gitlabFork/ISPConfig3.git - Solinfo Gitblit

Marius Burkard

2016-07-01 49441bdd0f3ff75d5092d5b832b97ea722a66363

commit \| author \| age
11b3da	1	<?php
T	2
	3	/*
b79c5b	4	Copyright (c) 2005 - 2015, Till Brehm, ISPConfig UG
11b3da	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
b79c5b	31	require_once '../../lib/config.inc.php';
TB	32	require_once '../../lib/app.inc.php';
11b3da	33
b79c5b	34	// Check if we have an active users ession and no login_as.
TB	35	if($_SESSION['s']['user']['active'] == 1 && @$_POST['login_as'] != 1) {
	36	header('Location: /index.php');
	37	die();
	38	}
11b3da	39
b79c5b	40	$app->uses('tpl');
TB	41	$app->tpl->newTemplate('main_login.tpl.htm');
	42	$app->tpl->setInclude('content_tpl', 'templates/index.htm');
816e7e	43
b79c5b	44	$error = '';
816e7e	45
b79c5b	46	$app->load_language_file('web/login/lib/lang/'.$conf["language"].'.lng');
816e7e	47
b79c5b	48	// Maintenance mode
TB	49	$maintenance_mode = false;
	50	$maintenance_mode_error = '';
	51	$app->uses('ini_parser,getconf');
	52	$server_config_array = $app->getconf->get_global_config('misc');
	53	if($server_config_array['maintenance_mode'] == 'y'){
	54	$maintenance_mode = true;
	55	$maintenance_mode_error = $app->lng('error_maintenance_mode');
	56	}
816e7e	57
b79c5b	58	//* Login Form was sent
TB	59	if(count($_POST) > 0) {
816e7e	60
b79c5b	61	//** Check variables
TB	62	if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
dc67af	63	if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');
816e7e	64
b79c5b	65	//** importing variables
TB	66	$ip = ip2long($_SERVER['REMOTE_ADDR']);
	67	$username = $_POST['username'];
	68	$password = $_POST['password'];
	69	$loginAs = false;
	70	$time = time();
816e7e	71
b79c5b	72	if($username != '' && $password != '' && $error == '') {
TB	73	/*
	74	* Check, if there is a "login as" instead of a "normal" login
	75	*/
	76	if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
	77	/*
	78	* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
	79	* open the startpage (after killing the old session), so the user
	80	* is logout and has to start again!
	81	*/
	82	if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
11b3da	83	/*
b79c5b	84	* The actual user is NOT a admin or reseller, but maybe he
TB	85	* has logged in as "normal" user before...
11b3da	86	*/
b79c5b	87
TB	88	if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' \|\| $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
	89	/* The "old" user is admin or reseller, so everything is ok
	90	* if he is reseller, we need to check if he logs in to one of his clients
11b3da	91	*/
b79c5b	92	if($_SESSION['s_old']['user']['typ'] != 'admin') {
c6f36f	93
b79c5b	94	/* this is the one currently logged in (normal user) */
TB	95	$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	96	$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
c6f36f	97
b79c5b	98	/* this is the reseller, that shall be re-logged in */
cc7a82	99	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
b79c5b	100	$tmp = $app->db->queryOneRecord($sql, $username, $password);
TB	101	$client_group_id = $app->functions->intval($tmp['default_group']);
	102	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
c6f36f	103
b79c5b	104	if(!$tmp_client \|\| $old_client["parent_client_id"] != $tmp_client["client_id"] \|\| $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
TB	105	die("You don't have the right to 'login as' this user!");
c6f36f	106	}
b79c5b	107	unset($old_client);
c6f36f	108	unset($tmp_client);
b79c5b	109	unset($tmp);
11b3da	110	}
T	111	}
	112	else {
b79c5b	113	die("You don't have the right to 'login as'!");
11b3da	114	}
b79c5b	115	} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) \|\| $_SESSION['s_old']['user']['typ'] != 'admin')) {
TB	116	/* a reseller wants to 'login as', we need to check if he is allowed to */
	117	$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	118	$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
	119
	120	/* this is the user the reseller wants to 'login as' */
	121	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	122	$tmp = $app->db->queryOneRecord($sql, $username, $password);
	123	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
	124
	125	if(!$tmp \|\| $tmp_client["parent_client_id"] != $res_client["client_id"]) {
	126	die("You don't have the right to login as this user!");
	127	}
	128	unset($res_client);
	129	unset($tmp);
	130	unset($tmp_client);
	131	}
	132	$loginAs = true;
	133
	134	} else {
	135	/* normal login */
	136	$loginAs = false;
	137	}
	138
	139	//* Check if there are already wrong logins
	140	$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
	141	$alreadyfailed = $app->db->queryOneRecord($sql, $ip);
	142
	143	//* too many failedlogins
	144	if($alreadyfailed['times'] > 5) {
	145	$error = $app->lng('error_user_too_many_logins');
	146	} else {
11b3da	147
b79c5b	148	if ($loginAs){
TB	149	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	150	$user = $app->db->queryOneRecord($sql, $username, $password);
	151	} else {
	152
	153	if(stristr($username, '@')) {
	154	//* mailuser login
	155	$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
	156	$mailuser = $app->db->queryOneRecord($sql, $username, $username);
	157	$user = false;
	158	if($mailuser) {
	159	$saved_password = stripslashes($mailuser['password']);
	160	//* Check if mailuser password is correct
a4f0db	161	if(crypt(stripslashes($password), $saved_password) == $saved_password) {
b79c5b	162	//* we build a fake user here which has access to the mailuser module only and userid 0
TB	163	$user = array();
	164	$user['userid'] = 0;
	165	$user['active'] = 1;
	166	$user['startmodule'] = 'mailuser';
	167	$user['modules'] = 'mailuser';
	168	$user['typ'] = 'user';
	169	$user['email'] = $mailuser['email'];
	170	$user['username'] = $username;
	171	$user['language'] = $conf['language'];
	172	$user['theme'] = $conf['theme'];
	173	$user['app_theme'] = $conf['theme'];
	174	$user['mailuser_id'] = $mailuser['mailuser_id'];
	175	$user['default_group'] = $mailuser['sys_groupid'];
11b3da	176	}
T	177	}
b79c5b	178	} else {
TB	179	//* normal cp user login
	180	$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
	181	$user = $app->db->queryOneRecord($sql, $username);
7fe908	182	if($user) {
b79c5b	183	$saved_password = stripslashes($user['passwort']);
a4f0db	184	if(substr($saved_password, 0, 1) == '$') {
MB	185	//* The password is encrypted with crypt
	186	if(crypt(stripslashes($password), $saved_password) != $saved_password) {
b79c5b	187	$user = false;
11b3da	188	}
7fe908	189	} else {
a4f0db	190	//* The password is md5 encrypted
b79c5b	191	if(md5($password) != $saved_password) {
a4f0db	192	$user = false;
b79c5b	193	}
7fe908	194	}
MC	195	} else {
b79c5b	196	$user = false;
TB	197	}
	198	}
	199	}
	200
	201	if($user) {
	202	if($user['active'] == 1) {
	203	// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
	204	if(!$maintenance_mode \|\| $user['typ'] == 'admin'){
	205
	206	// User login right, so attempts can be deleted
	207	$sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
	208	$app->db->query($sql, $ip);
	209	$user = $app->db->toLower($user);
	210
	211	if ($loginAs) $oldSession = $_SESSION['s'];
501445	212	// Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827
TB	213	//if (!$loginAs) session_regenerate_id(true);
b79c5b	214	$_SESSION = array();
TB	215	if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
	216	$_SESSION['s']['user'] = $user;
	217	$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
	218	$_SESSION['s']['language'] = $user['language'];
	219	$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
2be1de	220	if ($loginAs) $_SESSION['s']['plugin_cache'] = $_SESSION['s_old']['plugin_cache'];
b79c5b	221
b2ba0d	222	if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
MB	223	include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
b79c5b	224	$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
TB	225	if (is_dir($menu_dir)) {
	226	if ($dh = opendir($menu_dir)) {
	227	//** Go through all files in the menu dir
	228	while (($file = readdir($dh)) !== false) {
	229	if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') {
	230	include_once $menu_dir . '/' . $file;
	231	}
	232	}
	233	}
	234	}
	235	$_SESSION['s']['module'] = $module;
7fe908	236	}
b79c5b	237	// check if the user theme is valid
TB	238	if($_SESSION['s']['user']['theme'] != 'default') {
	239	$tmp_path = ISPC_THEMES_PATH."/".$_SESSION['s']['user']['theme'];
	240	if(!@is_dir($tmp_path) \|\| !@file_exists($tmp_path."/ispconfig_version") \|\| trim(file_get_contents($tmp_path."/ispconfig_version")) != ISPC_APP_VERSION) {
	241	// fall back to default theme if this one is not compatible with current ispc version
	242	$_SESSION['s']['user']['theme'] = 'default';
	243	$_SESSION['s']['theme'] = 'default';
	244	$_SESSION['show_error_msg'] = $app->lng('theme_not_compatible');
	245	}
	246	}
	247
	248	$app->plugin->raiseEvent('login', $this);
	249
	250	//* Save successfull login message to var
	251	$authlog = 'Successful login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
a8ccf6	252	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
M	253	fwrite($authlog_handle, $authlog ."\n");
	254	fclose($authlog_handle);
b79c5b	255
TB	256	/*
	257	* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
	258	* new theme, if the logged-in user has another
	259	*/
	260
	261	if ($loginAs){
	262	echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];
	263	exit;
	264	} else {
648d51	265	header('Location: ../index.php');
b79c5b	266	die();
TB	267	}
7fe908	268	}
b79c5b	269	} else {
TB	270	$error = $app->lng('error_user_blocked');
7fe908	271	}
MC	272	} else {
b79c5b	273	if(!$alreadyfailed['times'] )
TB	274	{
	275	//* user login the first time wrong
	276	$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
	277	$app->db->query($sql, $ip);
	278	} elseif($alreadyfailed['times'] >= 1) {
	279	//* update times wrong
	280	$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
	281	$app->db->query($sql, $ip);
	282	}
	283	//* Incorrect login - Username and password incorrect
	284	$error = $app->lng('error_user_password_incorrect');
	285	if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != '';
816e7e	286
b79c5b	287	$app->plugin->raiseEvent('login_failed', $this);
TB	288	//* Save failed login message to var
	289	$authlog = 'Failed login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
	290	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
	291	fwrite($authlog_handle, $authlog ."\n");
	292	fclose($authlog_handle);
7fe908	293	}
11b3da	294	}
0baace	295	} else {
b79c5b	296	//* Username or password empty
TB	297	if($error == '') $error = $app->lng('error_user_password_empty');
	298	$app->plugin->raiseEvent('login_empty', $this);
	299	}
	300	}
	301
	302	// Maintenance mode - show message when people try to log in and also when people are forcedly logged off
	303	if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error;
	304	if($error != ''){
	305	$error = '<div class="box box_error">'.$error.'</div>';
	306	}
	307
	308	$app->load('getconf');
77f33e	309	$sys_config = $app->getconf->get_global_config('misc');
b79c5b	310
TB	311	$security_config = $app->getconf->get_security_config('permissions');
	312	if($security_config['password_reset_allowed'] == 'yes') {
	313	$app->tpl->setVar('pw_lost_show', 1);
	314	} else {
	315	$app->tpl->setVar('pw_lost_show', 0);
	316	}
0baace	317
b79c5b	318	$app->tpl->setVar('error', $error);
TB	319	$app->tpl->setVar('error_txt', $app->lng('error_txt'));
	320	$app->tpl->setVar('login_txt', $app->lng('login_txt'));
	321	$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
	322	$app->tpl->setVar('username_txt', $app->lng('username_txt'));
	323	$app->tpl->setVar('password_txt', $app->lng('password_txt'));
	324	$app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
	325	$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
	326	$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
	327	$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
	328	//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
	329	$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
	330	//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
816e7e	331
b79c5b	332	// Logo
TB	333	$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
	334	if($logo['custom_logo'] != ''){
	335	$base64_logo_txt = $logo['custom_logo'];
	336	} else {
	337	$base64_logo_txt = $logo['default_logo'];
	338	}
	339	$tmp_base64 = explode(',', $base64_logo_txt, 2);
	340	$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
	341	$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
	342	$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
	343	$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
816e7e	344
b79c5b	345	// Title
0ab064	346	if (!empty($sys_config['company_name'])) {
FS	347	$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
	348	}
816e7e	349
904d8a	350	// Custom Login
FS	351	if ($sys_config['custom_login_text'] != '') {
	352	$custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];
	353	}
	354	$app->tpl->setVar('custom_login', $custom_login);
	355
b79c5b	356	$app->tpl_defaults();
11b3da	357
b79c5b	358	$app->tpl->pparse();
11b3da	359
7fe908	360	?>