WebSVN – oidplus – Blame – /trunk/plugins/publicPages/090_login/OIDplusPagePublicLogin.class.php

Rev	Author	Line No.	Line
104	daniel-mar	1	<?php
		2
		3	/*
		4	* OIDplus 2.0
		5	* Copyright 2019 Daniel Marschall, ViaThinkSoft
		6	*
		7	* Licensed under the Apache License, Version 2.0 (the "License");
		8	* you may not use this file except in compliance with the License.
		9	* You may obtain a copy of the License at
		10	*
		11	* http://www.apache.org/licenses/LICENSE-2.0
		12	*
		13	* Unless required by applicable law or agreed to in writing, software
		14	* distributed under the License is distributed on an "AS IS" BASIS,
		15	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
		16	* See the License for the specific language governing permissions and
		17	* limitations under the License.
		18	*/
		19
256	daniel-mar	20	class OIDplusPagePublicLogin extends OIDplusPagePluginPublic {
104	daniel-mar	21
321	daniel-mar	22	public function action($actionID, $params) {
104	daniel-mar	23	// === RA LOGIN/LOGOUT ===
		24
321	daniel-mar	25	if ($actionID == 'ra_login') {
		26	$email = $params['email'];
119	daniel-mar	27	$ra = new OIDplusRA($email);
148	daniel-mar	28
261	daniel-mar	29	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
		30	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
321	daniel-mar	31	$response=$params["captcha"];
104	daniel-mar	32	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
		33	$captcha_success=json_decode($verify);
		34	if ($captcha_success->success==false) {
360	daniel-mar	35	throw new OIDplusException(_L('CAPTCHA not successfully verified'));
104	daniel-mar	36	}
		37	}
		38
321	daniel-mar	39	if ($ra->checkPassword($params['password'])) {
288	daniel-mar	40	OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged in");
119	daniel-mar	41	OIDplus::authUtils()::raLogin($email);
104	daniel-mar	42
264	daniel-mar	43	OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email));
104	daniel-mar	44
328	daniel-mar	45	return array("status" => 0);
104	daniel-mar	46	} else {
300	daniel-mar	47	if (OIDplus::config()->getValue('log_failed_ra_logins', false)) {
298	daniel-mar	48	if ($ra->existing()) {
		49	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (wrong password)");
		50	} else {
		51	OIDplus::logger()->log("[WARN]A!", "Failed login to RA account '$email' (RA not existing)");
		52	}
295	daniel-mar	53	}
355	daniel-mar	54	throw new OIDplusException(_L('Wrong password or user not registered'));
104	daniel-mar	55	}
150	daniel-mar	56
321	daniel-mar	57	} else if ($actionID == 'ra_logout') {
119	daniel-mar	58
321	daniel-mar	59	$email = $params['email'];
		60
288	daniel-mar	61	OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged out");
119	daniel-mar	62	OIDplus::authUtils()::raLogout($email);
328	daniel-mar	63	return array("status" => 0);
104	daniel-mar	64	}
		65
		66	// === ADMIN LOGIN/LOGOUT ===
		67
321	daniel-mar	68	else if ($actionID == 'admin_login') {
261	daniel-mar	69	if (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false)) {
		70	$secret=OIDplus::baseConfig()->getValue('RECAPTCHA_PRIVATE', '');
321	daniel-mar	71	$response=$params["captcha"];
104	daniel-mar	72	$verify=file_get_contents("https://www.google.com/recaptcha/api/siteverify?secret={$secret}&response={$response}");
		73	$captcha_success=json_decode($verify);
		74	if ($captcha_success->success==false) {
360	daniel-mar	75	throw new OIDplusException(_L('CAPTCHA not successfully verified'));
104	daniel-mar	76	}
		77	}
		78
321	daniel-mar	79	if (OIDplus::authUtils()::adminCheckPassword($params['password'])) {
288	daniel-mar	80	OIDplus::logger()->log("[OK]A!", "Admin logged in");
104	daniel-mar	81	OIDplus::authUtils()::adminLogin();
328	daniel-mar	82	return array("status" => 0);
104	daniel-mar	83	} else {
300	daniel-mar	84	if (OIDplus::config()->getValue('log_failed_admin_logins', false)) {
298	daniel-mar	85	OIDplus::logger()->log("[WARN]A!", "Failed login to admin account");
		86	}
360	daniel-mar	87	throw new OIDplusException(_L('Wrong password'));
104	daniel-mar	88	}
		89	}
321	daniel-mar	90	else if ($actionID == 'admin_logout') {
288	daniel-mar	91	OIDplus::logger()->log("[OK]A!", "Admin logged out");
104	daniel-mar	92	OIDplus::authUtils()::adminLogout();
328	daniel-mar	93	return array("status" => 0);
104	daniel-mar	94	}
321	daniel-mar	95	else {
360	daniel-mar	96	throw new OIDplusException(_L('Unknown action ID'));
321	daniel-mar	97	}
104	daniel-mar	98	}
		99
		100	public function init($html=true) {
295	daniel-mar	101	OIDplus::config()->prepareConfigKey('log_failed_ra_logins', 'Log failed RA logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		102	if (!is_numeric($value) \|\| (($value != 0) && (($value != 1)))) {
360	daniel-mar	103	throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).'));
295	daniel-mar	104	}
		105	});
		106	OIDplus::config()->prepareConfigKey('log_failed_admin_logins', 'Log failed Admin logins', '0', OIDplusConfig::PROTECTION_EDITABLE, function($value) {
		107	if (!is_numeric($value) \|\| (($value != 0) && (($value != 1)))) {
360	daniel-mar	108	throw new OIDplusException(_L('Valid values: 0 (off) or 1 (on).'));
295	daniel-mar	109	}
		110	});
104	daniel-mar	111	}
		112
		113	public function gui($id, &$out, &$handled) {
382	daniel-mar	114	$ary = explode('$', $id);
		115	if (isset($ary[1])) {
		116	$id = $ary[0];
		117	$tab = $ary[1];
		118	} else {
		119	$tab = 'ra';
		120	}
104	daniel-mar	121	if ($id === 'oidplus:login') {
		122	$handled = true;
360	daniel-mar	123	$out['title'] = _L('Login');
241	daniel-mar	124	$out['icon'] = OIDplus::webpath(__DIR__).'login_big.png';
104	daniel-mar	125
		126	$out['text'] .= '<noscript>';
355	daniel-mar	127	$out['text'] .= '<p>'._L('You need to enable JavaScript to use the login area.').'</p>';
104	daniel-mar	128	$out['text'] .= '</noscript>';
		129
219	daniel-mar	130	$out['text'] .= '<div id="loginArea" style="visibility: hidden"><div id="loginTab" class="container" style="width:100%;">';
261	daniel-mar	131	$out['text'] .= (OIDplus::baseConfig()->getValue('RECAPTCHA_ENABLED', false) ?
		132	'<script> grecaptcha.render(document.getElementById("g-recaptcha"), { "sitekey" : "'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'" }); </script>'.
360	daniel-mar	133	'<p>'._L('Before logging in, please solve the following CAPTCHA').'</p>'.
		134	'<div id="g-recaptcha" class="g-recaptcha" data-sitekey="'.OIDplus::baseConfig()->getValue('RECAPTCHA_PUBLIC', '').'"></div>' : '');
104	daniel-mar	135	$out['text'] .= '<br>';
		136
420	daniel-mar	137	// ---------------- Tab control
		138	$out['text'] .= OIDplus::gui()->tabBarStart();
		139	$out['text'] .= OIDplus::gui()->tabBarElement('ra', _L('Login as RA'), $tab === 'ra');
		140	$out['text'] .= OIDplus::gui()->tabBarElement('admin', _L('Login as administrator'), $tab === 'admin');
		141	$out['text'] .= OIDplus::gui()->tabBarEnd();
		142	$out['text'] .= OIDplus::gui()->tabContentStart();
		143	// ---------------- "RA" tab
		144	$tabcont = '<h2>'._L('Login as RA').'</h2>';
104	daniel-mar	145	$login_list = OIDplus::authUtils()->loggedInRaList();
		146	if (count($login_list) > 0) {
115	daniel-mar	147	foreach ($login_list as $x) {
420	daniel-mar	148	$tabcont .= '<p>'._L('You are logged in as %1','<b>'.$x->raEmail().'</b>').' (<a href="#" onclick="return raLogout('.js_escape($x->raEmail()).');">'._L('Logout').'</a>)</p>';
104	daniel-mar	149	}
420	daniel-mar	150	$tabcont .= '<p>'._L('If you have more accounts, you can log in with another account here.').'</p>';
104	daniel-mar	151	} else {
420	daniel-mar	152	$tabcont .= '<p>'._L('Enter your email address and your password to log in as Registration Authority.').'</p>';
104	daniel-mar	153	}
420	daniel-mar	154	$tabcont .= '<form onsubmit="return raLoginOnSubmit(this);">';
		155	$tabcont .= '<div><label class="padding_label">'._L('E-Mail').':</label><input type="text" name="email" value="" id="raLoginEMail"></div>';
		156	$tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="raLoginPassword"></div>';
		157	$tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
		158	$tabcont .= '</form>';
		159	$tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password').'>'._L('Forgot password?').'</a><br>';
104	daniel-mar	160
380	daniel-mar	161	$invitePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.2.92'); // OIDplusPageRaInvite
		162	if (!is_null($invitePlugin) && OIDplus::config()->getValue('ra_invitation_enabled')) {
420	daniel-mar	163	$tabcont .= '<abbr title="'._L('To receive login data, the superior RA needs to send you an invitation. After creating or updating your OID, the system will ask them if they want to send you an invitation. If they accept, you will receive an email with an activation link. Alternatively, the system admin can create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>';
156	daniel-mar	164	} else {
420	daniel-mar	165	$tabcont .= '<abbr title="'._L('Since invitations are disabled at this OIDplus system, the system administrator needs to create your account manually in the administrator control panel.').'">'._L('How to register?').'</abbr></p>';
156	daniel-mar	166	}
420	daniel-mar	167	$out['text'] .= OIDplus::gui()->tabContentPage('ra', $tabcont, $tab === 'ra');
		168	// ---------------- "Administrator" tab
		169	$tabcont = '<h2>'._L('Login as administrator').'</h2>';
104	daniel-mar	170	if (OIDplus::authUtils()::isAdminLoggedIn()) {
420	daniel-mar	171	$tabcont .= '<p>'._L('You are logged in as administrator.').'</p>';
		172	$tabcont .= '<a href="#" onclick="return adminLogout();">'._L('Logout').'</a>';
104	daniel-mar	173	} else {
420	daniel-mar	174	$tabcont .= '<form onsubmit="return adminLoginOnSubmit(this);">';
		175	$tabcont .= '<div><label class="padding_label">'._L('Password').':</label><input type="password" name="password" value="" id="adminLoginPassword"></div>';
		176	$tabcont .= '<br><input type="submit" value="'._L('Login').'"><br><br>';
		177	$tabcont .= '</form>';
		178	$tabcont .= '<p><a '.OIDplus::gui()->link('oidplus:forgot_password_admin').'>'._L('Forgot password?').'</a><br>';
104	daniel-mar	179	}
420	daniel-mar	180	$out['text'] .= OIDplus::gui()->tabContentPage('admin', $tabcont, $tab === 'admin');
		181	$out['text'] .= OIDplus::gui()->tabContentEnd();
		182	// ---------------- Tab control END
104	daniel-mar	183
420	daniel-mar	184	$out['text'] .= '</div><br>';
		185
360	daniel-mar	186	$mins = ceil(OIDplus::baseConfig()->getValue('SESSION_LIFETIME', 30*60)/60);
		187	$out['text'] .= '<p><font size="-1">'._L('<i>Privacy information</i>: By using the login functionality, you are accepting that a "session cookie" is temporarily stored in your browser. The session cookie is a small text file that is sent to this website every time you visit it, to identify you as an already logged in user. It does not track any of your online activities outside OIDplus. The cookie will be destroyed when you log out or after an inactivity of %1 minutes.', $mins);
296	daniel-mar	188	$privacy_document_file = 'OIDplus/privacy_documentation.html';
380	daniel-mar	189	$resourcePlugin = OIDplus::getPluginByOid('1.3.6.1.4.1.37476.2.5.2.4.1.500'); // OIDplusPagePublicResources
		190	if (!is_null($resourcePlugin) && file_exists(OIDplus::basePath().'/res/'.$privacy_document_file)) {
360	daniel-mar	191	$out['text'] .= ' <a '.OIDplus::gui()->link('oidplus:resources$'.$privacy_document_file.'$'.OIDplus::authUtils()::makeAuthKey("resources;".$privacy_document_file).'#cookies').'>'._L('More information about the cookies used').'</a>';
219	daniel-mar	192	}
		193	$out['text'] .= '</font></p></div>';
107	daniel-mar	194
		195	$out['text'] .= '<script>document.getElementById("loginArea").style.visibility = "visible";</script>';
104	daniel-mar	196	}
		197	}
295	daniel-mar	198
282	daniel-mar	199	public function publicSitemap(&$out) {
360	daniel-mar	200	$out[] = 'oidplus:login';
282	daniel-mar	201	}
104	daniel-mar	202
106	daniel-mar	203	public function tree(&$json, $ra_email=null, $nonjs=false, $req_goto='') {
104	daniel-mar	204	$loginChildren = array();
		205
		206	if (OIDplus::authUtils()::isAdminLoggedIn()) {
		207	$ra_roots = array();
		208
281	daniel-mar	209	foreach (OIDplus::getPagePlugins() as $plugin) {
		210	if (is_subclass_of($plugin, OIDplusPagePluginAdmin::class)) {
		211	$plugin->tree($ra_roots);
		212	}
104	daniel-mar	213	}
		214
		215	$ra_roots[] = array(
		216	'id' => 'oidplus:logout$admin',
241	daniel-mar	217	'icon' => OIDplus::webpath(__DIR__).'treeicon_logout.png',
225	daniel-mar	218	'conditionalselect' => 'adminLogout()', // defined in oidplus_base.js
355	daniel-mar	219	'text' => _L('Log out')
104	daniel-mar	220	);
		221	$loginChildren[] = array(
		222	'id' => 'oidplus:dummy$'.md5(rand()),
355	daniel-mar	223	'text' => _L("Logged in as admin"),
241	daniel-mar	224	'icon' => OIDplus::webpath(__DIR__).'treeicon_admin.png',
104	daniel-mar	225	'conditionalselect' => 'false', // dummy node that can't be selected
		226	'state' => array("opened" => true),
		227	'children' => $ra_roots
		228	);
		229	}
		230
115	daniel-mar	231	foreach (OIDplus::authUtils()::loggedInRaList() as $ra) {
		232	$ra_email = $ra->raEmail();
104	daniel-mar	233	$ra_roots = array();
		234
281	daniel-mar	235	foreach (OIDplus::getPagePlugins() as $plugin) {
		236	if (is_subclass_of($plugin, OIDplusPagePluginRa::class)) {
		237	$plugin->tree($ra_roots, $ra_email);
		238	}
104	daniel-mar	239	}
		240
		241	$ra_roots[] = array(
		242	'id' => 'oidplus:logout$'.$ra_email,
225	daniel-mar	243	'conditionalselect' => 'raLogout('.js_escape($ra_email).')', // defined in oidplus_base.js
241	daniel-mar	244	'icon' => OIDplus::webpath(__DIR__).'treeicon_logout.png',
355	daniel-mar	245	'text' => _L('Log out')
104	daniel-mar	246	);
		247	foreach (OIDplusObject::getRaRoots($ra_email) as $loc_root) {
		248	$ico = $loc_root->getIcon();
		249	$ra_roots[] = array(
		250	'id' => 'oidplus:raroot$'.$loc_root->nodeId(),
360	daniel-mar	251	'text' => _L('Jump to RA root %1',$loc_root->objectTypeTitleShort().' '.$loc_root->crudShowId(OIDplusObject::parse($loc_root::root()))),
110	daniel-mar	252	'conditionalselect' => 'openOidInPanel('.js_escape($loc_root->nodeId()).', true);',
241	daniel-mar	253	'icon' => !is_null($ico) ? $ico : OIDplus::webpath(__DIR__).'treeicon_link.png'
104	daniel-mar	254	);
		255	}
		256	$ra_email_or_name = (new OIDplusRA($ra_email))->raName();
		257	if ($ra_email_or_name == '') $ra_email_or_name = $ra_email;
		258	$loginChildren[] = array(
		259	'id' => 'oidplus:dummy$'.md5(rand()),
360	daniel-mar	260	'text' => _L('Logged in as %1',htmlentities($ra_email_or_name)),
241	daniel-mar	261	'icon' => OIDplus::webpath(__DIR__).'treeicon_ra.png',
104	daniel-mar	262	'conditionalselect' => 'false', // dummy node that can't be selected
		263	'state' => array("opened" => true),
		264	'children' => $ra_roots
		265	);
		266	}
		267
		268	$json[] = array(
		269	'id' => 'oidplus:login',
241	daniel-mar	270	'icon' => OIDplus::webpath(__DIR__).'treeicon_login.png',
355	daniel-mar	271	'text' => _L('Login'),
104	daniel-mar	272	'state' => array("opened" => count($loginChildren)>0),
		273	'children' => $loginChildren
		274	);
		275
		276	return true;
		277	}
108	daniel-mar	278
		279	public function tree_search($request) {
		280	return false;
		281	}
382	daniel-mar	282	}

Subversion Repositories oidplus

oidplus/trunk/plugins/publicPages/090_login/OIDplusPagePublicLogin.class.php @ 511 – Rev 420