AccountHub/index.php

<?php
require_once __DIR__ . "/required.php";

require_once __DIR__ . "/lib/login.php";

// if we're logged in, we don't need to be here.
if ($_SESSION['loggedin']) {
    header('Location: app.php');
}

/* Authenticate user */
$userpass_ok = false;
$multiauth = false;
if (checkLoginServer()) {
    if ($VARS['progress'] == "1") {
        if (!RECAPTCHA_ENABLED || (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {
            $errmsg = "";
            if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {
                switch (get_account_status($VARS['username'])) {
                    case "LOCKED_OR_DISABLED":
                        $alert = lang("account locked", false);
                        break;
                    case "TERMINATED":
                        $alert = lang("account terminated", false);
                        break;
                    case "CHANGE_PASSWORD":
                        $alert = lang("password expired", false);
                    case "NORMAL":
                        $userpass_ok = true;
                        break;
                    case "ALERT_ON_ACCESS":
                        sendLoginAlertEmail($VARS['username']);
                        $userpass_ok = true;
                        break;
                }
                if ($userpass_ok) {
                    $_SESSION['passok'] = true; // stop logins using only username and authcode
                    if (userHasTOTP($VARS['username'])) {
                        $multiauth = true;
                    } else {
                        doLoginUser($VARS['username'], $VARS['password']);
                        header('Location: app.php');
                        die("Logged in, go to app.php");
                    }
                }
            } else {
                if (!is_empty($errmsg)) {
                    $alert = lang2("login server error", ['arg' => $errmsg], false);
                } else {
                    $alert = lang("login incorrect", false);
                }
            }
        } else {
            $alert = lang("captcha error", false);
        }
    } else if ($VARS['progress'] == "2") {
        if ($_SESSION['passok'] !== true) {
            // stop logins using only username and authcode
            sendError("Password integrity check failed!");
        }
        if (verifyTOTP($VARS['username'], $VARS['authcode'])) {
            if (doLoginUser($VARS['username'])) {
                header('Location: app.php');
                die("Logged in, go to app.php");
            } else {
                $alert = lang("login server user data error", false);
            }
        } else {
            $alert = lang("2fa incorrect", false);
        }
    }
} else {
    $alert = lang("login server unavailable", false);
}
?>
<!DOCTYPE html>
<html>
    <head>
        <meta charset="UTF-8">
        <meta http-equiv="X-UA-Compatible" content="IE=edge">
        <meta name="viewport" content="width=device-width, initial-scale=1">

        <title><?php echo SITE_TITLE; ?></title>

        <link rel="icon" href="static/img/logo.svg">

        <link href="static/css/bootstrap.min.css" rel="stylesheet">
        <link href="static/css/material-color/material-color.min.css" rel="stylesheet">
        <link href="static/css/index.css" rel="stylesheet">
        <?php if (RECAPTCHA_ENABLED) { ?>
            <script src='https://www.google.com/recaptcha/api.js'></script>
        <?php } ?>
    </head>
    <body>
        <div class="row justify-content-center">
            <div class="col-auto">
                <img class="banner-image" src="static/img/logo.png" />
            </div>
        </div>
        <div class="row justify-content-center">
            <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">
                <div class="card-body">
                    <h5 class="card-title"><?php lang("sign in"); ?></h5>
                    <form action="" method="POST">
                        <?php
                        if (!is_empty($alert)) {
                            ?>
                            <div class="alert alert-danger">
                                <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
                            </div>
                            <?php
                        }

                        if ($multiauth != true) {
                            ?>
                            <input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
                            <input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />
                            <?php if (RECAPTCHA_ENABLED) { ?>
                                <div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>
                                <br />
                            <?php } ?>
                            <input type="hidden" name="progress" value="1" />
                            <?php
                        } else if ($multiauth) {
                            ?>
                            <div class="alert alert-info">
                                <?php lang("2fa prompt"); ?>
                            </div>
                            <input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />
                            <input type="hidden" name="progress" value="2" />
                            <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />
                            <?php
                        }
                        ?>
                        <button type="submit" class="btn btn-primary">
                            <?php lang("continue"); ?>
                        </button>
                    </form>
                </div>
            </div>
        </div>
        <div class="footer">
            <?php echo FOOTER_TEXT; ?><br />
            Copyright &copy; <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>
        </div>
    </div>
    <script src="static/js/jquery-3.3.1.min.js"></script>
    <script src="static/js/bootstrap.min.js"></script>
</body>
</html>
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`<?php`
			`require_once __DIR__ . "/required.php";`

			`require_once __DIR__ . "/lib/login.php";`

Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`// if we're logged in, we don't need to be here.`
			`if ($_SESSION['loggedin']) {`
			`header('Location: app.php');`
			`}`

Create template based on SSO code 2017-04-24 17:13:08 -06:00			`/* Authenticate user */`
			`$userpass_ok = false;`
			`$multiauth = false;`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`if (checkLoginServer()) {`
			`if ($VARS['progress'] == "1") {`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`if (!RECAPTCHA_ENABLED \|\| (RECAPTCHA_ENABLED && verifyReCaptcha($VARS['g-recaptcha-response']))) {`
Add uid_exists($uid), better login error messages 2017-05-06 23:20:18 -06:00			`$errmsg = "";`
			`if (authenticate_user($VARS['username'], $VARS['password'], $errmsg)) {`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`switch (get_account_status($VARS['username'])) {`
			`case "LOCKED_OR_DISABLED":`
			`$alert = lang("account locked", false);`
			`break;`
			`case "TERMINATED":`
			`$alert = lang("account terminated", false);`
			`break;`
			`case "CHANGE_PASSWORD":`
			`$alert = lang("password expired", false);`
			`case "NORMAL":`
			`$userpass_ok = true;`
			`break;`
			`case "ALERT_ON_ACCESS":`
			`sendLoginAlertEmail($VARS['username']);`
			`$userpass_ok = true;`
			`break;`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`}`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`if ($userpass_ok) {`
			`$_SESSION['passok'] = true; // stop logins using only username and authcode`
			`if (userHasTOTP($VARS['username'])) {`
			`$multiauth = true;`
			`} else {`
			`doLoginUser($VARS['username'], $VARS['password']);`
			`header('Location: app.php');`
			`die("Logged in, go to app.php");`
			`}`
			`}`
			`} else {`
Add uid_exists($uid), better login error messages 2017-05-06 23:20:18 -06:00			`if (!is_empty($errmsg)) {`
			`$alert = lang2("login server error", ['arg' => $errmsg], false);`
			`} else {`
			`$alert = lang("login incorrect", false);`
			`}`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`}`
			`} else {`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`$alert = lang("captcha error", false);`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`}`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`} else if ($VARS['progress'] == "2") {`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`if ($_SESSION['passok'] !== true) {`
			`// stop logins using only username and authcode`
			`sendError("Password integrity check failed!");`
			`}`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`if (verifyTOTP($VARS['username'], $VARS['authcode'])) {`
			`if (doLoginUser($VARS['username'])) {`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`header('Location: app.php');`
			`die("Logged in, go to app.php");`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`} else {`
			`$alert = lang("login server user data error", false);`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`}`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`} else {`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`$alert = lang("2fa incorrect", false);`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`}`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`}`
Clean up clutter and unneeded code 2017-04-26 00:46:36 -06:00			`} else {`
			`$alert = lang("login server unavailable", false);`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`}`
			`?>`
			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<meta charset="UTF-8">`
			`<meta http-equiv="X-UA-Compatible" content="IE=edge">`
Pages can now define extra stylesheet and script URLs 2017-05-04 00:14:08 -06:00			`<meta name="viewport" content="width=device-width, initial-scale=1">`
Create template based on SSO code 2017-04-24 17:13:08 -06:00
			`<title><?php echo SITE_TITLE; ?></title>`

Add <link rel="icon"> 2018-02-16 14:36:03 -07:00			`<link rel="icon" href="static/img/logo.svg">`

Create template based on SSO code 2017-04-24 17:13:08 -06:00			`<link href="static/css/bootstrap.min.css" rel="stylesheet">`
Convert material-color CSS to submodule 2017-11-07 15:21:14 -07:00			`<link href="static/css/material-color/material-color.min.css" rel="stylesheet">`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`<link href="static/css/index.css" rel="stylesheet">`
Add reCAPTCHA support, fix bug that allowed logins with only a username and 2fa code 2017-05-02 19:17:59 -06:00			`<?php if (RECAPTCHA_ENABLED) { ?>`
			`<script src='https://www.google.com/recaptcha/api.js'></script>`
			`<?php } ?>`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`</head>`
			`<body>`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`<div class="row justify-content-center">`
			`<div class="col-auto">`
			`<img class="banner-image" src="static/img/logo.png" />`
			`</div>`
			`</div>`
			`<div class="row justify-content-center">`
			`<div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4">`
			`<div class="card-body">`
			`<h5 class="card-title"><?php lang("sign in"); ?></h5>`
			`<form action="" method="POST">`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`<?php`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`if (!is_empty($alert)) {`
Add Portal API integration, add icon/style settings, add navbar and icon options to PAGES 2017-04-25 18:22:27 -06:00			`?>`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`<div class="alert alert-danger">`
			`<i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>`
			`</div>`
			`<?php`
			`}`
Create template based on SSO code 2017-04-24 17:13:08 -06:00
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`if ($multiauth != true) {`
			`?>`
			`<input type="text" class="form-control" name="username" placeholder="<?php lang("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />`
			`<input type="password" class="form-control" name="password" placeholder="<?php lang("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br />`
			`<?php if (RECAPTCHA_ENABLED) { ?>`
			`<div class="g-recaptcha" data-sitekey="<?php echo RECAPTCHA_SITE_KEY; ?>"></div>`
			`<br />`
			`<?php } ?>`
			`<input type="hidden" name="progress" value="1" />`
			`<?php`
			`} else if ($multiauth) {`
			`?>`
			`<div class="alert alert-info">`
			`<?php lang("2fa prompt"); ?>`
			`</div>`
			`<input type="text" class="form-control" name="authcode" placeholder="<?php lang("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br />`
			`<input type="hidden" name="progress" value="2" />`
			`<input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" />`
			`<?php`
			`}`
			`?>`
			`<button type="submit" class="btn btn-primary">`
			`<?php lang("continue"); ?>`
			`</button>`
			`</form>`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`</div>`
			`</div>`
			`</div>`
Upgrade to Bootstrap 4.0, FontAwesome 5.0, and jQuery 3.3.1 2018-01-27 19:18:38 -07:00			`<div class="footer">`
			`<?php echo FOOTER_TEXT; ?><br />`
			`Copyright © <?php echo date('Y'); ?> <?php echo COPYRIGHT_NAME; ?>`
			`</div>`
			`</div>`
			`<script src="static/js/jquery-3.3.1.min.js"></script>`
			`<script src="static/js/bootstrap.min.js"></script>`
			`</body>`
Create template based on SSO code 2017-04-24 17:13:08 -06:00			`</html>`