/etc/inc/authgui.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/authgui.inc @ b473da5f

1	16513324	Holger Bauer	<?php
2			/* $Id$ */
3			/*
4	403a270e	Ermal Luçi	Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
5			All rights reserved.
6	16513324	Holger Bauer
7			Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
8			All rights reserved.
9
10			Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12
13			Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15
16			Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18
19			1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21
22			2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25
26			THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	523855b0	Scott Ullrich
37			pfSense_MODULE: authgui
38	16513324	Holger Bauer	*/
39
40	483e6de8	Scott Ullrich	include_once("auth.inc");
41	6dc88d53	Ermal Luci	include_once("priv.inc");
42	16513324	Holger Bauer
43			/* Authenticate user - exit if failed */
44	6306b5dd	Ermal Lu?i	if (!session_auth()) {
45			display_login_form();
46	45ee90ed	Matthew Grooms	exit;
47	6306b5dd	Ermal Lu?i	}
48	45ee90ed	Matthew Grooms
49			/*
50			* Once here, the user has authenticated with the web server.
51			* We give them access only to the appropriate pages based on
52			* the user or group privileges.
53			*/
54	403a270e	Ermal Luçi	$allowedpages = getAllowedPages($HTTP_SERVER_VARS['AUTH_USER']);
55	16513324	Holger Bauer
56	45ee90ed	Matthew Grooms	/*
57	403a270e	Ermal Luçi	* redirect to first allowed page if requesting a wrong url
58	45ee90ed	Matthew Grooms	*/
59	d2c89b62	jim-p	if (!isAllowedPage($_SERVER['SCRIPT_NAME'])) {
60	403a270e	Ermal Luçi	if (count($allowedpages) > 0) {
61			$page = str_replace('*', '', $allowedpages[0]);
62			$_SESSION['Post_Login'] = true;
63	5c15e649	sullrich	require_once("functions.inc");
64	403a270e	Ermal Luçi	pfSenseHeader("/{$page}");
65			exit;
66			} else {
67			display_error_form("201", "No page assigned to this user! Click here to logout.");
68			exit;
69			}
70			} else
71			$_SESSION['Post_Login'] = true;
72	16513324	Holger Bauer
73	45ee90ed	Matthew Grooms	/*
74	d97ab688	Matthew Grooms	* redirect browsers post-login to avoid pages
75			* taking action in reponse to a POST request
76	45ee90ed	Matthew Grooms	*/
77	d97ab688	Matthew Grooms	if (!$_SESSION['Post_Login']) {
78	c9dddd59	sullrich	$_SESSION['Post_Login'] = true;
79	5c15e649	sullrich	require_once("functions.inc");
80	d97ab688	Matthew Grooms	pfSenseHeader($_SERVER['REQUEST_URI']);
81			exit;
82			}
83	16513324	Holger Bauer
84	45ee90ed	Matthew Grooms	/*
85			* determine if the user is allowed access to the requested page
86			*/
87	16513324	Holger Bauer	function display_error_form($http_code, $desc) {
88	45ee90ed	Matthew Grooms	global $config, $g;
89			$g['theme'] = $config['theme'];
90	16513324	Holger Bauer	if(isAjax()) {
91			echo "Error: {$http_code} Description: {$desc}";
92			return;
93			}
94
95			?>
96	45ee90ed	Matthew Grooms
97	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
98			"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
99			<html>
100	45ee90ed	Matthew Grooms	<head>
101			<script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
102			<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
103			<title><?=$http_code?></title>
104			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
105			<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
106			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
107			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
108			<?php else: ?>
109			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
110			<?php endif; ?>
111			<script type="text/javascript">
112			<!--
113			function page_load() {}
114			function clearError() {
115			if($('inputerrors'))
116			$('inputerrors').innerHTML='';
117			}
118			<?php
119			require("headjs.php");
120			echo getHeadJS();
121			?>
122			//-->
123			</script>
124			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
125			</head>
126			<body onload="page_load();">
127			<div id="errordesc">
128			<h1>&nbsp</h1>
129	403a270e	Ermal Luçi	<a href="/index.php?logout">
130	45ee90ed	Matthew Grooms	<p id="errortext" style="vertical-align: middle; text-align: center;">
131			<span style="color: #000000; font-weight: bold;">
132			<?=$desc;?>
133			</span>
134			</p>
135			</div>
136			</body>
137	16513324	Holger Bauer	</html>
138	45ee90ed	Matthew Grooms
139	16513324	Holger Bauer	<?php
140
141	45ee90ed	Matthew Grooms	} // end function
142	16513324	Holger Bauer
143
144			function display_login_form() {
145	45ee90ed	Matthew Grooms	require_once("globals.inc");
146			global $config, $g;
147			$g['theme'] = $config['theme'];
148
149			unset($input_errors);
150
151			if(isAjax()) {
152			if (isset($_POST['login'])) {
153			if($_SESSION['Logged_In'] <> "True") {
154			isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = "unknown reason";
155			echo "showajaxmessage('Invalid login ({$login_error}).');";
156			}
157			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
158			// TODO: add the IP from the user who did lock the device
159			$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
160	28436d13	Erik Fonnesbeck	echo "showajaxmessage('This device is currently being maintained by: {$whom}.');";
161	45ee90ed	Matthew Grooms	}
162			}
163			exit;
164			}
165	16513324	Holger Bauer
166	2003b5d8	jim-p	/* Check against locally configured IP addresses, which will catch when someone
167			port forwards WebGUI access from WAN to an internal IP on the router. */
168	6cfa23eb	Scott Ullrich	global $FilterIflist, $nifty_background;
169	2003b5d8	jim-p	$local_ip = false;
170			if(strstr($_SERVER['HTTP_HOST'], ":")) {
171			$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
172			$http_host = $http_host_port[0];
173			} else {
174			$http_host = $_SERVER['HTTP_HOST'];
175			}
176			if (empty($FilterIflist)) {
177			require_once('filter.inc');
178			require_once('shaper.inc');
179			filter_generate_optcfg_array();
180			}
181			foreach ($FilterIflist as $iflist)
182			if($iflist['ip'] == $http_host)
183			$local_ip = true;
184	067e48ab	Scott Ullrich	if($config['virtualip'])
185			if($config['virtualip']['vip'])
186			foreach($config['virtualip']['vip'] as $vip)
187			if($vip['subnet'] == $http_host)
188			$local_ip = true;
189	16513324	Holger Bauer	?>
190	45ee90ed	Matthew Grooms
191	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
192			"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
193			<html>
194	45ee90ed	Matthew Grooms	<head>
195			<script type="text/javascript" src="/javascript/scriptaculous/prototype.js"></script>
196			<script type="text/javascript" src="/javascript/scriptaculous/scriptaculous.js"></script>
197	e7d9eea6	Bill Marquette	<script>document.observe('dom:loaded', function() { $('usernamefld').focus(); });</script>
198
199	45ee90ed	Matthew Grooms	<title><?=gettext("Login"); ?></title>
200			<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
201			<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
202			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
203			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
204			<?php else: ?>
205			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
206			<?php endif; ?>
207			<script type="text/javascript">
208			<!--
209			function page_load() {}
210			function clearError() {
211			if($('inputerrors'))
212			$('inputerrors').innerHTML='';
213			}
214			<?php
215			require("headjs.php");
216			echo getHeadJS();
217			?>
218			//-->
219			</script>
220			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
221			</head>
222			<body onload="page_load()">
223			<div id="login">
224	f31489e5	Scott Ullrich	<?php
225			if(is_ipaddr($http_host) && !$local_ip) {
226			$nifty_background = "#999";
227			print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br/><br/>If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
228			}
229	1031c9ea	jim-p	$noautocomplete = isset($config['system']['webgui']['noautocomplete']) ? 'autocomplete="off"' : '';
230	f31489e5	Scott Ullrich	?>
231	1031c9ea	jim-p	<form id="iform" name="login_iform" method="post" <?= $noautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
232	45ee90ed	Matthew Grooms	<h1></h1>
233			<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
234			<p>
235			<span style="text-align:left">
236			<?=gettext("Username"); ?>:<br>
237			<input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
238			</span>
239			</p>
240			<br>
241			<p>
242			<span style="text-align:left">
243			<?=gettext("Password"); ?>: <br>
244			<input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
245			</span>
246			</p>
247			<br>
248			<p>
249			<span style="text-align:center; font-weight: normal ; font-style: italic">
250			<?=gettext("Enter username and password to login."); ?>
251			</span>
252			</p>
253			<p>
254			<span style="text-align:center">
255			<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
256			</span>
257			</P>
258			</form>
259			</div>
260			</body>
261	16513324	Holger Bauer	</html>
262			<?php
263			} // end function
264
265	4fe9c2dc	Scott Ullrich	?>

Project

General

Profile

pfSense