blob: 6719e92516b35602c3a76e8f6c814a6a4a21d229 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
|
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
/**
* Standard Html Login form
*
* PHP versions 4 and 5
*
* LICENSE: This source file is subject to version 3.01 of the PHP license
* that is available through the world-wide-web at the following URI:
* http://www.php.net/license/3_01.txt. If you did not receive a copy of
* the PHP License and are unable to obtain it through the web, please
* send a note to license@php.net so we can mail you a copy immediately.
*
* @category Authentication
* @package Auth
* @author Martin Jansen <mj@php.net>
* @author Adam Ashley <aashley@php.net>
* @copyright 2001-2006 The PHP Group
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* @version CVS: $Id: Html.php 237449 2007-06-12 03:11:27Z aashley $
* @link http://pear.php.net/package/Auth
* @since File available since Release 1.3.0
*/
/**
* Standard Html Login form
*
* @category Authentication
* @package Auth
* @author Yavor Shahpasov <yavo@netsmart.com.cy>
* @author Adam Ashley <aashley@php.net>
* @copyright 2001-2006 The PHP Group
* @license http://www.php.net/license/3_01.txt PHP License 3.01
* @version Release: @package_version@ File: $Revision: 237449 $
* @link http://pear.php.net/package/Auth
* @since Class available since Release 1.3.0
*/
class Auth_Frontend_Html {
// {{{ render()
/**
* Displays the login form
*
* @param object The calling auth instance
* @param string The previously used username
* @return void
*/
function render(&$caller, $username = '') {
$loginOnClick = 'return true;';
// Try To Use Challene response
// TODO javascript might need some improvement for work on other browsers
if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
// Init the secret cookie
$caller->session['loginchallenege'] = md5(microtime());
print "\n";
print '<script language="JavaScript">'."\n";
include 'Auth/Frontend/md5.js';
print "\n";
print ' function securePassword() { '."\n";
print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
print ' var secret = document.getElementById(\'authsecret\')'."\n";
//print ' alert(pass);alert(secret); '."\n";
// If using md5 for password storage md5 the password before
// we hash it with the secret
// print ' alert(pass.value);';
if ($caller->storage->getCryptType() == 'md5' ) {
print ' pass.value = hex_md5(pass.value); '."\n";
#print ' alert(pass.value);';
}
print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
// print ' alert(pass.value);';
print ' secret.value = 1;'."\n";
print ' var doLogin = document.getElementById(\'doLogin\')'."\n";
print ' doLogin.disabled = true;'."\n";
print ' return true;';
print ' } '."\n";
print '</script>'."\n";;
print "\n";
$loginOnClick = ' return securePassword(); ';
}
print '<center>'."\n";
$status = '';
if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
$status = '<i>Your session has expired. Please login again!</i>'."\n";
} else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
$status = '<i>You have been idle for too long. Please login again!</i>'."\n";
} else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
$status = '<i>Wrong login data!</i>'."\n";
} else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
$status = '<i>Security problem detected. </i>'."\n";
}
print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
.'onSubmit="'.$loginOnClick.'">'."\n";
print '<table border="0" cellpadding="2" cellspacing="0" '
.'summary="login form" align="center" >'."\n";
print '<tr>'."\n";
print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
.$status.'</td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
print ' <td>Username:</td>'."\n";
print ' <td><input type="text" id="'.$caller->getPostUsernameField()
.'" name="'.$caller->getPostUsernameField().'" value="' . $username
.'" /></td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
print ' <td>Password:</td>'."\n";
print ' <td><input type="password" id="'.$caller->getPostPasswordField()
.'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
print '</tr>'."\n";
print '<tr>'."\n";
//onClick=" '.$loginOnClick.' "
print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
.'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
print '</tr>'."\n";
print '</table>'."\n";
// Might be a good idea to make the variable name variable
print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
print '</form>'."\n";
print '</center>'."\n";
}
// }}}
}
?>
|
