/etc/inc/authgui.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/authgui.inc @ 8eb2f33a

1	16513324	Holger Bauer	<?php
2			/* $Id$ */
3			/*
4	403a270e	Ermal Luçi	Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
5			All rights reserved.
6	16513324	Holger Bauer
7			Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
8			All rights reserved.
9
10			Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	523855b0	Scott Ullrich
37			pfSense_MODULE: authgui
38	16513324	Holger Bauer	*/
39
40	483e6de8	Scott Ullrich	include_once("auth.inc");
41	f5bdff7f	sullrich	include_once("priv.defs.inc");
42	6dc88d53	Ermal Luci	include_once("priv.inc");
43	16513324	Holger Bauer
44			/* We only support htpasswd backed HTTP Basic auth and session
45			* based backing methods at the moment.
46			* session_auth - this will use session based authentication and timeout
47	45ee90ed	Matthew Grooms	* htpasswd_backed - this uses the "standard" .htpasswd file
48			* passwd_backed - this will use the system passwd file in /etc
49			* radius_backed - this will allow you to use a radius server
50			* pam_backed - this uses the system's PAM facility .htpasswd file
51	16513324	Holger Bauer	*/
52
53	d97ab688	Matthew Grooms	//log_error("debug: FILE_NAME = {$_SERVER['REQUEST_URI']}");
54			//log_error("debug: FILE_NAME = {$_SERVER['SCRIPT_FILENAME']}");
55			//log_error("debug: SCRIPT_NAME = {$_SERVER['SCRIPT_NAME']}");
56
57	16513324	Holger Bauer	/* enable correct auth backend, default to htpasswd_backed */
58			$ldapcase = $config['system']['webgui']['backend'];
59	f5bdff7f	sullrich	switch($ldapcase) {
60	45ee90ed	Matthew Grooms	case ldap:
61			$backing_method="ldap_backed";
62			break;
63			case ldapother:
64			$backing_method="ldap_backed";
65			break;
66			default:
67	659fa7f2	Matthew Grooms	$backing_method="local_backed";
68	16513324	Holger Bauer	}
69
70			/* Authenticate user - exit if failed */
71	659fa7f2	Matthew Grooms	if (!session_auth($backing_method))
72	45ee90ed	Matthew Grooms	exit;
73
74			/*
75			* Once here, the user has authenticated with the web server.
76			* We give them access only to the appropriate pages based on
77			* the user or group privileges.
78			*/
79	403a270e	Ermal Luçi	$allowedpages = getAllowedPages($HTTP_SERVER_VARS['AUTH_USER']);
80	16513324	Holger Bauer
81	45ee90ed	Matthew Grooms	/*
82	403a270e	Ermal Luçi	* redirect to first allowed page if requesting a wrong url
83	45ee90ed	Matthew Grooms	*/
84	53b30505	sullrich	if (!isAllowedPage($_SERVER['SCRIPT_NAME'], $_SESSION['Username'])) {
85	403a270e	Ermal Luçi	if (count($allowedpages) > 0) {
86			$page = str_replace('*', '', $allowedpages[0]);
87			$_SESSION['Post_Login'] = true;
88	5c15e649	sullrich	require_once("functions.inc");
89	403a270e	Ermal Luçi	pfSenseHeader("/{$page}");
90			exit;
91			} else {
92			display_error_form("201", "No page assigned to this user! Click here to logout.");
93			exit;
94			}
95			} else
96			$_SESSION['Post_Login'] = true;
97	16513324	Holger Bauer
98	45ee90ed	Matthew Grooms	/*
99	d97ab688	Matthew Grooms	* redirect browsers post-login to avoid pages
100			* taking action in reponse to a POST request
101	45ee90ed	Matthew Grooms	*/
102	d97ab688	Matthew Grooms	if (!$_SESSION['Post_Login']) {
103	c9dddd59	sullrich	$_SESSION['Post_Login'] = true;
104	5c15e649	sullrich	require_once("functions.inc");
105	d97ab688	Matthew Grooms	pfSenseHeader($_SERVER['REQUEST_URI']);
106			exit;
107			}
108	16513324	Holger Bauer
109	45ee90ed	Matthew Grooms	/*
110			* determine if the user is allowed access to the requested page
111			*/
112	16513324	Holger Bauer	function display_error_form($http_code, $desc) {
113	45ee90ed	Matthew Grooms	global $config, $g;
114			$g['theme'] = $config['theme'];
115	16513324	Holger Bauer	if(isAjax()) {
116			echo "Error: {$http_code} Description: {$desc}";
117			return;
118			}
119
120			?>
121	45ee90ed	Matthew Grooms
122	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
123			"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
124			<html>
125	45ee90ed	Matthew Grooms	<head>
126			<script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
127			<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
128			<title><?=$http_code?></title>
129			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
130			<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
131			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
132			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
133			<?php else: ?>
134			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
135			<?php endif; ?>
136			<script type="text/javascript">
137			<!--
138			function page_load() {}
139			function clearError() {
140			if($('inputerrors'))
141			$('inputerrors').innerHTML='';
142			}
143			<?php
144			require("headjs.php");
145			echo getHeadJS();
146			?>
147			//-->
148			</script>
149			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
150			</head>
151			<body onload="page_load();">
152			<div id="errordesc">
153			<h1>&nbsp</h1>
154	403a270e	Ermal Luçi	<a href="/index.php?logout">
155	45ee90ed	Matthew Grooms	<p id="errortext" style="vertical-align: middle; text-align: center;">
156			<span style="color: #000000; font-weight: bold;">
157			<?=$desc;?>
158			</span>
159			</p>
160			</div>
161			</body>
162	16513324	Holger Bauer	</html>
163	45ee90ed	Matthew Grooms
164	16513324	Holger Bauer	<?php
165
166	45ee90ed	Matthew Grooms	} // end function
167	16513324	Holger Bauer
168
169			function display_login_form() {
170	45ee90ed	Matthew Grooms	require_once("globals.inc");
171			global $config, $g;
172			$g['theme'] = $config['theme'];
173
174			unset($input_errors);
175
176			if(isAjax()) {
177			if (isset($_POST['login'])) {
178			if($_SESSION['Logged_In'] <> "True") {
179			isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = "unknown reason";
180			echo "showajaxmessage('Invalid login ({$login_error}).');";
181			}
182			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
183			// TODO: add the IP from the user who did lock the device
184			$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
185			echo "showajaxmessage('This device is currently beeing maintained by: {$whom}.');";
186			}
187			}
188			exit;
189			}
190	16513324	Holger Bauer
191			?>
192	45ee90ed	Matthew Grooms
193	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
194			"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
195			<html>
196	45ee90ed	Matthew Grooms	<head>
197			<script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
198			<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
199	e7d9eea6	Bill Marquette	<script>document.observe('dom:loaded', function() { $('usernamefld').focus(); });</script>
200
201	45ee90ed	Matthew Grooms	<title><?=gettext("Login"); ?></title>
202			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
203			<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
204			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
205			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
206			<?php else: ?>
207			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
208			<?php endif; ?>
209			<script type="text/javascript">
210			<!--
211			function page_load() {}
212			function clearError() {
213			if($('inputerrors'))
214			$('inputerrors').innerHTML='';
215			}
216			<?php
217			require("headjs.php");
218			echo getHeadJS();
219			?>
220			//-->
221			</script>
222			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
223			</head>
224			<body onload="page_load()">
225			<div id="login">
226	d97ab688	Matthew Grooms	<form id="iform" name="login_iform" method="post" autocomplete="off" action="<?=$_SERVER['SCRIPT_NAME'];?>">
227	45ee90ed	Matthew Grooms	<h1></h1>
228			<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
229			<p>
230			<span style="text-align:left">
231			<?=gettext("Username"); ?>:<br>
232			<input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
233			</span>
234			</p>
235			<br>
236			<p>
237			<span style="text-align:left">
238			<?=gettext("Password"); ?>: <br>
239			<input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
240			</span>
241			</p>
242			<br>
243			<p>
244			<span style="text-align:center; font-weight: normal ; font-style: italic">
245			<?=gettext("Enter username and password to login."); ?>
246			</span>
247			</p>
248			<p>
249			<span style="text-align:center">
250			<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
251			</span>
252			</P>
253			</form>
254			</div>
255			</body>
256	16513324	Holger Bauer	</html>
257			<?php
258			} // end function
259
260	45ee90ed	Matthew Grooms	?>

Project

General

Profile

pfSense