diff options
Diffstat (limited to 'includes/pear/Auth/Frontend/Html.php')
| -rw-r--r-- | includes/pear/Auth/Frontend/Html.php | 142 |
1 files changed, 142 insertions, 0 deletions
diff --git a/includes/pear/Auth/Frontend/Html.php b/includes/pear/Auth/Frontend/Html.php new file mode 100644 index 0000000..6719e92 --- /dev/null +++ b/includes/pear/Auth/Frontend/Html.php @@ -0,0 +1,142 @@ +<?php +/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */ + +/** + * Standard Html Login form + * + * PHP versions 4 and 5 + * + * LICENSE: This source file is subject to version 3.01 of the PHP license + * that is available through the world-wide-web at the following URI: + * http://www.php.net/license/3_01.txt. If you did not receive a copy of + * the PHP License and are unable to obtain it through the web, please + * send a note to license@php.net so we can mail you a copy immediately. + * + * @category Authentication + * @package Auth + * @author Martin Jansen <mj@php.net> + * @author Adam Ashley <aashley@php.net> + * @copyright 2001-2006 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License 3.01 + * @version CVS: $Id: Html.php 237449 2007-06-12 03:11:27Z aashley $ + * @link http://pear.php.net/package/Auth + * @since File available since Release 1.3.0 + */ + +/** + * Standard Html Login form + * + * @category Authentication + * @package Auth + * @author Yavor Shahpasov <yavo@netsmart.com.cy> + * @author Adam Ashley <aashley@php.net> + * @copyright 2001-2006 The PHP Group + * @license http://www.php.net/license/3_01.txt PHP License 3.01 + * @version Release: @package_version@ File: $Revision: 237449 $ + * @link http://pear.php.net/package/Auth + * @since Class available since Release 1.3.0 + */ +class Auth_Frontend_Html { + + // {{{ render() + + /** + * Displays the login form + * + * @param object The calling auth instance + * @param string The previously used username + * @return void + */ + function render(&$caller, $username = '') { + $loginOnClick = 'return true;'; + + // Try To Use Challene response + // TODO javascript might need some improvement for work on other browsers + if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) { + + // Init the secret cookie + $caller->session['loginchallenege'] = md5(microtime()); + + print "\n"; + print '<script language="JavaScript">'."\n"; + + include 'Auth/Frontend/md5.js'; + + print "\n"; + print ' function securePassword() { '."\n"; + print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n"; + print ' var secret = document.getElementById(\'authsecret\')'."\n"; + //print ' alert(pass);alert(secret); '."\n"; + + // If using md5 for password storage md5 the password before + // we hash it with the secret + // print ' alert(pass.value);'; + if ($caller->storage->getCryptType() == 'md5' ) { + print ' pass.value = hex_md5(pass.value); '."\n"; + #print ' alert(pass.value);'; + } + + print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n"; + // print ' alert(pass.value);'; + print ' secret.value = 1;'."\n"; + print ' var doLogin = document.getElementById(\'doLogin\')'."\n"; + print ' doLogin.disabled = true;'."\n"; + print ' return true;'; + print ' } '."\n"; + print '</script>'."\n";; + print "\n"; + + $loginOnClick = ' return securePassword(); '; + } + + print '<center>'."\n"; + + $status = ''; + if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) { + $status = '<i>Your session has expired. Please login again!</i>'."\n"; + } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) { + $status = '<i>You have been idle for too long. Please login again!</i>'."\n"; + } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) { + $status = '<i>Wrong login data!</i>'."\n"; + } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) { + $status = '<i>Security problem detected. </i>'."\n"; + } + + print '<form method="post" action="'.$caller->server['PHP_SELF'].'" ' + .'onSubmit="'.$loginOnClick.'">'."\n"; + print '<table border="0" cellpadding="2" cellspacing="0" ' + .'summary="login form" align="center" >'."\n"; + print '<tr>'."\n"; + print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>' + .$status.'</td>'."\n"; + print '</tr>'."\n"; + print '<tr>'."\n"; + print ' <td>Username:</td>'."\n"; + print ' <td><input type="text" id="'.$caller->getPostUsernameField() + .'" name="'.$caller->getPostUsernameField().'" value="' . $username + .'" /></td>'."\n"; + print '</tr>'."\n"; + print '<tr>'."\n"; + print ' <td>Password:</td>'."\n"; + print ' <td><input type="password" id="'.$caller->getPostPasswordField() + .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n"; + print '</tr>'."\n"; + print '<tr>'."\n"; + + //onClick=" '.$loginOnClick.' " + print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" ' + .'id="doLogin" name="doLogin" type="submit" /></td>'."\n"; + print '</tr>'."\n"; + print '</table>'."\n"; + + // Might be a good idea to make the variable name variable + print '<input type="hidden" id="authsecret" name="authsecret" value="" />'; + print '</form>'."\n"; + print '</center>'."\n"; + } + + // }}} + +} + +?> |