1<?php 2namespace LAM\LOGIN; 3use LAM\LIB\TWO_FACTOR\TwoFactorProviderService; 4use \LAMConfig; 5use \LAMCfgMain; 6use \htmlSpacer; 7use \htmlOutputText; 8use \htmlSelect; 9use \htmlInputField; 10use \htmlGroup; 11use \htmlInputCheckbox; 12use \htmlButton; 13use \htmlStatusMessage; 14use LAMException; 15use \Ldap; 16use \htmlResponsiveRow; 17use \htmlDiv; 18/* 19 20 This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) 21 Copyright (C) 2003 - 2006 Michael Duergner 22 2005 - 2020 Roland Gruber 23 24 This program is free software; you can redistribute it and/or modify 25 it under the terms of the GNU General Public License as published by 26 the Free Software Foundation; either version 2 of the License, or 27 (at your option) any later version. 28 29 This program is distributed in the hope that it will be useful, 30 but WITHOUT ANY WARRANTY; without even the implied warranty of 31 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 32 GNU General Public License for more details. 33 34 You should have received a copy of the GNU General Public License 35 along with this program; if not, write to the Free Software 36 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 37 38*/ 39 40/** 41* Login form of LDAP Account Manager. 42* 43* @author Michael Duergner 44* @author Roland Gruber 45* @package main 46*/ 47 48/** status messages */ 49include_once(__DIR__ . "/../lib/status.inc"); 50 51/** check environment */ 52include __DIR__ . '/../lib/checkEnvironment.inc'; 53 54/** security functions */ 55include_once(__DIR__ . "/../lib/security.inc"); 56/** self service functions */ 57include_once(__DIR__ . "/../lib/selfService.inc"); 58/** access to configuration options */ 59include_once(__DIR__ . "/../lib/config.inc"); 60$licenseValidator = null; 61if (isLAMProVersion()) { 62 include_once(__DIR__ . "/../lib/env.inc"); 63 $licenseValidator = new \LAM\ENV\LAMLicenseValidator(); 64 $licenseValidator->validateAndRedirect('config/mainlogin.php?invalidLicense=1', 'config/mainlogin.php?invalidLicense=2'); 65} 66 67/** Upgrade functions */ 68include_once(__DIR__ . "/../lib/upgrade.inc"); 69 70// set session save path 71if (strtolower(session_module_name()) == 'files') { 72 session_save_path(dirname(__FILE__) . '/../sess'); 73} 74 75// start empty session and change ID for security reasons 76lam_start_session(); 77session_destroy(); 78lam_start_session(); 79session_regenerate_id(true); 80 81$profiles = getConfigProfiles(); 82 83// save last selected login profile 84if (isset($_GET['useProfile'])) { 85 if (in_array($_GET['useProfile'], $profiles)) { 86 setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24, '/', null, null, true); 87 } 88 else { 89 unset($_GET['useProfile']); 90 } 91} 92 93// save last selected language 94if (isset($_POST['language'])) { 95 setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24, '/', null, null, true); 96} 97 98// init some session variables 99$default_Config = new LAMCfgMain(); 100$_SESSION["cfgMain"] = $default_Config; 101setSSLCaCert(); 102 103$default_Profile = $default_Config->default; 104if(isset($_COOKIE["lam_default_profile"]) && in_array($_COOKIE["lam_default_profile"], $profiles)) { 105 $default_Profile = $_COOKIE["lam_default_profile"]; 106} 107// Reload loginpage after a profile change 108if(isset($_GET['useProfile']) && in_array($_GET['useProfile'], $profiles)) { 109 logNewMessage(LOG_DEBUG, "Change server profile to " . $_GET['useProfile']); 110 $_SESSION['config'] = new LAMConfig($_GET['useProfile']); // Recreate the config object with the submitted 111} 112// Load login page 113elseif (!empty($default_Profile) && in_array($default_Profile, $profiles)) { 114 $_SESSION["config"] = new LAMConfig($default_Profile); // Create new Config object 115} 116else if (sizeof($profiles) > 0) { 117 // use first profile as fallback 118 $_SESSION["config"] = new LAMConfig($profiles[0]); 119} 120else { 121 $_SESSION["config"] = null; 122} 123 124$error_message = null; 125 126if (!isset($default_Config->default) || !in_array($default_Config->default, $profiles)) { 127 $error_message = _('No default profile set. Please set it in the server profile configuration.'); 128} 129 130$possibleLanguages = getLanguages(); 131$encoding = 'UTF-8'; 132if (isset($_COOKIE['lam_last_language'])) { 133 foreach ($possibleLanguages as $lang) { 134 if (strpos($_COOKIE['lam_last_language'], $lang->code) === 0) { 135 $_SESSION['language'] = $lang->code; 136 $encoding = $lang->encoding; 137 break; 138 } 139 } 140} 141elseif (!empty($_SESSION["config"])) { 142 $defaultLang = $_SESSION["config"]->get_defaultLanguage(); 143 foreach ($possibleLanguages as $lang) { 144 if (strpos($defaultLang, $lang->code) === 0) { 145 $_SESSION['language'] = $lang->code; 146 $encoding = $lang->encoding; 147 break; 148 } 149 } 150} 151else { 152 $_SESSION['language'] = 'en_GB.utf8'; 153} 154if (isset($_POST['language'])) { 155 foreach ($possibleLanguages as $lang) { 156 if (strpos($_POST['language'], $lang->code) === 0) { 157 $_SESSION['language'] = $lang->code; 158 $encoding = $lang->encoding; 159 break; 160 } 161 } 162} 163 164$_SESSION['header'] = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\n"; 165$_SESSION['header'] .= "<html>\n<head>\n"; 166$_SESSION['header'] .= "<meta http-equiv=\"content-type\" content=\"text/html; charset=" . $encoding . "\">\n"; 167$_SESSION['header'] .= "<meta http-equiv=\"pragma\" content=\"no-cache\">\n <meta http-equiv=\"cache-control\" content=\"no-cache\">"; 168$manifestUrl = str_replace('/templates/login.php', '', getCallingURL()); 169$manifestUrl = preg_replace('/http(s)?:\\/\\/([^\\/])+/', '', $manifestUrl); 170$manifestUrl = preg_replace('/\\?.*/', '', $manifestUrl); 171$_SESSION['header'] .= '<link rel="manifest" href="' . $manifestUrl . '/templates/manifest.php" crossorigin="use-credentials">'; 172 173setlanguage(); // setting correct language 174 175/** 176 * Displays the login window. 177 * 178 * @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator 179 * @param string $error_message error message to display 180 * @param string $errorDetails error details 181 * @param string $extraMessage extra message that is shown as info 182 */ 183function display_LoginPage($licenseValidator, $error_message, $errorDetails = null, $extraMessage = null) { 184 $config_object = $_SESSION['config']; 185 $cfgMain = $_SESSION["cfgMain"]; 186 logNewMessage(LOG_DEBUG, "Display login page"); 187 // generate 256 bit key and initialization vector for user/passwd-encryption 188 if(function_exists('openssl_random_pseudo_bytes') && ($cfgMain->encryptSession == 'true')) { 189 $key = openssl_random_pseudo_bytes(32); 190 $iv = openssl_random_pseudo_bytes(16); 191 // save both in cookie 192 setcookie("Key", base64_encode($key), 0, "/", null, null, true); 193 setcookie("IV", base64_encode($iv), 0, "/", null, null, true); 194 } 195 196 $profiles = getConfigProfiles(); 197 198 echo $_SESSION["header"]; 199 printHeaderContents('LDAP Account Manager', '..'); 200 ?> 201 </head> 202 <body class="admin"> 203 <?php 204 // include all JavaScript files 205 printJsIncludes('..'); 206 207 // upgrade if pdf/profiles contain single files 208 if (containsFiles('../config/profiles') || containsFiles('../config/pdf')) { 209 $result = testPermissions(); 210 if (sizeof($result) > 0) { 211 StatusMessage('ERROR', 'Unable to migrate configuration files. Please allow write access to these paths:', implode('<br>', $result)); 212 } 213 else { 214 upgradeConfigToServerProfileFolders($profiles); 215 StatusMessage('INFO', 'Config file migration finished.'); 216 } 217 } 218 219 if (isLAMProVersion() && $licenseValidator->isEvaluationLicense()) { 220 StatusMessage('INFO', _('Evaluation Licence')); 221 } 222 ?> 223 224 <table border=0 width="100%" class="lamHeader ui-corner-all"> 225 <tr> 226 <td align="left" height="30" width="34%"> 227 <a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window"> 228 <?php 229 echo getLAMVersionText(); 230 ?> 231 </a> 232 </td> 233 <td align="center" height=30 width="34%"> 234 <span class="hide-for-small"> 235 <a href="http://www.ldap-account-manager.org/lamcms/lamPro"> <?php if (!isLAMProVersion()) { echo _("Want more features? Get LAM Pro!");} ?> </a> 236 </span> 237 </td> 238 <td align="right" height=30 width="34%"> 239 <a class="margin-right5" href="./config/index.php"><IMG alt="configuration" src="../graphics/tools.png"> <span class="hide-for-small"><?php echo _("LAM configuration") ?></span></a> 240 </td> 241 </tr> 242 </table> 243 244 <br> 245 246 <?php 247 if (!empty($config_object)) { 248 // check extensions 249 $extList = getRequiredExtensions(); 250 foreach ($extList as $extension) { 251 if (!extension_loaded($extension)) { 252 StatusMessage("ERROR", "A required PHP extension is missing!", $extension); 253 echo "<br>"; 254 } 255 } 256 // check TLS 257 $useTLS = $config_object->getUseTLS(); 258 if (isset($useTLS) && ($useTLS == "yes")) { 259 if (!function_exists('ldap_start_tls')) { 260 StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!"); 261 echo "<br>"; 262 } 263 } 264 } 265 else { 266 StatusMessage('WARN', _('Please enter the configuration and create a server profile.')); 267 } 268 // check if session expired 269 if (isset($_GET['expired'])) { 270 StatusMessage("ERROR", _("Your session expired, please log in again.")); 271 echo "<br>"; 272 } 273 // check if main config was saved 274 if (isset($_GET['confMainSavedOk'])) { 275 StatusMessage("INFO", _("Your settings were successfully saved.")); 276 echo "<br>"; 277 } 278 // check if a server profile was saved 279 if (isset($_GET['configSaveOk'])) { 280 StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['configSaveFile'])); 281 echo "<br>"; 282 } 283 elseif (isset($_GET['configSaveFailed'])) { 284 StatusMessage("ERROR", _("Cannot open config file!"), htmlspecialchars($_GET['configSaveFile'])); 285 echo "<br>"; 286 } 287 // check if self service was saved 288 if (isset($_GET['selfserviceSaveOk'])) { 289 StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk'])); 290 echo "<br>"; 291 } 292 if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) { 293 StatusMessage('ERROR', _("Unable to start 2-factor authentication.")); 294 echo "<br>"; 295 } 296 elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) { 297 StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found.")); 298 echo "<br>"; 299 } 300 if (!empty($config_object)) { 301 ?> 302 <br><br> 303 <div class="centeredTable"> 304 <div class="roundedShadowBox limitWidth" style="position:relative; z-index:5;"> 305 <table border="0" rules="none" bgcolor="white" class="ui-corner-all"> 306 <tr> 307 <td class="loginLogo hide-for-small" style="border-style:none" rowspan="3"> 308 </td> 309 <td style="border-style:none"> 310 <form action="login.php" method="post"> 311 <?php 312 $tabindex = 1; 313 $row = new htmlResponsiveRow(); 314 $row->add(new htmlSpacer(null, '30px'), 0, 12, 12); 315 // user name 316 $row->addLabel(new htmlOutputText(_("User name"))); 317 if ($config_object->getLoginMethod() == LAMConfig::LOGIN_LIST) { 318 $admins = $config_object->get_Admins(); 319 $adminList = array(); 320 foreach ($admins as $admin) { 321 $text = explode(",", $admin); 322 $text = explode("=", $text[0]); 323 if (isset($text[1])) { 324 $adminList[$text[1]] = $admin; 325 } 326 else { 327 $adminList[$text[0]] = $admin; 328 } 329 } 330 $selectedAdmin = array(); 331 if (isset($_POST['username']) && in_array($_POST['username'], $adminList)) { 332 $selectedAdmin = array($_POST['username']); 333 } 334 $userSelect = new htmlSelect('username', $adminList, $selectedAdmin); 335 $userSelect->setHasDescriptiveElements(true); 336 $userSelect->setTransformSingleSelect(false); 337 if (empty($_COOKIE['lam_login_name'])) { 338 $userSelect->setCSSClasses(array('lam-initial-focus')); 339 } 340 $row->addField(new htmlDiv(null, $userSelect)); 341 } 342 else { 343 if ($config_object->getHttpAuthentication() == 'true') { 344 $httpAuth = new htmlDiv(null, new htmlOutputText($_SERVER['PHP_AUTH_USER'] . ' ', false)); 345 $httpAuth->setCSSClasses(array('text-left', 'margin3')); 346 $row->addField($httpAuth); 347 } 348 else { 349 $user = ''; 350 if (isset($_COOKIE["lam_login_name"])) { 351 $user = $_COOKIE["lam_login_name"]; 352 } 353 $userNameInput = new htmlInputField('username', $user); 354 if (empty($_COOKIE['lam_login_name'])) { 355 $userNameInput->setCSSClasses(array('lam-initial-focus')); 356 } 357 $userInput = new htmlDiv(null, $userNameInput); 358 $row->addField($userInput); 359 } 360 } 361 // password 362 $row->addLabel(new \htmlOutputText(_("Password"))); 363 if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($config_object->getHttpAuthentication() == 'true')) { 364 $passwordInputFake = new htmlDiv(null, new htmlOutputText('**********')); 365 $passwordInputFake->setCSSClasses(array('text-left', 'margin3')); 366 $row->addField($passwordInputFake); 367 } 368 else { 369 $passwordInput = new htmlInputField('passwd'); 370 $passwordInput->setIsPassword(true); 371 if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !empty($_COOKIE['lam_login_name'])) { 372 $passwordInput->setCSSClasses(array('lam-initial-focus')); 373 } 374 $row->addField($passwordInput); 375 } 376 // language 377 $row->addLabel(new htmlOutputText(_("Language"))); 378 $possibleLanguages = getLanguages(); 379 $languageList = array(); 380 $defaultLanguage = array(); 381 foreach ($possibleLanguages as $lang) { 382 $languageList[$lang->description] = $lang->code; 383 if (strpos(trim($_SESSION["language"]), $lang->code) === 0) { 384 $defaultLanguage[] = $lang->code; 385 } 386 } 387 $languageSelect = new htmlSelect('language', $languageList, $defaultLanguage); 388 $languageSelect->setHasDescriptiveElements(true); 389 $row->addField($languageSelect, true); 390 // remember login user 391 if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !($config_object->getHttpAuthentication() == 'true')) { 392 $row->add(new htmlOutputText(' ', false), 0, 6, 6); 393 $rememberGroup = new htmlGroup(); 394 $doRemember = false; 395 if (isset($_COOKIE["lam_login_name"])) { 396 $doRemember = true; 397 } 398 $rememberGroup->addElement(new htmlInputCheckbox('rememberLogin', $doRemember)); 399 $rememberGroup->addElement(new htmlSpacer('1px', null)); 400 $rememberGroup->addElement(new htmlOutputText(_('Remember user name'))); 401 $rememberDiv = new htmlDiv(null, $rememberGroup); 402 $rememberDiv->setCSSClasses(array('text-left', 'margin3')); 403 $row->add($rememberDiv, 12, 6, 6); 404 } 405 // login button 406 $row->add(new htmlSpacer(null, '20px'), 12); 407 $row->add(new htmlButton('checklogin', _("Login")), 12); 408 409 parseHtml(null, $row, array(), false, $tabindex, 'user'); 410 ?> 411 </form> 412 </td> 413 <td class="loginRightBox hide-for-small" style="border-style:none"> 414 </td> 415 </tr> 416 <tr> 417 <td colspan="2" style="border-style:none;"> 418 <?php 419 $row = new htmlResponsiveRow(); 420 // error message 421 if (!empty($error_message)) { 422 $row->add(new \htmlSpacer(null, '5px'), 12); 423 $message = new htmlStatusMessage('ERROR', $error_message, $errorDetails); 424 $row->add($message, 12); 425 } 426 if (!empty($extraMessage)) { 427 $extraMessage = new htmlStatusMessage('INFO', $extraMessage); 428 $row->add($extraMessage, 12); 429 } 430 parseHtml(null, $row, array(), false, $tabindex, 'user'); 431 ?> 432 <hr class="margin20"> 433 </td> 434 </tr> 435 <tr> 436 <td style="border-style:none;"> 437 <form action="login.php" method="post"> 438 <?php 439 $row = new htmlResponsiveRow(); 440 $row->addLabel(new htmlOutputText(_("LDAP server"))); 441 $serverUrl = new htmlOutputText($config_object->getServerDisplayNameGUI()); 442 $serverUrlDiv = new htmlDiv(null, $serverUrl); 443 $serverUrlDiv->setCSSClasses(array('text-left', 'margin3')); 444 $row->addField($serverUrlDiv); 445 $row->addLabel(new htmlOutputText(_("Server profile"))); 446 $profileSelect = new htmlSelect('profile', $profiles, array($_SESSION['config']->getName())); 447 $profileSelect->setOnchangeEvent('loginProfileChanged(this)'); 448 $row->addField($profileSelect); 449 450 parseHtml(null, $row, array(), true, $tabindex, 'user'); 451 ?> 452 </form> 453 </td> 454 <td class="loginRightBox hide-for-small" style="border-style:none"> 455 </td> 456 </tr> 457 </table> 458 </div> 459 </div> 460 <?php 461 } 462 ?> 463 <br><br> 464 <?PHP 465 if (isLAMProVersion() && $licenseValidator->isExpiringSoon()) { 466 $expirationDate = $licenseValidator->getLicense()->getExpirationDate()->format('Y-m-d'); 467 $expirationTimeStamp = $licenseValidator->getLicense()->getExpirationDate()->getTimestamp(); 468 if ($cfgMain->showLicenseWarningOnScreen()) { 469 $licenseMessage = sprintf(_('Your licence expires on %s. You need to purchase a new licence to be able to use LAM Pro after this date.'), $expirationDate); 470 StatusMessage('WARN', $licenseMessage); 471 } 472 if ($cfgMain->sendLicenseWarningByEmail() && !$cfgMain->wasLicenseWarningSent($expirationTimeStamp)) { 473 $cfgMain->licenseEmailDateSent = $expirationTimeStamp; 474 $cfgMain->save(); 475 $mailer = new \LAM\ENV\LicenseWarningMailer($cfgMain); 476 $mailer->sendMail($expirationDate); 477 } 478 } 479 ?> 480 <br><br> 481 </body> 482</html> 483<?php 484} 485 486// checking if the submitted username/password is correct. 487if(isset($_POST['checklogin'])) { 488 include_once(__DIR__ . "/../lib/ldap.inc"); // Include ldap.php which provides Ldap class 489 490 $_SESSION['ldap'] = new Ldap($_SESSION['config']); // Create new Ldap object 491 492 $clientSource = $_SERVER['REMOTE_ADDR']; 493 if (isset($_SERVER['REMOTE_HOST'])) { 494 $clientSource .= '/' . $_SERVER['REMOTE_HOST']; 495 } 496 if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) { 497 $username = $_SERVER['PHP_AUTH_USER']; 498 $password = $_SERVER['PHP_AUTH_PW']; 499 } 500 else { 501 if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) { 502 setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365, '/', null, null, true); 503 } 504 else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) { 505 setcookie('lam_login_name', '', time() + 60*60*24*365, '/', null, null, true); 506 } 507 if($_POST['passwd'] == "") { 508 logNewMessage(LOG_DEBUG, "Empty password for login"); 509 $error_message = _("Empty password submitted. Please try again."); 510 display_LoginPage($licenseValidator, $error_message); // Empty password submitted. Return to login page. 511 exit(); 512 } 513 $username = $_POST['username']; 514 $password = $_POST['passwd']; 515 } 516 // search user in LDAP if needed 517 $searchLDAP = null; 518 if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) { 519 $searchFilter = $_SESSION['config']->getLoginSearchFilter(); 520 $searchFilter = str_replace('%USER%', $username, $searchFilter); 521 $searchDN = ''; 522 $searchPassword = ''; 523 $configLoginSearchDn = $_SESSION['config']->getLoginSearchDN(); 524 if (!empty($configLoginSearchDn)) { 525 $searchDN = $configLoginSearchDn; 526 $searchPassword = $_SESSION['config']->getLoginSearchPassword(); 527 } 528 $searchSuccess = true; 529 $searchError = ''; 530 $searchLDAP = new Ldap($_SESSION['config']); 531 try { 532 $searchLDAP->connect($searchDN, $searchPassword, true); 533 $searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER); 534 if ($searchResult) { 535 $searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult); 536 if ($searchInfo) { 537 cleanLDAPResult($searchInfo); 538 if (sizeof($searchInfo) == 0) { 539 $searchSuccess = false; 540 $searchError = _('Wrong password/user name combination. Please try again.'); 541 } 542 elseif (sizeof($searchInfo) > 1) { 543 $searchSuccess = false; 544 $searchError = _('The given user name matches multiple LDAP entries.'); 545 } 546 else { 547 $username = $searchInfo[0]['dn']; 548 } 549 } 550 else { 551 $searchSuccess = false; 552 $searchError = _('Unable to find the user name in LDAP.'); 553 if (ldap_errno($searchLDAP->server()) != 0) { 554 $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server()); 555 } 556 } 557 } 558 else { 559 $searchSuccess = false; 560 $searchError = _('Unable to find the user name in LDAP.'); 561 if (ldap_errno($searchLDAP->server()) != 0) { 562 $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server()); 563 } 564 } 565 if (!$searchSuccess) { 566 $error_message = $searchError; 567 logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . ''); 568 $searchLDAP->close(); 569 display_LoginPage($licenseValidator, $error_message); 570 exit(); 571 } 572 $searchLDAP->close(); 573 } 574 catch (LAMException $e) { 575 $searchLDAP->close(); 576 display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage()); 577 exit(); 578 } 579 } 580 // try to connect to LDAP 581 try { 582 $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password 583 $_SESSION['loggedIn'] = true; 584 // set security settings for session 585 $_SESSION['sec_session_id'] = session_id(); 586 $_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR']; 587 $_SESSION['sec_sessionTime'] = time(); 588 addSecurityTokenToSession(); 589 // logging 590 logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.'); 591 // Load main frame or 2 factor page 592 if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) { 593 metaRefresh("./main.php"); 594 } 595 else { 596 $_SESSION['2factorRequired'] = true; 597 metaRefresh("./login2Factor.php"); 598 } 599 die(); 600 } 601 catch (LAMException $e) { 602 $extraMessage = null; 603 if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) { 604 $extraMessage = getExtraInvalidCredentialsMessage($searchLDAP->server(), $username); 605 $searchLDAP->close(); 606 } 607 display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage); 608 exit(); 609 } 610} 611 612//displays the login window 613display_LoginPage($licenseValidator, $error_message); 614?> 615