1<?php
2namespace LAM\LOGIN;
3use LAM\LIB\TWO_FACTOR\TwoFactorProviderService;
4use \LAMConfig;
5use \LAMCfgMain;
6use \htmlSpacer;
7use \htmlOutputText;
8use \htmlSelect;
9use \htmlInputField;
10use \htmlGroup;
11use \htmlInputCheckbox;
12use \htmlButton;
13use \htmlStatusMessage;
14use LAMException;
15use \Ldap;
16use \htmlResponsiveRow;
17use \htmlDiv;
18/*
19
20  This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
21  Copyright (C) 2003 - 2006  Michael Duergner
22                2005 - 2020  Roland Gruber
23
24  This program is free software; you can redistribute it and/or modify
25  it under the terms of the GNU General Public License as published by
26  the Free Software Foundation; either version 2 of the License, or
27  (at your option) any later version.
28
29  This program is distributed in the hope that it will be useful,
30  but WITHOUT ANY WARRANTY; without even the implied warranty of
31  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
32  GNU General Public License for more details.
33
34  You should have received a copy of the GNU General Public License
35  along with this program; if not, write to the Free Software
36  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
37
38*/
39
40/**
41* Login form of LDAP Account Manager.
42*
43* @author Michael Duergner
44* @author Roland Gruber
45* @package main
46*/
47
48/** status messages */
49include_once(__DIR__ . "/../lib/status.inc");
50
51/** check environment */
52include __DIR__ . '/../lib/checkEnvironment.inc';
53
54/** security functions */
55include_once(__DIR__ . "/../lib/security.inc");
56/** self service functions */
57include_once(__DIR__ . "/../lib/selfService.inc");
58/** access to configuration options */
59include_once(__DIR__ . "/../lib/config.inc");
60$licenseValidator = null;
61if (isLAMProVersion()) {
62	include_once(__DIR__ . "/../lib/env.inc");
63	$licenseValidator = new \LAM\ENV\LAMLicenseValidator();
64	$licenseValidator->validateAndRedirect('config/mainlogin.php?invalidLicense=1', 'config/mainlogin.php?invalidLicense=2');
65}
66
67/** Upgrade functions */
68include_once(__DIR__ . "/../lib/upgrade.inc");
69
70// set session save path
71if (strtolower(session_module_name()) == 'files') {
72	session_save_path(dirname(__FILE__) . '/../sess');
73}
74
75// start empty session and change ID for security reasons
76lam_start_session();
77session_destroy();
78lam_start_session();
79session_regenerate_id(true);
80
81$profiles = getConfigProfiles();
82
83// save last selected login profile
84if (isset($_GET['useProfile'])) {
85	if (in_array($_GET['useProfile'], $profiles)) {
86		setcookie("lam_default_profile", $_GET['useProfile'], time() + 365*60*60*24, '/', null, null, true);
87	}
88	else {
89		unset($_GET['useProfile']);
90	}
91}
92
93// save last selected language
94if (isset($_POST['language'])) {
95	setcookie('lam_last_language', htmlspecialchars($_POST['language']), time() + 365*60*60*24, '/', null, null, true);
96}
97
98// init some session variables
99$default_Config = new LAMCfgMain();
100$_SESSION["cfgMain"] = $default_Config;
101setSSLCaCert();
102
103$default_Profile = $default_Config->default;
104if(isset($_COOKIE["lam_default_profile"]) && in_array($_COOKIE["lam_default_profile"], $profiles)) {
105	$default_Profile = $_COOKIE["lam_default_profile"];
106}
107// Reload loginpage after a profile change
108if(isset($_GET['useProfile']) && in_array($_GET['useProfile'], $profiles)) {
109	logNewMessage(LOG_DEBUG, "Change server profile to " . $_GET['useProfile']);
110	$_SESSION['config'] = new LAMConfig($_GET['useProfile']); // Recreate the config object with the submitted
111}
112// Load login page
113elseif (!empty($default_Profile) && in_array($default_Profile, $profiles)) {
114	$_SESSION["config"] = new LAMConfig($default_Profile); // Create new Config object
115}
116else if (sizeof($profiles) > 0) {
117	// use first profile as fallback
118	$_SESSION["config"] = new LAMConfig($profiles[0]);
119}
120else {
121	$_SESSION["config"] = null;
122}
123
124$error_message = null;
125
126if (!isset($default_Config->default) || !in_array($default_Config->default, $profiles)) {
127	$error_message = _('No default profile set. Please set it in the server profile configuration.');
128}
129
130$possibleLanguages = getLanguages();
131$encoding = 'UTF-8';
132if (isset($_COOKIE['lam_last_language'])) {
133	foreach ($possibleLanguages as $lang) {
134		if (strpos($_COOKIE['lam_last_language'], $lang->code) === 0) {
135			$_SESSION['language'] = $lang->code;
136			$encoding = $lang->encoding;
137			break;
138		}
139	}
140}
141elseif (!empty($_SESSION["config"])) {
142	$defaultLang = $_SESSION["config"]->get_defaultLanguage();
143	foreach ($possibleLanguages as $lang) {
144		if (strpos($defaultLang, $lang->code) === 0) {
145			$_SESSION['language'] = $lang->code;
146			$encoding = $lang->encoding;
147			break;
148		}
149	}
150}
151else {
152	$_SESSION['language'] = 'en_GB.utf8';
153}
154if (isset($_POST['language'])) {
155	foreach ($possibleLanguages as $lang) {
156		if (strpos($_POST['language'], $lang->code) === 0) {
157			$_SESSION['language'] = $lang->code;
158			$encoding = $lang->encoding;
159			break;
160		}
161	}
162}
163
164$_SESSION['header'] = "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n\n";
165$_SESSION['header'] .= "<html>\n<head>\n";
166$_SESSION['header'] .= "<meta http-equiv=\"content-type\" content=\"text/html; charset=" . $encoding . "\">\n";
167$_SESSION['header'] .= "<meta http-equiv=\"pragma\" content=\"no-cache\">\n		<meta http-equiv=\"cache-control\" content=\"no-cache\">";
168$manifestUrl = str_replace('/templates/login.php', '', getCallingURL());
169$manifestUrl = preg_replace('/http(s)?:\\/\\/([^\\/])+/', '', $manifestUrl);
170$manifestUrl = preg_replace('/\\?.*/', '', $manifestUrl);
171$_SESSION['header'] .= '<link rel="manifest" href="' . $manifestUrl . '/templates/manifest.php" crossorigin="use-credentials">';
172
173setlanguage(); // setting correct language
174
175/**
176 * Displays the login window.
177 *
178 * @param \LAM\ENV\LAMLicenseValidator $licenseValidator license validator
179 * @param string $error_message error message to display
180 * @param string $errorDetails error details
181 * @param string $extraMessage extra message that is shown as info
182 */
183function display_LoginPage($licenseValidator, $error_message, $errorDetails = null, $extraMessage = null) {
184	$config_object = $_SESSION['config'];
185	$cfgMain = $_SESSION["cfgMain"];
186	logNewMessage(LOG_DEBUG, "Display login page");
187	// generate 256 bit key and initialization vector for user/passwd-encryption
188	if(function_exists('openssl_random_pseudo_bytes') && ($cfgMain->encryptSession == 'true')) {
189		$key = openssl_random_pseudo_bytes(32);
190		$iv = openssl_random_pseudo_bytes(16);
191		// save both in cookie
192		setcookie("Key", base64_encode($key), 0, "/", null, null, true);
193		setcookie("IV", base64_encode($iv), 0, "/", null, null, true);
194	}
195
196	$profiles = getConfigProfiles();
197
198	echo $_SESSION["header"];
199	printHeaderContents('LDAP Account Manager', '..');
200	?>
201	</head>
202	<body class="admin">
203	<?php
204	// include all JavaScript files
205	printJsIncludes('..');
206
207	// upgrade if pdf/profiles contain single files
208	if (containsFiles('../config/profiles') || containsFiles('../config/pdf')) {
209		$result = testPermissions();
210		if (sizeof($result) > 0) {
211		    StatusMessage('ERROR', 'Unable to migrate configuration files. Please allow write access to these paths:', implode('<br>', $result));
212		}
213		else {
214			upgradeConfigToServerProfileFolders($profiles);
215			StatusMessage('INFO', 'Config file migration finished.');
216		}
217	}
218
219	if (isLAMProVersion() && $licenseValidator->isEvaluationLicense()) {
220		StatusMessage('INFO', _('Evaluation Licence'));
221	}
222	?>
223
224		<table border=0 width="100%" class="lamHeader ui-corner-all">
225			<tr>
226				<td align="left" height="30" width="34%">
227					<a class="lamLogo" href="http://www.ldap-account-manager.org/" target="new_window">
228					<?php
229						echo getLAMVersionText();
230					?>
231					</a>
232				</td>
233				<td align="center" height=30 width="34%">
234					<span class="hide-for-small">
235						<a href="http://www.ldap-account-manager.org/lamcms/lamPro"> <?php if (!isLAMProVersion()) { echo _("Want more features? Get LAM Pro!");} ?> </a>
236					</span>
237				</td>
238				<td align="right" height=30 width="34%">
239					<a class="margin-right5" href="./config/index.php"><IMG alt="configuration" src="../graphics/tools.png">&nbsp;<span class="hide-for-small"><?php echo _("LAM configuration") ?></span></a>
240				</td>
241			</tr>
242		</table>
243
244		<br>
245
246		<?php
247		if (!empty($config_object)) {
248			// check extensions
249			$extList = getRequiredExtensions();
250			foreach ($extList as $extension) {
251				if (!extension_loaded($extension)) {
252					StatusMessage("ERROR", "A required PHP extension is missing!", $extension);
253					echo "<br>";
254				}
255			}
256			// check TLS
257			$useTLS = $config_object->getUseTLS();
258			if (isset($useTLS) && ($useTLS == "yes")) {
259				if (!function_exists('ldap_start_tls')) {
260					StatusMessage("ERROR", "Your PHP installation does not support TLS encryption!");
261					echo "<br>";
262				}
263			}
264		}
265		else {
266			StatusMessage('WARN', _('Please enter the configuration and create a server profile.'));
267		}
268		// check if session expired
269		if (isset($_GET['expired'])) {
270			StatusMessage("ERROR", _("Your session expired, please log in again."));
271			echo "<br>";
272		}
273		// check if main config was saved
274		if (isset($_GET['confMainSavedOk'])) {
275			StatusMessage("INFO", _("Your settings were successfully saved."));
276			echo "<br>";
277		}
278		// check if a server profile was saved
279		if (isset($_GET['configSaveOk'])) {
280			StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['configSaveFile']));
281			echo "<br>";
282		}
283		elseif (isset($_GET['configSaveFailed'])) {
284			StatusMessage("ERROR", _("Cannot open config file!"), htmlspecialchars($_GET['configSaveFile']));
285			echo "<br>";
286		}
287		// check if self service was saved
288		if (isset($_GET['selfserviceSaveOk'])) {
289			StatusMessage("INFO", _("Your settings were successfully saved."), htmlspecialchars($_GET['selfserviceSaveOk']));
290			echo "<br>";
291		}
292		if (isset($_GET['2factor']) && ($_GET['2factor'] == 'error')) {
293			StatusMessage('ERROR', _("Unable to start 2-factor authentication."));
294			echo "<br>";
295		}
296		elseif (isset($_GET['2factor']) && ($_GET['2factor'] == 'noToken')) {
297			StatusMessage('ERROR', _("Unable to start 2-factor authentication because no tokens were found."));
298			echo "<br>";
299		}
300		if (!empty($config_object)) {
301		?>
302		<br><br>
303		<div class="centeredTable">
304		<div class="roundedShadowBox limitWidth" style="position:relative; z-index:5;">
305		<table border="0" rules="none" bgcolor="white" class="ui-corner-all">
306			<tr>
307				<td class="loginLogo hide-for-small" style="border-style:none" rowspan="3">
308				</td>
309				<td style="border-style:none">
310					<form action="login.php" method="post">
311						<?php
312							$tabindex = 1;
313							$row = new htmlResponsiveRow();
314							$row->add(new htmlSpacer(null, '30px'), 0, 12, 12);
315							// user name
316							$row->addLabel(new htmlOutputText(_("User name")));
317							if ($config_object->getLoginMethod() == LAMConfig::LOGIN_LIST) {
318								$admins = $config_object->get_Admins();
319								$adminList = array();
320								foreach ($admins as $admin) {
321									$text = explode(",", $admin);
322									$text = explode("=", $text[0]);
323									if (isset($text[1])) {
324										$adminList[$text[1]] = $admin;
325									}
326									else {
327										$adminList[$text[0]] = $admin;
328									}
329								}
330								$selectedAdmin = array();
331								if (isset($_POST['username']) && in_array($_POST['username'], $adminList)) {
332									$selectedAdmin = array($_POST['username']);
333								}
334								$userSelect = new htmlSelect('username', $adminList, $selectedAdmin);
335								$userSelect->setHasDescriptiveElements(true);
336								$userSelect->setTransformSingleSelect(false);
337								if (empty($_COOKIE['lam_login_name'])) {
338									$userSelect->setCSSClasses(array('lam-initial-focus'));
339								}
340								$row->addField(new htmlDiv(null, $userSelect));
341							}
342							else {
343								if ($config_object->getHttpAuthentication() == 'true') {
344									$httpAuth = new htmlDiv(null, new htmlOutputText($_SERVER['PHP_AUTH_USER'] . '&nbsp;', false));
345									$httpAuth->setCSSClasses(array('text-left', 'margin3'));
346									$row->addField($httpAuth);
347								}
348								else {
349									$user = '';
350									if (isset($_COOKIE["lam_login_name"])) {
351										$user = $_COOKIE["lam_login_name"];
352									}
353									$userNameInput = new htmlInputField('username', $user);
354									if (empty($_COOKIE['lam_login_name'])) {
355										$userNameInput->setCSSClasses(array('lam-initial-focus'));
356									}
357									$userInput = new htmlDiv(null, $userNameInput);
358									$row->addField($userInput);
359								}
360							}
361							// password
362							$row->addLabel(new \htmlOutputText(_("Password")));
363							if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($config_object->getHttpAuthentication() == 'true')) {
364								$passwordInputFake = new htmlDiv(null, new htmlOutputText('**********'));
365								$passwordInputFake->setCSSClasses(array('text-left', 'margin3'));
366								$row->addField($passwordInputFake);
367							}
368							else {
369								$passwordInput = new htmlInputField('passwd');
370								$passwordInput->setIsPassword(true);
371								if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !empty($_COOKIE['lam_login_name'])) {
372									$passwordInput->setCSSClasses(array('lam-initial-focus'));
373								}
374								$row->addField($passwordInput);
375							}
376							// language
377							$row->addLabel(new htmlOutputText(_("Language")));
378							$possibleLanguages = getLanguages();
379							$languageList = array();
380							$defaultLanguage = array();
381							foreach ($possibleLanguages as $lang) {
382								$languageList[$lang->description] = $lang->code;
383								if (strpos(trim($_SESSION["language"]), $lang->code) === 0) {
384									$defaultLanguage[] = $lang->code;
385								}
386							}
387							$languageSelect = new htmlSelect('language', $languageList, $defaultLanguage);
388							$languageSelect->setHasDescriptiveElements(true);
389							$row->addField($languageSelect, true);
390							// remember login user
391							if (($config_object->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && !($config_object->getHttpAuthentication() == 'true')) {
392								$row->add(new htmlOutputText('&nbsp;', false), 0, 6, 6);
393								$rememberGroup = new htmlGroup();
394								$doRemember = false;
395								if (isset($_COOKIE["lam_login_name"])) {
396									$doRemember = true;
397								}
398								$rememberGroup->addElement(new htmlInputCheckbox('rememberLogin', $doRemember));
399								$rememberGroup->addElement(new htmlSpacer('1px', null));
400								$rememberGroup->addElement(new htmlOutputText(_('Remember user name')));
401								$rememberDiv = new htmlDiv(null, $rememberGroup);
402								$rememberDiv->setCSSClasses(array('text-left', 'margin3'));
403								$row->add($rememberDiv, 12, 6, 6);
404							}
405							// login button
406							$row->add(new htmlSpacer(null, '20px'), 12);
407							$row->add(new htmlButton('checklogin', _("Login")), 12);
408
409							parseHtml(null, $row, array(), false, $tabindex, 'user');
410						?>
411					</form>
412				</td>
413				<td class="loginRightBox hide-for-small" style="border-style:none">
414				</td>
415			</tr>
416			<tr>
417				<td colspan="2" style="border-style:none;">
418                    <?php
419                    $row = new htmlResponsiveRow();
420                    // error message
421                    if (!empty($error_message)) {
422	                    $row->add(new \htmlSpacer(null, '5px'), 12);
423	                    $message = new htmlStatusMessage('ERROR', $error_message, $errorDetails);
424	                    $row->add($message, 12);
425                    }
426                    if (!empty($extraMessage)) {
427	                    $extraMessage = new htmlStatusMessage('INFO', $extraMessage);
428	                    $row->add($extraMessage, 12);
429                    }
430                    parseHtml(null, $row, array(), false, $tabindex, 'user');
431                    ?>
432					<hr class="margin20">
433				</td>
434			</tr>
435			<tr>
436				<td style="border-style:none;">
437					<form action="login.php" method="post">
438					<?php
439						$row = new htmlResponsiveRow();
440						$row->addLabel(new htmlOutputText(_("LDAP server")));
441						$serverUrl = new htmlOutputText($config_object->getServerDisplayNameGUI());
442						$serverUrlDiv = new htmlDiv(null, $serverUrl);
443						$serverUrlDiv->setCSSClasses(array('text-left', 'margin3'));
444						$row->addField($serverUrlDiv);
445						$row->addLabel(new htmlOutputText(_("Server profile")));
446						$profileSelect = new htmlSelect('profile', $profiles, array($_SESSION['config']->getName()));
447						$profileSelect->setOnchangeEvent('loginProfileChanged(this)');
448						$row->addField($profileSelect);
449
450						parseHtml(null, $row, array(), true, $tabindex, 'user');
451					?>
452					</form>
453				</td>
454				<td class="loginRightBox hide-for-small" style="border-style:none">
455				</td>
456			</tr>
457		</table>
458		</div>
459		</div>
460		<?php
461		}
462		?>
463		<br><br>
464		<?PHP
465			if (isLAMProVersion() && $licenseValidator->isExpiringSoon()) {
466				$expirationDate = $licenseValidator->getLicense()->getExpirationDate()->format('Y-m-d');
467				$expirationTimeStamp = $licenseValidator->getLicense()->getExpirationDate()->getTimestamp();
468				if ($cfgMain->showLicenseWarningOnScreen()) {
469					$licenseMessage = sprintf(_('Your licence expires on %s. You need to purchase a new licence to be able to use LAM Pro after this date.'), $expirationDate);
470					StatusMessage('WARN', $licenseMessage);
471				}
472				if ($cfgMain->sendLicenseWarningByEmail() && !$cfgMain->wasLicenseWarningSent($expirationTimeStamp)) {
473				    $cfgMain->licenseEmailDateSent = $expirationTimeStamp;
474				    $cfgMain->save();
475					$mailer = new \LAM\ENV\LicenseWarningMailer($cfgMain);
476					$mailer->sendMail($expirationDate);
477				}
478			}
479		?>
480		<br><br>
481	</body>
482</html>
483<?php
484}
485
486// checking if the submitted username/password is correct.
487if(isset($_POST['checklogin'])) {
488	include_once(__DIR__ . "/../lib/ldap.inc"); // Include ldap.php which provides Ldap class
489
490	$_SESSION['ldap'] = new Ldap($_SESSION['config']); // Create new Ldap object
491
492	$clientSource = $_SERVER['REMOTE_ADDR'];
493	if (isset($_SERVER['REMOTE_HOST'])) {
494		$clientSource .= '/' . $_SERVER['REMOTE_HOST'];
495	}
496	if (($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) && ($_SESSION['config']->getHttpAuthentication() == 'true')) {
497		$username = $_SERVER['PHP_AUTH_USER'];
498		$password = $_SERVER['PHP_AUTH_PW'];
499	}
500	else {
501		if (isset($_POST['rememberLogin']) && ($_POST['rememberLogin'] == 'on')) {
502			setcookie('lam_login_name', $_POST['username'], time() + 60*60*24*365, '/', null, null, true);
503		}
504		else if (isset($_COOKIE['lam_login_name']) && ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH)) {
505			setcookie('lam_login_name', '', time() + 60*60*24*365, '/', null, null, true);
506		}
507		if($_POST['passwd'] == "") {
508			logNewMessage(LOG_DEBUG, "Empty password for login");
509			$error_message = _("Empty password submitted. Please try again.");
510			display_LoginPage($licenseValidator, $error_message); // Empty password submitted. Return to login page.
511			exit();
512		}
513		$username = $_POST['username'];
514		$password = $_POST['passwd'];
515	}
516	// search user in LDAP if needed
517    $searchLDAP = null;
518	if ($_SESSION['config']->getLoginMethod() == LAMConfig::LOGIN_SEARCH) {
519		$searchFilter = $_SESSION['config']->getLoginSearchFilter();
520		$searchFilter = str_replace('%USER%', $username, $searchFilter);
521		$searchDN = '';
522		$searchPassword = '';
523		$configLoginSearchDn = $_SESSION['config']->getLoginSearchDN();
524		if (!empty($configLoginSearchDn)) {
525			$searchDN = $configLoginSearchDn;
526			$searchPassword = $_SESSION['config']->getLoginSearchPassword();
527		}
528		$searchSuccess = true;
529		$searchError = '';
530		$searchLDAP = new Ldap($_SESSION['config']);
531		try {
532			$searchLDAP->connect($searchDN, $searchPassword, true);
533            $searchResult = ldap_search($searchLDAP->server(), $_SESSION['config']->getLoginSearchSuffix(), $searchFilter, array('dn'), 0, 0, 0, LDAP_DEREF_NEVER);
534            if ($searchResult) {
535                $searchInfo = ldap_get_entries($searchLDAP->server(), $searchResult);
536                if ($searchInfo) {
537                    cleanLDAPResult($searchInfo);
538                    if (sizeof($searchInfo) == 0) {
539                        $searchSuccess = false;
540                        $searchError = _('Wrong password/user name combination. Please try again.');
541                    }
542                    elseif (sizeof($searchInfo) > 1) {
543                        $searchSuccess = false;
544                        $searchError = _('The given user name matches multiple LDAP entries.');
545                    }
546                    else {
547                        $username = $searchInfo[0]['dn'];
548                    }
549                }
550                else {
551                    $searchSuccess = false;
552                    $searchError = _('Unable to find the user name in LDAP.');
553                    if (ldap_errno($searchLDAP->server()) != 0) {
554                        $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
555                    }
556                }
557            }
558            else {
559                $searchSuccess = false;
560                $searchError = _('Unable to find the user name in LDAP.');
561                if (ldap_errno($searchLDAP->server()) != 0) {
562                    $searchError .= ' ' . getDefaultLDAPErrorString($searchLDAP->server());
563                }
564            }
565			if (!$searchSuccess) {
566				$error_message = $searchError;
567				logNewMessage(LOG_ERR, 'User ' . $username . ' (' . $clientSource . ') failed to log in. ' . $searchError . '');
568				$searchLDAP->close();
569				display_LoginPage($licenseValidator, $error_message);
570				exit();
571			}
572			$searchLDAP->close();
573		}
574        catch (LAMException $e) {
575	        $searchLDAP->close();
576	        display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage());
577	        exit();
578        }
579	}
580	// try to connect to LDAP
581    try {
582	    $_SESSION['ldap']->connect($username, $password); // Connect to LDAP server for verifying username/password
583		$_SESSION['loggedIn'] = true;
584		// set security settings for session
585		$_SESSION['sec_session_id'] = session_id();
586		$_SESSION['sec_client_ip'] = $_SERVER['REMOTE_ADDR'];
587		$_SESSION['sec_sessionTime'] = time();
588		addSecurityTokenToSession();
589		// logging
590		logNewMessage(LOG_NOTICE, 'User ' . $username . ' (' . $clientSource . ') successfully logged in.');
591		// Load main frame or 2 factor page
592		if ($_SESSION['config']->getTwoFactorAuthentication() == TwoFactorProviderService::TWO_FACTOR_NONE) {
593			metaRefresh("./main.php");
594		}
595		else {
596			$_SESSION['2factorRequired'] = true;
597			metaRefresh("./login2Factor.php");
598		}
599		die();
600	}
601	catch (LAMException $e) {
602		$extraMessage = null;
603		if (($searchLDAP !== null) && ($e->getLdapErrorCode() == 49)) {
604			$extraMessage = getExtraInvalidCredentialsMessage($searchLDAP->server(), $username);
605			$searchLDAP->close();
606		}
607		display_LoginPage($licenseValidator, $e->getTitle(), $e->getMessage(), $extraMessage);
608		exit();
609    }
610}
611
612//displays the login window
613display_LoginPage($licenseValidator, $error_message);
614?>
615