phpldapadmin/htdocs/login_form.php

<?php
/**
 * Displays the login form for a server for users who specify 'cookie' or 'session' for their auth_type.
 *
 * @author The phpLDAPadmin development team
 * @package phpLDAPadmin
 * @see login.php
 */

/**
 */

require './common.php';

printf('<h3 class="title">%s %s</h3>',_('Authenticate to server'),$app['server']->getName());
echo '<br />';

# Check for a secure connection
$isHTTPS = false;

# Check if the current connection is encrypted
if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {
        $isHTTPS = true;
}
# Check if a proxy server downstream does encryption for us
elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL'])
== 'on') {
        $isHTTPS = true;
}

if (!$isHTTPS) {
	echo '<div style="text-align: center; color:red">';
	printf('<acronym title="%s"><b>%s: %s.</b></acronym>',
		_('You are not using \'https\'. Web browser will transmit login information in clear text.'),
		_('Warning'),_('This web connection is unencrypted'));
	echo '</div>';

	echo '<br />';
}
unset($isSecure);

# HTTP Basic Auth Form.
if ($app['server']->getAuthType() == 'http') {
	ob_end_clean();

	# When we pop up the basic athentication, we come back to this script, so try the login again.
	if ($app['server']->isLoggedIn('user')) {
		system_message(array(
			'title'=>_('Authenticate to server'),
			'body'=>_('Successfully logged into server.'),
			'type'=>'info'),
			sprintf('cmd.php?server_id=%s&refresh=SID_%s',$app['server']->getIndex(),$app['server']->getIndex()));

		die();
	}

	header(sprintf('WWW-Authenticate: Basic realm="%s"',$_SESSION[APPCONFIG]->getValue('session','http_realm')));

	if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')
		header('HTTP/1.0 401 Unauthorized'); // http 1.0 method
	else
		header('Status: 401 Unauthorized'); // http 1.1 method

	return;

# HTML Login Form
} else {
	echo '<form action="cmd.php" method="post" autocomplete="off">';
	echo '<div>';
	echo '<input type="hidden" name="cmd" value="login" />';
	printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());
	echo '<input type="hidden" name="nodecode[login_pass]" value="1" />';

	if (get_request('redirect','GET',false,false))
		printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));

	echo '</div>';

	echo '<table class="forminput" style="margin-left: auto; margin-right: auto;">';

	printf('<tr><td><b>%s:</b></td></tr>',
		$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :
			($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));

	printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',
		$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');

	echo '<tr><td colspan="2">&nbsp;</td></tr>';
	printf('<tr><td><b>%s:</b></td></tr>',_('Password'));
	echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';
	echo '<tr><td colspan="2">&nbsp;</td></tr>';

	#reCAPTCHA
	if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) {
		echo '<script src="https://www.google.com/recaptcha/api.js"></script>';
		echo '<tr><td><div class="g-recaptcha" data-sitekey="'.$_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-key-site').'"></div></td></tr>';
		echo '<tr><td colspan="2">&nbsp;</td></tr>';
	}

	# If Anon bind allowed, then disable the form if the user choose to bind anonymously.
	if ($app['server']->isAnonBindAllowed())
		printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="form_field_toggle_enable(this,[\'login\',\'password\'],\'login\')" id="anonymous_bind_checkbox" /></td></tr>',
			_('Anonymous'));

	printf('<tr><td colspan="2" style="text-align: center;"><input type="submit" name="submit" value="%s" /></td></tr>',
		_('Authenticate'));

	echo '</table>';
	echo '</form>';

	echo '<br/>';

	echo '<script type="text/javascript">document.getElementById("login").focus()</script>';

	if ($app['server']->isAnonBindAllowed())
		printf('<script type="text/javascript" src="%sform_field_toggle_enable.js"></script>',JSDIR);
}
?>
RELEASE 0.9.5 2009-06-30 09:22:30 +00:00			`<?php`
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00			`/**`
			`* Displays the login form for a server for users who specify 'cookie' or 'session' for their auth_type.`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00			`*`
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00			`* @author The phpLDAPadmin development team`
Latest SANDPIT - MERGE from CVS (MERGE-GIT) 2009-07-01 06:09:17 +00:00			`* @package phpLDAPadmin`
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00			`* @see login.php`
			`*/`
Latest SANDPIT - MERGE from CVS (MERGE-GIT) 2009-07-01 06:09:17 +00:00
RELEASE 0.9.7 2009-06-30 09:29:51 +00:00			`/**`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00			`*/`

RELEASE 0.9.5 2009-06-30 09:22:30 +00:00			`require './common.php';`
RELEASE 0.9.0 2009-06-30 08:05:37 +00:00
Latest SANDPIT - MERGE from CVS (MERGE-GIT) 2009-07-01 06:09:17 +00:00			`printf('<h3 class="title">%s %s</h3>',_('Authenticate to server'),$app['server']->getName());`
			`echo '<br />';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
			`# Check for a secure connection`
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption. If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed 2016-08-10 23:32:41 +00:00			`$isHTTPS = false;`

			`# Check if the current connection is encrypted`
			`if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on') {`
			`$isHTTPS = true;`
			`}`
			`# Check if a proxy server downstream does encryption for us`
			`elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) == 'https' \|\| !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && strtolower($_SERVER['HTTP_X_FORWARDED_SSL'])`
			`== 'on') {`
Enabled HTTP_X_FORWARDED_PROTO header detection. It was disabled for testing. 2016-08-11 00:45:18 +00:00			`$isHTTPS = true;`
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption. If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed 2016-08-10 23:32:41 +00:00			`}`

			`if (!$isHTTPS) {`
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '<div style="text-align: center; color:red">';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00			`printf('<acronym title="%s"><b>%s: %s.</b></acronym>',`
			`_('You are not using \'https\'. Web browser will transmit login information in clear text.'),`
			`_('Warning'),_('This web connection is unencrypted'));`
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '</div>';`
Minor display change 2009-07-11 04:14:39 +00:00
			`echo '<br />';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00			`}`
Fixed detection of SSL encryption, when a reverse proxy is used, that does the encryption. If the server sets the HTTP_X_FORWARDED_PROTO header to 'https' or the HTTP_X_FORWARDED_SSL header to 'on' SSL encryption is assumed 2016-08-10 23:32:41 +00:00			`unset($isSecure);`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`# HTTP Basic Auth Form.`
			`if ($app['server']->getAuthType() == 'http') {`
			`ob_end_clean();`

			`# When we pop up the basic athentication, we come back to this script, so try the login again.`
			`if ($app['server']->isLoggedIn('user')) {`
			`system_message(array(`
			`'title'=>_('Authenticate to server'),`
			`'body'=>_('Successfully logged into server.'),`
			`'type'=>'info'),`
			`sprintf('cmd.php?server_id=%s&refresh=SID_%s',$app['server']->getIndex(),$app['server']->getIndex()));`

			`die();`
			`}`

SF Feature #3122736 - HTTP authentication realm 2011-04-29 02:46:49 +00:00			`header(sprintf('WWW-Authenticate: Basic realm="%s"',$_SESSION[APPCONFIG]->getValue('session','http_realm')));`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`if ($_SERVER['SERVER_PROTOCOL'] == 'HTTP/1.0')`
			`header('HTTP/1.0 401 Unauthorized'); // http 1.0 method`
			`else`
			`header('Status: 401 Unauthorized'); // http 1.1 method`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`return;`
Sync menu/tree processing with other projects, variable/function naming 2009-08-12 13:53:14 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`# HTML Login Form`
			`} else {`
Add autocomplete=off - closes #122 2020-08-30 12:09:52 +00:00			`echo '<form action="cmd.php" method="post" autocomplete="off">';`
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '<div>';`
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`echo '<input type="hidden" name="cmd" value="login" />';`
			`printf('<input type="hidden" name="server_id" value="%s" />',$app['server']->getIndex());`
SF Bug #2981355 - rawurldecode killing complex passwords 2011-04-26 00:10:43 +00:00			`echo '<input type="hidden" name="nodecode[login_pass]" value="1" />';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`if (get_request('redirect','GET',false,false))`
			`printf('<input type="hidden" name="redirect" value="%s" />',rawurlencode(get_request('redirect','GET')));`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '</div>';`

			`echo '<table class="forminput" style="margin-left: auto; margin-right: auto;">';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`printf('<tr><td><b>%s:</b></td></tr>',`
			`$app['server']->getValue('login','auth_text') ? $app['server']->getValue('login','auth_text') :`
Added option to use template string for bind DN (#90) * Language update from launchpad * Added login option 'bind_dn_template' 2020-02-19 22:11:17 +00:00			`($app['server']->getValue('login','attr') == 'dn' ? ($app['server']->getValue('login', 'bind_dn_template') ? _('User Name') . ' / ' . _('Login DN') : _('Login DN')) : $_SESSION[APPCONFIG]->getFriendlyName($app['server']->getValue('login','attr'))));`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`printf('<tr><td><input type="text" id="login" name="login" size="40" value="%s" /></td></tr>',`
			`$app['server']->getValue('login','attr',false) == 'dn' ? $app['server']->getValue('login','bind_id') : '');`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '<tr><td colspan="2"> </td></tr>';`
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`printf('<tr><td><b>%s:</b></td></tr>',_('Password'));`
			`echo '<tr><td><input type="password" id="password" size="40" value="" name="login_pass" /></td></tr>';`
HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '<tr><td colspan="2"> </td></tr>';`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
Auth Form wiht Google reCAPTCHA (#87) * reCaptcha config * config reCaptcha * check reCAPTCHA * add reCAPTCHA to form login * config attributes for reCAPTCHA * Function to verify request with reCAPTCHA * doc reCaptcha 2020-02-19 22:04:20 +00:00			`#reCAPTCHA`
			`if ($_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-enable')) {`
			`echo '<script src="https://www.google.com/recaptcha/api.js"></script>';`
			`echo '<tr><td><div class="g-recaptcha" data-sitekey="'.$_SESSION[APPCONFIG]->getValue('session', 'reCAPTCHA-key-site').'"></div></td></tr>';`
			`echo '<tr><td colspan="2"> </td></tr>';`
			`}`

Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`# If Anon bind allowed, then disable the form if the user choose to bind anonymously.`
			`if ($app['server']->isAnonBindAllowed())`
Rework javascript 2009-08-22 11:30:50 +00:00			`printf('<tr><td colspan="2"><small><b>%s</b></small> <input type="checkbox" name="anonymous_bind" onclick="form_field_toggle_enable(this,[\'login\',\'password\'],\'login\')" id="anonymous_bind_checkbox" /></td></tr>',`
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`_('Anonymous'));`
RELEASE 1.0.2 2009-06-30 10:41:18 +00:00
HTML Validation work 2010-02-24 15:03:10 +00:00			`printf('<tr><td colspan="2" style="text-align: center;"><input type="submit" name="submit" value="%s" /></td></tr>',`
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`_('Authenticate'));`
RELEASE 1.1.0 2009-06-30 10:46:00 +00:00
Enabled HTTP auth 2009-07-11 00:18:48 +00:00			`echo '</table>';`
			`echo '</form>';`

Minor display change 2009-07-11 04:14:39 +00:00			`echo '<br/>';`

HTML Validation work 2010-02-24 15:03:10 +00:00			`echo '<script type="text/javascript">document.getElementById("login").focus()</script>';`
Enabled HTTP auth 2009-07-11 00:18:48 +00:00
Rework javascript 2009-08-22 11:30:50 +00:00			`if ($app['server']->isAnonBindAllowed())`
HTML Validation work 2010-02-24 15:03:10 +00:00			`printf('<script type="text/javascript" src="%sform_field_toggle_enable.js"></script>',JSDIR);`
Latest SANDPIT - MERGE from CVS (MERGE-GIT) 2009-07-01 06:09:17 +00:00			`}`
			`?>`