1 | <?php |
---|
2 | /* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */ |
---|
3 | |
---|
4 | /** |
---|
5 | * Standard Html Login form |
---|
6 | * |
---|
7 | * PHP versions 4 and 5 |
---|
8 | * |
---|
9 | * LICENSE: This source file is subject to version 3.01 of the PHP license |
---|
10 | * that is available through the world-wide-web at the following URI: |
---|
11 | * http://www.php.net/license/3_01.txt. If you did not receive a copy of |
---|
12 | * the PHP License and are unable to obtain it through the web, please |
---|
13 | * send a note to license@php.net so we can mail you a copy immediately. |
---|
14 | * |
---|
15 | * @category Authentication |
---|
16 | * @package Auth |
---|
17 | * @author Martin Jansen <mj@php.net> |
---|
18 | * @author Adam Ashley <aashley@php.net> |
---|
19 | * @copyright 2001-2006 The PHP Group |
---|
20 | * @license http://www.php.net/license/3_01.txt PHP License 3.01 |
---|
21 | * @version CVS: $Id: Html.php 8715 2006-12-01 05:10:46Z kakinaka $ |
---|
22 | * @link http://pear.php.net/package/Auth |
---|
23 | * @since File available since Release 1.3.0 |
---|
24 | */ |
---|
25 | |
---|
26 | /** |
---|
27 | * Standard Html Login form |
---|
28 | * |
---|
29 | * @category Authentication |
---|
30 | * @package Auth |
---|
31 | * @author Yavor Shahpasov <yavo@netsmart.com.cy> |
---|
32 | * @author Adam Ashley <aashley@php.net> |
---|
33 | * @copyright 2001-2006 The PHP Group |
---|
34 | * @license http://www.php.net/license/3_01.txt PHP License 3.01 |
---|
35 | * @version Release: 1.4.2 File: $Revision: 8715 $ |
---|
36 | * @link http://pear.php.net/package/Auth |
---|
37 | * @since Class available since Release 1.3.0 |
---|
38 | */ |
---|
39 | class Auth_Frontend_Html { |
---|
40 | |
---|
41 | // {{{ render() |
---|
42 | |
---|
43 | /** |
---|
44 | * Displays the login form |
---|
45 | * |
---|
46 | * @param object The calling auth instance |
---|
47 | * @param string The previously used username |
---|
48 | * @return void |
---|
49 | */ |
---|
50 | function render(&$caller, $username = '') { |
---|
51 | $loginOnClick = 'return true;'; |
---|
52 | |
---|
53 | // Try To Use Challene response |
---|
54 | // TODO javascript might need some improvement for work on other browsers |
---|
55 | if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) { |
---|
56 | |
---|
57 | // Init the secret cookie |
---|
58 | $caller->session['loginchallenege'] = md5(microtime()); |
---|
59 | |
---|
60 | print "\n"; |
---|
61 | print '<script language="JavaScript">'."\n"; |
---|
62 | |
---|
63 | include 'Auth/Frontend/md5.js'; |
---|
64 | |
---|
65 | print "\n"; |
---|
66 | print ' function securePassword() { '."\n"; |
---|
67 | print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n"; |
---|
68 | print ' var secret = document.getElementById(\'authsecret\')'."\n"; |
---|
69 | //print ' alert(pass);alert(secret); '."\n"; |
---|
70 | |
---|
71 | // If using md5 for password storage md5 the password before |
---|
72 | // we hash it with the secret |
---|
73 | // print ' alert(pass.value);'; |
---|
74 | if ($caller->storage->getCryptType() == 'md5' ) { |
---|
75 | print ' pass.value = hex_md5(pass.value); '."\n"; |
---|
76 | #print ' alert(pass.value);'; |
---|
77 | } |
---|
78 | |
---|
79 | print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n"; |
---|
80 | // print ' alert(pass.value);'; |
---|
81 | print ' secret.value = 1;'."\n"; |
---|
82 | print ' var doLogin = document.getElementById(\'doLogin\')'."\n"; |
---|
83 | print ' doLogin.disabled = true;'."\n"; |
---|
84 | print ' return true;'; |
---|
85 | print ' } '."\n"; |
---|
86 | print '</script>'."\n";; |
---|
87 | print "\n"; |
---|
88 | |
---|
89 | $loginOnClick = ' return securePassword(); '; |
---|
90 | } |
---|
91 | |
---|
92 | print '<center>'."\n"; |
---|
93 | |
---|
94 | $status = ''; |
---|
95 | if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) { |
---|
96 | $status = '<i>Your session has expired. Please login again!</i>'."\n"; |
---|
97 | } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) { |
---|
98 | $status = '<i>You have been idle for too long. Please login again!</i>'."\n"; |
---|
99 | } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) { |
---|
100 | $status = '<i>Wrong login data!</i>'."\n"; |
---|
101 | } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) { |
---|
102 | $status = '<i>Security problem detected. </i>'."\n"; |
---|
103 | } |
---|
104 | |
---|
105 | print '<form method="post" action="'.$caller->server['PHP_SELF'].'" ' |
---|
106 | .'onSubmit="'.$loginOnClick.'">'."\n"; |
---|
107 | print '<table border="0" cellpadding="2" cellspacing="0" ' |
---|
108 | .'summary="login form" align="center" >'."\n"; |
---|
109 | print '<tr>'."\n"; |
---|
110 | print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>' |
---|
111 | .$status.'</td>'."\n"; |
---|
112 | print '</tr>'."\n"; |
---|
113 | print '<tr>'."\n"; |
---|
114 | print ' <td>Username:</td>'."\n"; |
---|
115 | print ' <td><input type="text" id="'.$caller->getPostUsernameField() |
---|
116 | .'" name="'.$caller->getPostUsernameField().'" value="' . $username |
---|
117 | .'" /></td>'."\n"; |
---|
118 | print '</tr>'."\n"; |
---|
119 | print '<tr>'."\n"; |
---|
120 | print ' <td>Password:</td>'."\n"; |
---|
121 | print ' <td><input type="password" id="'.$caller->getPostPasswordField() |
---|
122 | .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n"; |
---|
123 | print '</tr>'."\n"; |
---|
124 | print '<tr>'."\n"; |
---|
125 | |
---|
126 | //onClick=" '.$loginOnClick.' " |
---|
127 | print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" ' |
---|
128 | .'id="doLogin" name="doLogin" type="submit" /></td>'."\n"; |
---|
129 | print '</tr>'."\n"; |
---|
130 | print '</table>'."\n"; |
---|
131 | |
---|
132 | // Might be a good idea to make the variable name variable |
---|
133 | print '<input type="hidden" id="authsecret" name="authsecret" value="" />'; |
---|
134 | print '</form>'."\n"; |
---|
135 | print '</center>'."\n"; |
---|
136 | } |
---|
137 | |
---|
138 | // }}} |
---|
139 | |
---|
140 | } |
---|
141 | |
---|
142 | ?> |
---|