| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | <?php | 
					
						
							| 
									
										
										
										
											2018-04-09 19:18:19 -06:00
										 |  |  | /* This Source Code Form is subject to the terms of the Mozilla Public | 
					
						
							|  |  |  |  * License, v. 2.0. If a copy of the MPL was not distributed with this | 
					
						
							|  |  |  |  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | require_once __DIR__ . "/required.php"; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  | // if we're logged in, we don't need to be here.
 | 
					
						
							| 
									
										
										
										
											2018-05-26 20:51:13 -06:00
										 |  |  | if (!empty($_SESSION['loggedin']) && $_SESSION['loggedin'] === true && !isset($_GET['permissionerror'])) { | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |     header('Location: app.php'); | 
					
						
							|  |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-05-24 19:52:21 -06:00
										 |  |  | if (isset($_GET['permissionerror'])) { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |     $alert = $Strings->get("no access permission", false); | 
					
						
							| 
									
										
										
										
											2018-05-24 19:52:21 -06:00
										 |  |  | } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | /* Authenticate user */ | 
					
						
							|  |  |  | $userpass_ok = false; | 
					
						
							|  |  |  | $multiauth = false; | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  | if (Login::checkLoginServer()) { | 
					
						
							|  |  |  |     if (empty($VARS['progress'])) { | 
					
						
							|  |  |  |         // Easy way to remove "undefined" warnings.
 | 
					
						
							|  |  |  |     } else if ($VARS['progress'] == "1") { | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |         if (!$SETTINGS['captcha']['enabled'] || ($SETTINGS['captcha']['enabled'] && Login::verifyCaptcha($VARS['captcheck_session_code'], $VARS['captcheck_selected_answer'], $SETTINGS['captcha']['server'] . "/api.php"))) { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |             $autherror = ""; | 
					
						
							|  |  |  |             $user = User::byUsername($VARS['username']); | 
					
						
							|  |  |  |             if ($user->exists()) { | 
					
						
							|  |  |  |                 $status = $user->getStatus()->getString(); | 
					
						
							|  |  |  |                 switch ($status) { | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                     case "LOCKED_OR_DISABLED": | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $alert = $Strings->get("account locked", false); | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                         break; | 
					
						
							|  |  |  |                     case "TERMINATED": | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $alert = $Strings->get("account terminated", false); | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                         break; | 
					
						
							|  |  |  |                     case "CHANGE_PASSWORD": | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $alert = $Strings->get("password expired", false); | 
					
						
							|  |  |  |                         break; | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                     case "NORMAL": | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $username_ok = true; | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                         break; | 
					
						
							|  |  |  |                     case "ALERT_ON_ACCESS": | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $mail_resp = $user->sendAlertEmail(); | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |                         if ($SETTINGS['debug']) { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                             var_dump($mail_resp); | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         $username_ok = true; | 
					
						
							|  |  |  |                         break; | 
					
						
							|  |  |  |                     default: | 
					
						
							| 
									
										
										
										
											2018-12-04 19:48:23 -07:00
										 |  |  |                         if (!empty($error)) { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                             $alert = $error; | 
					
						
							|  |  |  |                         } else { | 
					
						
							|  |  |  |                             $alert = $Strings->get("login error", false); | 
					
						
							|  |  |  |                         } | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                         break; | 
					
						
							| 
									
										
										
										
											2017-04-26 00:46:36 -06:00
										 |  |  |                 } | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                 if ($username_ok) { | 
					
						
							|  |  |  |                     if ($user->checkPassword($VARS['password'])) { | 
					
						
							|  |  |  |                         $_SESSION['passok'] = true; // stop logins using only username and authcode
 | 
					
						
							|  |  |  |                         if ($user->has2fa()) { | 
					
						
							|  |  |  |                             $multiauth = true; | 
					
						
							|  |  |  |                         } else { | 
					
						
							|  |  |  |                             Session::start($user); | 
					
						
							|  |  |  |                             header('Location: app.php'); | 
					
						
							|  |  |  |                             die("Logged in, go to app.php"); | 
					
						
							|  |  |  |                         } | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                     } else { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                         $alert = $Strings->get("login incorrect", false); | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |                     } | 
					
						
							|  |  |  |                 } | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |             } else { // User does not exist anywhere
 | 
					
						
							|  |  |  |                 $alert = $Strings->get("login incorrect", false); | 
					
						
							| 
									
										
										
										
											2017-04-26 00:46:36 -06:00
										 |  |  |             } | 
					
						
							|  |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |             $alert = $Strings->get("captcha error", false); | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |     } else if ($VARS['progress'] == "2") { | 
					
						
							|  |  |  |         $user = User::byUsername($VARS['username']); | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |         if ($_SESSION['passok'] !== true) { | 
					
						
							|  |  |  |             // stop logins using only username and authcode
 | 
					
						
							|  |  |  |             sendError("Password integrity check failed!"); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |         if ($user->check2fa($VARS['authcode'])) { | 
					
						
							|  |  |  |             Session::start($user); | 
					
						
							|  |  |  |             header('Location: app.php'); | 
					
						
							|  |  |  |             die("Logged in, go to app.php"); | 
					
						
							| 
									
										
										
										
											2017-04-25 18:22:27 -06:00
										 |  |  |         } else { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |             $alert = $Strings->get("2fa incorrect", false); | 
					
						
							| 
									
										
										
										
											2017-04-25 18:22:27 -06:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-04-26 00:46:36 -06:00
										 |  |  | } else { | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |     $alert = $Strings->get("login server unavailable", false); | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | } | 
					
						
							| 
									
										
										
										
											2018-05-21 18:26:25 -06:00
										 |  |  | header("Link: <static/fonts/Roboto.css>; rel=preload; as=style", false); | 
					
						
							| 
									
										
										
										
											2018-04-08 16:08:08 -06:00
										 |  |  | header("Link: <static/css/bootstrap.min.css>; rel=preload; as=style", false); | 
					
						
							|  |  |  | header("Link: <static/css/material-color/material-color.min.css>; rel=preload; as=style", false); | 
					
						
							|  |  |  | header("Link: <static/css/index.css>; rel=preload; as=style", false); | 
					
						
							|  |  |  | header("Link: <static/js/jquery-3.3.1.min.js>; rel=preload; as=script", false); | 
					
						
							| 
									
										
										
										
											2018-09-21 16:38:34 -06:00
										 |  |  | header("Link: <static/js/bootstrap.bundle.min.js>; rel=preload; as=script", false); | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | ?>
 | 
					
						
							|  |  |  | <!DOCTYPE html> | 
					
						
							|  |  |  | <html> | 
					
						
							|  |  |  |     <head> | 
					
						
							|  |  |  |         <meta charset="UTF-8"> | 
					
						
							|  |  |  |         <meta http-equiv="X-UA-Compatible" content="IE=edge"> | 
					
						
							| 
									
										
										
										
											2017-05-04 00:14:08 -06:00
										 |  |  |         <meta name="viewport" content="width=device-width, initial-scale=1"> | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |         <title><?php echo $SETTINGS['site_title']; ?></title>
 | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-02-16 14:36:03 -07:00
										 |  |  |         <link rel="icon" href="static/img/logo.svg"> | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  |         <link href="static/css/bootstrap.min.css" rel="stylesheet"> | 
					
						
							| 
									
										
										
										
											2017-11-07 15:21:14 -07:00
										 |  |  |         <link href="static/css/material-color/material-color.min.css" rel="stylesheet"> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |         <link href="static/css/index.css" rel="stylesheet"> | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |         <?php if ($SETTINGS['captcha']['enabled']) { ?>
 | 
					
						
							|  |  |  |             <script src="<?php echo $SETTINGS['captcha']['server'] ?>/captcheck.dist.js"></script> | 
					
						
							| 
									
										
										
										
											2017-05-02 19:17:59 -06:00
										 |  |  |         <?php } ?>
 | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  |     </head> | 
					
						
							|  |  |  |     <body> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |         <div class="row justify-content-center"> | 
					
						
							|  |  |  |             <div class="col-auto"> | 
					
						
							| 
									
										
										
										
											2018-05-06 22:18:32 -06:00
										 |  |  |                 <img class="banner-image" src="static/img/logo.svg" /> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |             </div> | 
					
						
							|  |  |  |         </div> | 
					
						
							|  |  |  |         <div class="row justify-content-center"> | 
					
						
							|  |  |  |             <div class="card col-11 col-xs-11 col-sm-8 col-md-6 col-lg-4"> | 
					
						
							|  |  |  |                 <div class="card-body"> | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                     <h5 class="card-title"><?php $Strings->get("sign in"); ?></h5>
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                     <form action="" method="POST"> | 
					
						
							| 
									
										
										
										
											2017-04-25 18:22:27 -06:00
										 |  |  |                         <?php | 
					
						
							| 
									
										
										
										
											2018-05-26 20:51:13 -06:00
										 |  |  |                         if (!empty($alert)) { | 
					
						
							| 
									
										
										
										
											2017-04-25 18:22:27 -06:00
										 |  |  |                             ?>
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                             <div class="alert alert-danger"> | 
					
						
							|  |  |  |                                 <i class="fa fa-fw fa-exclamation-triangle"></i> <?php echo $alert; ?>
 | 
					
						
							|  |  |  |                             </div> | 
					
						
							|  |  |  |                             <?php | 
					
						
							|  |  |  |                         } | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                         if ($multiauth != true) { | 
					
						
							|  |  |  |                             ?>
 | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                             <input type="text" class="form-control" name="username" placeholder="<?php $Strings->get("username"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br /> | 
					
						
							|  |  |  |                             <input type="password" class="form-control" name="password" placeholder="<?php $Strings->get("password"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" /><br /> | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |                             <?php if ($SETTINGS['captcha']['enabled']) { ?>
 | 
					
						
							| 
									
										
										
										
											2018-04-15 19:28:34 -06:00
										 |  |  |                                 <div class="captcheck_container" data-stylenonce="<?php echo $SECURE_NONCE; ?>"></div> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                                 <br /> | 
					
						
							|  |  |  |                             <?php } ?>
 | 
					
						
							|  |  |  |                             <input type="hidden" name="progress" value="1" /> | 
					
						
							|  |  |  |                             <?php | 
					
						
							|  |  |  |                         } else if ($multiauth) { | 
					
						
							|  |  |  |                             ?>
 | 
					
						
							|  |  |  |                             <div class="alert alert-info"> | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                                 <?php $Strings->get("2fa prompt"); ?>
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                             </div> | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                             <input type="text" class="form-control" name="authcode" placeholder="<?php $Strings->get("authcode"); ?>" required="required" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false" autofocus /><br /> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                             <input type="hidden" name="progress" value="2" /> | 
					
						
							|  |  |  |                             <input type="hidden" name="username" value="<?php echo $VARS['username']; ?>" /> | 
					
						
							|  |  |  |                             <?php | 
					
						
							|  |  |  |                         } | 
					
						
							|  |  |  |                         ?>
 | 
					
						
							|  |  |  |                         <button type="submit" class="btn btn-primary"> | 
					
						
							| 
									
										
										
										
											2018-09-07 15:03:42 -06:00
										 |  |  |                             <?php $Strings->get("continue"); ?>
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |                         </button> | 
					
						
							|  |  |  |                     </form> | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  |                 </div> | 
					
						
							|  |  |  |             </div> | 
					
						
							|  |  |  |         </div> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |         <div class="footer"> | 
					
						
							| 
									
										
										
										
											2018-12-20 23:45:45 -07:00
										 |  |  |             <?php echo $SETTINGS['footer_text']; ?><br />
 | 
					
						
							|  |  |  |             Copyright © <?php echo date('Y'); ?> <?php echo $SETTINGS['copyright']; ?>
 | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  |         </div> | 
					
						
							|  |  |  |     </div> | 
					
						
							|  |  |  |     <script src="static/js/jquery-3.3.1.min.js"></script> | 
					
						
							| 
									
										
										
										
											2018-09-21 16:38:34 -06:00
										 |  |  |     <script src="static/js/bootstrap.bundle.min.js"></script> | 
					
						
							| 
									
										
										
										
											2018-01-27 19:18:38 -07:00
										 |  |  | </body> | 
					
						
							| 
									
										
										
										
											2017-04-24 17:13:08 -06:00
										 |  |  | </html> |