phpldapadmin/htdocs/login_form.php

119 lines
4.4 KiB
PHP
Raw Normal View History

2009-06-30 09:22:30 +00:00
<?php
2009-06-30 09:29:51 +00:00
/**
* Displays the login form for a server for users who specify 'cookie' or 'session' for their auth_type.
2009-06-30 08:05:37 +00:00
*
2009-06-30 09:29:51 +00:00
* @author The phpLDAPadmin development team
* @package phpLDAPadmin
2009-06-30 09:29:51 +00:00
* @see login.php
*/
2009-06-30 09:29:51 +00:00
/**
2009-06-30 08:05:37 +00:00
*/
2009-06-30 09:22:30 +00:00
require './common.php';
2009-06-30 08:05:37 +00:00
printf('<h3 class="title">%s %s</h3>',_('Authenticate to server'),$app['server']->getName());
echo '<br />';
2009-06-30 10:41:18 +00:00
# Check for a secure connection
$isHTTPS = false;
# Check if the current connection is encrypted
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
$isHTTPS = true;
}
# Check if a proxy server downstream does encryption for us
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL'])
== 'on') {
$isHTTPS = true;
}
if (!$isHTTPS) {
2010-02-24 15:03:10 +00:00
echo '<div style="text-align: center; color:red">';
2009-06-30 10:41:18 +00:00
printf('<acronym title="%s"><b>%s: %s.</b></acronym>',
_('You are not using \'https\'. Web browser will transmit login information in clear text.'),
_('Warning'),_('This web connection is unencrypted'));
2010-02-24 15:03:10 +00:00
echo '</div>';
2009-07-11 04:14:39 +00:00
echo '<br />';
2009-06-30 10:41:18 +00:00
}
unset($isSecure);
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
# HTTP Basic Auth Form.
if ($app['server']->getAuthType() == 'http') {
ob_end_clean();
# When we pop up the basic athentication, we come back to this script, so try the login again.
if ($app['server']->isLoggedIn('user')) {
system_message(array(
'title'=>_('Authenticate to server'),
'body'=>_('Successfully logged into server.'),
'type'=>'info'),
sprintf('cmd.php?server_id=%s&refresh=SID_%s',$app['server']->getIndex(),$app['server']->getIndex()));
die();
}
header(sprintf('WWW-Authenticate: Basic realm="%s"',$_SESSION[APPCONFIG]->getValue('session','http_realm')));
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
else
header('Status: 401 Unauthorized'); // http 1.1 method
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
return;
2009-07-11 00:18:48 +00:00
# HTML Login Form
} else {
2020-08-30 12:09:52 +00:00
echo '<form action="cmd.php" method="post" autocomplete="off">';
2010-02-24 15:03:10 +00:00
echo '<div>';
2009-07-11 00:18:48 +00:00
echo '<input type="hidden" name="cmd" value="login" />';
printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
echo '<input type="hidden" name="nodecode[login_pass]" value="1" />';
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
if (get_request('redirect','GET',false,false))
printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));
2009-06-30 10:41:18 +00:00
2010-02-24 15:03:10 +00:00
echo '</div>';
echo '<table class="forminput" style="margin-left: auto; margin-right: auto;">';
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
printf('<tr><td><b>%s:</b></td></tr>',
$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));
2009-06-30 10:41:18 +00:00
2009-07-11 00:18:48 +00:00
printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');
2009-06-30 10:41:18 +00:00
2010-02-24 15:03:10 +00:00
echo '<tr><td colspan="2">&nbsp;</td></tr>';
2009-07-11 00:18:48 +00:00
printf('<tr><td><b>%s:</b></td></tr>',_('Password'));
echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
2010-02-24 15:03:10 +00:00
echo '<tr><td colspan="2">&nbsp;</td></tr>';
2009-06-30 10:41:18 +00:00
#reCAPTCHA
if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) {
echo '<script src="https://www.google.com/recaptcha/api.js"></script>';
echo '<tr><td><div class="g-recaptcha" data-sitekey="'.$_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-key-site').'"></div></td></tr>';
echo '<tr><td colspan="2">&nbsp;</td></tr>';
}
2009-07-11 00:18:48 +00:00
# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
if ($app['server']->isAnonBindAllowed())
2009-08-22 11:30:50 +00:00
printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="form_field_toggle_enable(this,[\'login\',\'password\'],\'login\')" id="anonymous_bind_checkbox" /></td></tr>',
2009-07-11 00:18:48 +00:00
_('Anonymous'));
2009-06-30 10:41:18 +00:00
2010-02-24 15:03:10 +00:00
printf('<tr><td colspan="2" style="text-align: center;"><input type="submit" name="submit" value="%s" /></td></tr>',
2009-07-11 00:18:48 +00:00
_('Authenticate'));
2009-06-30 10:46:00 +00:00
2009-07-11 00:18:48 +00:00
echo '</table>';
echo '</form>';
2009-07-11 04:14:39 +00:00
echo '<br/>';
2010-02-24 15:03:10 +00:00
echo '<script type="text/javascript">document.getElementById("login").focus()</script>';
2009-07-11 00:18:48 +00:00
2009-08-22 11:30:50 +00:00
if ($app['server']->isAnonBindAllowed())
2010-02-24 15:03:10 +00:00
printf('<script type="text/javascript" src="%sform_field_toggle_enable.js"></script>',JSDIR);
}
?>