source: branches/2.2/login.php @ 3448

Revision 3448, 4.3 KB checked in by rafaelraymundo, 13 years ago (diff)

Ticket #990 - Vulnerabilidades no Anti robo Captcha do Login

  • Property svn:eol-style set to native
  • Property svn:executable set to *
Line 
1<?php
2        /**************************************************************************\
3        * eGroupWare login                                                         *
4        * http://www.egroupware.org                                                *
5        * Originaly written by Dan Kuykendall <seek3r@phpgroupware.org>            *
6        *                      Joseph Engo    <jengo@phpgroupware.org>             *
7        * Updated by Nilton Emilio Buhrer Neto <niltonneto@celepar.pr.gov.br>      *
8        *  This program is free software; you can redistribute it and/or modify it *
9        *  under the terms of the GNU General Public License as published by the   *
10        *  Free Software Foundation; either version 2 of the License, or (at your  *
11        *  option) any later version.                                              *
12        \**************************************************************************/
13
14        $phpgw_info = array();
15        $submit = False;                        // set to some initial value
16
17        $GLOBALS['phpgw_info']['flags'] = array(
18                'disable_Template_class' => True,
19                'login'                  => True,
20                'currentapp'             => 'login',
21                'noheader'               => True
22        );
23
24        if(file_exists('./header.inc.php'))
25        {
26                include('./header.inc.php');
27                // Force location to home, while logged in.
28                $GLOBALS['sessionid'] = @$_GET['sessionid'] ? $_GET['sessionid'] : @$_COOKIE['sessionid'];
29                if(isset($GLOBALS['sessionid']) && $_GET['cd'] != 10)
30                        $GLOBALS['phpgw']->redirect_link('/home.php');
31                if ($GLOBALS['phpgw_info']['server']['use_https'] > 0)
32                {
33                        if ($_SERVER['HTTPS'] != 'on')
34                        {
35                                Header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
36                                exit;
37                        }
38                }
39                       
40                if(function_exists('CreateObject'))
41                {
42                        $GLOBALS['phpgw']->session = CreateObject('phpgwapi.sessions');
43                }
44                else
45                {
46                        Header('Location: setup/index.php');
47                        exit;
48                }
49        }
50        else
51        {
52                Header('Location: setup/index.php');
53                exit;
54        }
55
56        $GLOBALS['phpgw_info']['server']['template_dir'] = PHPGW_SERVER_ROOT . '/phpgwapi/templates/' . $GLOBALS['phpgw_info']['login_template_set'];
57        $tmpl = CreateObject('phpgwapi.Template', $GLOBALS['phpgw_info']['server']['template_dir']);
58
59        // read the images from the login-template-set, not the (maybe not even set) users template-set
60        $GLOBALS['phpgw_info']['user']['preferences']['common']['template_set'] = $GLOBALS['phpgw_info']['login_template_set'];
61
62        // This is used for system downtime, to prevent new logins.
63        if($GLOBALS['phpgw_info']['server']['deny_all_logins'])
64        {
65                $deny_msg=lang('Oops! You caught us in the middle of system maintainance.<br/>
66                Please, check back with us shortly.');
67
68                $tmpl->set_file(array
69                (
70                        'login_form' => 'login_denylogin.tpl'
71                ));
72
73                $tmpl->set_var('template_set','default');
74                $tmpl->set_var('deny_msg',$deny_msg);
75                $tmpl->pfp('loginout','login_form');
76                exit;
77        }
78        $tmpl->set_file(array('login_form' => 'login.tpl'));
79
80        $tmpl->set_var('template',$GLOBALS['phpgw_info']['login_template_set']);
81        $tmpl->set_var('lang',$_GET['lang']?$_GET['lang']:preg_replace("/\,.*/","",$GLOBALS['_SERVER']['HTTP_ACCEPT_LANGUAGE']));
82
83        if (count($GLOBALS['phpgw_info']['server']['login_logo_file']) > 0)
84                $tmpl->set_var('logo_config',$GLOBALS['phpgw_info']['server']['login_logo_file']);
85        else
86                $tmpl->set_var('logo_config','<a title="Governo do Paran&aacute" href="http://www.pr.gov.br" target="_blank"><img src="phpgwapi/templates/'.$GLOBALS['phpgw_info']['login_template_set'].'/images/logo_governo.gif" border="0"></a></td>
87                <td><div align="center"><font color="#9a9a9a" face="Verdana, Arial, Helvetica, sans-serif" size="1">
88<a title="Celepar Inform&aacute;tica do Paran&aacute;" target="_blank" href="http://www.celepar.pr.gov.br/">
89<img src="phpgwapi/templates/'.$GLOBALS['phpgw_info']['login_template_set'].'/images/logo_celepar.gif" border="0"></a>');
90        // !! NOTE !!
91        // Do NOT and I repeat, do NOT touch ANYTHING to do with lang in this file.
92        // If there is a problem, tell me and I will fix it. (jengo)
93
94        // whoooo scaring
95
96        // ServerID => Identify the Apache Frontend.
97        if($GLOBALS['phpgw_info']['server']['usecookies'] == True && $GLOBALS['phpgw_info']['server']['use_frontend_id'])
98        {
99                $GLOBALS['phpgw']->session->phpgw_setcookie('serverID', $GLOBALS['phpgw_info']['server']['use_frontend_id']);
100        }
101if($GLOBALS['phpgw_info']['server']['captcha']==1)
102  {
103     session_start();
104  }
105include(personalize_include_path('phpgwapi','login'));
106?>
107
Note: See TracBrowser for help on using the repository browser.