/etc/inc/authgui.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/authgui.inc @ 31cf5a93

1	16513324	Holger Bauer	<?php
2			/* $Id$ */
3			/*
4	403a270e	Ermal Luçi	Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
5			All rights reserved.
6	16513324	Holger Bauer
7	6317d31d	Phil Davis	Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
8			All rights reserved.
9	16513324	Holger Bauer
10	6317d31d	Phil Davis	Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12	16513324	Holger Bauer
13	6317d31d	Phil Davis	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15	16513324	Holger Bauer
16	6317d31d	Phil Davis	Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18	16513324	Holger Bauer
19	6317d31d	Phil Davis	1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21	16513324	Holger Bauer
22	6317d31d	Phil Davis	2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25	16513324	Holger Bauer
26	6317d31d	Phil Davis	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	523855b0	Scott Ullrich
37	6317d31d	Phil Davis	pfSense_MODULE: authgui
38	16513324	Holger Bauer	*/
39
40	483e6de8	Scott Ullrich	include_once("auth.inc");
41	6dc88d53	Ermal Luci	include_once("priv.inc");
42	cb054444	Ermal LUÇI	if (!function_exists('platform_booting'))
43			require_once('globals.inc');
44	16513324	Holger Bauer
45			/* Authenticate user - exit if failed */
46	6306b5dd	Ermal Lu?i	if (!session_auth()) {
47			display_login_form();
48	45ee90ed	Matthew Grooms	exit;
49	6306b5dd	Ermal Lu?i	}
50	45ee90ed	Matthew Grooms
51			/*
52			* Once here, the user has authenticated with the web server.
53			* We give them access only to the appropriate pages based on
54			* the user or group privileges.
55			*/
56	aa205c3b	Ermal	$allowedpages = getAllowedPages($_SESSION['Username']);
57	16513324	Holger Bauer
58	45ee90ed	Matthew Grooms	/*
59	403a270e	Ermal Luçi	* redirect to first allowed page if requesting a wrong url
60	45ee90ed	Matthew Grooms	*/
61	14f5f705	marcelloc	if (!isAllowedPage($_SERVER['REQUEST_URI'])) {
62	403a270e	Ermal Luçi	if (count($allowedpages) > 0) {
63			$page = str_replace('*', '', $allowedpages[0]);
64			$_SESSION['Post_Login'] = true;
65	5c15e649	sullrich	require_once("functions.inc");
66	403a270e	Ermal Luçi	pfSenseHeader("/{$page}");
67	0d4f348f	jim-p
68			$username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username'];
69			if (!empty($_SERVER['REMOTE_ADDR']))
70			$username .= '@' . $_SERVER['REMOTE_ADDR'];
71			log_error("{$username} attempted to access {$_SERVER['SCRIPT_NAME']} but does not have access to that page. Redirecting to {$page}.");
72
73	403a270e	Ermal Luçi	exit;
74			} else {
75	0b70d9f4	Carlos Eduardo Ramos	display_error_form("201", gettext("No page assigned to this user! Click here to logout."));
76	403a270e	Ermal Luçi	exit;
77			}
78			} else
79			$_SESSION['Post_Login'] = true;
80	16513324	Holger Bauer
81	45ee90ed	Matthew Grooms	/*
82	d97ab688	Matthew Grooms	* redirect browsers post-login to avoid pages
83			* taking action in reponse to a POST request
84	45ee90ed	Matthew Grooms	*/
85	d97ab688	Matthew Grooms	if (!$_SESSION['Post_Login']) {
86	c9dddd59	sullrich	$_SESSION['Post_Login'] = true;
87	5c15e649	sullrich	require_once("functions.inc");
88	d97ab688	Matthew Grooms	pfSenseHeader($_SERVER['REQUEST_URI']);
89			exit;
90			}
91	16513324	Holger Bauer
92	4111fcf5	Ermal	/*
93			* Close session data to allow other scripts from same host to come in.
94			* A session can be reactivated from calling session_start again
95			*/
96			session_commit();
97
98	45ee90ed	Matthew Grooms	/*
99			* determine if the user is allowed access to the requested page
100			*/
101	16513324	Holger Bauer	function display_error_form($http_code, $desc) {
102	45ee90ed	Matthew Grooms	global $config, $g;
103	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
104	16513324	Holger Bauer	if(isAjax()) {
105	addc0439	Renato Botelho	printf(gettext('Error: %1$s Description: %2$s'), $http_code, $desc);
106	16513324	Holger Bauer	return;
107			}
108
109			?>
110	45ee90ed	Matthew Grooms
111	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
112	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
113			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
114	45ee90ed	Matthew Grooms	<head>
115	24395438	Renato Botelho	<script type="text/javascript" src="/javascript/jquery-1.11.1.min.js"></script>
116			<script type="text/javascript" src="/javascript/jquery-migrate-1.2.1.min.js"></script>
117	45ee90ed	Matthew Grooms	<title><?=$http_code?></title>
118	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
119	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
120			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
121			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
122			<?php else: ?>
123			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
124			<?php endif; ?>
125			<script type="text/javascript">
126	52593da5	Colin Fleming	//<![CDATA[
127	45ee90ed	Matthew Grooms	function page_load() {}
128			function clearError() {
129	86cf3681	Vinicius Coque	if($('#inputerrors'))
130			$('#inputerrors').html('');
131	45ee90ed	Matthew Grooms	}
132			<?php
133			require("headjs.php");
134			echo getHeadJS();
135			?>
136	52593da5	Colin Fleming	//]]>
137	45ee90ed	Matthew Grooms	</script>
138			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
139			</head>
140			<body onload="page_load();">
141			<div id="errordesc">
142			<h1>&nbsp</h1>
143	403a270e	Ermal Luçi	<a href="/index.php?logout">
144	45ee90ed	Matthew Grooms	<p id="errortext" style="vertical-align: middle; text-align: center;">
145			<span style="color: #000000; font-weight: bold;">
146			<?=$desc;?>
147			</span>
148			</p>
149			</div>
150			</body>
151	16513324	Holger Bauer	</html>
152	45ee90ed	Matthew Grooms
153	16513324	Holger Bauer	<?php
154
155	45ee90ed	Matthew Grooms	} // end function
156	16513324	Holger Bauer
157
158			function display_login_form() {
159	45ee90ed	Matthew Grooms	require_once("globals.inc");
160			global $config, $g;
161	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
162	45ee90ed	Matthew Grooms
163			unset($input_errors);
164
165			if(isAjax()) {
166			if (isset($_POST['login'])) {
167			if($_SESSION['Logged_In'] <> "True") {
168	0b70d9f4	Carlos Eduardo Ramos	isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = gettext("unknown reason");
169	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("Invalid login (%s).") . "')", $login_error);
170	45ee90ed	Matthew Grooms	}
171			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
172			// TODO: add the IP from the user who did lock the device
173			$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
174	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("This device is currently being maintained by: %s.") . "');", $whom);
175	45ee90ed	Matthew Grooms	}
176			}
177			exit;
178			}
179	16513324	Holger Bauer
180	2003b5d8	jim-p	/* Check against locally configured IP addresses, which will catch when someone
181			port forwards WebGUI access from WAN to an internal IP on the router. */
182	6cfa23eb	Scott Ullrich	global $FilterIflist, $nifty_background;
183	2003b5d8	jim-p	$local_ip = false;
184	1fb55001	Ermal LUÇI	if (strpos($_SERVER['HTTP_HOST'], ":") === FALSE) {
185	2003b5d8	jim-p	$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
186			$http_host = $http_host_port[0];
187			} else {
188			$http_host = $_SERVER['HTTP_HOST'];
189			}
190			if (empty($FilterIflist)) {
191			require_once('filter.inc');
192			require_once('shaper.inc');
193			filter_generate_optcfg_array();
194			}
195	f48d337f	Seth Mos	foreach ($FilterIflist as $iflist) {
196	1fb55001	Ermal LUÇI	if ($iflist['ip'] == $http_host)
197	2003b5d8	jim-p	$local_ip = true;
198	1fb55001	Ermal LUÇI	else if ($iflist['ipv6'] == $http_host)
199	f48d337f	Seth Mos	$local_ip = true;
200	1fb55001	Ermal LUÇI	else if (is_array($iflist['vips'])) {
201			foreach ($iflist['vips'] as $vip) {
202			if ($vip['ip'] == $http_host) {
203	067e48ab	Scott Ullrich	$local_ip = true;
204	1fb55001	Ermal LUÇI	break;
205			}
206	f48d337f	Seth Mos	}
207	1fb55001	Ermal LUÇI	unset($vip);
208	f48d337f	Seth Mos	}
209	1fb55001	Ermal LUÇI	if ($local_ip == true)
210			break;
211	f48d337f	Seth Mos	}
212	1fb55001	Ermal LUÇI	unset($FilterIflist);
213			unset($iflist);
214
215	02156b4b	Ermal LUÇI	if ($local_ip == false) {
216			if (is_array($config['openvpn']['openvpn-server'])) {
217			foreach ($config['openvpn']['openvpn-server'] as $ovpns) {
218			if (is_ipaddrv4($http_host) && !empty($ovpns['tunnel_network']) && ip_in_subnet($http_host, $ovpns['tunnel_network'])) {
219			$local_ip = true;
220			} else if (is_ipaddrv6($http_host) && !empty($ovpns['tunnel_networkv6']) && ip_in_subnet($http_host, $ovpns['tunnel_networkv6'])) {
221			$local_ip = true;
222			}
223			if ($local_ip == true)
224			break;
225	71034b51	Renato Botelho	}
226			}
227			}
228	0041092c	jim-p
229	16513324	Holger Bauer	?>
230	45ee90ed	Matthew Grooms
231	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
232	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
233			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
234	45ee90ed	Matthew Grooms	<head>
235	24395438	Renato Botelho	<script type="text/javascript" src="/javascript/jquery-1.11.1.min.js"></script>
236			<script type="text/javascript" src="/javascript/jquery-migrate-1.2.1.min.js"></script>
237	52593da5	Colin Fleming	<script type="text/javascript">
238			//<![CDATA[
239			$(document).ready(function() { jQuery('#usernamefld').focus(); });
240	1b209514	Phil Davis	//]]>
241	52593da5	Colin Fleming	</script>
242
243	45ee90ed	Matthew Grooms	<title><?=gettext("Login"); ?></title>
244	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
245	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
246			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
247			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
248			<?php else: ?>
249			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
250			<?php endif; ?>
251			<script type="text/javascript">
252	52593da5	Colin Fleming	//<![CDATA[
253	45ee90ed	Matthew Grooms	function page_load() {}
254			function clearError() {
255	86cf3681	Vinicius Coque	if($('#inputerrors'))
256			$('#inputerrors').html('');
257	45ee90ed	Matthew Grooms	}
258			<?php
259			require("headjs.php");
260			echo getHeadJS();
261			?>
262	52593da5	Colin Fleming	//]]>
263	45ee90ed	Matthew Grooms	</script>
264			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
265			</head>
266			<body onload="page_load()">
267			<div id="login">
268	f31489e5	Scott Ullrich	<?php
269	058bc2a8	Matt Smith	if(is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) {
270	f31489e5	Scott Ullrich	$nifty_background = "#999";
271	8cd558b6	ayvis	print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br /><br />If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
272	f31489e5	Scott Ullrich	}
273	08f30320	Renato Botelho	$loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"';
274	f31489e5	Scott Ullrich	?>
275	08f30320	Renato Botelho	<form id="iform" name="iform" method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
276	52593da5	Colin Fleming	<h1> </h1>
277	45ee90ed	Matthew Grooms	<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
278			<p>
279			<span style="text-align:left">
280	52593da5	Colin Fleming	<?=gettext("Username:"); ?><br />
281	45ee90ed	Matthew Grooms	<input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
282			</span>
283			</p>
284			<p>
285	52593da5	Colin Fleming	<br />
286	45ee90ed	Matthew Grooms	<span style="text-align:left">
287	52593da5	Colin Fleming	<?=gettext("Password:"); ?> <br />
288	14ad84bc	jim-p	<input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
289	45ee90ed	Matthew Grooms	</span>
290			</p>
291			<p>
292	52593da5	Colin Fleming	<br />
293	45ee90ed	Matthew Grooms	<span style="text-align:center; font-weight: normal ; font-style: italic">
294			<?=gettext("Enter username and password to login."); ?>
295			</span>
296	0041092c	jim-p
297	a980b284	Renato Botelho	<span style="text-align:center; font-weight: normal ; font-style: italic; color: #ff0000; display:none" id="no_cookies">
298			<br /><br />
299	0041092c	jim-p	<?= gettext("Your browser must support cookies to login."); ?>
300			</span>
301	a980b284	Renato Botelho	</p>
302	45ee90ed	Matthew Grooms	<p>
303			<span style="text-align:center">
304			<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
305			</span>
306	52593da5	Colin Fleming	</p>
307	45ee90ed	Matthew Grooms	</form>
308			</div>
309	a980b284	Renato Botelho	<script type="text/javascript">
310			//<![CDATA[
311			document.cookie=
312			"cookie_test=1" +
313			"<?php echo $config['system']['webgui']['protocol'] == 'https' ? '; secure' : '';?>";
314
315			if (document.cookie.indexOf("cookie_test") == -1)
316			document.getElementById("no_cookies").style.display="";
317
318			// Delete it
319			document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
320			//]]>
321			</script>
322	45ee90ed	Matthew Grooms	</body>
323	16513324	Holger Bauer	</html>
324			<?php
325			} // end function
326
327	d6159f76	Vinicius Coque	?>

Project

General

Profile

pfSense