X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=gosa-core%2Fhtml%2Findex.php;h=eae3f532d184898e9f2f261249273c7dfcb17a54;hb=7b273c1aa128ff54501bffc2dfc8047319257bac;hp=11c11c6a453f63be13194f9f705ea019c85b3d5d;hpb=fbdd4848a8e6383878c9277605b75a1cdc633dc7;p=gosa.git diff --git a/gosa-core/html/index.php b/gosa-core/html/index.php index 11c11c6a4..eae3f532d 100644 --- a/gosa-core/html/index.php +++ b/gosa-core/html/index.php @@ -38,7 +38,7 @@ function displayLogin() /* Fill template with required values */ $username = ""; if(isset($_POST["username"])){ - $username= $_POST["username"]; + $username= get_post("username"); } $smarty->assign ('date', gmdate("D, d M Y H:i:s")); $smarty->assign ('username', $username); @@ -69,7 +69,7 @@ function displayLogin() /* Generate server list */ $servers= array(); if (isset($_POST['server'])){ - $selected= validate($_POST['server']); + $selected= get_post('server'); } else { $selected= $config->data['MAIN']['DEFAULT']; } @@ -90,6 +90,8 @@ function displayLogin() $smarty->assign("php_errors", ""); } $smarty->assign("msg_dialogs", msg_dialog::get_dialogs()); + $smarty->assign("iePngWorkaround", $config->get_cfg_value("iePngWorkaround","false" ) == "true"); + $smarty->assign("usePrototype", "false"); $smarty->display (get_template_path('headers.tpl')); $smarty->assign("version",get_gosa_version()); $smarty->display(get_template_path('login.tpl')); @@ -132,9 +134,9 @@ session::set('errors',""); /* Check for java script */ if(isset($_POST['javascript']) && $_POST['javascript'] == "true") { - session::set('js',TRUE); + session::global_set('js',TRUE); }elseif(isset($_POST['javascript'])) { - session::set('js',FALSE); + session::global_set('js',FALSE); } /* Check if gosa.conf (.CONFIG_FILE) is accessible */ @@ -145,7 +147,7 @@ if (!is_readable(CONFIG_DIR."/".CONFIG_FILE)){ /* Parse configuration file */ $config= new config(CONFIG_DIR."/".CONFIG_FILE, $BASE_DIR); -session::set('DEBUGLEVEL',$config->get_cfg_value('DEBUGLEVEL')); +session::global_set('DEBUGLEVEL',$config->get_cfg_value('DEBUGLEVEL')); if ($_SERVER["REQUEST_METHOD"] != "POST"){ @DEBUG (DEBUG_CONFIG, __LINE__, __FUNCTION__, __FILE__, $config->data, "config"); } @@ -209,7 +211,7 @@ if ($config->get_cfg_value("forcessl") == 'true' && $ssl != ''){ /* Do we have htaccess authentification enabled? */ $htaccess_authenticated= FALSE; -if ($config->get_cfg_value("htaccess_auth") == "true" ){ +if ($config->get_cfg_value("htaccessAuthentication") == "true" ){ if (!isset($_SERVER['REMOTE_USER'])){ msg_dialog::display(_("Configuration error"), _("There is a problem with the authentication setup!"), FATAL_ERROR_DIALOG); exit; @@ -237,12 +239,12 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces $message= ""; /* Destroy old sessions, they cause a successfull login to relog again ...*/ - if(session::is_set('_LAST_PAGE_REQUEST')){ - session::set('_LAST_PAGE_REQUEST',time()); + if(session::global_is_set('_LAST_PAGE_REQUEST')){ + session::global_set('_LAST_PAGE_REQUEST',time()); } if (!$htaccess_authenticated){ - $server= validate($_POST["server"]); + $server= get_post("server"); } $config->set_current($server); @@ -255,12 +257,8 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces } /* Check for schema file presence */ - #TODO: these three lines should go to the class_config.inc, shouldn't they? - if(!isset($config->data['MAIN']['SCHEMACHECK'])){ - $config->data['MAIN']['SCHEMACHECK'] = "true"; - } if ($config->get_cfg_value("schemaCheck") == "true"){ - $recursive = ($config->get_cfg_value("recursive") == "true"); + $recursive = ($config->get_cfg_value("ldapFollowReferrals") == "true"); $tls = ($config->get_cfg_value("ldapTLS") == "true"); if(!count($ldap->get_objectclasses())){ @@ -296,11 +294,11 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces /* Check for valid input */ $ok= true; if (!$htaccess_authenticated){ - $username= $_POST["username"]; - if (!ereg("^[@A-Za-z0-9_.-]+$", $username)){ + $username= get_post("username"); + if (!preg_match("/^[@A-Za-z0-9_.-]+$/", $username)){ $message= _("Please specify a valid username!"); $ok= false; - } elseif (mb_strlen($_POST["password"], 'UTF-8') == 0){ + } elseif (mb_strlen(get_post("password"), 'UTF-8') == 0){ $message= _("Please specify your password!"); $smarty->assign ('nextfield', 'password'); $ok= false; @@ -317,25 +315,27 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces exit; } } else { - $ui= ldap_login_user($username, $_POST["password"]); + $ui= ldap_login_user($username, get_post("password")); } if ($ui === NULL || !$ui){ $message= _("Please check the username/password combination."); $smarty->assign ('nextfield', 'password'); - new log("security","login","",array(),"Authentication failed for user \"$username\"") ; + session::global_set('config',$config); + $ip= $_SERVERREMOTE_ADDR; + new log("security","login","",array(),"Authentication failed for user \"$username\" [from $ip]"); } else { /* Remove all locks of this user */ del_user_locks($ui->dn); /* Save userinfo and plugin structure */ - session::set('ui',$ui); - session::set('session_cnt',0); + session::global_set('ui',$ui); + session::global_set('session_cnt',0); /* Let GOsa trigger a new connection for each POST, save config to session. */ $config->get_departments(); $config->make_idepartments(); - session::set('config',$config); + session::global_set('config',$config); /* Restore filter settings from cookie, if available */ if($config->get_cfg_value("storeFilterSettings") == "true"){ @@ -352,7 +352,7 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces $cookie_vars= array("MultiDialogFilters","CurrentMainBase","plug"); foreach($cookie_vars as $var){ if(isset($cookie[$var])){ - session::set($var,$cookie[$var]); + session::global_set($var,$cookie[$var]); } } if(isset($cookie['plug'])){ @@ -366,20 +366,12 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces if ($config->get_cfg_value("handleExpiredAccounts") == "true"){ $expired= ldap_expired_account($config, $ui->dn, $ui->username); - if ($expired == 1){ + if ($expired == POSIX_ACCOUNT_EXPIRED){ $message= _("Account locked. Please contact your system administrator!"); $smarty->assign ('nextfield', 'password'); new log("security","login","",array(),"Account for user \"$username\" has expired") ; - } elseif ($expired == 3){ - $plist= new pluglist($config, $ui); - foreach ($plist->dirlist as $key => $value){ - if (preg_match("/\bpassword\b/i",$value)){ - $plug=$key; - new log("security","login","",array(),"User \"$username\" password forced to change") ; - header ("Location: main.php?plug=$plug&reset=1"); - exit; - } - } + displayLogin(); + exit(); } } @@ -387,7 +379,7 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces new log("security","login","",array(),"User \"$username\" logged in successfully") ; $plist= new pluglist($config, $ui); if(isset($plug) && isset($plist->dirlist[$plug])){ - header ("Location: main.php?plug=".$plug."&global_check=1"); + header ("Location: main.php?plug=".$plug."&global_check=1"); }else{ header ("Location: main.php?global_check=1"); } @@ -423,7 +415,7 @@ $smarty->assign ("cookies", ""._("Warning").":<\/b> "._("Your browser has coo /* Generate server list */ $servers= array(); if (isset($_POST['server'])){ - $selected= validate($_POST['server']); + $selected= get_post('server'); } else { $selected= $config->data['MAIN']['DEFAULT']; }