/etc/inc/authgui.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/authgui.inc @ 3d77ec5d

1	16513324	Holger Bauer	<?php
2			/* $Id$ */
3			/*
4	403a270e	Ermal Luçi	Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
5			All rights reserved.
6	16513324	Holger Bauer
7			Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
8			All rights reserved.
9
10			Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	523855b0	Scott Ullrich
37			pfSense_MODULE: authgui
38	16513324	Holger Bauer	*/
39
40	483e6de8	Scott Ullrich	include_once("auth.inc");
41	6dc88d53	Ermal Luci	include_once("priv.inc");
42	16513324	Holger Bauer
43			/* Authenticate user - exit if failed */
44	6306b5dd	Ermal Lu?i	if (!session_auth()) {
45			display_login_form();
46	45ee90ed	Matthew Grooms	exit;
47	6306b5dd	Ermal Lu?i	}
48	45ee90ed	Matthew Grooms
49			/*
50			* Once here, the user has authenticated with the web server.
51			* We give them access only to the appropriate pages based on
52			* the user or group privileges.
53			*/
54	aa205c3b	Ermal	$allowedpages = getAllowedPages($_SESSION['Username']);
55	16513324	Holger Bauer
56	45ee90ed	Matthew Grooms	/*
57	403a270e	Ermal Luçi	* redirect to first allowed page if requesting a wrong url
58	45ee90ed	Matthew Grooms	*/
59	14f5f705	marcelloc	if (!isAllowedPage($_SERVER['REQUEST_URI'])) {
60	403a270e	Ermal Luçi	if (count($allowedpages) > 0) {
61			$page = str_replace('*', '', $allowedpages[0]);
62			$_SESSION['Post_Login'] = true;
63	5c15e649	sullrich	require_once("functions.inc");
64	403a270e	Ermal Luçi	pfSenseHeader("/{$page}");
65	0d4f348f	jim-p
66			$username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username'];
67			if (!empty($_SERVER['REMOTE_ADDR']))
68			$username .= '@' . $_SERVER['REMOTE_ADDR'];
69			log_error("{$username} attempted to access {$_SERVER['SCRIPT_NAME']} but does not have access to that page. Redirecting to {$page}.");
70
71	403a270e	Ermal Luçi	exit;
72			} else {
73	0b70d9f4	Carlos Eduardo Ramos	display_error_form("201", gettext("No page assigned to this user! Click here to logout."));
74	403a270e	Ermal Luçi	exit;
75			}
76			} else
77			$_SESSION['Post_Login'] = true;
78	16513324	Holger Bauer
79	45ee90ed	Matthew Grooms	/*
80	d97ab688	Matthew Grooms	* redirect browsers post-login to avoid pages
81			* taking action in reponse to a POST request
82	45ee90ed	Matthew Grooms	*/
83	d97ab688	Matthew Grooms	if (!$_SESSION['Post_Login']) {
84	c9dddd59	sullrich	$_SESSION['Post_Login'] = true;
85	5c15e649	sullrich	require_once("functions.inc");
86	d97ab688	Matthew Grooms	pfSenseHeader($_SERVER['REQUEST_URI']);
87			exit;
88			}
89	16513324	Holger Bauer
90	4111fcf5	Ermal	/*
91			* Close session data to allow other scripts from same host to come in.
92			* A session can be reactivated from calling session_start again
93			*/
94			session_commit();
95
96	45ee90ed	Matthew Grooms	/*
97			* determine if the user is allowed access to the requested page
98			*/
99	16513324	Holger Bauer	function display_error_form($http_code, $desc) {
100	45ee90ed	Matthew Grooms	global $config, $g;
101	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
102	16513324	Holger Bauer	if(isAjax()) {
103	addc0439	Renato Botelho	printf(gettext('Error: %1$s Description: %2$s'), $http_code, $desc);
104	16513324	Holger Bauer	return;
105			}
106
107			?>
108	45ee90ed	Matthew Grooms
109	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
110	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
111			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
112	45ee90ed	Matthew Grooms	<head>
113	d6159f76	Vinicius Coque	<script type="text/javascript" src="/javascript/jquery.js"></script>
114	45ee90ed	Matthew Grooms	<title><?=$http_code?></title>
115	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
116	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
117			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
118			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
119			<?php else: ?>
120			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
121			<?php endif; ?>
122			<script type="text/javascript">
123	52593da5	Colin Fleming	//<![CDATA[
124	45ee90ed	Matthew Grooms	function page_load() {}
125			function clearError() {
126	86cf3681	Vinicius Coque	if($('#inputerrors'))
127			$('#inputerrors').html('');
128	45ee90ed	Matthew Grooms	}
129			<?php
130			require("headjs.php");
131			echo getHeadJS();
132			?>
133	52593da5	Colin Fleming	//]]>
134	45ee90ed	Matthew Grooms	</script>
135			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
136			</head>
137			<body onload="page_load();">
138			<div id="errordesc">
139			<h1>&nbsp</h1>
140	403a270e	Ermal Luçi	<a href="/index.php?logout">
141	45ee90ed	Matthew Grooms	<p id="errortext" style="vertical-align: middle; text-align: center;">
142			<span style="color: #000000; font-weight: bold;">
143			<?=$desc;?>
144			</span>
145			</p>
146			</div>
147			</body>
148	16513324	Holger Bauer	</html>
149	45ee90ed	Matthew Grooms
150	16513324	Holger Bauer	<?php
151
152	45ee90ed	Matthew Grooms	} // end function
153	16513324	Holger Bauer
154
155			function display_login_form() {
156	45ee90ed	Matthew Grooms	require_once("globals.inc");
157			global $config, $g;
158	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
159	45ee90ed	Matthew Grooms
160			unset($input_errors);
161
162			if(isAjax()) {
163			if (isset($_POST['login'])) {
164			if($_SESSION['Logged_In'] <> "True") {
165	0b70d9f4	Carlos Eduardo Ramos	isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = gettext("unknown reason");
166	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("Invalid login (%s).") . "')", $login_error);
167	45ee90ed	Matthew Grooms	}
168			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
169			// TODO: add the IP from the user who did lock the device
170			$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
171	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("This device is currently being maintained by: %s.") . "');", $whom);
172	45ee90ed	Matthew Grooms	}
173			}
174			exit;
175			}
176	16513324	Holger Bauer
177	2003b5d8	jim-p	/* Check against locally configured IP addresses, which will catch when someone
178			port forwards WebGUI access from WAN to an internal IP on the router. */
179	6cfa23eb	Scott Ullrich	global $FilterIflist, $nifty_background;
180	2003b5d8	jim-p	$local_ip = false;
181			if(strstr($_SERVER['HTTP_HOST'], ":")) {
182			$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
183			$http_host = $http_host_port[0];
184			} else {
185			$http_host = $_SERVER['HTTP_HOST'];
186			}
187			if (empty($FilterIflist)) {
188			require_once('filter.inc');
189			require_once('shaper.inc');
190			filter_generate_optcfg_array();
191			}
192	f48d337f	Seth Mos	foreach ($FilterIflist as $iflist) {
193	2003b5d8	jim-p	if($iflist['ip'] == $http_host)
194			$local_ip = true;
195	f48d337f	Seth Mos	if($iflist['ipv6'] == $http_host)
196			$local_ip = true;
197			}
198	b13567f0	Ermal	unset($FilterIflist);
199
200	f48d337f	Seth Mos	if($config['virtualip']) {
201			if($config['virtualip']['vip']) {
202			foreach($config['virtualip']['vip'] as $vip) {
203	067e48ab	Scott Ullrich	if($vip['subnet'] == $http_host)
204			$local_ip = true;
205	f48d337f	Seth Mos	}
206			}
207			}
208	71034b51	Renato Botelho	if (is_array($config['openvpn']['openvpn-server'])) {
209			foreach ($config['openvpn']['openvpn-server'] as $ovpns) {
210			if (is_ipaddrv4($http_host) && !empty($ovpns['tunnel_network']) && ip_in_subnet($http_host, $ovpns['tunnel_network'])) {
211			$local_ip = true;
212			break;
213			}
214
215			if (is_ipaddrv6($http_host) && !empty($ovpns['tunnel_networkv6']) && ip_in_subnet($http_host, $ovpns['tunnel_networkv6'])) {
216			$local_ip = true;
217			break;
218			}
219			}
220			}
221	0041092c	jim-p	setcookie("cookie_test", time() + 3600);
222			$have_cookies = isset($_COOKIE["cookie_test"]);
223
224	16513324	Holger Bauer	?>
225	45ee90ed	Matthew Grooms
226	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
227	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
228			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
229	45ee90ed	Matthew Grooms	<head>
230	d6159f76	Vinicius Coque	<script type="text/javascript" src="/javascript/jquery.js"></script>
231	52593da5	Colin Fleming	<script type="text/javascript">
232			//<![CDATA[
233			$(document).ready(function() { jQuery('#usernamefld').focus(); });
234	1b209514	Phil Davis	//]]>
235	52593da5	Colin Fleming	</script>
236
237	45ee90ed	Matthew Grooms	<title><?=gettext("Login"); ?></title>
238	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
239	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
240			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
241			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
242			<?php else: ?>
243			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
244			<?php endif; ?>
245			<script type="text/javascript">
246	52593da5	Colin Fleming	//<![CDATA[
247	45ee90ed	Matthew Grooms	function page_load() {}
248			function clearError() {
249	86cf3681	Vinicius Coque	if($('#inputerrors'))
250			$('#inputerrors').html('');
251	45ee90ed	Matthew Grooms	}
252			<?php
253			require("headjs.php");
254			echo getHeadJS();
255			?>
256	52593da5	Colin Fleming	//]]>
257	45ee90ed	Matthew Grooms	</script>
258			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
259			</head>
260			<body onload="page_load()">
261			<div id="login">
262	f31489e5	Scott Ullrich	<?php
263	058bc2a8	Matt Smith	if(is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) {
264	f31489e5	Scott Ullrich	$nifty_background = "#999";
265	8cd558b6	ayvis	print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br /><br />If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
266	f31489e5	Scott Ullrich	}
267	08f30320	Renato Botelho	$loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"';
268	f31489e5	Scott Ullrich	?>
269	08f30320	Renato Botelho	<form id="iform" name="iform" method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
270	52593da5	Colin Fleming	<h1> </h1>
271	45ee90ed	Matthew Grooms	<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
272			<p>
273			<span style="text-align:left">
274	52593da5	Colin Fleming	<?=gettext("Username:"); ?><br />
275	45ee90ed	Matthew Grooms	<input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
276			</span>
277			</p>
278			<p>
279	52593da5	Colin Fleming	<br />
280	45ee90ed	Matthew Grooms	<span style="text-align:left">
281	52593da5	Colin Fleming	<?=gettext("Password:"); ?> <br />
282	14ad84bc	jim-p	<input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
283	45ee90ed	Matthew Grooms	</span>
284			</p>
285			<p>
286	52593da5	Colin Fleming	<br />
287	45ee90ed	Matthew Grooms	<span style="text-align:center; font-weight: normal ; font-style: italic">
288			<?=gettext("Enter username and password to login."); ?>
289			</span>
290	0041092c	jim-p
291	a3381369	Colin Fleming	<?php if (!$have_cookies && isset($_POST['login'])): ?>
292	8cd558b6	ayvis	<br /><br />
293	0041092c	jim-p	<span style="text-align:center; font-weight: normal ; font-style: italic; color: #ff0000">
294			<?= gettext("Your browser must support cookies to login."); ?>
295			</span>
296	a3381369	Colin Fleming	<?php endif; ?>
297	45ee90ed	Matthew Grooms	</p>
298			<p>
299			<span style="text-align:center">
300			<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
301			</span>
302	52593da5	Colin Fleming	</p>
303	45ee90ed	Matthew Grooms	</form>
304			</div>
305			</body>
306	16513324	Holger Bauer	</html>
307			<?php
308			} // end function
309
310	d6159f76	Vinicius Coque	?>

Project

General

Profile

pfSense