1<?php 2/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */ 3 4/** 5 * Standard Html Login form 6 * 7 * PHP versions 4 and 5 8 * 9 * LICENSE: This source file is subject to version 3.01 of the PHP license 10 * that is available through the world-wide-web at the following URI: 11 * http://www.php.net/license/3_01.txt. If you did not receive a copy of 12 * the PHP License and are unable to obtain it through the web, please 13 * send a note to license@php.net so we can mail you a copy immediately. 14 * 15 * @category Authentication 16 * @package Auth 17 * @author Martin Jansen <mj@php.net> 18 * @author Adam Ashley <aashley@php.net> 19 * @copyright 2001-2006 The PHP Group 20 * @license http://www.php.net/license/3_01.txt PHP License 3.01 21 * @version CVS: $Id: Html.php 237449 2007-06-12 03:11:27Z aashley $ 22 * @link http://pear.php.net/package/Auth 23 * @since File available since Release 1.3.0 24 */ 25 26/** 27 * Standard Html Login form 28 * 29 * @category Authentication 30 * @package Auth 31 * @author Yavor Shahpasov <yavo@netsmart.com.cy> 32 * @author Adam Ashley <aashley@php.net> 33 * @copyright 2001-2006 The PHP Group 34 * @license http://www.php.net/license/3_01.txt PHP License 3.01 35 * @version Release: @package_version@ File: $Revision: 237449 $ 36 * @link http://pear.php.net/package/Auth 37 * @since Class available since Release 1.3.0 38 */ 39class Auth_Frontend_Html { 40 41 // {{{ render() 42 43 /** 44 * Displays the login form 45 * 46 * @param object The calling auth instance 47 * @param string The previously used username 48 * @return void 49 */ 50 function render(&$caller, $username = '') { 51 $loginOnClick = 'return true;'; 52 53 // Try To Use Challene response 54 // TODO javascript might need some improvement for work on other browsers 55 if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) { 56 57 // Init the secret cookie 58 $caller->session['loginchallenege'] = md5(microtime()); 59 60 print "\n"; 61 print '<script language="JavaScript">'."\n"; 62 63 include 'Auth/Frontend/md5.js'; 64 65 print "\n"; 66 print ' function securePassword() { '."\n"; 67 print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n"; 68 print ' var secret = document.getElementById(\'authsecret\')'."\n"; 69 //print ' alert(pass);alert(secret); '."\n"; 70 71 // If using md5 for password storage md5 the password before 72 // we hash it with the secret 73 // print ' alert(pass.value);'; 74 if ($caller->storage->getCryptType() == 'md5' ) { 75 print ' pass.value = hex_md5(pass.value); '."\n"; 76 #print ' alert(pass.value);'; 77 } 78 79 print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n"; 80 // print ' alert(pass.value);'; 81 print ' secret.value = 1;'."\n"; 82 print ' var doLogin = document.getElementById(\'doLogin\')'."\n"; 83 print ' doLogin.disabled = true;'."\n"; 84 print ' return true;'; 85 print ' } '."\n"; 86 print '</script>'."\n";; 87 print "\n"; 88 89 $loginOnClick = ' return securePassword(); '; 90 } 91 92 print '<center>'."\n"; 93 94 $status = ''; 95 if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) { 96 $status = '<i>Your session has expired. Please login again!</i>'."\n"; 97 } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) { 98 $status = '<i>You have been idle for too long. Please login again!</i>'."\n"; 99 } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) { 100 $status = '<i>Wrong login data!</i>'."\n"; 101 } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) { 102 $status = '<i>Security problem detected. </i>'."\n"; 103 } 104 105 print '<form method="post" action="'.$caller->server['PHP_SELF'].'" ' 106 .'onSubmit="'.$loginOnClick.'">'."\n"; 107 print '<table border="0" cellpadding="2" cellspacing="0" ' 108 .'summary="login form" align="center" >'."\n"; 109 print '<tr>'."\n"; 110 print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>' 111 .$status.'</td>'."\n"; 112 print '</tr>'."\n"; 113 print '<tr>'."\n"; 114 print ' <td>Username:</td>'."\n"; 115 print ' <td><input type="text" id="'.$caller->getPostUsernameField() 116 .'" name="'.$caller->getPostUsernameField().'" value="' . $username 117 .'" /></td>'."\n"; 118 print '</tr>'."\n"; 119 print '<tr>'."\n"; 120 print ' <td>Password:</td>'."\n"; 121 print ' <td><input type="password" id="'.$caller->getPostPasswordField() 122 .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n"; 123 print '</tr>'."\n"; 124 print '<tr>'."\n"; 125 126 //onClick=" '.$loginOnClick.' " 127 print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" ' 128 .'id="doLogin" name="doLogin" type="submit" /></td>'."\n"; 129 print '</tr>'."\n"; 130 print '</table>'."\n"; 131 132 // Might be a good idea to make the variable name variable 133 print '<input type="hidden" id="authsecret" name="authsecret" value="" />'; 134 print '</form>'."\n"; 135 print '</center>'."\n"; 136 } 137 138 // }}} 139 140} 141 142?> 143