X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=html%2Findex.php;h=18c9bed5bbc1f9d60c74875c5626caf69f31ffd4;hb=1fb850eba9b26edf354a71e3f2a8fb1d1b17a473;hp=c2ce1dc0f85f9620b6e08e83a94b529f5ceaa458;hpb=337c75dcf6c641022bd31edcb3acbe97d899289d;p=gosa.git

diff --git a/html/index.php b/html/index.php
index c2ce1dc0f..18c9bed5b 100644
--- a/html/index.php
+++ b/html/index.php
@@ -23,11 +23,75 @@ require_once ("../include/php_setup.inc");
 require_once ("functions.inc");
 header("Content-type: text/html; charset=UTF-8");
 
+function displayLogin()
+{
+  global $smarty,$message,$config,$ssl,$error_collector;
+  error_reporting(E_ALL);
+    /* Fill template with required values */
+    $username = "";
+    if(isset($_POST["username"])){
+      $username= $_POST["username"];
+    }
+    $smarty->assign ('date', gmdate("D, d M Y H:i:s"));
+    $smarty->assign ('username', $username);
+    $smarty->assign ('personal_img', get_template_path('images/personal.png'));
+    $smarty->assign ('password_img', get_template_path('images/password.png'));
+    $smarty->assign ('directory_img', get_template_path('images/ldapserver.png'));
+
+    /* Some error to display? */
+    if (!isset($message)){
+      $message= "";
+    }
+    $smarty->assign ("message", $message);
+
+    /* Displasy SSL mode warning? */
+    if ($ssl != "" && $config->data['MAIN']['WARNSSL'] == 'true'){
+      $smarty->assign ("ssl", "<b>"._("Warning").":<\/b> "._("Session will not be encrypted.")." <a style=\"color:red;\" href=\"$ssl\"><b>"._("Enter SSL session")."<\/b></a>!");
+    } else {
+      $smarty->assign ("ssl", "");
+    }
+
+    /* Generate server list */
+    $servers= array();
+    if (isset($_POST['server'])){
+      $selected= validate($_POST['server']);
+    } else {
+      $selected= $config->data['MAIN']['DEFAULT'];
+    }
+    foreach ($config->data['LOCATIONS'] as $key => $ignored){
+      $servers[$key]= $key;
+    }
+    $smarty->assign ("server_options", $servers);
+    $smarty->assign ("server_id", $selected);
+
+    /* show login screen */
+    $smarty->assign ("PHPSESSID", session_id());
+    if (isset($_SESSION['errors'])){
+      $smarty->assign("errors", $_SESSION['errors']);
+    }
+    if ($error_collector != ""){
+      $smarty->assign("php_errors", $error_collector."</div>");
+    } else {
+      $smarty->assign("php_errors", "");
+    }
+
+    $smarty->display(get_template_path('headers.tpl'));
+    $smarty->display(get_template_path('login.tpl'));
+    exit();
+}
+
+
+
 /* Set error handler to own one, initialize time calculation
    and start session. */
 session_start ();
 $username= "";
 
+/* Reset errors */
+$_SESSION['errors']             = "";
+$_SESSION['errorsAlreadyPosted']= array();
+$_SESSION['LastError']          = "";
+
 /* Check if we need to run setup */
 if (!file_exists(CONFIG_DIR."/gosa.conf")){
   header("location:setup.php");
@@ -38,20 +102,15 @@ if (!file_exists(CONFIG_DIR."/gosa.conf")){
 $_SESSION['errors']= "";
 
 /* Check for java script */
-if (!isset($_GET['js']) && !isset($_SESSION['js'])){
-  echo '<script language="JavaScript" type="text/javascript">';
-  echo '  location = "index.php?js=true";';
-  echo '</script>';
-
-  $_SESSION['js']= FALSE;
-} else {
+if(isset($_POST['javascript']) && $_POST['javascript'] == "true") {
   $_SESSION['js']= TRUE;
+}elseif(isset($_POST['javascript'])) {
+  $_SESSION['js']= FALSE;
 }
 
-/* Check if gosa.conf is accessable */
+/* Check if gosa.conf is accessible */
 if (!is_readable(CONFIG_DIR."/gosa.conf")){
-  print_red(sprintf(_("GOsa configuration %s/gosa.conf is not readable. Aborted."), CONFIG_DIR));
-  echo $_SESSION['errors'];
+  echo sprintf(_("GOsa configuration %s/gosa.conf is not readable. Aborted."), CONFIG_DIR);
   exit();
 }
 
@@ -72,9 +131,8 @@ $smarty->assign ('nextfield', 'username');
 
 /* Check for compile directory */
 if (!(is_dir($smarty->compile_dir) && is_writable($smarty->compile_dir))){
-  print_red(sprintf(_("Directory '%s' specified as compile directory is not accessable!"),
-        $smarty->compile_dir));
-  echo $_SESSION['errors'];
+  echo sprintf(_("Directory '%s' specified as compile directory is not accessible!"),
+        $smarty->compile_dir);
   exit();
 }
 
@@ -107,30 +165,35 @@ if ($_SERVER["REQUEST_METHOD"] != "POST"){
 
 /* Check for SSL connection */
 $ssl= "";
-if (!isset($HTTP_SERVER_VARS['HTTPS']) ||
-    !stristr($HTTP_SERVER_VARS['HTTPS'], "on")) {
+if (!isset($_SERVER['HTTPS']) ||
+    !stristr($_SERVER['HTTPS'], "on")) {
 
-  if (empty($HTTP_SERVER_VARS['REQUEST_URI'])) {
-    $ssl= "https://".$HTTP_SERVER_VARS['HTTP_HOST'].
-      $HTTP_SERVER_VARS['PATH_INFO'];
+  if (empty($_SERVER['REQUEST_URI'])) {
+    $ssl= "https://".$_SERVER['HTTP_HOST'].
+      $_SERVER['PATH_INFO'];
   } else {
-    $ssl= "https://".$HTTP_SERVER_VARS['HTTP_HOST'].
-      $HTTP_SERVER_VARS['REQUEST_URI'];
+    $ssl= "https://".$_SERVER['HTTP_HOST'].
+      $_SERVER['REQUEST_URI'];
   }
 }
 
 /* If SSL is forced, just forward to the SSL enabled site */
-if ($config->data['MAIN']['FORCESSL'] == 'true'){
+if ($config->data['MAIN']['FORCESSL'] == 'true' && $ssl != ''){
   header ("Location: $ssl");
   exit;
 }
 
 /* Got a formular answer, validate and try to log in */
-if ($_SERVER["REQUEST_METHOD"] == "POST"){
+if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])){
 
   /* Reset error messages */
   $message= "";
 
+  /* Destroy old sessions, they cause a successfull login to relog again ...*/
+  if(isset($_SESSION['_LAST_PAGE_REQUEST'])){
+    $_SESSION['_LAST_PAGE_REQUEST'] = time();
+  }
+
   $server= validate($_POST["server"]);
   $config->set_current($server);
 
@@ -138,32 +201,36 @@ if ($_SERVER["REQUEST_METHOD"] == "POST"){
   $ldap = $config->get_ldap_link();
   if (is_null($ldap) || (is_int($ldap) && $ldap == 0)){
     print_red (_("Can't bind to LDAP. Please contact the system administrator."));
-    echo $_SESSION['errors'];
+    displayLogin();
     exit();
   }
 
-  $ldap->search("(objectClass=*)",array("subschemaSubentry"));
-  $attrs= $ldap->fetch();
-  if(!count($attrs)){
-    print_red(_("GOsa cannot retrieve information about the installed schema files. Please make sure, that this is possible."));
-    echo $_SESSION['errors'];
-    exit();
-  }else{
+  /* Check for schema file presence */
+  if(!isset($config->data['MAIN']['SCHEMA_CHECK'])){
+    $config->data['MAIN']['SCHEMA_CHECK'] = "true";
+  }
+  if(isset($config->data['MAIN']['SCHEMA_CHECK'])&&preg_match("/true/i",$config->data['MAIN']['SCHEMA_CHECK'])){
     require_once("functions_setup.inc");
-    $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD']));
-    $checkarr = array();
-    foreach($str as $tr){
-      if(isset($tr['needonstartup'])){
-        print_red(_("Your Schema files are not at actual version, please move your gosa.conf and  run Setup again, to check this."));
-        print $_SESSION['errors'];
-        exit();
+    if(!is_schema_readable($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'])){
+      print_red(_("GOsa cannot retrieve information about the installed schema files. Please make sure, that this is possible."));
+      $smarty->display(get_template_path('headers.tpl'));
+      echo "<body>".$_SESSION['errors']."</body></html>";
+      exit();
+    }else{
+      $str = (schema_check($config->current['SERVER'],$config->current['ADMIN'],$config->current['PASSWORD'],0,TRUE));
+      $checkarr = array();
+      foreach($str as $tr){
+        if(isset($tr['needonstartup'])){
+          print_red($tr['msg']."<br>"._("Your ldap setup contains old schema definitions. Please re-run the setup."));
+          $smarty->display(get_template_path('headers.tpl'));
+          echo "<body>".$_SESSION['errors']."</body></html>";
+          exit();
+        }
       }
     }
   }
-
-
   /* Check for locking area */
-  $ldap->cat($config->current['CONFIG']);
+  $ldap->cat($config->current['CONFIG'], array("dn"));
   $attrs= $ldap->fetch();
   if (!count ($attrs)){
     $ldap->cd($config->current['BASE']);
@@ -174,10 +241,9 @@ if ($_SERVER["REQUEST_METHOD"] == "POST"){
   $ldap->cd($config->current['BASE']);
   $ldap->search("(&(objectClass=gosaObject)(gosaSubtreeACL=:all))");
   if ($ldap->count() < 1){
-#FIXME: -> ldapsetup.tpl would be better
     print_red(_("You're missing an administrative account for GOsa, you'll not be able to administrate anything!"));
-    echo $_SESSION['errors'];
-    exit;
+    displayLogin();
+    exit();
   }
 
   /* Check for valid input */
@@ -205,12 +271,43 @@ if ($_SERVER["REQUEST_METHOD"] == "POST"){
 
       /* Let GOsa trigger a new connection for each POST, save
          config to session. */
+      $config->get_departments();
+      $config->make_idepartments();
       $_SESSION['config']= $config;
 
-      /* Go to main page */
-      gosa_log ("User \"$username\" logged in successfully");
-      header ("Location: main.php?global_check=1");
-      exit;
+      /* are we using accountexpiration */
+      if((isset($config->data['MAIN']['ACCOUNT_EXPIRATION'])) && 
+          preg_match('/true/i', $config->data['MAIN']['ACCOUNT_EXPIRATION'])){
+      
+        $expired= ldap_expired_account($config, $ui->dn, $ui->username);
+
+        if ($expired == 1){
+          $message= _("Account locked. Please contact your system administrator.");
+          $smarty->assign ('nextfield', 'password');
+          gosa_log ("Account for user \"$username\" has expired");
+        } elseif ($expired == 3){
+            $plist= new pluglist($config, $ui);
+            foreach ($plist->dirlist as $key => $value){
+              if (preg_match("/\bpassword\b/i",$value)){
+                $plug=$key;
+                gosa_log ("User \"$username\" password forced to change");
+                header ("Location: main.php?plug=$plug&reset=1");
+                exit;
+              }
+            }
+          }
+
+        /* Not account expired or password forced change go to main page */
+        gosa_log ("User \"$username\" logged in successfully");
+        header ("Location: main.php?global_check=1");
+        exit;
+        
+      } else {
+        /* Go to main page */
+        gosa_log ("User \"$username\" logged in successfully");
+        header ("Location: main.php?global_check=1");
+        exit;
+      }
     }
   }
 }
@@ -226,15 +323,20 @@ $smarty->assign ('directory_img', get_template_path('images/ldapserver.png'));
 if (!isset($message)){
   $message= "";
 }
+
 $smarty->assign ("message", $message);
 
 /* Displasy SSL mode warning? */
 if ($ssl != "" && $config->data['MAIN']['WARNSSL'] == 'true'){
-  $smarty->assign ("ssl", "<b>"._("Warning").":</b> "._("Session will not be encrypted.")." <a style=\"color:red;\" href=\"$ssl\"><b>"._("Enter SSL session")."</b></a>!");
+  $smarty->assign ("ssl", "<b>"._("Warning").":<\/b> "._("Session will not be encrypted.")." <a style=\"color:red;\" href=\"$ssl\"><b>"._("Enter SSL session")."<\/b></a>!");
 } else {
   $smarty->assign ("ssl", "");
 }
 
+/* Translation of cookie-warning. Whether to display it, is determined by JavaScript */
+$smarty->assign ("cookies", "<b>"._("Warning").":<\/b> "._("Your browser has cookies disabled. Please enable cookies and reload this page before logging in!"));
+
+
 /* Generate server list */
 $servers= array();
 if (isset($_POST['server'])){
@@ -249,7 +351,6 @@ $smarty->assign ("server_options", $servers);
 $smarty->assign ("server_id", $selected);
 
 /* show login screen */
-$smarty->display (get_template_path('headers.tpl'));
 $smarty->assign ("PHPSESSID", session_id());
 if (isset($_SESSION['errors'])){
   $smarty->assign("errors", $_SESSION['errors']);
@@ -259,7 +360,8 @@ if ($error_collector != ""){
 } else {
   $smarty->assign("php_errors", "");
 }
-$smarty->display (get_template_path('login.tpl'));
+displayLogin();
+
 
 // vim:tabstop=2:expandtab:shiftwidth=2:filetype=php:syntax:ruler:
 ?>