/etc/inc/authgui.inc - Annotate - pfSense - pfSense bugtracker

| Branch: | Tag: | Revision:

root/etc/inc/authgui.inc @ c014babd

1	16513324	Holger Bauer	<?php
2			/* $Id$ */
3			/*
4	403a270e	Ermal Luçi	Copyright (C) 2007, 2008 Scott Ullrich <sullrich@gmail.com>
5			All rights reserved.
6	16513324	Holger Bauer
7	ce77a9c4	Phil Davis	Copyright (C) 2005-2006 Bill Marquette <bill.marquette@gmail.com>
8			All rights reserved.
9	16513324	Holger Bauer
10	ce77a9c4	Phil Davis	Copyright (C) 2006 Paul Taylor <paultaylor@winn-dixie.com>.
11			All rights reserved.
12	16513324	Holger Bauer
13	ce77a9c4	Phil Davis	Copyright (C) 2003-2006 Manuel Kasper <mk@neon1.net>.
14			All rights reserved.
15	16513324	Holger Bauer
16	ce77a9c4	Phil Davis	Redistribution and use in source and binary forms, with or without
17			modification, are permitted provided that the following conditions are met:
18	16513324	Holger Bauer
19	ce77a9c4	Phil Davis	1. Redistributions of source code must retain the above copyright notice,
20			this list of conditions and the following disclaimer.
21	16513324	Holger Bauer
22	ce77a9c4	Phil Davis	2. Redistributions in binary form must reproduce the above copyright
23			notice, this list of conditions and the following disclaimer in the
24			documentation and/or other materials provided with the distribution.
25	16513324	Holger Bauer
26	ce77a9c4	Phil Davis	THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES,
27			INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
28			AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
29			AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
30			OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31			SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32			INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33			CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34			ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35			POSSIBILITY OF SUCH DAMAGE.
36	523855b0	Scott Ullrich
37	ce77a9c4	Phil Davis	pfSense_MODULE: authgui
38	16513324	Holger Bauer	*/
39
40	483e6de8	Scott Ullrich	include_once("auth.inc");
41	6dc88d53	Ermal Luci	include_once("priv.inc");
42	1e0b1727	Phil Davis	if (!function_exists('platform_booting')) {
43	cb054444	Ermal LUÇI	require_once('globals.inc');
44	1e0b1727	Phil Davis	}
45	16513324	Holger Bauer
46			/* Authenticate user - exit if failed */
47	6306b5dd	Ermal Lu?i	if (!session_auth()) {
48			display_login_form();
49	45ee90ed	Matthew Grooms	exit;
50	6306b5dd	Ermal Lu?i	}
51	45ee90ed	Matthew Grooms
52			/*
53			* Once here, the user has authenticated with the web server.
54			* We give them access only to the appropriate pages based on
55			* the user or group privileges.
56			*/
57	aa205c3b	Ermal	$allowedpages = getAllowedPages($_SESSION['Username']);
58	16513324	Holger Bauer
59	45ee90ed	Matthew Grooms	/*
60	403a270e	Ermal Luçi	* redirect to first allowed page if requesting a wrong url
61	45ee90ed	Matthew Grooms	*/
62	14f5f705	marcelloc	if (!isAllowedPage($_SERVER['REQUEST_URI'])) {
63	403a270e	Ermal Luçi	if (count($allowedpages) > 0) {
64			$page = str_replace('*', '', $allowedpages[0]);
65			$_SESSION['Post_Login'] = true;
66	5c15e649	sullrich	require_once("functions.inc");
67	403a270e	Ermal Luçi	pfSenseHeader("/{$page}");
68	0d4f348f	jim-p
69			$username = empty($_SESSION["Username"]) ? "(system)" : $_SESSION['Username'];
70	1e0b1727	Phil Davis	if (!empty($_SERVER['REMOTE_ADDR'])) {
71	0d4f348f	jim-p	$username .= '@' . $_SERVER['REMOTE_ADDR'];
72	1e0b1727	Phil Davis	}
73	0d4f348f	jim-p	log_error("{$username} attempted to access {$_SERVER['SCRIPT_NAME']} but does not have access to that page. Redirecting to {$page}.");
74
75	403a270e	Ermal Luçi	exit;
76			} else {
77	0b70d9f4	Carlos Eduardo Ramos	display_error_form("201", gettext("No page assigned to this user! Click here to logout."));
78	403a270e	Ermal Luçi	exit;
79			}
80	1e0b1727	Phil Davis	} else {
81	403a270e	Ermal Luçi	$_SESSION['Post_Login'] = true;
82	1e0b1727	Phil Davis	}
83	16513324	Holger Bauer
84	45ee90ed	Matthew Grooms	/*
85	d97ab688	Matthew Grooms	* redirect browsers post-login to avoid pages
86	1e0b1727	Phil Davis	* taking action in response to a POST request
87	45ee90ed	Matthew Grooms	*/
88	d97ab688	Matthew Grooms	if (!$_SESSION['Post_Login']) {
89	c9dddd59	sullrich	$_SESSION['Post_Login'] = true;
90	5c15e649	sullrich	require_once("functions.inc");
91	d97ab688	Matthew Grooms	pfSenseHeader($_SERVER['REQUEST_URI']);
92			exit;
93			}
94	16513324	Holger Bauer
95	1e0b1727	Phil Davis	/*
96	4111fcf5	Ermal	* Close session data to allow other scripts from same host to come in.
97			* A session can be reactivated from calling session_start again
98			*/
99			session_commit();
100
101	45ee90ed	Matthew Grooms	/*
102			* determine if the user is allowed access to the requested page
103			*/
104	16513324	Holger Bauer	function display_error_form($http_code, $desc) {
105	45ee90ed	Matthew Grooms	global $config, $g;
106	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
107	1e0b1727	Phil Davis	if (isAjax()) {
108	addc0439	Renato Botelho	printf(gettext('Error: %1$s Description: %2$s'), $http_code, $desc);
109	16513324	Holger Bauer	return;
110			}
111
112			?>
113	45ee90ed	Matthew Grooms
114	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
115	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
116			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
117	45ee90ed	Matthew Grooms	<head>
118	24395438	Renato Botelho	<script type="text/javascript" src="/javascript/jquery-1.11.1.min.js"></script>
119			<script type="text/javascript" src="/javascript/jquery-migrate-1.2.1.min.js"></script>
120	45ee90ed	Matthew Grooms	<title><?=$http_code?></title>
121	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
122	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
123			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
124			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
125			<?php else: ?>
126			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
127			<?php endif; ?>
128			<script type="text/javascript">
129	52593da5	Colin Fleming	//<![CDATA[
130	45ee90ed	Matthew Grooms	function page_load() {}
131			function clearError() {
132	1e0b1727	Phil Davis	if ($('#inputerrors')) {
133			$('#inputerrors').html('');
134			}
135	45ee90ed	Matthew Grooms	}
136			<?php
137			require("headjs.php");
138			echo getHeadJS();
139			?>
140	52593da5	Colin Fleming	//]]>
141	45ee90ed	Matthew Grooms	</script>
142			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
143			</head>
144			<body onload="page_load();">
145			<div id="errordesc">
146			<h1>&nbsp</h1>
147	403a270e	Ermal Luçi	<a href="/index.php?logout">
148	45ee90ed	Matthew Grooms	<p id="errortext" style="vertical-align: middle; text-align: center;">
149			<span style="color: #000000; font-weight: bold;">
150			<?=$desc;?>
151			</span>
152			</p>
153			</div>
154			</body>
155	16513324	Holger Bauer	</html>
156	45ee90ed	Matthew Grooms
157	16513324	Holger Bauer	<?php
158
159	45ee90ed	Matthew Grooms	} // end function
160	16513324	Holger Bauer
161
162			function display_login_form() {
163	45ee90ed	Matthew Grooms	require_once("globals.inc");
164			global $config, $g;
165	1e1e1ec8	jim-p	$g['theme'] = get_current_theme();
166	45ee90ed	Matthew Grooms
167			unset($input_errors);
168
169	1e0b1727	Phil Davis	if (isAjax()) {
170	45ee90ed	Matthew Grooms	if (isset($_POST['login'])) {
171	1e0b1727	Phil Davis	if ($_SESSION['Logged_In'] <> "True") {
172	0b70d9f4	Carlos Eduardo Ramos	isset($_SESSION['Login_Error']) ? $login_error = $_SESSION['Login_Error'] : $login_error = gettext("unknown reason");
173	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("Invalid login (%s).") . "')", $login_error);
174	45ee90ed	Matthew Grooms	}
175			if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) {
176			// TODO: add the IP from the user who did lock the device
177			$whom = file_get_contents("{$g['tmp_path']}/webconfigurator.lock");
178	3cfc695c	Vinicius Coque	printf("showajaxmessage('" . gettext("This device is currently being maintained by: %s.") . "');", $whom);
179	45ee90ed	Matthew Grooms	}
180			}
181			exit;
182			}
183	16513324	Holger Bauer
184	1e0b1727	Phil Davis	/* Check against locally configured IP addresses, which will catch when someone
185	2003b5d8	jim-p	port forwards WebGUI access from WAN to an internal IP on the router. */
186	6cfa23eb	Scott Ullrich	global $FilterIflist, $nifty_background;
187	2003b5d8	jim-p	$local_ip = false;
188	1fb55001	Ermal LUÇI	if (strpos($_SERVER['HTTP_HOST'], ":") === FALSE) {
189	2003b5d8	jim-p	$http_host_port = explode(":", $_SERVER['HTTP_HOST']);
190			$http_host = $http_host_port[0];
191			} else {
192			$http_host = $_SERVER['HTTP_HOST'];
193			}
194			if (empty($FilterIflist)) {
195			require_once('filter.inc');
196			require_once('shaper.inc');
197			filter_generate_optcfg_array();
198			}
199	f48d337f	Seth Mos	foreach ($FilterIflist as $iflist) {
200	1e0b1727	Phil Davis	if ($iflist['ip'] == $http_host) {
201	2003b5d8	jim-p	$local_ip = true;
202	1e0b1727	Phil Davis	} else if ($iflist['ipv6'] == $http_host) {
203	f48d337f	Seth Mos	$local_ip = true;
204	1e0b1727	Phil Davis	} else if (is_array($iflist['vips'])) {
205	1fb55001	Ermal LUÇI	foreach ($iflist['vips'] as $vip) {
206			if ($vip['ip'] == $http_host) {
207	067e48ab	Scott Ullrich	$local_ip = true;
208	1fb55001	Ermal LUÇI	break;
209			}
210	f48d337f	Seth Mos	}
211	1fb55001	Ermal LUÇI	unset($vip);
212	f48d337f	Seth Mos	}
213	1e0b1727	Phil Davis	if ($local_ip == true) {
214	1fb55001	Ermal LUÇI	break;
215	1e0b1727	Phil Davis	}
216	f48d337f	Seth Mos	}
217	1fb55001	Ermal LUÇI	unset($FilterIflist);
218			unset($iflist);
219
220	02156b4b	Ermal LUÇI	if ($local_ip == false) {
221			if (is_array($config['openvpn']['openvpn-server'])) {
222			foreach ($config['openvpn']['openvpn-server'] as $ovpns) {
223			if (is_ipaddrv4($http_host) && !empty($ovpns['tunnel_network']) && ip_in_subnet($http_host, $ovpns['tunnel_network'])) {
224			$local_ip = true;
225			} else if (is_ipaddrv6($http_host) && !empty($ovpns['tunnel_networkv6']) && ip_in_subnet($http_host, $ovpns['tunnel_networkv6'])) {
226			$local_ip = true;
227			}
228	1e0b1727	Phil Davis	if ($local_ip == true) {
229	02156b4b	Ermal LUÇI	break;
230	1e0b1727	Phil Davis	}
231	71034b51	Renato Botelho	}
232			}
233			}
234	0041092c	jim-p
235	16513324	Holger Bauer	?>
236	45ee90ed	Matthew Grooms
237	16513324	Holger Bauer	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
238	52593da5	Colin Fleming	"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
239			<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
240	45ee90ed	Matthew Grooms	<head>
241	24395438	Renato Botelho	<script type="text/javascript" src="/javascript/jquery-1.11.1.min.js"></script>
242			<script type="text/javascript" src="/javascript/jquery-migrate-1.2.1.min.js"></script>
243	52593da5	Colin Fleming	<script type="text/javascript">
244			//<![CDATA[
245			$(document).ready(function() { jQuery('#usernamefld').focus(); });
246	1b209514	Phil Davis	//]]>
247	52593da5	Colin Fleming	</script>
248
249	45ee90ed	Matthew Grooms	<title><?=gettext("Login"); ?></title>
250	000a8d1d	Renato Botelho	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
251	45ee90ed	Matthew Grooms	<link rel="shortcut icon" href="/themes/<?= $g['theme'] ?>/images/icons/favicon.ico" />
252			<?php if (file_exists("{$g['www_path']}/themes/{$g['theme']}/login.css")): ?>
253			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/login.css" media="all" />
254			<?php else: ?>
255			<link rel="stylesheet" type="text/css" href="/themes/<?= $g['theme'] ?>/all.css" media="all" />
256			<?php endif; ?>
257			<script type="text/javascript">
258	52593da5	Colin Fleming	//<![CDATA[
259	45ee90ed	Matthew Grooms	function page_load() {}
260			function clearError() {
261	1e0b1727	Phil Davis	if ($('#inputerrors')) {
262			$('#inputerrors').html('');
263			}
264	45ee90ed	Matthew Grooms	}
265			<?php
266			require("headjs.php");
267			echo getHeadJS();
268			?>
269	52593da5	Colin Fleming	//]]>
270	45ee90ed	Matthew Grooms	</script>
271			<script type="text/javascript" src="/themes/<?= $g['theme'] ?>/javascript/niftyjsCode.js"></script>
272			</head>
273			<body onload="page_load()">
274			<div id="login">
275	1e0b1727	Phil Davis	<?php
276			if (is_ipaddr($http_host) && !$local_ip && !isset($config['system']['webgui']['nohttpreferercheck'])) {
277	f31489e5	Scott Ullrich	$nifty_background = "#999";
278	1e0b1727	Phil Davis	print_info_box(gettext("You are accessing this router by an IP address not configured locally, which may be forwarded by NAT or other means. <br /><br />If you did not setup this forwarding, you may be the target of a man-in-the-middle attack."));
279	f31489e5	Scott Ullrich	}
280	08f30320	Renato Botelho	$loginautocomplete = isset($config['system']['webgui']['loginautocomplete']) ? '' : 'autocomplete="off"';
281	f31489e5	Scott Ullrich	?>
282	08f30320	Renato Botelho	<form id="iform" name="iform" method="post" <?= $loginautocomplete ?> action="<?=$_SERVER['SCRIPT_NAME'];?>">
283	52593da5	Colin Fleming	<h1> </h1>
284	45ee90ed	Matthew Grooms	<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
285			<p>
286			<span style="text-align:left">
287	52593da5	Colin Fleming	<?=gettext("Username:"); ?><br />
288	45ee90ed	Matthew Grooms	<input onclick="clearError();" onchange="clearError();" id="usernamefld" type="text" name="usernamefld" class="formfld user" tabindex="1" />
289			</span>
290			</p>
291			<p>
292	52593da5	Colin Fleming	<br />
293	45ee90ed	Matthew Grooms	<span style="text-align:left">
294	52593da5	Colin Fleming	<?=gettext("Password:"); ?> <br />
295	14ad84bc	jim-p	<input onclick="clearError();" onchange="clearError();" id="passwordfld" type="password" name="passwordfld" class="formfld pwd" tabindex="2" />
296	45ee90ed	Matthew Grooms	</span>
297			</p>
298			<p>
299	52593da5	Colin Fleming	<br />
300	45ee90ed	Matthew Grooms	<span style="text-align:center; font-weight: normal ; font-style: italic">
301			<?=gettext("Enter username and password to login."); ?>
302			</span>
303	0041092c	jim-p
304	d10a1662	Renato Botelho	<span style="text-align:center; font-weight: normal ; font-style: italic; color: #ff0000; display:none" id="no_cookies">
305			<br /><br />
306	0041092c	jim-p	<?= gettext("Your browser must support cookies to login."); ?>
307			</span>
308	d10a1662	Renato Botelho	</p>
309	45ee90ed	Matthew Grooms	<p>
310			<span style="text-align:center">
311			<input type="submit" name="login" class="formbtn" value="<?=gettext("Login"); ?>" tabindex="3" />
312			</span>
313	52593da5	Colin Fleming	</p>
314	45ee90ed	Matthew Grooms	</form>
315			</div>
316	d10a1662	Renato Botelho	<script type="text/javascript">
317			//<![CDATA[
318			document.cookie=
319			"cookie_test=1" +
320			"<?php echo $config['system']['webgui']['protocol'] == 'https' ? '; secure' : '';?>";
321
322			if (document.cookie.indexOf("cookie_test") == -1)
323			document.getElementById("no_cookies").style.display="";
324
325			// Delete it
326			document.cookie = "cookie_test=1; expires=Thu, 01-Jan-1970 00:00:01 GMT";
327			//]]>
328			</script>
329	45ee90ed	Matthew Grooms	</body>
330	16513324	Holger Bauer	</html>
331			<?php
332			} // end function
333
334	d6159f76	Vinicius Coque	?>

Project

General

Profile

pfSense