ManagePanel/index.php

<?php
/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

require_once __DIR__ . "/required.php";

// if we're logged in, we don't need to be here.
if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {
    header('Location: app.php');
    die();
}

/**
 * Show a simple HTML page with a line of text and a button.  Matches the UI of
 * the AccountHub login flow.
 *
 * @global type $SETTINGS
 * @global type $SECURE_NONCE
 * @global type $Strings
 * @param string $title Text to show, passed through i18n
 * @param string $button Button text, passed through i18n
 * @param string $url URL for the button
 */
function showHTML(string $title, string $button, string $url) {
    global $SETTINGS, $SECURE_NONCE, $Strings;
    ?>
    <!DOCTYPE html>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1">

    <title><?php echo $SETTINGS['site_title']; ?></title>

    <link rel="icon" href="static/img/logo.svg">

    <link href="static/css/bootstrap.min.css" rel="stylesheet">
    <style nonce="<?php echo $SECURE_NONCE; ?>">
        .display-5 {
            font-size: 2.5rem;
            font-weight: 300;
            line-height: 1.2;
        }

        .banner-image {
            max-height: 100px;
            margin: 2em auto;
            border: 1px solid grey;
            border-radius: 15%;
        }
    </style>

    <div class="container mt-4">
        <div class="row justify-content-center">
            <div class="col-12 text-center">
                <img class="banner-image" src="./static/img/logo.svg" />
            </div>

            <div class="col-12 text-center">
                <h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>
            </div>

            <div class="col-12 col-sm-8 col-lg-6">
                <div class="card mt-4">
                    <div class="card-body">
                        <a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>
                    </div>
                </div>
            </div>
        </div>
    </div>
    <?php
}

if (!empty($_GET['logout'])) {
    showHTML("You have been logged out.", "Log in again", "./index.php");
    die();
}
if (empty($_SESSION["login_code"])) {
    $redirecttologin = true;
} else {
    try {
        $uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);
        if ($uidinfo["status"] == "ERROR") {
            throw new Exception();
        }
        if (is_numeric($uidinfo['uid'])) {
            $user = new User($uidinfo['uid'] * 1);
            foreach ($SETTINGS['permissions'] as $perm) {
                if (!$user->hasPermission($perm)) {
                    showHTML("no access permission", "sign out", "./action.php?action=signout");
                    die();
                }
            }
            Session::start($user);
            $_SESSION["login_code"] = null;
            header('Location: app.php');
            showHTML("Logged in", "Continue", "./app.php");
            die();
        } else {
            throw new Exception();
        }
    } catch (Exception $ex) {
        $redirecttologin = true;
    }
}

if ($redirecttologin) {
    try {
        $urlbase = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "");
        $iconurl = $urlbase . str_replace("index.php", "", $_SERVER["REQUEST_URI"]) . "static/img/logo.svg";
        $codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"], "appicon" => $iconurl]);

        if ($codedata['status'] != "OK") {
            throw new Exception($Strings->get("login server unavailable", false));
        }

        $redirecturl = $urlbase . $_SERVER['REQUEST_URI'];

        $_SESSION["login_code"] = $codedata["code"];

        $locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl);
        header("Location: $locationurl");
        showHTML("Continue", "Continue", $locationurl);
        die();
    } catch (Exception $ex) {
        sendError($ex->getMessage());
    }
}
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`<?php`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`/*`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
Switch to Mozilla Public License 2.0 for code consistency 2018-04-09 19:18:19 -06:00			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`* file, You can obtain one at http://mozilla.org/MPL/2.0/.`
			`*/`
Switch to Mozilla Public License 2.0 for code consistency 2018-04-09 19:18:19 -06:00
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`require_once __DIR__ . "/required.php";`

			`// if we're logged in, we don't need to be here.`
Fix PHP variable warnings 2018-05-26 20:51:13 -06:00			`if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) {`
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`header('Location: app.php');`
Fix index.php not redirecting to app.php when already logged in 2018-12-22 22:38:50 -07:00			`die();`
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`}`

Nicer access denied message 2018-12-27 00:15:27 -07:00			`/**`
			`* Show a simple HTML page with a line of text and a button. Matches the UI of`
			`* the AccountHub login flow.`
			`*`
			`* @global type $SETTINGS`
			`* @global type $SECURE_NONCE`
			`* @global type $Strings`
			`* @param string $title Text to show, passed through i18n`
			`* @param string $button Button text, passed through i18n`
			`* @param string $url URL for the button`
			`*/`
			`function showHTML(string $title, string $button, string $url) {`
			`global $SETTINGS, $SECURE_NONCE, $Strings;`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`?>`
			`<!DOCTYPE html>`
			`<meta charset="UTF-8">`
			`<meta http-equiv="X-UA-Compatible" content="IE=edge">`
			`<meta name="viewport" content="width=device-width, initial-scale=1">`
Add message if user is kicked out of application for lack of permissions 2018-05-24 19:52:21 -06:00
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`<title><?php echo $SETTINGS['site_title']; ?></title>`

			`<link rel="icon" href="static/img/logo.svg">`

			`<link href="static/css/bootstrap.min.css" rel="stylesheet">`
			`<style nonce="<?php echo $SECURE_NONCE; ?>">`
			`.display-5 {`
Add app icon to login flow 2018-12-22 21:26:57 -07:00			`font-size: 2.5rem;`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`font-weight: 300;`
			`line-height: 1.2;`
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`}`
Add app icon to login flow 2018-12-22 21:26:57 -07:00
			`.banner-image {`
			`max-height: 100px;`
			`margin: 2em auto;`
			`border: 1px solid grey;`
			`border-radius: 15%;`
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`}`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`</style>`

			`<div class="container mt-4">`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, jQuery 3.3.1 2018-01-28 23:54:27 -07:00			`<div class="row justify-content-center">`
Add app icon to login flow 2018-12-22 21:26:57 -07:00			`<div class="col-12 text-center">`
			`<img class="banner-image" src="./static/img/logo.svg" />`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, jQuery 3.3.1 2018-01-28 23:54:27 -07:00			`</div>`
Add app icon to login flow 2018-12-22 21:26:57 -07:00
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`<div class="col-12 text-center">`
Nicer access denied message 2018-12-27 00:15:27 -07:00			`<h1 class="display-5 mb-4"><?php $Strings->get($title); ?></h1>`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`</div>`

			`<div class="col-12 col-sm-8 col-lg-6">`
			`<div class="card mt-4">`
			`<div class="card-body">`
Nicer access denied message 2018-12-27 00:15:27 -07:00			`<a href="<?php echo $url; ?>" class="btn btn-primary btn-block"><?php $Strings->get($button); ?></a>`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`</div>`
Copy from BusinessAppTemplate @ 542bb80d85 2017-05-22 03:04:32 -06:00			`</div>`
			`</div>`
			`</div>`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, jQuery 3.3.1 2018-01-28 23:54:27 -07:00			`</div>`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`<?php`
			`}`

Nicer access denied message 2018-12-27 00:15:27 -07:00			`if (!empty($_GET['logout'])) {`
			`showHTML("You have been logged out.", "Log in again", "./index.php");`
			`die();`
			`}`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`if (empty($_SESSION["login_code"])) {`
			`$redirecttologin = true;`
			`} else {`
			`try {`
			`$uidinfo = AccountHubApi::get("checkloginkey", ["code" => $_SESSION["login_code"]]);`
			`if ($uidinfo["status"] == "ERROR") {`
			`throw new Exception();`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`}`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`if (is_numeric($uidinfo['uid'])) {`
			`$user = new User($uidinfo['uid'] * 1);`
Add permission check during login 2018-12-26 16:32:43 -07:00			`foreach ($SETTINGS['permissions'] as $perm) {`
			`if (!$user->hasPermission($perm)) {`
Nicer access denied message 2018-12-27 00:15:27 -07:00			`showHTML("no access permission", "sign out", "./action.php?action=signout");`
			`die();`
Add permission check during login 2018-12-26 16:32:43 -07:00			`}`
			`}`
Rewrite to use classes, aligning with AccountHub 2.0 2018-09-07 15:03:42 -06:00			`Session::start($user);`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`$_SESSION["login_code"] = null;`
Rewrite to use classes, aligning with AccountHub 2.0 2018-09-07 15:03:42 -06:00			`header('Location: app.php');`
Nicer access denied message 2018-12-27 00:15:27 -07:00			`showHTML("Logged in", "Continue", "./app.php");`
			`die();`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`} else {`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`throw new Exception();`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`}`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`} catch (Exception $ex) {`
			`$redirecttologin = true;`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`}`
			`}`

Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`if ($redirecttologin) {`
			`try {`
Add app icon to login flow 2018-12-22 21:26:57 -07:00			`$urlbase = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://" . $_SERVER['HTTP_HOST'] . (($_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443) ? ":" . $_SERVER['SERVER_PORT'] : "");`
			`$iconurl = $urlbase . str_replace("index.php", "", $_SERVER["REQUEST_URI"]) . "static/img/logo.svg";`
			`$codedata = AccountHubApi::get("getloginkey", ["appname" => $SETTINGS["site_title"], "appicon" => $iconurl]);`
Create template based on SSO code 2017-04-24 17:13:08 -06:00
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`if ($codedata['status'] != "OK") {`
			`throw new Exception($Strings->get("login server unavailable", false));`
			`}`
Add <link rel="icon"> 2018-02-16 14:36:03 -07:00
Add app icon to login flow 2018-12-22 21:26:57 -07:00			`$redirecturl = $urlbase . $_SERVER['REQUEST_URI'];`
Create template based on SSO code 2017-04-24 17:13:08 -06:00
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`$_SESSION["login_code"] = $codedata["code"];`

Nicer access denied message 2018-12-27 00:15:27 -07:00			`$locationurl = $codedata["loginurl"] . "?code=" . htmlentities($codedata["code"]) . "&redirect=" . htmlentities($redirecturl);`
			`header("Location: $locationurl");`
			`showHTML("Continue", "Continue", $locationurl);`
			`die();`
Redirect to AccountHub for user login 2018-12-22 16:57:45 -07:00			`} catch (Exception $ex) {`
			`sendError($ex->getMessage());`
			`}`
Merge ../BusinessAppTemplate # Conflicts: # README.md # api.php # composer.lock # index.php # lang/en_us.php # lib/login.php # required.php # settings.template.php 2019-01-02 23:52:41 -07:00			`}`