WebSVN – oidplus – Blame – /trunk/plugins/publicPages/090_login/OIDplusPagePublicLogin.class.php

Rev	Author	Line No.	Line
104	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
256	daniel-mar	20	class OIDplusPagePublicLogin extends OIDplusPagePluginPublic {
104	daniel-mar	21
321	daniel-mar	22	public function action($actionID, $params) {
104	daniel-mar	23	// === RA LOGIN/LOGOUT ===
		24
321	daniel-mar	25	if ($actionID == 'ra_login') {
		26	$email = $params['email'];
119	daniel-mar	27	$ra = new OIDplusRA($email);
148	daniel-mar	28
261	daniel-mar	29	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
		30	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
321	daniel-mar	31	$response=$params["captcha"];
104	daniel-mar	32	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
		33	$captcha_success=json_decode($verify);
		34	if ($captcha_success->success==false) {
360	daniel-mar	35	throw new OIDplusException(_L('CAPTCHA not successfully verified'));
104	daniel-mar	36	}
		37	}
		38
321	daniel-mar	39	if ($ra->checkPassword($params['password'])) {
288	daniel-mar	40	OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged in");
119	daniel-mar	41	OIDplus::authUtils()::raLogin($email);
104	daniel-mar	42
264	daniel-mar	43	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
104	daniel-mar	44
328	daniel-mar	45	return array("status" => 0);
104	daniel-mar	46	} else {
300	daniel-mar	47	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
298	daniel-mar	48	if ($ra->existing()) {
		49	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (wrong password)");
		50	} else {
		51	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (RA not existing)");
		52	}
295	daniel-mar	53	}
355	daniel-mar	54	throw new OIDplusException(_L('Wrong password or user not registered'));
104	daniel-mar	55	}
150	daniel-mar	56
321	daniel-mar	57	} else if ($actionID == 'ra_logout') {
119	daniel-mar	58
321	daniel-mar	59	$email = $params['email'];
		60
288	daniel-mar	61	OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged out");
119	daniel-mar	62	OIDplus::authUtils()::raLogout($email);
328	daniel-mar	63	return array("status" => 0);
104	daniel-mar	64	}
		65
		66	// === ADMIN LOGIN/LOGOUT ===
		67
321	daniel-mar	68	else if ($actionID == 'admin_login') {
261	daniel-mar	69	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
		70	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
321	daniel-mar	71	$response=$params["captcha"];
104	daniel-mar	72	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
		73	$captcha_success=json_decode($verify);
		74	if ($captcha_success->success==false) {
360	daniel-mar	75	throw new OIDplusException(_L('CAPTCHA not successfully verified'));
104	daniel-mar	76	}
		77	}
		78
321	daniel-mar	79	if (OIDplus::authUtils()::adminCheckPassword($params['password'])) {
288	daniel-mar	80	OIDplus::logger()->log("[OK]A!", "Admin logged in");
104	daniel-mar	81	OIDplus::authUtils()::adminLogin();
328	daniel-mar	82	return array("status" => 0);
104	daniel-mar	83	} else {
300	daniel-mar	84	if (OIDplus::config()->getValue('log_failed_admin_logins', false)) {
298	daniel-mar	85	OIDplus::logger()->log("[WARN]A!", "Failed login to admin account");
		86	}
360	daniel-mar	87	throw new OIDplusException(_L('Wrong password'));
104	daniel-mar	88	}
		89	}
321	daniel-mar	90	else if ($actionID == 'admin_logout') {
288	daniel-mar	91	OIDplus::logger()->log("[OK]A!", "Admin logged out");
104	daniel-mar	92	OIDplus::authUtils()::adminLogout();
328	daniel-mar	93	return array("status" => 0);
104	daniel-mar	94	}
321	daniel-mar	95	else {
360	daniel-mar	96	throw new OIDplusException(_L('Unknown action ID'));
321	daniel-mar	97	}
104	daniel-mar	98	}
		99
		100	public function init($html=true) {
295	daniel-mar	101	OIDplus::config()->prepareConfigKey('log_failed_ra_logins', 'Log failed RA logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		102	if (!is_numeric($value) \|\| (($value != 0) && (($value != 1)))) {
360	daniel-mar	103	throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).'));
295	daniel-mar	104	}
		105	});
		106	OIDplus::config()->prepareConfigKey('log_failed_admin_logins', 'Log failed Admin logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		107	if (!is_numeric($value) \|\| (($value != 0) && (($value != 1)))) {
360	daniel-mar	108	throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).'));
295	daniel-mar	109	}
		110	});
104	daniel-mar	111	}
		112
		113	public function gui($id, &$out, &$handled) {
382	daniel-mar	114	$ary = explode('$', $id);
		115	if (isset($ary[1])) {
		116	$id = $ary[0];
		117	$tab = $ary[1];
		118	} else {
		119	$tab = 'ra';
		120	}
104	daniel-mar	121	if ($id === 'oidplus:login') {
		122	$handled = true;
360	daniel-mar	123	$out['title'] = _L('Login');
241	daniel-mar	124	$out['icon'] = OIDplus::webpath(__DIR__).'login_big.png';
104	daniel-mar	125
		126	$out['text'] .= '<noscript>';
355	daniel-mar	127	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
104	daniel-mar	128	$out['text'] .= '</noscript>';
		129
219	daniel-mar	130	$out['text'] .= '<div id="loginArea" style="visibility: hidden"><div id="loginTab" class="container" style="width:100%;">';
261	daniel-mar	131	$out['text'] .= (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) ?
		132	'<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'.
360	daniel-mar	133	'<p>'._L('Before logging in, please solve the following CAPTCHA').'</p>'.
		134	'<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>' : '');
104	daniel-mar	135	$out['text'] .= '<br>';
219	daniel-mar	136	$out['text'] .= '<ul class="nav nav-pills">';
382	daniel-mar	137	$out['text'] .= ' <li'.($tab === 'ra' ? ' class="active"' : '').'>';
360	daniel-mar	138	$out['text'] .= ' <a href="#1a" data-toggle="tab">'._L('Login as RA').'</a>';
104	daniel-mar	139	$out['text'] .= ' </li>';
382	daniel-mar	140	$out['text'] .= ' <li'.($tab === 'admin' ? ' class="active"' : '').'>';
		141	$out['text'] .= ' <a href="#2a" data-toggle="tab">'._L('Login as administrator').'</a>';
104	daniel-mar	142	$out['text'] .= ' </li>';
		143	$out['text'] .= ' </ul>';
		144	$out['text'] .= ' <div class="tab-content clearfix">';
		145	$out['text'] .= ' <div class="tab-pane active" id="1a">';
		146
360	daniel-mar	147	$out['text'] .= '<h2>'._L('Login as RA').'</h2>';
104	daniel-mar	148
		149	$login_list = OIDplus::authUtils()->loggedInRaList();
		150	if (count($login_list) > 0) {
115	daniel-mar	151	foreach ($login_list as $x) {
360	daniel-mar	152	$out['text'] .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
104	daniel-mar	153	}
360	daniel-mar	154	$out['text'] .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
104	daniel-mar	155	} else {
355	daniel-mar	156	$out['text'] .= '<p>'._L('Enter your email address and your password to log in as Registration Authority.').'</p>';
104	daniel-mar	157	}
107	daniel-mar	158	$out['text'] .= '<form onsubmit="return raLoginOnSubmit(this);">';
360	daniel-mar	159	$out['text'] .= '<div><label class="padding_label">'._L('E-Mail').':</label><input type="text" name="email" value="" id="raLoginEMail"></div>';
		160	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginPassword"></div>';
		161	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
104	daniel-mar	162	$out['text'] .= '</form>';
360	daniel-mar	163	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password').'>'._L('Forgot password?').'</a><br>';
104	daniel-mar	164
380	daniel-mar	165	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
		166	if (!is_null($invitePlugin) && OIDplus::config()->getValue('ra_invitation_enabled')) {
355	daniel-mar	167	$out['text'] .= '<abbr title="'._L('To receive login data, the superior RA needs to send you an invitation. After creating or updating your OID, the system will ask them if they want to send you an invitation. If they accept, you will receive an email with an activation link. Alternatively, the system admin can create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>';
156	daniel-mar	168	} else {
360	daniel-mar	169	$out['text'] .= '<abbr title="'._L('Since invitations are disabled at this OIDplus system, the system administrator needs to create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>';
156	daniel-mar	170	}
		171
104	daniel-mar	172	$out['text'] .= ' </div>';
		173	$out['text'] .= ' <div class="tab-pane" id="2a">';
		174
		175	if (OIDplus::authUtils()::isAdminLoggedIn()) {
360	daniel-mar	176	$out['text'] .= '<h2>'._L('Admin login').'</h2>';
		177	$out['text'] .= '<p>'._L('You are logged in as administrator.').'</p>';
		178	$out['text'] .= '<a href="#" onclick="return adminLogout();">'._L('Logout').'</a>';
104	daniel-mar	179	} else {
360	daniel-mar	180	$out['text'] .= '<h2>'._L('Login as administrator').'</h2>';
107	daniel-mar	181	$out['text'] .= '<form onsubmit="return adminLoginOnSubmit(this);">';
360	daniel-mar	182	$out['text'] .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="adminLoginPassword"></div>';
		183	$out['text'] .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
104	daniel-mar	184	$out['text'] .= '</form>';
360	daniel-mar	185	$out['text'] .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password_admin').'>'._L('Forgot password?').'</a><br>';
104	daniel-mar	186	}
		187
		188	$out['text'] .= ' </div>';
		189	$out['text'] .= ' </div>';
		190	$out['text'] .= ' </div><br>';
360	daniel-mar	191	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
		192	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes.', $mins);
296	daniel-mar	193	$privacy_document_file = 'OIDplus/privacy_documentation.html';
380	daniel-mar	194	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
		195	if (!is_null($resourcePlugin) && file_exists(OIDplus::basePath().'/res/'.$privacy_document_file)) {
360	daniel-mar	196	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'$'.OIDplus::authUtils()::makeAuthKey("resources;".$privacy_document_file).'#cookies').'>'._L('More information about the cookies used').'</a>';
219	daniel-mar	197	}
		198	$out['text'] .= '</font></p></div>';
107	daniel-mar	199
		200	$out['text'] .= '<script>document.getElementById("loginArea").style.visibility = "visible";</script>';
104	daniel-mar	201	}
		202	}
295	daniel-mar	203
282	daniel-mar	204	public function publicSitemap(&$out) {
360	daniel-mar	205	$out[] = 'oidplus:login';
282	daniel-mar	206	}
104	daniel-mar	207
106	daniel-mar	208	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
104	daniel-mar	209	$loginChildren = array();
		210
		211	if (OIDplus::authUtils()::isAdminLoggedIn()) {
		212	$ra_roots = array();
		213
281	daniel-mar	214	foreach (OIDplus::getPagePlugins() as $plugin) {
		215	if (is_subclass_of($plugin, OIDplusPagePluginAdmin::class)) {
		216	$plugin->tree($ra_roots);
		217	}
104	daniel-mar	218	}
		219
		220	$ra_roots[] = array(
		221	'id' => 'oidplus:logout$admin',
241	daniel-mar	222	'icon' => OIDplus::webpath(__DIR__).'treeicon_logout.png',
225	daniel-mar	223	'conditionalselect' => 'adminLogout()', // defined in oidplus_base.js
355	daniel-mar	224	'text' => _L('Log out')
104	daniel-mar	225	);
		226	$loginChildren[] = array(
		227	'id' => 'oidplus:dummy$'.md5(rand()),
355	daniel-mar	228	'text' => _L("Logged in as admin"),
241	daniel-mar	229	'icon' => OIDplus::webpath(__DIR__).'treeicon_admin.png',
104	daniel-mar	230	'conditionalselect' => 'false', // dummy node that can't be selected
		231	'state' => array("opened" => true),
		232	'children' => $ra_roots
		233	);
		234	}
		235
115	daniel-mar	236	foreach (OIDplus::authUtils()::loggedInRaList() as $ra) {
		237	$ra_email = $ra->raEmail();
104	daniel-mar	238	$ra_roots = array();
		239
281	daniel-mar	240	foreach (OIDplus::getPagePlugins() as $plugin) {
		241	if (is_subclass_of($plugin, OIDplusPagePluginRa::class)) {
		242	$plugin->tree($ra_roots, $ra_email);
		243	}
104	daniel-mar	244	}
		245
		246	$ra_roots[] = array(
		247	'id' => 'oidplus:logout$'.$ra_email,
225	daniel-mar	248	'conditionalselect' => 'raLogout('.js_escape($ra_email).')', // defined in oidplus_base.js
241	daniel-mar	249	'icon' => OIDplus::webpath(__DIR__).'treeicon_logout.png',
355	daniel-mar	250	'text' => _L('Log out')
104	daniel-mar	251	);
		252	foreach (OIDplusObject::getRaRoots($ra_email) as $loc_root) {
		253	$ico = $loc_root->getIcon();
		254	$ra_roots[] = array(
		255	'id' => 'oidplus:raroot$'.$loc_root->nodeId(),
360	daniel-mar	256	'text' => _L('Jump to RA root %1',$loc_root->objectTypeTitleShort().' '.$loc_root->crudShowId(OIDplusObject::parse($loc_root::root()))),
110	daniel-mar	257	'conditionalselect' => 'openOidInPanel('.js_escape($loc_root->nodeId()).', true);',
241	daniel-mar	258	'icon' => !is_null($ico) ? $ico : OIDplus::webpath(__DIR__).'treeicon_link.png'
104	daniel-mar	259	);
		260	}
		261	$ra_email_or_name = (new OIDplusRA($ra_email))->raName();
		262	if ($ra_email_or_name == '') $ra_email_or_name = $ra_email;
		263	$loginChildren[] = array(
		264	'id' => 'oidplus:dummy$'.md5(rand()),
360	daniel-mar	265	'text' => _L('Logged in as %1',htmlentities($ra_email_or_name)),
241	daniel-mar	266	'icon' => OIDplus::webpath(__DIR__).'treeicon_ra.png',
104	daniel-mar	267	'conditionalselect' => 'false', // dummy node that can't be selected
		268	'state' => array("opened" => true),
		269	'children' => $ra_roots
		270	);
		271	}
		272
		273	$json[] = array(
		274	'id' => 'oidplus:login',
241	daniel-mar	275	'icon' => OIDplus::webpath(__DIR__).'treeicon_login.png',
355	daniel-mar	276	'text' => _L('Login'),
104	daniel-mar	277	'state' => array("opened" => count($loginChildren)>0),
		278	'children' => $loginChildren
		279	);
		280
		281	return true;
		282	}
108	daniel-mar	283
		284	public function tree_search($request) {
		285	return false;
		286	}
382	daniel-mar	287	}

Subversion Repositories oidplus

oidplus/trunk/plugins/publicPages/090_login/OIDplusPagePublicLogin.class.php – Rev 382