, $ip); |
|
278 |
} elseif($alreadyfailed['times'] >= 1) { |
|
279 |
//* update times wrong |
|
280 |
$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1"; |
|
281 |
$app->db->query($sql, $ip); |
|
282 |
} |
|
283 |
//* Incorrect login - Username and password incorrect |
|
284 |
$error = $app->lng('error_user_password_incorrect'); |
|
285 |
if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != ''; |
816e7e
|
286 |
|
b79c5b
|
287 |
$app->plugin->raiseEvent('login_failed', $this); |
TB |
288 |
//* Save failed login message to var |
|
289 |
$authlog = 'Failed login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s'); |
|
290 |
$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a'); |
|
291 |
fwrite($authlog_handle, $authlog ."\n"); |
|
292 |
fclose($authlog_handle); |
7fe908
|
293 |
} |
11b3da
|
294 |
} |
0baace
|
295 |
} else { |
b79c5b
|
296 |
//* Username or password empty |
TB |
297 |
if($error == '') $error = $app->lng('error_user_password_empty'); |
|
298 |
$app->plugin->raiseEvent('login_empty', $this); |
|
299 |
} |
|
300 |
} |
|
301 |
|
|
302 |
// Maintenance mode - show message when people try to log in and also when people are forcedly logged off |
|
303 |
if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error; |
|
304 |
if($error != ''){ |
|
305 |
$error = '<div class="box box_error">'.$error.'</div>'; |
|
306 |
} |
|
307 |
|
|
308 |
$app->load('getconf'); |
77f33e
|
309 |
$sys_config = $app->getconf->get_global_config('misc'); |
b79c5b
|
310 |
|
TB |
311 |
$security_config = $app->getconf->get_security_config('permissions'); |
|
312 |
if($security_config['password_reset_allowed'] == 'yes') { |
|
313 |
$app->tpl->setVar('pw_lost_show', 1); |
|
314 |
} else { |
|
315 |
$app->tpl->setVar('pw_lost_show', 0); |
|
316 |
} |
0baace
|
317 |
|
b79c5b
|
318 |
$app->tpl->setVar('error', $error); |
TB |
319 |
$app->tpl->setVar('error_txt', $app->lng('error_txt')); |
|
320 |
$app->tpl->setVar('login_txt', $app->lng('login_txt')); |
|
321 |
$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt')); |
|
322 |
$app->tpl->setVar('username_txt', $app->lng('username_txt')); |
|
323 |
$app->tpl->setVar('password_txt', $app->lng('password_txt')); |
|
324 |
$app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt')); |
|
325 |
$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt')); |
|
326 |
$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']); |
|
327 |
$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']); |
|
328 |
//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm'); |
|
329 |
$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); |
|
330 |
//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default'); |
816e7e
|
331 |
|
b79c5b
|
332 |
// Logo |
TB |
333 |
$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1"); |
|
334 |
if($logo['custom_logo'] != ''){ |
|
335 |
$base64_logo_txt = $logo['custom_logo']; |
|
336 |
} else { |
|
337 |
$base64_logo_txt = $logo['default_logo']; |
|
338 |
} |
|
339 |
$tmp_base64 = explode(',', $base64_logo_txt, 2); |
|
340 |
$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1])); |
|
341 |
$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px'); |
|
342 |
$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px'); |
|
343 |
$app->tpl->setVar('base64_logo_txt', $base64_logo_txt); |
816e7e
|
344 |
|
b79c5b
|
345 |
// Title |
0ab064
|
346 |
if (!empty($sys_config['company_name'])) { |
FS |
347 |
$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: '); |
|
348 |
} |
816e7e
|
349 |
|
904d8a
|
350 |
// Custom Login |
FS |
351 |
if ($sys_config['custom_login_text'] != '') { |
|
352 |
$custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text']; |
|
353 |
} |
|
354 |
$app->tpl->setVar('custom_login', $custom_login); |
|
355 |
|
b79c5b
|
356 |
$app->tpl_defaults(); |
11b3da
|
357 |
|
b79c5b
|
358 |
$app->tpl->pparse(); |
11b3da
|
359 |
|
7fe908
|
360 |
?> |