Author: jfthomps Date: Wed Jan 20 21:26:35 2010 New Revision: 901386 URL: http://svn.apache.org/viewvc?rev=901386&view=rev Log: VCL-292 VCL-293 VCL-294
modified selectAuth -added option to save selected authmethod modified printLoginPageWithSkin -added optional parameter severtimeout to distinguish if function is being called because of a timeout condition - defaults to 0 modified printLoginPage -added optional parameter severtimeout to distinguish if function is being called because of a timeout condition - defaults to 0 modified ldapLogin -added code to perform a socket connection to ldap server before calling ldap_connect -added several calls to addLoginLog modified localLogin -added calls to addLoginLog created addLoginLog function Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php Modified: incubator/vcl/trunk/web/.ht-inc/authentication.php URL: http://svn.apache.org/viewvc/incubator/vcl/trunk/web/.ht-inc/authentication.php?rev=901386&r1=901385&r2=901386&view=diff ============================================================================== --- incubator/vcl/trunk/web/.ht-inc/authentication.php (original) +++ incubator/vcl/trunk/web/.ht-inc/authentication.php Wed Jan 20 21:26:35 2010 @@ -127,7 +127,15 @@ function selectAuth() { global $HTMLheader, $printedHTMLheader, $authMechs, $skin; $authtype = getContinuationVar('authtype', processInputVar("authtype", ARG_STRING)); + if($authtype == '' && array_key_exists('VCLAUTHSEL', $_COOKIE)) + $authtype = $_COOKIE['VCLAUTHSEL']; + if(array_key_exists('clearselection', $_GET) && $_GET['clearselection'] == 1) { + setcookie("VCLAUTHSEL", '', time() - 10, "/", COOKIEDOMAIN); + unset($authtype); + } if(array_key_exists($authtype, $authMechs)) { + if(array_key_exists('remsel', $_POST) && $_POST['remsel'] == 1) + setcookie("VCLAUTHSEL", $authtype, time() + SECINYEAR, "/", COOKIEDOMAIN); if($authMechs[$authtype]['type'] == 'redirect') { header("Location: {$authMechs[$authtype]['URL']}"); dbDisconnect(); @@ -160,7 +168,9 @@ else*/ printSelectInput("authtype", $methods, -1, 0, 0, '', 'tabindex=1'); print "<br><INPUT type=hidden name=mode value=selectauth>\n"; - print "<INPUT type=submit value=\"Proceed to Login\" tabindex=2 name=userid>\n"; + print "<input type=checkbox id=remsel name=remsel value=1 tabindex=2>\n"; + print "<label for=remsel>Remember my selection</label><br>\n"; + print "<INPUT type=submit value=\"Proceed to Login\" tabindex=3 name=userid>\n"; print "</FORM>\n"; print "</TD>\n"; print "<TD>\n"; @@ -177,14 +187,16 @@ //////////////////////////////////////////////////////////////////////////////// /// -/// \fn printLoginPageWithSkin($authtype) +/// \fn printLoginPageWithSkin($authtype, $servertimeout) /// /// \param $authtype - and authentication type +/// \param $servertimeout - (optional, default=0) - set to 1 if calling because +/// connection to authentication server timed out, 0 otherwise /// /// \brief sets up the skin for the page correctly, then calls printLoginPage /// //////////////////////////////////////////////////////////////////////////////// -function printLoginPageWithSkin($authtype) { +function printLoginPageWithSkin($authtype, $servertimeout=0) { global $authMechs, $HTMLheader, $skin, $printedHTMLheader; switch(getAffiliationName($authMechs[$authtype]['affiliationid'])) { case 'EXAMPLE1': @@ -202,20 +214,25 @@ printHTMLHeader(); print $HTMLheader; $printedHTMLheader = 1; - printLoginPage(); + printLoginPage($servertimeout); } //////////////////////////////////////////////////////////////////////////////// /// -/// \fn printLoginPage() +/// \fn printLoginPage($servertimeout) +/// +/// \param $servertimeout - (optional, default=0) - set to 1 if calling because +/// connection to authentication server timed out, 0 otherwise /// /// \brief prints a page for a user to login /// //////////////////////////////////////////////////////////////////////////////// -function printLoginPage() { +function printLoginPage($servertimeout=0) { global $authMechs, $skin, $user; $user['id'] = 0; $authtype = getContinuationVar("authtype", processInputVar("authtype", ARG_STRING)); + if($authtype == '' && array_key_exists('VCLAUTHSEL', $_COOKIE)) + $authtype = $_COOKIE['VCLAUTHSEL']; $userid = processInputVar('userid', ARG_STRING, ''); if($userid == 'Proceed to Login') $userid = ''; @@ -224,6 +241,9 @@ dbDisconnect(); exit; } + $extrafailedmsg = ''; + if($servertimeout) + $extrafailedmsg = " (unable to connect to authentication server)"; /*if($skin == 'example1') { $useridLabel = 'Pirateid'; $passLabel = 'Passphrase'; @@ -234,7 +254,7 @@ print "<br>"; print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post name=loginform>\n"; if(strlen($userid)) - print "<font color=red>Login failed</font>\n"; + print "<font color=red>Login failed $extrafailedmsg</font>\n"; print "<TABLE width=\"250\">\n"; print " <TR>\n"; print " <TH align=right>Key Account:</TH>\n"; @@ -269,7 +289,7 @@ print "<H2 style=\"display: block\">$text1</H2>\n"; print "<FORM action=\"" . BASEURL . SCRIPT . "\" method=post name=loginform>\n"; if(strlen($userid)) - print "<font color=red>Login failed</font>\n"; + print "<font color=red>Login failed $extrafailedmsg</font>\n"; print "<TABLE>\n"; print " <TR>\n"; print " <TH align=right>$useridLabel:</TH>\n"; @@ -336,8 +356,14 @@ //////////////////////////////////////////////////////////////////////////////// function ldapLogin($authtype, $userid, $passwd) { global $HTMLheader, $printedHTMLheader, $authMechs, $phpVer; + if(! $fh = fsockopen($authMechs[$authtype]['server'], 636, $errno, $errstr, 5)) { + printLoginPageWithSkin($authtype, 1); + return; + } + fclose($fh); $ds = ldap_connect("ldaps://{$authMechs[$authtype]['server']}/"); if(! $ds) { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); print $HTMLheader; $printedHTMLheader = 1; selectAuth(); @@ -352,6 +378,7 @@ $res = ldap_bind($ds, $auth['masterlogin'], $auth['masterpwd']); if(! $res) { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } @@ -368,6 +395,7 @@ $ldapuser = $tmpdata[0]['dn']; } else { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } @@ -377,6 +405,7 @@ $auth = $authMechs[$authtype]; $res = ldap_bind($ds); if(! $res) { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } @@ -387,12 +416,14 @@ if($search) { $tmpdata = ldap_get_entries($ds, $search); if(! $tmpdata['count'] || ! array_key_exists('dn', $tmpdata[0])) { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } $ldapuser = $tmpdata[0]['dn']; } else { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } @@ -402,10 +433,12 @@ $res = ldap_bind($ds, $ldapuser, $passwd); if(! $res) { // login failed + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin($authtype); return; } else { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 1); // see if user in our db $query = "SELECT id " . "FROM user " @@ -453,6 +486,7 @@ function localLogin($userid, $passwd) { global $HTMLheader, $phpVer; if(validateLocalAccount($userid, $passwd)) { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 1); //set cookie $cookie = getAuthCookieData("$use...@local"); if(version_compare(PHP_VERSION, "5.2", ">=") == true) @@ -466,6 +500,7 @@ exit; } else { + addLoginLog($userid, $authtype, $authMechs[$authtype]['affiliationid'], 0); printLoginPageWithSkin('Local Account'); printHTMLFooter(); dbDisconnect(); @@ -518,6 +553,34 @@ //////////////////////////////////////////////////////////////////////////////// /// +/// \fn addLoginLog($login, $mech, $affiliationid, $passfail) +/// +/// \param $login - user id entered in login screen +/// \param $mech - authentication mechanism used +/// \param $affiliationid - affiliation id of authentication mechanism +/// \param $passfail - 1 for successful login, 0 for failed login +/// +/// \brief adds an entry to the loginlog table +/// +//////////////////////////////////////////////////////////////////////////////// +function addLoginLog($login, $mech, $affiliationid, $passfail) { + $query = "INSERT INTO loginlog " + . "(user, " + . "authmech, " + . "affiliationid, " + . "passfail, " + . "remoteIP) " + . "VALUES " + . "('$login', " + . "'$mech', " + . "$affiliationid, " + . "$passfail, " + . "'{$_SERVER['REMOTE_ADDR']}')"; + doQuery($query, 101); +} + +//////////////////////////////////////////////////////////////////////////////// +/// /// \fn checkExpiredDemoUser($userid, $groups) /// /// \param $userid - id from user table