1 <?php
2 /**
3 * This code is part of GOsa (http://www.gosa-project.org)
4 * Copyright (C) 2003-2008 GONICUS GmbH
5 *
6 * ID: $$Id$$
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
21 */
22 /* Load required includes */
23 require_once "../include/php_setup.inc";
24 require_once "functions.inc";
25 require_once "class_log.inc";
26 header("Content-type: text/html; charset=UTF-8");
27 /**
28 * Display the login page and exit().
29 *
30 */
31 function displayLogin() {
32 global $smarty, $message, $config, $ssl, $error_collector, $BASE_DIR;
33 error_reporting(E_ALL | E_STRICT);
34 /* Check theme compatibility */
35 $theme = $config->get_cfg_value('theme', 'default');
36 if (file_exists("$BASE_DIR/ihtml/themes/$theme/blacklist")) {
37 $blocks = file("$BASE_DIR/ihtml/themes/$theme/blacklist");
38 foreach($blocks as $block) {
39 if (preg_match('/' . preg_quote($block) . '/', $_SERVER['HTTP_USER_AGENT'])) {
40 die(sprintf(_("Your browser (%s) is blacklisted for the current theme."), $block));
41 }
42 }
43 }
44 /* Fill template with required values */
45 $username = "";
46 if (isset($_POST["username"])) {
47 $username = $_POST["username"];
48 }
49 $smarty->assign("logo", image(get_template_path("images/logo.png")));
50 $smarty->assign('date', gmdate("D, d M Y H:i:s"));
51 $smarty->assign('username', $username);
52 $smarty->assign('personal_img', get_template_path('images/login-head.png'));
53 $smarty->assign('password_img', get_template_path('images/password.png'));
54 $smarty->assign('directory_img', get_template_path('images/ldapserver.png'));
55 /* Some error to display? */
56 if (!isset($message)) {
57 $message = "";
58 }
59 $smarty->assign("message", $message);
60 /* Displasy SSL mode warning? */
61 if ($ssl != "" && $config->get_cfg_value('warnssl') == 'true') {
62 $smarty->assign("ssl", sprintf(_("This session is not ecrypted. Click %s to enter an encrypted session."), "<a href=\"$ssl\">" . _("here") . "</a>"));
63 } else {
64 $smarty->assign("ssl", "");
65 }
66 if (!$config->check_session_lifetime()) {
67 $smarty->assign("lifetime", _("The session lifetime configured in your gosa.conf will be overridden by php.ini settings."));
68 } else {
69 $smarty->assign("lifetime", "");
70 }
71 /* Generate server list */
72 $servers = array();
73 if (isset($_POST['server'])) {
74 $selected = validate($_POST['server']);
75 } else {
76 $selected = $config->data['MAIN']['DEFAULT'];
77 }
78 foreach($config->data['LOCATIONS'] as $key => $ignored) {
79 $servers[$key] = $key;
80 }
81 $smarty->assign("server_options", $servers);
82 $smarty->assign("server_id", $selected);
83 /* show login screen */
84 $smarty->assign("PHPSESSID", session_id());
85 if (session::is_set('errors')) {
86 $smarty->assign("errors", session::get('errors'));
87 }
88 if ($error_collector != "") {
89 $smarty->assign("php_errors", $error_collector . "</div>");
90 } else {
91 $smarty->assign("php_errors", "");
92 }
93 $smarty->assign("msg_dialogs", msg_dialog::get_dialogs());
94 $smarty->assign("iePngWorkaround", $config->get_cfg_value("iePngWorkaround", "false") == "true");
95 $smarty->assign("usePrototype", "false");
96 $smarty->display(get_template_path('headers.tpl'));
97 $smarty->assign("version", get_gosa_version());
98 $smarty->display(get_template_path('login.tpl'));
99 exit();
100 }
101 /*****************************************************************************
102 * M A I N *
103 *****************************************************************************/
104 /* Set error handler to own one, initialize time calculation
105 and start session. */
106 session::start();
107 session::set('errorsAlreadyPosted', array());
108 /* Destroy old session if exists.
109 Else you will get your old session back, if you not logged out correctly. */
110 if (is_array(session::get_all()) && count(session::get_all())) {
111 session::destroy();
112 session::start();
113 }
114 $username = "";
115 /* Reset errors */
116 session::set('errors', "");
117 session::set('errorsAlreadyPosted', "");
118 session::set('LastError', "");
119 /* Check if we need to run setup */
120 if (!file_exists(CONFIG_DIR . "/" . CONFIG_FILE)) {
121 header("location:setup.php");
122 exit();
123 }
124 /* Reset errors */
125 session::set('errors', "");
126 /* Check for java script */
127 if (isset($_POST['javascript']) && $_POST['javascript'] == "true") {
128 session::global_set('js', TRUE);
129 } elseif (isset($_POST['javascript'])) {
130 session::global_set('js', FALSE);
131 }
132 /* Check if gosa.conf (.CONFIG_FILE) is accessible */
133 if (!is_readable(CONFIG_DIR . "/" . CONFIG_FILE)) {
134 msg_dialog::display(_("Configuration error"), sprintf(_("GOsa configuration %s/%s is not readable. Aborted."), CONFIG_DIR, CONFIG_FILE), FATAL_ERROR_DIALOG);
135 exit();
136 }
137 /* Parse configuration file */
138 $config = new config(CONFIG_DIR . "/" . CONFIG_FILE, $BASE_DIR);
139 session::global_set('DEBUGLEVEL', $config->get_cfg_value('DEBUGLEVEL'));
140 if ($_SERVER["REQUEST_METHOD"] != "POST") {
141 @DEBUG(DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config");
142 }
143 /* Enable compressed output */
144 if ($config->get_cfg_value("sendCompressedOutput") != "") {
145 ob_start("ob_gzhandler");
146 }
147 /* Set template compile directory */
148 $smarty->compile_dir = $config->get_cfg_value("templateCompileDirectory", '/var/spool/gosa');
149 /* Check for compile directory */
150 if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))) {
151 msg_dialog::display(_("Smarty error"), sprintf(_("Directory '%s' specified as compile directory is not accessible!"), $smarty->compile_dir), FATAL_ERROR_DIALOG);
152 exit();
153 }
154 /* Check for old files in compile directory */
155 clean_smarty_compile_dir($smarty->compile_dir);
156 /* Language setup */
157 $lang = get_browser_language();
158 putenv("LANGUAGE=");
159 putenv("LANG=$lang");
160 setlocale(LC_ALL, $lang);
161 $GLOBALS['t_language'] = $lang;
162 $GLOBALS['t_gettext_message_dir'] = $BASE_DIR . '/locale/';
163 /* Set the text domain as 'messages' */
164 $domain = 'messages';
165 bindtextdomain($domain, LOCALE_DIR);
166 textdomain($domain);
167 $smarty->assign('nextfield', 'username');
168 if ($_SERVER["REQUEST_METHOD"] != "POST") {
169 @DEBUG(DEBUG_TRACE, __LINE__, __FUNCTION__, __FILE__, $lang, "Setting language to");
170 }
171 /* Check for SSL connection */
172 $ssl = "";
173 if (!isset($_SERVER['HTTPS']) || !stristr($_SERVER['HTTPS'], "on")) {
174 if (empty($_SERVER['REQUEST_URI'])) {
175 $ssl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['PATH_INFO'];
176 } else {
177 $ssl = "https://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
178 }
179 }
180 /* If SSL is forced, just forward to the SSL enabled site */
181 if ($config->get_cfg_value("forcessl") == 'true' && $ssl != '') {
182 header("Location: $ssl");
183 exit;
184 }
185 /* Do we have htaccess authentification enabled? */
186 $htaccess_authenticated = FALSE;
187 if ($config->get_cfg_value("htaccessAuthentication") == "true") {
188 if (!isset($_SERVER['REMOTE_USER'])) {
189 msg_dialog::display(_("Configuration error"), _("There is a problem with the authentication setup!"), FATAL_ERROR_DIALOG);
190 exit;
191 }
192 $tmp = process_htaccess($_SERVER['REMOTE_USER'], isset($_SERVER['KRB5CCNAME']));
193 $username = $tmp['username'];
194 $server = $tmp['server'];
195 if ($username == "") {
196 msg_dialog::display(_("Error"), _("Cannot find a valid user for the current authentication setup!"), FATAL_ERROR_DIALOG);
197 exit;
198 }
199 if ($server == "") {
200 msg_dialog::display(_("Error"), _("User information is not unique accross the configured LDAP trees!"), FATAL_ERROR_DIALOG);
201 exit;
202 }
203 $htaccess_authenticated = TRUE;
204 }
205 /* Got a formular answer, validate and try to log in */
206 if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htaccess_authenticated) {
207 /* Reset error messages */
208 $message = "";
209 /* Destroy old sessions, they cause a successfull login to relog again ...*/
210 if (session::global_is_set('_LAST_PAGE_REQUEST')) {
211 session::global_set('_LAST_PAGE_REQUEST', time());
212 }
213 if (!$htaccess_authenticated) {
214 $server = validate($_POST["server"]);
215 }
216 $config->set_current($server);
217 /* Admin-logon and verify */
218 $ldap = $config->get_ldap_link();
219 if (is_null($ldap) || (is_int($ldap) && $ldap == 0)) {
220 msg_dialog::display(_("LDAP error"), msgPool::ldaperror($ldap->get_error(), $this->dn, 0, get_class()));
221 displayLogin();
222 exit();
223 }
224 /* Check for schema file presence */
225 if ($config->get_cfg_value("schemaCheck") == "true") {
226 $recursive = ($config->get_cfg_value("ldapFollowReferrals") == "true");
227 $tls = ($config->get_cfg_value("ldapTLS") == "true");
228 if (!count($ldap->get_objectclasses())) {
229 msg_dialog::display(_("LDAP error"), _("Cannot detect information about the installed LDAP schema!"), ERROR_DIALOG);
230 displayLogin();
231 exit();
232 } else {
233 $cfg = array();
234 $cfg['admin'] = $config->current['ADMINDN'];
235 $cfg['password'] = $config->current['ADMINPASSWORD'];
236 $cfg['connection'] = $config->current['SERVER'];
237 $cfg['tls'] = $tls;
238 $str = check_schema($cfg, $config->get_cfg_value("rfc2307bis") == "true");
239 $checkarr = array();
240 foreach($str as $tr) {
241 if (isset($tr['IS_MUST_HAVE']) && !$tr['STATUS']) {
242 msg_dialog::display(_("LDAP error"), _("Your LDAP setup contains old schema definitions:") . "<br><br><i>" . $tr['MSG'] . "</i>", ERROR_DIALOG);
243 displayLogin();
244 exit();
245 }
246 }
247 }
248 }
249 /* Check for locking area */
250 $ldap->cat($config->get_cfg_value("config"), array("dn"));
251 $attrs = $ldap->fetch();
252 if (!count($attrs)) {
253 $ldap->cd($config->current['BASE']);
254 $ldap->create_missing_trees($config->get_cfg_value("config"));
255 }
256 /* Check for valid input */
257 $ok = true;
258 if (!$htaccess_authenticated) {
259 $username = $_POST["username"];
260 if (!preg_match("/^[@A-Za-z0-9_.-]+$/", $username)) {
261 $message = _("Please specify a valid username!");
262 $ok = false;
263 } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0) {
264 $message = _("Please specify your password!");
265 $smarty->assign('nextfield', 'password');
266 $ok = false;
267 }
268 }
269 if ($ok) {
270 /* Login as user, initialize user ACL's */
271 if ($htaccess_authenticated) {
272 $ui = ldap_login_user_htaccess($username);
273 if ($ui === NULL || !$ui) {
274 msg_dialog::display(_("Authentication error"), _("Cannot retrieve user information for htaccess authentication!"), FATAL_ERROR_DIALOG);
275 exit;
276 }
277 } else {
278 $ui = ldap_login_user($username, $_POST["password"]);
279 }
280 if ($ui === NULL || !$ui) {
281 $message = _("Please check the username/password combination.");
282 $smarty->assign('nextfield', 'password');
283 session::global_set('config', $config);
284 new log("security", "login", "", array(), "Authentication failed for user \"$username\"");
285 } else {
286 /* Remove all locks of this user */
287 del_user_locks($ui->dn);
288 /* Save userinfo and plugin structure */
289 session::global_set('ui', $ui);
290 session::global_set('session_cnt', 0);
291 /* Let GOsa trigger a new connection for each POST, save
292 config to session. */
293 $config->get_departments();
294 $config->make_idepartments();
295 session::global_set('config', $config);
296 /* Restore filter settings from cookie, if available */
297 if ($config->get_cfg_value("storeFilterSettings") == "true") {
298 if (isset($_COOKIE['GOsa_Filter_Settings']) || isset($HTTP_COOKIE_VARS['GOsa_Filter_Settings'])) {
299 if (isset($_COOKIE['GOsa_Filter_Settings'])) {
300 $cookie_all = unserialize(base64_decode($_COOKIE['GOsa_Filter_Settings']));
301 } else {
302 $cookie_all = unserialize(base64_decode($HTTP_COOKIE_VARS['GOsa_Filter_Settings']));
303 }
304 if (isset($cookie_all[$ui->dn])) {
305 $cookie = $cookie_all[$ui->dn];
306 $cookie_vars = array("MultiDialogFilters", "CurrentMainBase", "plug");
307 foreach($cookie_vars as $var) {
308 if (isset($cookie[$var])) {
309 session::global_set($var, $cookie[$var]);
310 }
311 }
312 if (isset($cookie['plug'])) {
313 $plug = $cookie['plug'];
314 }
315 }
316 }
317 }
318 /* are we using accountexpiration */
319 if ($config->get_cfg_value("handleExpiredAccounts") == "true") {
320 $expired = ldap_expired_account($config, $ui->dn, $ui->username);
321 if ($expired == 1) {
322 $message = _("Account locked. Please contact your system administrator!");
323 $smarty->assign('nextfield', 'password');
324 new log("security", "login", "", array(), "Account for user \"$username\" has expired");
325 } elseif ($expired == 3) {
326 $plist = new pluglist($config, $ui);
327 foreach($plist->dirlist as $key => $value) {
328 if (preg_match("/\bpassword\b/i", $value)) {
329 $plug = $key;
330 new log("security", "login", "", array(), "User \"$username\" password forced to change");
331 header("Location: main.php?plug=$plug&reset=1");
332 exit;
333 }
334 }
335 }
336 }
337 /* Not account expired or password forced change go to main page */
338 new log("security", "login", "", array(), "User \"$username\" logged in successfully");
339 $plist = new pluglist($config, $ui);
340 if (isset($plug) && isset($plist->dirlist[$plug])) {
341 header("Location: main.php?plug=" . $plug . "&global_check=1");
342 } else {
343 header("Location: main.php?global_check=1");
344 }
345 exit;
346 }
347 }
348 }
349 /* Fill template with required values */
350 $smarty->assign('date', gmdate("D, d M Y H:i:s"));
351 $smarty->assign('username', $username);
352 $smarty->assign('personal_img', get_template_path('images/login-head.png'));
353 $smarty->assign('password_img', get_template_path('images/password.png'));
354 $smarty->assign('directory_img', get_template_path('images/ldapserver.png'));
355 /* Some error to display? */
356 if (!isset($message)) {
357 $message = "";
358 }
359 $smarty->assign("message", $message);
360 /* Translation of cookie-warning. Whether to display it, is determined by JavaScript */
361 $smarty->assign("cookies", _("Your browser has cookies disabled. Please enable cookies and reload this page before logging in!"));
362 /* Generate server list */
363 $servers = array();
364 if (isset($_POST['server'])) {
365 $selected = validate($_POST['server']);
366 } else {
367 $selected = $config->data['MAIN']['DEFAULT'];
368 }
369 foreach($config->data['LOCATIONS'] as $key => $ignored) {
370 $servers[$key] = $key;
371 }
372 $smarty->assign("server_options", $servers);
373 $smarty->assign("server_id", $selected);
374 /* show login screen */
375 $smarty->assign("PHPSESSID", session_id());
376 if (session::is_set('errors')) {
377 $smarty->assign("errors", session::get('errors'));
378 }
379 if ($error_collector != "") {
380 $smarty->assign("php_errors", preg_replace("/%BUGBODY%/", $error_collector_mailto, $error_collector) . "</div>");
381 } else {
382 $smarty->assign("php_errors", "");
383 }
384 /* Set focus to the error button if we've an error message */
385 $focus = "";
386 if (session::is_set('errors') && session::get('errors') != "") {
387 $focus = '<script language="JavaScript" type="text/javascript">';
388 $focus.= 'document.forms[0].error_accept.focus();';
389 $focus.= '</script>';
390 }
391 $smarty->assign("focus", $focus);
392 displayLogin();
393 // vim:tabstop=2:expandtab:shiftwidth=2:softtabstop=2:filetype=php:syntax:ruler:
395 ?>
397 </body>
398 </html>