Context Navigation

source: companies/serpro/doc-expressolivre/scripts/distribuicao/arquivos-parceiros/login.php @ 903

Revision 903, 37.0 KB checked in by niltonneto, 15 years ago (diff)
Importacao inicial do Expresso do Serpro

Line
1	<?php
2	//Valida a existencia do cookie, antes de grava-lo
3	if(isset($_COOKIE['contador']))
4	{
5	$valor_cookie = $_COOKIE['contador'];
6	if($_GET['cd']=='5')
7	{
8	$valor_cookie = $valor_cookie + 1;
9	setcookie("contador", $valor_cookie,0);
10	}
11	}
12	//Cookie inexistente: tenta gravar um
13	else
14	{
15	if (setcookie("contador", 1,0))
16	//echo "OK, cookie gravado.";
17	$valor_cookie = 1;
18	else
19	//echo "Nao gravou o cookie";
20	$valor_cookie = "9999"; // forca captcha
21	}
22	// logout, inicia contador novamente.....
23	if($_GET['cd']=='1')
24	{
25	$valor_cookie = 1;
26	setcookie("contador", 1,0);
27	}
28	/**************************************************************************\
29	* eGroupWare login *
30	* http://www.egroupware.org *
31	* Originaly written by Dan Kuykendall <seek3r@phpgroupware.org> *
32	* Joseph Engo <jengo@phpgroupware.org> *
33	* -------------------------------------------- *
34	* This program is free software; you can redistribute it and/or modify it *
35	* under the terms of the GNU General Public License as published by the *
36	* Free Software Foundation; either version 2 of the License, or (at your *
37	* option) any later version. *
38	\**************************************************************************/
39
40	$phpgw_info = array();
41	$submit = False; // set to some initial value
42	$GLOBALS['phpgw_info']['flags'] = array(
43	'disable_Template_class' => True,
44	'login' => True,
45	'currentapp' => 'login',
46	'noheader' => True
47	);
48	if(file_exists('./header.inc.php'))
49	{
50	include('./header.inc.php');
51	if ($GLOBALS['phpgw_info']['server']['use_https'] > 0)
52	{
53	if ($_SERVER['HTTPS'] != 'on')
54	{
55	Header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']);
56	exit;
57	}
58	if($GLOBALS['phpgw_info']['server']['certificado']==1)
59	{
60	require_once('./seguranca/certificado.php');
61	$GLOBALS['certificado'] = new certificado;
62	}
63	}
64	if(function_exists('CreateObject'))
65	{
66	$GLOBALS['phpgw']->session = CreateObject('phpgwapi.sessions');
67	}
68	else
69	{
70	Header('Location: setup/index.php');
71	exit;
72	}
73	}
74	else
75	{
76	Header('Location: setup/index.php');
77	exit;
78	}
79	$GLOBALS['phpgw_info']['login_template_set'] = 'serpro';
80	$GLOBALS['phpgw_info']['server']['template_dir'] = PHPGW_SERVER_ROOT . '/phpgwapi/templates/' . $GLOBALS['phpgw_info']['login_template_set'];
81	$tmpl = CreateObject('phpgwapi.Template', $GLOBALS['phpgw_info']['server']['template_dir']);
82	// read the images from the login-template-set, not the (maybe not even set) users template-set
83	$GLOBALS['phpgw_info']['user']['preferences']['common']['template_set'] = $GLOBALS['phpgw_info']['login_template_set'];
84	// This is used for system downtime, to prevent new logins.
85	if($GLOBALS['phpgw_info']['server']['deny_all_logins'])
86	{
87	$deny_msg=lang('Oops! You caught us in the middle of system maintainance.<br/>
88	Please, check back with us shortly.');
89	$tmpl->set_file(array
90	(
91	'login_form' => 'login_denylogin.tpl'
92	));
93	$tmpl->set_var('template_set','default');
94	$tmpl->set_var('deny_msg',$deny_msg);
95	$tmpl->pfp('loginout','login_form');
96	exit;
97	}
98	$tmpl->set_file(array('login_form' => 'login.tpl'));
99	// !! NOTE !!
100	// Do NOT and I repeat, do NOT touch ANYTHING to do with lang in this file.
101	// If there is a problem, tell me and I will fix it. (jengo)
102	// whoooo scaring
103
104	if($GLOBALS['phpgw_info']['server']['usecookies'] == True)
105	{
106	$GLOBALS['phpgw']->session->phpgw_setcookie('serverID', '1024');
107	//GLOBALS['phpgw']->session->phpgw_setcookie('eGroupWareLoginTime', time());
108	}
109
110	/*
111	if($_GET['cd'] != 10 && $GLOBALS['phpgw_info']['server']['usecookies'] == False)
112	{
113	$GLOBALS['phpgw']->session->setcookie('sessionid');
114	$GLOBALS['phpgw']->session->setcookie('kp3');
115	$GLOBALS['phpgw']->session->setcookie('domain');
116	}
117	*/
118
119	/* This is not working yet because I need to figure out a way to clear the $cd =1
120	if(isset($_SERVER['PHP_AUTH_USER']) && $_GET['cd'] == '1')
121	{
122	Header('HTTP/1.0 401 Unauthorized');
123	Header('WWW-Authenticate: Basic realm="phpGroupWare"');
124	echo 'You have to re-authentificate yourself';
125	exit;
126	}
127	*/
128
129	function check_logoutcode($code)
130	{
131	switch($code)
132	{
133	case 1:
134	return lang('You have been successfully logged out');
135	break;
136	case 2:
137	return lang('Sorry, your login has expired');
138	break;
139	case 4:
140	return lang('Cookies are required to login to this site.');
141	break;
142	case 5:
143	return '<font color="FF0000">' . lang('Bad login or password') . '</font>';
144	break;
145	case 200:
146	return '<font color="FF0000">' . lang('Invalid code') . '</font>';
147	break;
148	case 202:
149	return '<font color="FF0000">' . lang('Account is expired') . '</font>';
150	break;
151	case 203:
152	return '<font color="FF0000">' . lang('New Password and Confirm Password doesnt are equal') . '</font>';
153	break;
154	case 204:
155	return '<font color="FF0000">' . lang('New Password and Current Password are similar') . '</font>';
156	break;
157	case 205:
158	return '<font color="FF0000">' . lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']) . '</font>';
159	break;
160	case 206:
161	return '<font color="FF0000">' . lang('Your password is very simple, use numbers, uppercase, lowercase and special characters') . '</font>';
162	break;
163	case 207:
164	return '<font color="FF0000">' . lang('Your password contains characters not allowed') . '</font>';
165	break;
166	case 208:
167	return '<font color="FF0000">' . lang('New password with more than three consecutives equals caracteres') . '</font>';
168	break;
169	case 209:
170	return '<font color="0000FF">' . lang('password has been updated') . '</font>';
171	break;
172	case 98:
173	return '<font color="FF0000">' . lang('Account is expired') . '</font>';
174	break;
175	case 99:
176	return '<font color="FF0000">' . lang('Blocked, too many attempts') . '</font>';
177	break;
178	case 10:
179	$GLOBALS['phpgw']->session->phpgw_setcookie('sessionid');
180	$GLOBALS['phpgw']->session->phpgw_setcookie('kp3');
181	$GLOBALS['phpgw']->session->phpgw_setcookie('domain');
182
183	//fix for bug php4 expired sessions bug
184	if($GLOBALS['phpgw_info']['server']['sessions_type'] == 'php4')
185	{
186	$GLOBALS['phpgw']->session->phpgw_setcookie(PHPGW_PHPSESSID);
187	}
188
189	return '<font color="#FF0000">' . lang('Your session could not be verified.') . '</font>';
190	break;
191	default:
192	return ' ';
193	}
194	}
195
196	/* Program starts here */
197
198
199	if($GLOBALS['phpgw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER']))
200	{
201	$submit = True;
202	$login = $_SERVER['PHP_AUTH_USER'];
203	$passwd = $_SERVER['PHP_AUTH_PW'];
204	$passwd_type = 'text';
205	}
206	else
207	{
208	$passwd = $_POST['passwd'];
209	$passwd_type = $_POST['passwd_type'];
210	}
211
212	# Apache + mod_ssl style SSL certificate authentication
213	# Certificate (chain) verification occurs inside mod_ssl
214	//$GLOBALS['phpgw_info']['server']['auth_type'] = 'sqlssl';
215
216	if($GLOBALS['phpgw_info']['server']['auth_type'] == 'sqlssl' && isset($_SERVER['SSL_CLIENT_S_DN']) && !isset($_GET['cd']))
217	{
218	# an X.509 subject looks like:
219	# /CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/
220	# the username is deliberately lowercase, to ease LDAP integration
221	$sslattribs = explode('/',$_SERVER['SSL_CLIENT_S_DN']);
222	# skip the part in front of the first '/' (nothing)
223	//$sslattributes['Email'] = $GLOBALS['certificado']->dados['email'];
224	while($sslattrib = next($sslattribs))
225	{
226	list($key,$val) = explode('=',$sslattrib);
227	$sslattributes[$key] = $val;
228	}
229	if(isset($sslattributes['Email']))
230	{
231	$submit = True;
232	# login will be set here if the user logged out and uses a different username with
233	# the same SSL-certificate.
234	if(!isset($_POST['login'])&&isset($sslattributes['Email']))
235	{
236	$login = $sslattributes['Email'];
237	# not checked against the database, but delivered to authentication module
238	$passwd = $_SERVER['SSL_CLIENT_S_DN'];
239	}
240	}
241	unset($key);
242	unset($val);
243	unset($sslattributes);
244	}
245	$ldap_info="";
246	if(isset($passwd_type) \|\| $_POST['submitit_x'] \|\| $_POST['submitit_y'] \|\| $submit)
247	{
248	// Primeiro testa o captcha....se houver......
249	if( $GLOBALS['phpgw_info']['server']['captcha']==1)
250	{
251	if(isset($_POST['codigo']))
252	{
253	if ($_SESSION['CAPTCHAString'] != strtoupper($_POST['codigo']))
254	{
255	if (isset($_POST['npasswd']))
256	{
257	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200&ts=202'));
258	}
259	else
260	{
261	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200'));
262	}
263	}
264	unset($_SESSION['CAPTCHAString']);
265	}
266	}
267	//Faz uma busca inicial por atributos no ldap para que os resultados sejam utilizados pelo restante do programa
268	//Utilizando um diretorio corporativo, o dn do usuario pode estar localizado em qualquer ramo do diretorio
269	//system('echo "Login: bind em ldap" >> /tmp/controle');
270	$common = CreateObject('phpgwapi.common');
271	$ldap_conn = $common->ldapConnect(); //bind como Admin para buscar o atributo de expiracao e o dn do usuario
272	if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
273	{
274	$justthese = array($GLOBALS['phpgw_info']['server']['atributoexpiracao']);
275	}
276	else
277	{
278	$justthese = array("phpgwaccountexpires");
279	}
280	$filter="(&(phpgwAccountType=u)(uid=".$_POST['user']."))";
281	$ldap_search = ldap_search($ldap_conn, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $justthese);
282	$ldap_info = ldap_get_entries($ldap_conn, $ldap_search);
283	ldap_close($ldap_conn);
284	// Testa os cpos de troca de senha, se existem
285	if($_POST['npasswd'] \|\| $_POST['cnpasswd'])
286	{
287	// Default number of letters = 8
288	if (!$GLOBALS['phpgw_info']['server']['num_letters_userpass'])
289	$GLOBALS['phpgw_info']['server']['num_letters_userpass'] = 8;
290	// Default number of special letters = 1
291	if (!$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'])
292	$GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] = 1;
293	if(strlen($_POST['npasswd']) < $GLOBALS['phpgw_info']['server']['num_letters_userpass'])
294	{
295	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=205&ts=202'));
296	}
297	// nova senha e confirma nova senha devem ser iguais ...
298	if($_POST['npasswd'] != $_POST['cnpasswd'])
299	{
300	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=203&ts=202'));
301	}
302	if (!(ereg ("(^[a-zA-Z_.\-\!@#$%&+=\|])$", $_POST['npasswd'] ) or
303	ereg ("(^[0-9_.\-\!@#$%&+=\|])$", $_POST['npasswd'] ) or
304	ereg ("(^[a-zA-Z0-9]*)$", $_POST['npasswd'] ) or
305	ereg ("(^[a-zA-Z0-9_.\-\!@#$%&+=\|])$", $_POST['npasswd'] )))
306	{
307	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=207&ts=202'));
308	}
309	for ($j=0 ; $j<(strlen($_POST['npasswd'])-2); $j++)
310	{
311	if ($_POST['npasswd'][$j]==$_POST['npasswd'][$j+1] && $_POST['npasswd'][$j]==$_POST['npasswd'][$j+2])
312	{
313	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=208&ts=202'));
314	break;
315	}
316	}
317	$similar=false;
318	for ($j=0 ; $j<8; $j++)
319	{
320	for ($k=0 ; $k<8; $k++)
321	{
322	if (similar_text(substr($_POST['passwd'],$j,3),substr($_POST['npasswd'],$k,3))>2)
323	{
324	$similar=true;
325	}
326	}
327	}
328	// a nova senha e a senha atual nao podem ser "similares" ...
329	if ($similar \|\| $_POST['passwd'] == $_POST['npasswd'])
330	{
331	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=204&ts=202'));
332	}
333	// complexidade da senha
334	$passcomplex=0;
335	if (ereg('[a-zA-Z]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;}
336	if (ereg('[0-9]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;}
337	if (ereg('[^0-9a-zA-Z]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;}
338	if ($passcomplex < 2)
339	{
340	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=206&ts=202'));
341	}
342	//Tentando fazer bind com o dn do usuario
343	$ldap_conn = ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']);
344	if (!$ldap_conn)
345	{
346	printf("<b>Error: Can't bind to LDAP server!");
347	die;
348	}
349	$dn=$ldap_info[0]['dn'];
350	//system('echo "'.ldap_errno($ldap_conn).'" >>/tmp/controle');
351	//Tenta fazer bind no diretorio, se nao conseguir, verifica se a negacao de autenticacao foi por causa de uma expiracao de senhas
352	//system('echo "Dn para bind: '.$ldap_info[0]['dn'].'" >>/tmp/controle');
353	if (!ldap_bind($ldap_conn,$ldap_info[0]['dn'],$_POST['passwd']))
354	{
355	//Verificando se a negacao de bind foi proveniente de uma expiracao de senha
356	//system('echo "NAO conseguiu dar bind" >>/tmp/controle');
357	$now=time();
358	//Verificando se a senha esta expirada
359	$expired=false;
360	if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
361	{
362	//system('echo "Atributo de expiracao configurado." >>/tmp/controle');
363	//system('echo "now: '.$now.'" >>/tmp/controle');
364	//system('echo "atributo de expiracao: '.strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0]).'" >>/tmp/controle');
365	//if (strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])<$now)
366	system('echo "chegou" >>/tmp/controle');
367	if (($ldap_info[0]["phpgwaccountexpires"][0]!="-1")&&(strtotime($ldap_info[0]["phpgwaccountexpires"][0])<$now))
368	{
369	//system('echo "Encontrou atributo expirado" >>/tmp/controle');
370	$expired=true;
371	}
372	}
373	else
374	{
375
376	//Se o atributo de expiracao nao estiver configurado pressupoe que eh unixtime (phpgwaccountexpires)
377	if (($ldap_info[0]["phpgwaccountexpires"][0]!="-1")&&(strtotime($ldap_info[0]["phpgwaccountexpires"][0])<$now))
378	{
379	//system('echo "Encontrou atributo expirado - phpgwaccoutexpires" >>/tmp/controle');
380	$expired=true;
381	}
382	}
383	if ($expired)
384	{
385	//A negacao de bind proveio de uma expiracao de senhas.
386	//Providencia a troca de senhas e, se configurado, tambÃ©m o ajuste do atributo de expiracao.
387	//system('echo "vai chamar o change_password" >>/tmp/controle');
388	if($GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,true))
389	{
390	//A troca de senhas funcionou
391	//system('echo "Login: troca de senhas OK" >>/tmp/controle');
392	if($GLOBALS['phpgw_info']['server']['diretorioescravo'])
393	{
394	//Tempo necessario para que o slave receba a atualizacao.
395	sleep(1);
396	}
397	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/logout.php?cd=209');
398	}
399	else
400	{
401	//Direciona para senha incorreta na tela de troca de senhas
402	//system('echo "Login: troca de senhas PROBLEMA" >>/tmp/controle');
403	$GLOBALS['phpgw']->redirect("" . '/login.php?cd=5&ts=202');
404	}
405	}
406	else
407	{
408	//A senha digitada estava incorreta
409	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=5&ts=202');
410	}
411	}
412	else
413	{
414	//Usuario executou autenticacao no diretorio - a expiracao so pode ter vindo de uma politica de expiracao do proprio expresso
415	//system('echo "SIM conseguiu dar bind" >>/tmp/controle');
416	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
417	{
418	//Se a politica de senhas for do Expresso eh necessario verificar se o usuario estah expirado
419	$now=time();
420	$common1 = CreateObject('phpgwapi.common');
421	$ldap_conn1 = $common1->ldapConnect();
422	if ($GLOBALS['phpgw_info']['server']['num_days_pwd_validate'])
423	{
424	$aux=$GLOBALS['phpgw_info']['server']['num_days_pwd_validate'];
425	}
426	else
427	{
428	$aux=90;
429	}
430	//$entry['phpgwaccountexpires'] = $now + ($aux * 86400);
431	if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
432	{
433	if(substr($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1) == "Z")
434	{
435	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
436	{
437	//quando a data de expiracao estah no formato yyyymmddhhmmssZ
438	$entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = strftime("%Y%m%d%H%M%SZ", $now + ($aux * 86400));
439	}
440	}
441	else
442	{
443	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
444	{
445	//Outro atributo ldap que, assim como o phpgwaccounttype, tambem contem hora em formato unix
446	$entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = $now + ($aux * 86400);
447	}
448	}
449	}
450	else
451	{
452	//Se a polÃtica for no diretorio nao precisa alterar o atributo de expiracao
453	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
454	{
455	$entry['phpgwaccountexpires'] = $now + ($aux * 86400);
456	}
457	}
458	ldap_mod_replace($ldap_conn1,$ldap_info[0]['dn'], $entry);
459	}
460	}
461	}
462
463	if ($ldap_info['count'] != 0)
464	{
465	$_POST['login'] = $_POST['user'];
466	}
467	ldap_close($ldap_conn);
468	if(getenv('REQUEST_METHOD') != 'POST' && $_SERVER['REQUEST_METHOD'] != 'POST' &&
469	!isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN']))
470	{
471	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5'));
472	}
473	if($submit == false)
474	{
475	$login = $_POST['login'];
476	}
477	if(strstr($login,'@') === False && isset($_POST['logindomain']))
478	{
479	$login .= '@' . $_POST['logindomain'];
480	}
481	elseif(!isset($GLOBALS['phpgw_domain'][$GLOBALS['phpgw_info']['user']['domain']]))
482	{
483	$login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain'];
484	}
485	//--------------------------------------------------------------------------------------------------
486	//LOGIN
487	//--------------------------------------------------------------------------------------------------
488	//echo "Usuario ==> ".$login." senha ==> ".$passwd;
489	//system('echo "Login: tentou criar sessao" >> /tmp/controle');
490	//Tantando criar a sessao
491	$GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create(strtolower($login),$passwd,$passwd_type,'u');
492	if(!isset($GLOBALS['sessionid']) \|\| ! $GLOBALS['sessionid'])
493	{
494	//A sessao nao pode ser criada. Verificando quais os possiveis motivos
495	//system('echo "Nao tem sessao" >> /tmp/controle');
496	if ($GLOBALS['phpgw']->session->cd_reason == 99)
497	{
498	//fazendo o redirecionamento para o caso de bloqueio de por excesso de tentativas erradas
499	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=99');
500	}
501	else
502	{
503	//Verifica se o codigo de erro ldap 49, que o session traduz para cd_reason=5, Ã© proveniente de uma expiracao de senhas. Neste caso, mesmo se o usuÃ¡rio digitar a senha errada, devolve-se a informacao de expiracao. O cÃ³digo de erro "5" tambÃ©m Ã© retornado quando nÃ£o Ã© encontrado o usuÃ¡rio na base ldap
504	if ($GLOBALS['phpgw']->session->cd_reason == 5)
505	{
506	//system('echo "Retornou erro 49" >>/tmp/controle');
507	//Buscando o atributo de expiracao no ldap
508	$lc = $common->ldapConnect();
509	if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
510	{
511	$justthese = array("uid",$GLOBALS['phpgw_info']['server']['atributoexpiracao']);
512	}
513	$filter="(&(phpgwAccountType=u)(uid=".$_POST['user']."))";
514	$ldap_search = ldap_search($lc, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $justthese);
515	$ldap_info = ldap_get_entries($lc, $ldap_search);
516	ldap_close($lc);
517	//Verificando se a senha estÃ¡ expirada
518	if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao']))
519	{
520	//Analisa a expiracao atraves do tempo da maquina
521	$now=time();
522	//Se o atributo de expiracao nao existir pode ser por causa da nao existencia do usuario no ldap
523	//Verifica o tipo do formato do tempo de expiracao para concluir se a senha estÃ¡ expirada ou nÃ£o.
524	if (($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])&&(substr($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1) == "Z"))
525	{
526	if (strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0] < $now))
527	{
528	//Senha do usuario estah expirada, pressupoe-se que colocou a senha certa, pois o erro do ldap eh o mesmo (49)
529	//system('echo "Detectou expiracao de senhas: " >>/tmp/controle');
530	if(isset($GLOBALS['phpgw_info']['server']['webserver_url']))
531	{
532	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=98&ts=98');
533	}
534	else
535	{
536	//Entra aqui em duas ocasioes - quando expirado:
537	//login errado na tela sem troca de senhas
538	//troca de senhas com a senha atual errada
539	if($_POST['npasswd'])
540	{
541	//Nao logou porque o usuario estah com a senha expirada - troca de senhas
542	//Pode ter errado a senha tambÃ©m.
543	//system('echo "NAO Achou a url - tela troca de senhas: " >>/tmp/controle');
544	$GLOBALS['phpgw']->redirect_link("" . '/logout.php?cd=5&ts=5');
545	}
546	else
547	{
548	//Nao logou porque o usuario estah com a senha expirada - tela inicial
549	//Para o caso de usuario que tenta se logar na tela inicial com a senha expirada
550	//system('echo "NAO Achou a url - tela inicial: " >>/tmp/controle'); //funciona
551	$GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=98&ts=98'); //funciona
552	}
553	}
554	}
555	else
556	{
557	//senha do usuario nao estah expirada e, como o ldap deu login invalido, ocorreu erro de senha
558	//system('echo "NAO estah expirado: " >>/tmp/controle');
559	$GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5&ts=5');
560	}
561	}
562	else
563	{
564	//Caso do atributo de expiracao de senhas estar no formato unixtime
565	if (($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])&&($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0] < $now)&&($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0]!="-1"))
566	{
567	//Senha do usuario estah expirada, pressupoe-se que colocou a senha certa, pois o erro do ldap eh o mesmo (49)
568	//system('echo "Detectou expiracao de senhas: " >>/tmp/controle');
569	if(isset($GLOBALS['phpgw_info']['server']['webserver_url']))
570	{
571	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=98&ts=98');
572	}
573	else
574	{
575	//Entra aqui em duas ocasioes - quando expirado:
576	//login errado na tela sem troca de senhas
577	//troca de senhas com a senha atual errada
578	if($_POST['npasswd'])
579	{
580	//Nao logou porque o usuario estah com a senha expirada - troca de senhas
581	//Pode ter errado a senha tambÃ©m.
582	//system('echo "NAO Achou a url - tela troca de senhas: " >>/tmp/controle');
583	$GLOBALS['phpgw']->redirect_link("" . '/logout.php?cd=5&ts=5');
584	}
585	else
586	{
587	//Nao logou porque o usuario estah com a senha expirada - tela inicial
588	//Para o caso de usuario que tenta se logar na tela inicial com a senha expirada
589	//system('echo "NAO Achou a url - tela inicial: " >>/tmp/controle'); //funciona
590	$GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=98&ts=98'); //funciona
591	}
592	}
593	}
594	else
595	{
596	//senha do usuario nao estah expirada e, como o ldap deu login invalido, ocorreu erro de senha
597	//system('echo "NAO estah expirado: " >>/tmp/controle');
598	$GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5&ts=5');
599	}
600	}
601	}
602	}
603	else
604	{
605	if ($GLOBALS['phpgw']->session->cd_reason == 99)
606	{
607	//fazendo o redirecionamento para o caso de bloqueio de por excesso de tentativas erradas
608	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=99');
609	}
610	else
611	{
612	// trocasenha soh vai existir qdo o form for gerado via chamada anterior com com "cd=202"
613	if($_POST['cdx']=='202' )
614	{
615	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=202');
616	}
617	else
618	{
619	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason);
620	}
621	}
622	}
623	}
624	}
625	else
626	{
627	//Realiza a troca de senhas caso a polÃtica seja local, ou seja, caso o diretorio continue autenticando o usuario com a senha expirada.
628	//system('echo "Encontrou nÃºmero de sessao" >> /tmp/controle');
629	// Atencao: se existir o cpo "npasswd" providencia a troca da senha do usuario....
630	if($_POST['npasswd'])
631	{
632	//system('echo "entrou no change" >> /tmp/controle');
633	//$GLOBALS['phpgw']->auth->change_password($passwd, $_POST['npasswd']);
634	if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso')
635	{
636	$GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,false);
637	}
638	else
639	{
640	$GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,true);
641	}
642	$GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/logout.php?cd=209');
643	}
644	if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2}){0,1}$/',$_POST['lang']) &&
645	$_POST['lang'] != $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'])
646	{
647	$GLOBALS['phpgw']->preferences->add('common','lang',$_POST['lang'],'session');
648	}
649	if(!$GLOBALS['phpgw_info']['server']['disable_autoload_langfiles'])
650	{
651	$GLOBALS['phpgw']->translation->autoload_changed_langfiles();
652	}
653	$forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward'];
654	if (!$forward)
655	{
656	$extra_vars['cd'] = 'yes';
657	$forward = '/home.php';
658	}
659	else
660	{
661	list($forward,$extra_vars) = explode('?',$forward,2);
662	}
663	if ($GLOBALS['phpgw_info']['server']['use_https'] != 2)
664	{
665	$forward = 'http://'.$_SERVER['HTTP_HOST'].($GLOBALS['phpgw']->link($forward.'?cd=yes'));
666	echo "<script language='Javascript1.3'>location.href='".$forward."'</script>";
667	}
668	else
669	{
670	$GLOBALS['phpgw']->redirect_link($forward,$extra_vars);
671	}
672	}
673	}
674	else
675	{
676	// !!! DONT CHANGE THESE LINES !!!
677	// If there is something wrong with this code TELL ME!
678	// Commenting out the code will not fix it. (jengo)
679	if(isset($_COOKIE['last_loginid']))
680	{
681	$accounts = CreateObject('phpgwapi.accounts');
682	$prefs = CreateObject('phpgwapi.preferences', $accounts->name2id($_COOKIE['last_loginid']));
683
684	if($prefs->account_id)
685	{
686	$GLOBALS['phpgw_info']['user']['preferences'] = $prefs->read_repository();
687	}
688	}
689	if ($_GET['lang'])
690	{
691	$GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = $_GET['lang'];
692	}
693	elseif(!isset($_COOKIE['last_loginid']) \|\| !$prefs->account_id)
694	{
695	// If the lastloginid cookies isn't set, we will default to the first language,
696	// the users browser accepts.
697	list($lang) = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']);
698	/*
699	if(strlen($lang) > 2)
700	{
701	$lang = substr($lang,0,2);
702
703	}
704	*/
705	$GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = $lang;
706	}
707	#print 'LANG:' . $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] . '<br>';
708	$GLOBALS['phpgw']->translation->init(); // this will set the language according to the (new) set prefs
709	$GLOBALS['phpgw']->translation->add_app('login');
710	$GLOBALS['phpgw']->translation->add_app('loginscreen');
711	if(lang('loginscreen_message') == 'loginscreen_message*')
712	{
713	$GLOBALS['phpgw']->translation->add_app('loginscreen','en'); // trying the en one
714	}
715	if(lang('loginscreen_message') != 'loginscreen_message*')
716	{
717	$tmpl->set_var('lang_message',stripslashes(lang('loginscreen_message')));
718	}
719	}
720	if($GLOBALS['phpgw_info']['server']['use_prefix_organization'])
721	{
722	$organization_select = "<tr><td width=\"66\" class=\"loginLabel\">";
723	$organization_select .= lang("organization").":</td>";
724	$organization_select .="<td width=\"135\">";
725	$organization_select .="<select name=\"organization\">\n";
726	$obj_organization = CreateObject('phpgwapi.sector_search_ldap');
727	$organizations = $obj_organization->organization_search($GLOBALS['phpgw_info']['server']['ldap_context']);
728	for ($i=0; $i<count($organizations); $i++)
729	{
730	$tmp_array[strtolower($organizations[$i])] = $organizations[$i];
731	}
732	$arrayOrganization = $tmp_array;
733	ksort($arrayOrganization);
734	foreach($arrayOrganization as $organization_name => $organization_vars)
735	{
736	$organization_select .= '<option value="' . $organization_name . '"';
737	if($organization_name == $_COOKIE['last_organization'])
738	{
739	$organization_select .= ' selected';
740	}
741	$organization_select .= '>' . $organization_vars . "</option>\n";
742	}
743	$organization_select .= "</select>\n";
744	$organization_select .="</td><td> </td></tr>";
745	$tmpl->set_var('select_organization',$organization_select);
746	}
747	$domain_select = ' ';
748	$last_loginid = $_COOKIE['last_loginid'];
749	if($GLOBALS['phpgw_info']['server']['show_domain_selectbox'])
750	{
751	$domain_select = "<select name=\"logindomain\">\n";
752	foreach($GLOBALS['phpgw_domain'] as $domain_name => $domain_vars)
753	{
754	$domain_select .= '<option value="' . $domain_name . '"';
755	if($domain_name == $_COOKIE['last_domain'])
756	{
757	$domain_select .= ' selected';
758	}
759	$domain_select .= '>' . $domain_name . "</option>\n";
760	}
761	$domain_select .= "</select>\n";
762	}
763	elseif($last_loginid !== '')
764	{
765	reset($GLOBALS['phpgw_domain']);
766	list($default_domain) = each($GLOBALS['phpgw_domain']);
767	if($_COOKIE['last_domain'] != $default_domain && !empty($_COOKIE['last_domain']))
768	{
769	$last_loginid .= '@' . $_COOKIE['last_domain'];
770	}
771	}
772	$tmpl->set_var('select_domain',$domain_select);
773	foreach($_GET as $name => $value)
774	{
775	if(ereg('phpgw_',$name))
776	{
777	$extra_vars .= '&' . $name . '=' . urlencode($value);
778	}
779	}
780	if($extra_vars)
781	{
782	$extra_vars = '?' . substr($extra_vars,1);
783	}
784
785	/********************************************************\
786	* Check is the registration app is installed, activated *
787	* And if the register link must be placed *
788	\********************************************************/
789
790	$cnf_reg = createobject('phpgwapi.config','registration');
791	$cnf_reg->read_repository();
792	$config_reg = $cnf_reg->config_data;
793
794	if($config_reg[enable_registration]=='True' && $config_reg[register_link]=='True')
795	{
796	$reg_link=' <a href="registration/">'.lang('Not a user yet? Register now').'</a><br/>';
797	}
798
799	$GLOBALS['phpgw_info']['server']['template_set'] = $GLOBALS['phpgw_info']['login_template_set'];
800	$tmpl->set_var('register_link',$reg_link);
801	$tmpl->set_var('charset',$GLOBALS['phpgw']->translation->charset());
802	$tmpl->set_var('login_url', $GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php' . $extra_vars);
803	$tmpl->set_var('registration_url',$GLOBALS['phpgw_info']['server']['webserver_url'] . '/registration/');
804	$tmpl->set_var('version',$GLOBALS['phpgw_info']['server']['versions']['phpgwapi']);
805	$tmpl->set_var('cd',check_logoutcode($_GET['cd']));
806	$tmpl->set_var('cookie',$last_loginid);
807	$tmpl->set_var('lang_password',lang('password'));
808	$tmpl->set_var('lang_login',lang('login'));
809	if ($_GET['cd'] == '202' \|\| $_GET['cd'] == '98' \|\| $_GET['ts']=='202' \|\| $_GET['cdx']=='202')
810	{
811	$tmpl->set_var('cdx','202');
812	}
813	// Alterado para utilizar o certificado digital...
814	if(!$GLOBALS['certificado']->apresentado)
815	{
816	$tmpl->set_var('lang_username',lang('username'));
817	$tmpl->set_var('CPF','<input name="user" size="18">');
818	if($GLOBALS['phpgw_info']['server']['captcha'])
819	{
820	if($valor_cookie > $GLOBALS['phpgw_info']['server']['num_badlogin'])
821	{
822	$tmpl->set_var('captcha','<tr border="1"><td nowrap width="155" class="codigoLabel" ><img src="./seguranca/captcha.php" title="'.lang('Security code').'" alt="'.lang('Security code').'" width="75" ><b>  ---------></b></td> <td width="105"><input name="codigo" type="text" size="18" title="'.lang('Type the security code').'"></td> </tr>');
823	}
824	}
825	}
826	else
827	{
828	$tmpl->set_var('nome','<b>'.lang('Certificate owner').':</b> '.$GLOBALS['certificado']->dados['NOME']);
829	$tmpl->set_var('CPF','<input type="hidden" name="user" size="18" value="'.$GLOBALS['certificado']->dados['CPF'].'" READONLY>');
830	}
831	if ($_GET['cd'] == '202' \|\| $_GET['cd'] == '98' \|\| $_GET['ts']=='202' \|\| $_GET['cdx']=='202')
832	{
833	$tmpl->set_var('trocasenha','<tr>
834	<td width="140" class="loginLabel" >'.lang('New Password').'</td>
835	<td width="105"><input name="npasswd" type="password" size="18" ><br></td>
836	</tr>
837	<tr>
838	<td width="155" class="loginLabel" >'.lang('Confirm New Password').'</td>
839	<td width="105"><input name="cnpasswd" type="password" size="18" ><br></td>
840	</tr>');
841	}
842	$tmpl->set_var('website_title', $GLOBALS['phpgw_info']['server']['site_title']);
843	$tmpl->set_var('template_set',$GLOBALS['phpgw_info']['login_template_set']);
844	$tmpl->set_var('bg_color',($GLOBALS['phpgw_info']['server']['login_bg_color']?$GLOBALS['phpgw_info']['server']['login_bg_color']:'FFFFFF'));
845	$tmpl->set_var('login_caixa_bg_color',($GLOBALS['phpgw_info']['server']['login_caixa_bg_color']?$GLOBALS['phpgw_info']['server']['login_caixa_bg_color']:'FFFFFF'));
846	$tmpl->set_var('bg_color_title',($GLOBALS['phpgw_info']['server']['login_bg_color_title']?$GLOBALS['phpgw_info']['server']['login_bg_color_title']:'486591'));
847	if (substr($GLOBALS['phpgw_info']['server']['login_logo_file'],0,4) == 'http')
848	{
849	$var['logo_file'] = $GLOBALS['phpgw_info']['server']['login_logo_file'];
850	}
851	else
852	{
853	$var['logo_file'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['login_logo_file']?$GLOBALS['phpgw_info']['server']['login_logo_file']:'');
854	}
855
856	if (substr($GLOBALS['phpgw_info']['server']['imagem_de_fundo'],0,4) == 'http')
857	{
858	$var['imagem_de_fundo'] = $GLOBALS['phpgw_info']['server']['imagem_de_fundo'];
859	}
860	else
861	{
862	#$var['imagem_de_fundo'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['imagem_de_fundo']?$GLOBALS['phpgw_info']['server']['imagem_de_fundo']:'back.jpg');
863	$var['imagem_de_fundo'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['imagem_de_fundo']);
864	}
865	$var['imagem_de_fundo_exibicao'] = ($GLOBALS['phpgw_info']['server']['imagem_de_fundo_exibicao'] != ''?$GLOBALS['phpgw_info']['server']['imagem_de_fundo_exibicao']:"background-repeat:repeat-x; overflow:auto;overflow-x:hidden;");
866	$var['logo_url'] = $GLOBALS['phpgw_info']['server']['login_logo_url']?$GLOBALS['phpgw_info']['server']['login_logo_url']:'http://www.eGroupWare.org';
867	if (substr($var['logo_url'],0,4) != 'http')
868	{
869	$var['logo_url'] = 'http://'.$var['logo_url'];
870	}
871	$var['logo_title'] = $GLOBALS['phpgw_info']['server']['login_logo_title']?$GLOBALS['phpgw_info']['server']['login_logo_title']:'www.eGroupWare.org';
872
873	// {logo_imagem}
874	// <a href="{logo_url}" title="{logo_title}" style="text-decoration: none;" target="_blank"><img src="{logo_file}" border="0" style="margin-top: 5px; witdh: 300px; height: 200px;"/></a>
875	if($var['logo_file'] == '')
876	{
877	$var['logo_imagem'] = '';
878	}
879	else
880	{
881	$var['logo_imagem'] = '<a href="'.$var['logo_url'].'" title="'.$var['logo_title'].'" style="text-decoration: none;" target="_blank"><img src="'.$var['logo_file'].'" border="0" style="margin-top: 5px; witdh: 300px; height: 200px;"/></a>';
882	}
883	$tmpl->set_var($var);
884	if (@$GLOBALS['phpgw_info']['server']['login_show_language_selection'])
885	{
886	$select_lang = '<select name="lang" onchange="'."location.href=location.href+(location.search?'&':'?')+'lang='+this.value".'">';
887	$langs = $GLOBALS['phpgw']->translation->get_installed_langs();
888	uasort($langs,'strcasecmp');
889	foreach ($langs as $key => $name) // if we have a translation use it
890	{
891	$select_lang .= "\n\t".'<option value="'.$key.'"'.($key == $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] ? ' selected="1"' : '').'>'.$name.'</option>';
892	}
893	$select_lang .= "\n</select>\n";
894	$tmpl->set_var(array(
895	'lang_language' => lang('Language'),
896	'select_language' => $select_lang,
897	));
898	}
899	else
900	{
901	$tmpl->set_block('login_form','language_select');
902	$tmpl->set_var('language_select','');
903	}
904	$tmpl->set_var('autocomplete', ($GLOBALS['phpgw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : ''));
905	$tmpl->set_var('vserpro','<font color="#9a9a9a" face="Verdana, Arial, Helvetica, sans-serif" size="1">V - '.$GLOBALS['phpgw_info']['server']['versions']['header'].'-'.$GLOBALS['phpgw_info']['server']['versao-Serpro'].'</font>');
906	$tmpl->pfp('loginout','login_form');
907	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: