Author: jfthomps
Date: Wed Jan 20 21:26:35 2010
New Revision: 901386
URL: http://svn.apache.org/viewvc?rev=901386&view=rev
Log:
VCL-292
VCL-293
VCL-294
modified selectAuth
-added option to save selected authmethod
modified printLoginPageWithSkin
-added optional parameter severtimeout to distinguish if function is being
called because of a timeout condition - defaults to 0
modified printLoginPage
-added optional parameter severtimeout to distinguish if function is being
called because of a timeout condition - defaults to 0
modified ldapLogin
-added code to perform a socket connection to ldap server before calling
ldap_connect
-added several calls to addLoginLog
modified localLogin
-added calls to addLoginLog
created addLoginLog function
Modified:
incubator/vcl/trunk/web/.ht-inc/authentication.php
Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php
URL:
http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authentication.php?rev=901386&r1=901385&r2=901386&view=diff
==============================================================================
--- incubator/vcl/trunk/web/.ht-inc/authentication.php (original)
+++ incubator/vcl/trunk/web/.ht-inc/authentication.php Wed Jan 20 21:26:35 2010
@@ -127,7 +127,15 @@
function selectAuth() {
global $HTMLheader, $printedHTMLheader, $authMechs, $skin;
$authtype = getContinuationVar('authtype', processInputVar("authtype",
ARG_STRING));
+ if($authtype == '' && array_key_exists('VCLAUTHSEL', $_COOKIE))
+ $authtype = $_COOKIE['VCLAUTHSEL'];
+ if(array_key_exists('clearselection', $_GET) && $_GET['clearselection']
== 1) {
+ setcookie("VCLAUTHSEL", '', time() - 10, "/", COOKIEDOMAIN);
+ unset($authtype);
+ }
if(array_key_exists($authtype, $authMechs)) {
+ if(array_key_exists('remsel', $_POST) && $_POST['remsel'] == 1)
+ setcookie("VCLAUTHSEL", $authtype, time() + SECINYEAR,
"/", COOKIEDOMAIN);
if($authMechs[$authtype]['type'] == 'redirect') {
header("Location: {$authMechs[$authtype]['URL']}");
dbDisconnect();
@@ -160,7 +168,9 @@
else*/
printSelectInput("authtype", $methods, -1, 0, 0, '',
'tabindex=1');
print "<br><INPUT type=hidden name=mode value=selectauth>\n";
- print "<INPUT type=submit value=\"Proceed to Login\" tabindex=2
name=userid>\n";
+ print "<input type=checkbox id=remsel name=remsel value=1
tabindex=2>\n";
+ print "<label for=remsel>Remember my selection</label><br>\n";
+ print "<INPUT type=submit value=\"Proceed to Login\" tabindex=3
name=userid>\n";
print "</FORM>\n";
print "</TD>\n";
print "<TD>\n";
@@ -177,14 +187,16 @@
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn printLoginPageWithSkin($authtype)
+/// \fn printLoginPageWithSkin($authtype, $servertimeout)
///
/// \param $authtype - and authentication type
+/// \param $servertimeout - (optional, default=0) - set to 1 if calling because
+/// connection to authentication server timed out, 0 otherwise
///
/// \brief sets up the skin for the page correctly, then calls printLoginPage
///
////////////////////////////////////////////////////////////////////////////////
-function printLoginPageWithSkin($authtype) {
+function printLoginPageWithSkin($authtype, $servertimeout=0) {
global $authMechs, $HTMLheader, $skin, $printedHTMLheader;
switch(getAffiliationName($authMechs[$authtype]['affiliationid'])) {
case 'EXAMPLE1':
@@ -202,20 +214,25 @@
printHTMLHeader();
print $HTMLheader;
$printedHTMLheader = 1;
- printLoginPage();
+ printLoginPage($servertimeout);
}
////////////////////////////////////////////////////////////////////////////////
///
-/// \fn printLoginPage()
+/// \fn printLoginPage($servertimeout)
+///
+/// \param $servertimeout - (optional, default=0) - set to 1 if calling because
+/// connection to authentication server timed out, 0 otherwise
///
/// \brief prints a page for a user to login
///
////////////////////////////////////////////////////////////////////////////////
-function printLoginPage() {
+function printLoginPage($servertimeout=0) {
global $authMechs, $skin, $user;
$user['id'] = 0;
$authtype = getContinuationVar("authtype", processInputVar("authtype",
ARG_STRING));
+ if($authtype == '' && array_key_exists('VCLAUTHSEL', $_COOKIE))
+ $authtype = $_COOKIE['VCLAUTHSEL'];
$userid = processInputVar('userid', ARG_STRING, '');
if($userid == 'Proceed to Login')
$userid = '';
@@ -224,6 +241,9 @@
dbDisconnect();
exit;
}
+ $extrafailedmsg = '';
+ if($servertimeout)
+ $extrafailedmsg = " (unable to connect to authentication
server)";
/*if($skin == 'example1') {
$useridLabel = 'Pirateid';
$passLabel = 'Passphrase';
@@ -234,7 +254,7 @@
print "<br>";
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post
name=loginform>\n";
if(strlen($userid))
- print "<font color=red>Login failed</font>\n";
+ print "<font color=red>Login failed
$extrafailedmsg</font>\n";
print "<TABLE width=\"250\">\n";
print " <TR>\n";
print " <TH align=right>Key Account:</TH>\n";
@@ -269,7 +289,7 @@
print "<H2 style=\"display: block\">$text1</H2>\n";
print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post
name=loginform>\n";
if(strlen($userid))
- print "<font color=red>Login failed</font>\n";
+ print "<font color=red>Login failed $extrafailedmsg</font>\n";
print "<TABLE>\n";
print " <TR>\n";
print " <TH align=right>$useridLabel:</TH>\n";
@@ -336,8 +356,14 @@
////////////////////////////////////////////////////////////////////////////////
function ldapLogin($authtype, $userid, $passwd) {
global $HTMLheader, $printedHTMLheader, $authMechs, $phpVer;
+ if(! $fh = fsockopen($authMechs[$authtype]['server'], 636, $errno,
$errstr, 5)) {
+ printLoginPageWithSkin($authtype, 1);
+ return;
+ }
+ fclose($fh);
$ds = ldap_connect("ldaps://{$authMechs[$authtype]['server']}/");
if(! $ds) {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
print $HTMLheader;
$printedHTMLheader = 1;
selectAuth();
@@ -352,6 +378,7 @@
$res = ldap_bind($ds, $auth['masterlogin'],
$auth['masterpwd']);
if(! $res) {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
@@ -368,6 +395,7 @@
$ldapuser = $tmpdata[0]['dn'];
}
else {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
@@ -377,6 +405,7 @@
$auth = $authMechs[$authtype];
$res = ldap_bind($ds);
if(! $res) {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
@@ -387,12 +416,14 @@
if($search) {
$tmpdata = ldap_get_entries($ds, $search);
if(! $tmpdata['count'] || ! array_key_exists('dn',
$tmpdata[0])) {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
$ldapuser = $tmpdata[0]['dn'];
}
else {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
@@ -402,10 +433,12 @@
$res = ldap_bind($ds, $ldapuser, $passwd);
if(! $res) {
// login failed
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin($authtype);
return;
}
else {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 1);
// see if user in our db
$query = "SELECT id "
. "FROM user "
@@ -453,6 +486,7 @@
function localLogin($userid, $passwd) {
global $HTMLheader, $phpVer;
if(validateLocalAccount($userid, $passwd)) {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 1);
//set cookie
$cookie = getAuthCookieData("$use...@local");
if(version_compare(PHP_VERSION, "5.2", ">=") == true)
@@ -466,6 +500,7 @@
exit;
}
else {
+ addLoginLog($userid, $authtype,
$authMechs[$authtype]['affiliationid'], 0);
printLoginPageWithSkin('Local Account');
printHTMLFooter();
dbDisconnect();
@@ -518,6 +553,34 @@
////////////////////////////////////////////////////////////////////////////////
///
+/// \fn addLoginLog($login, $mech, $affiliationid, $passfail)
+///
+/// \param $login - user id entered in login screen
+/// \param $mech - authentication mechanism used
+/// \param $affiliationid - affiliation id of authentication mechanism
+/// \param $passfail - 1 for successful login, 0 for failed login
+///
+/// \brief adds an entry to the loginlog table
+///
+////////////////////////////////////////////////////////////////////////////////
+function addLoginLog($login, $mech, $affiliationid, $passfail) {
+ $query = "INSERT INTO loginlog "
+ . "(user, "
+ . "authmech, "
+ . "affiliationid, "
+ . "passfail, "
+ . "remoteIP) "
+ . "VALUES "
+ . "('$login', "
+ . "'$mech', "
+ . "$affiliationid, "
+ . "$passfail, "
+ . "'{$_SERVER['REMOTE_ADDR']}')";
+ doQuery($query, 101);
+}
+
+////////////////////////////////////////////////////////////////////////////////
+///
/// \fn checkExpiredDemoUser($userid, $groups)
///
/// \param $userid - id from user table
