gitlabFork/ISPConfig3.git - Solinfo Gitblit

Marius Burkard

2016-05-04 c3189ce6c7301c3ec17878fd3918f31d0d3cb18a

commit \| author \| age
11b3da	1	<?php
T	2
	3	/*
b79c5b	4	Copyright (c) 2005 - 2015, Till Brehm, ISPConfig UG
11b3da	5	All rights reserved.
T	6
	7	Redistribution and use in source and binary forms, with or without modification,
	8	are permitted provided that the following conditions are met:
	9
	10	* Redistributions of source code must retain the above copyright notice,
	11	this list of conditions and the following disclaimer.
	12	* Redistributions in binary form must reproduce the above copyright notice,
	13	this list of conditions and the following disclaimer in the documentation
	14	and/or other materials provided with the distribution.
	15	* Neither the name of ISPConfig nor the names of its contributors
	16	may be used to endorse or promote products derived from this software without
	17	specific prior written permission.
	18
	19	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
	20	ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
	21	WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
	22	IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
	23	INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
	24	BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	25	DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY
	26	OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
	27	NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE,
	28	EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	29	*/
	30
b79c5b	31	require_once '../../lib/config.inc.php';
TB	32	require_once '../../lib/app.inc.php';
11b3da	33
b79c5b	34	// Check if we have an active users ession and no login_as.
TB	35	if($_SESSION['s']['user']['active'] == 1 && @$_POST['login_as'] != 1) {
	36	header('Location: /index.php');
	37	die();
	38	}
11b3da	39
b79c5b	40	$app->uses('tpl');
TB	41	$app->tpl->newTemplate('main_login.tpl.htm');
	42	$app->tpl->setInclude('content_tpl', 'templates/index.htm');
816e7e	43
b79c5b	44	$error = '';
816e7e	45
b79c5b	46	$app->load_language_file('web/login/lib/lang/'.$conf["language"].'.lng');
816e7e	47
b79c5b	48	// Maintenance mode
TB	49	$maintenance_mode = false;
	50	$maintenance_mode_error = '';
	51	$app->uses('ini_parser,getconf');
	52	$server_config_array = $app->getconf->get_global_config('misc');
	53	if($server_config_array['maintenance_mode'] == 'y'){
	54	$maintenance_mode = true;
	55	$maintenance_mode_error = $app->lng('error_maintenance_mode');
	56	}
816e7e	57
b79c5b	58	//* Login Form was sent
TB	59	if(count($_POST) > 0) {
816e7e	60
b79c5b	61	//** Check variables
TB	62	if(!preg_match("/^[\w\.\-\_\@]{1,128}$/", $_POST['username'])) $error = $app->lng('user_regex_error');
dc67af	63	if(!preg_match("/^.{1,256}$/i", $_POST['password'])) $error = $app->lng('pw_error_length');
816e7e	64
b79c5b	65	//** importing variables
TB	66	$ip = ip2long($_SERVER['REMOTE_ADDR']);
	67	$username = $_POST['username'];
	68	$password = $_POST['password'];
	69	$loginAs = false;
	70	$time = time();
816e7e	71
b79c5b	72	if($username != '' && $password != '' && $error == '') {
TB	73	/*
	74	* Check, if there is a "login as" instead of a "normal" login
	75	*/
	76	if (isset($_SESSION['s']['user']) && $_SESSION['s']['user']['active'] == 1){
	77	/*
	78	* only the admin or reseller can "login as" so if the user is NOT an admin or reseller, we
	79	* open the startpage (after killing the old session), so the user
	80	* is logout and has to start again!
	81	*/
	82	if ($_SESSION['s']['user']['typ'] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) {
11b3da	83	/*
b79c5b	84	* The actual user is NOT a admin or reseller, but maybe he
TB	85	* has logged in as "normal" user before...
11b3da	86	*/
b79c5b	87
TB	88	if (isset($_SESSION['s_old'])&& ($_SESSION['s_old']['user']['typ'] == 'admin' \|\| $app->auth->has_clients($_SESSION['s_old']['user']['userid']))){
	89	/* The "old" user is admin or reseller, so everything is ok
	90	* if he is reseller, we need to check if he logs in to one of his clients
11b3da	91	*/
b79c5b	92	if($_SESSION['s_old']['user']['typ'] != 'admin') {
c6f36f	93
b79c5b	94	/* this is the one currently logged in (normal user) */
TB	95	$old_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	96	$old_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $old_client_group_id);
c6f36f	97
b79c5b	98	/* this is the reseller, that shall be re-logged in */
cc7a82	99	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
b79c5b	100	$tmp = $app->db->queryOneRecord($sql, $username, $password);
TB	101	$client_group_id = $app->functions->intval($tmp['default_group']);
	102	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
c6f36f	103
b79c5b	104	if(!$tmp_client \|\| $old_client["parent_client_id"] != $tmp_client["client_id"] \|\| $tmp["default_group"] != $_SESSION["s_old"]["user"]["default_group"] ) {
TB	105	die("You don't have the right to 'login as' this user!");
c6f36f	106	}
b79c5b	107	unset($old_client);
c6f36f	108	unset($tmp_client);
b79c5b	109	unset($tmp);
11b3da	110	}
T	111	}
	112	else {
b79c5b	113	die("You don't have the right to 'login as'!");
11b3da	114	}
b79c5b	115	} elseif($_SESSION['s']['user']['typ'] != 'admin' && (!isset($_SESSION['s_old']['user']) \|\| $_SESSION['s_old']['user']['typ'] != 'admin')) {
TB	116	/* a reseller wants to 'login as', we need to check if he is allowed to */
	117	$res_client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
	118	$res_client = $app->db->queryOneRecord("SELECT client.client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $res_client_group_id);
	119
	120	/* this is the user the reseller wants to 'login as' */
	121	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	122	$tmp = $app->db->queryOneRecord($sql, $username, $password);
	123	$tmp_client = $app->db->queryOneRecord("SELECT client.client_id, client.parent_client_id FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $tmp["default_group"]);
	124
	125	if(!$tmp \|\| $tmp_client["parent_client_id"] != $res_client["client_id"]) {
	126	die("You don't have the right to login as this user!");
	127	}
	128	unset($res_client);
	129	unset($tmp);
	130	unset($tmp_client);
	131	}
	132	$loginAs = true;
	133
	134	} else {
	135	/* normal login */
	136	$loginAs = false;
	137	}
	138
	139	//* Check if there are already wrong logins
	140	$sql = "SELECT * FROM `attempts_login` WHERE `ip`= ? AND `login_time` > (NOW() - INTERVAL 1 MINUTE) LIMIT 1";
	141	$alreadyfailed = $app->db->queryOneRecord($sql, $ip);
	142
	143	//* too many failedlogins
	144	if($alreadyfailed['times'] > 5) {
	145	$error = $app->lng('error_user_too_many_logins');
	146	} else {
11b3da	147
b79c5b	148	if ($loginAs){
TB	149	$sql = "SELECT * FROM sys_user WHERE USERNAME = ? and PASSWORT = ?";
	150	$user = $app->db->queryOneRecord($sql, $username, $password);
	151	} else {
	152
	153	if(stristr($username, '@')) {
	154	//* mailuser login
	155	$sql = "SELECT * FROM mail_user WHERE login = ? or email = ?";
	156	$mailuser = $app->db->queryOneRecord($sql, $username, $username);
	157	$user = false;
	158	if($mailuser) {
	159	$saved_password = stripslashes($mailuser['password']);
	160	//* Check if mailuser password is correct
a4f0db	161	if(crypt(stripslashes($password), $saved_password) == $saved_password) {
b79c5b	162	//* we build a fake user here which has access to the mailuser module only and userid 0
TB	163	$user = array();
	164	$user['userid'] = 0;
	165	$user['active'] = 1;
	166	$user['startmodule'] = 'mailuser';
	167	$user['modules'] = 'mailuser';
	168	$user['typ'] = 'user';
	169	$user['email'] = $mailuser['email'];
	170	$user['username'] = $username;
	171	$user['language'] = $conf['language'];
	172	$user['theme'] = $conf['theme'];
	173	$user['app_theme'] = $conf['theme'];
	174	$user['mailuser_id'] = $mailuser['mailuser_id'];
	175	$user['default_group'] = $mailuser['sys_groupid'];
11b3da	176	}
T	177	}
b79c5b	178	} else {
TB	179	//* normal cp user login
	180	$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
	181	$user = $app->db->queryOneRecord($sql, $username);
7fe908	182	if($user) {
b79c5b	183	$saved_password = stripslashes($user['passwort']);
a4f0db	184	if(substr($saved_password, 0, 1) == '$') {
MB	185	//* The password is encrypted with crypt
	186	if(crypt(stripslashes($password), $saved_password) != $saved_password) {
b79c5b	187	$user = false;
11b3da	188	}
7fe908	189	} else {
a4f0db	190	//* The password is md5 encrypted
b79c5b	191	if(md5($password) != $saved_password) {
a4f0db	192	$user = false;
b79c5b	193	}
7fe908	194	}
MC	195	} else {
b79c5b	196	$user = false;
TB	197	}
	198	}
	199	}
	200
	201	if($user) {
	202	if($user['active'] == 1) {
	203	// Maintenance mode - allow logins only when maintenance mode is off or if the user is admin
	204	if(!$maintenance_mode \|\| $user['typ'] == 'admin'){
	205
	206	// User login right, so attempts can be deleted
	207	$sql = "DELETE FROM `attempts_login` WHERE `ip`=?";
	208	$app->db->query($sql, $ip);
	209	$user = $app->db->toLower($user);
	210
	211	if ($loginAs) $oldSession = $_SESSION['s'];
501445	212	// Session regenerate causes login problems on some systems, have to find a better way. see Issue #3827
TB	213	//if (!$loginAs) session_regenerate_id(true);
b79c5b	214	$_SESSION = array();
TB	215	if ($loginAs) $_SESSION['s_old'] = $oldSession; // keep the way back!
	216	$_SESSION['s']['user'] = $user;
	217	$_SESSION['s']['user']['theme'] = isset($user['app_theme']) ? $user['app_theme'] : 'default';
	218	$_SESSION['s']['language'] = $user['language'];
	219	$_SESSION["s"]['theme'] = $_SESSION['s']['user']['theme'];
	220
b2ba0d	221	if(is_file(ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php')) {
MB	222	include_once ISPC_WEB_PATH . '/' . $_SESSION['s']['user']['startmodule'].'/lib/module.conf.php';
b79c5b	223	$menu_dir = ISPC_WEB_PATH.'/' . $_SESSION['s']['user']['startmodule'] . '/lib/menu.d';
TB	224	if (is_dir($menu_dir)) {
	225	if ($dh = opendir($menu_dir)) {
	226	//** Go through all files in the menu dir
	227	while (($file = readdir($dh)) !== false) {
	228	if ($file != '.' && $file != '..' && substr($file, -9, 9) == '.menu.php' && $file != 'dns_resync.menu.php') {
	229	include_once $menu_dir . '/' . $file;
	230	}
	231	}
	232	}
	233	}
	234	$_SESSION['s']['module'] = $module;
7fe908	235	}
b79c5b	236	// check if the user theme is valid
TB	237	if($_SESSION['s']['user']['theme'] != 'default') {
	238	$tmp_path = ISPC_THEMES_PATH."/".$_SESSION['s']['user']['theme'];
	239	if(!@is_dir($tmp_path) \|\| !@file_exists($tmp_path."/ispconfig_version") \|\| trim(file_get_contents($tmp_path."/ispconfig_version")) != ISPC_APP_VERSION) {
	240	// fall back to default theme if this one is not compatible with current ispc version
	241	$_SESSION['s']['user']['theme'] = 'default';
	242	$_SESSION['s']['theme'] = 'default';
	243	$_SESSION['show_error_msg'] = $app->lng('theme_not_compatible');
	244	}
	245	}
	246
	247	$app->plugin->raiseEvent('login', $this);
	248
	249	//* Save successfull login message to var
	250	$authlog = 'Successful login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
a8ccf6	251	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
M	252	fwrite($authlog_handle, $authlog ."\n");
	253	fclose($authlog_handle);
b79c5b	254
TB	255	/*
	256	* We need LOGIN_REDIRECT instead of HEADER_REDIRECT to load the
	257	* new theme, if the logged-in user has another
	258	*/
	259
	260	if ($loginAs){
	261	echo 'LOGIN_REDIRECT:'.$_SESSION['s']['module']['startpage'];
	262	exit;
	263	} else {
648d51	264	header('Location: ../index.php');
b79c5b	265	die();
TB	266	}
7fe908	267	}
b79c5b	268	} else {
TB	269	$error = $app->lng('error_user_blocked');
7fe908	270	}
MC	271	} else {
b79c5b	272	if(!$alreadyfailed['times'] )
TB	273	{
	274	//* user login the first time wrong
	275	$sql = "INSERT INTO `attempts_login` (`ip`, `times`, `login_time`) VALUES (?, 1, NOW())";
	276	$app->db->query($sql, $ip);
	277	} elseif($alreadyfailed['times'] >= 1) {
	278	//* update times wrong
	279	$sql = "UPDATE `attempts_login` SET `times`=`times`+1, `login_time`=NOW() WHERE `ip` = ? AND `login_time` < NOW() ORDER BY `login_time` DESC LIMIT 1";
	280	$app->db->query($sql, $ip);
	281	}
	282	//* Incorrect login - Username and password incorrect
	283	$error = $app->lng('error_user_password_incorrect');
	284	if($app->db->errorMessage != '') $error .= '<br />'.$app->db->errorMessage != '';
816e7e	285
b79c5b	286	$app->plugin->raiseEvent('login_failed', $this);
TB	287	//* Save failed login message to var
	288	$authlog = 'Failed login for user \''. $username .'\' from '. long2ip($ip) .' at '. date('Y-m-d H:i:s');
	289	$authlog_handle = fopen($conf['ispconfig_log_dir'].'/auth.log', 'a');
	290	fwrite($authlog_handle, $authlog ."\n");
	291	fclose($authlog_handle);
7fe908	292	}
11b3da	293	}
0baace	294	} else {
b79c5b	295	//* Username or password empty
TB	296	if($error == '') $error = $app->lng('error_user_password_empty');
	297	$app->plugin->raiseEvent('login_empty', $this);
	298	}
	299	}
	300
	301	// Maintenance mode - show message when people try to log in and also when people are forcedly logged off
	302	if($maintenance_mode_error != '') $error = '<strong>'.$maintenance_mode_error.'</strong><br><br>'.$error;
	303	if($error != ''){
	304	$error = '<div class="box box_error">'.$error.'</div>';
	305	}
	306
	307	$app->load('getconf');
77f33e	308	$sys_config = $app->getconf->get_global_config('misc');
b79c5b	309
TB	310	$security_config = $app->getconf->get_security_config('permissions');
	311	if($security_config['password_reset_allowed'] == 'yes') {
	312	$app->tpl->setVar('pw_lost_show', 1);
	313	} else {
	314	$app->tpl->setVar('pw_lost_show', 0);
	315	}
0baace	316
b79c5b	317	$app->tpl->setVar('error', $error);
TB	318	$app->tpl->setVar('error_txt', $app->lng('error_txt'));
	319	$app->tpl->setVar('login_txt', $app->lng('login_txt'));
	320	$app->tpl->setVar('pw_lost_txt', $app->lng('pw_lost_txt'));
	321	$app->tpl->setVar('username_txt', $app->lng('username_txt'));
	322	$app->tpl->setVar('password_txt', $app->lng('password_txt'));
	323	$app->tpl->setVar('stay_logged_in_txt', $app->lng('stay_logged_in_txt'));
	324	$app->tpl->setVar('login_button_txt', $app->lng('login_button_txt'));
	325	$app->tpl->setVar('session_timeout', $server_config_array['session_timeout']);
	326	$app->tpl->setVar('session_allow_endless', $server_config_array['session_allow_endless']);
	327	//$app->tpl->setInclude('content_tpl', 'login/templates/index.htm');
	328	$app->tpl->setVar('current_theme', isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
	329	//die(isset($_SESSION['s']['theme']) ? $_SESSION['s']['theme'] : 'default');
816e7e	330
b79c5b	331	// Logo
TB	332	$logo = $app->db->queryOneRecord("SELECT * FROM sys_ini WHERE sysini_id = 1");
	333	if($logo['custom_logo'] != ''){
	334	$base64_logo_txt = $logo['custom_logo'];
	335	} else {
	336	$base64_logo_txt = $logo['default_logo'];
	337	}
	338	$tmp_base64 = explode(',', $base64_logo_txt, 2);
	339	$logo_dimensions = $app->functions->getimagesizefromstring(base64_decode($tmp_base64[1]));
	340	$app->tpl->setVar('base64_logo_width', $logo_dimensions[0].'px');
	341	$app->tpl->setVar('base64_logo_height', $logo_dimensions[1].'px');
	342	$app->tpl->setVar('base64_logo_txt', $base64_logo_txt);
816e7e	343
b79c5b	344	// Title
0ab064	345	if (!empty($sys_config['company_name'])) {
FS	346	$app->tpl->setVar('company_name', $sys_config['company_name']. ' :: ');
	347	}
816e7e	348
904d8a	349	// Custom Login
FS	350	if ($sys_config['custom_login_text'] != '') {
	351	$custom_login = @($sys_config['custom_login_link'] != '')?'<a href="'.$sys_config['custom_login_link'].'" target="_blank">'.$sys_config['custom_login_text'].'</a>':$sys_config['custom_login_text'];
	352	}
	353	$app->tpl->setVar('custom_login', $custom_login);
	354
b79c5b	355	$app->tpl_defaults();
11b3da	356
b79c5b	357	$app->tpl->pparse();
11b3da	358
7fe908	359	?>