* * Joseph Engo * * -------------------------------------------- * * This program is free software; you can redistribute it and/or modify it * * under the terms of the GNU General Public License as published by the * * Free Software Foundation; either version 2 of the License, or (at your * * option) any later version. * \**************************************************************************/ $phpgw_info = array(); $submit = False; // set to some initial value $GLOBALS['phpgw_info']['flags'] = array( 'disable_Template_class' => True, 'login' => True, 'currentapp' => 'login', 'noheader' => True ); if(file_exists('./header.inc.php')) { include('./header.inc.php'); if ($GLOBALS['phpgw_info']['server']['use_https'] > 0) { if ($_SERVER['HTTPS'] != 'on') { Header('Location: https://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']); exit; } } if(function_exists('CreateObject')) { $GLOBALS['phpgw']->session = CreateObject('phpgwapi.sessions'); } else { Header('Location: setup/index.php'); exit; } } else { Header('Location: setup/index.php'); exit; } $GLOBALS['phpgw_info']['server']['template_dir'] = PHPGW_SERVER_ROOT . '/phpgwapi/templates/' . $GLOBALS['phpgw_info']['login_template_set']; $tmpl = CreateObject('phpgwapi.Template', $GLOBALS['phpgw_info']['server']['template_dir']); // read the images from the login-template-set, not the (maybe not even set) users template-set $GLOBALS['phpgw_info']['user']['preferences']['common']['template_set'] = $GLOBALS['phpgw_info']['login_template_set']; // This is used for system downtime, to prevent new logins. if($GLOBALS['phpgw_info']['server']['deny_all_logins']) { $deny_msg=lang('Oops! You caught us in the middle of system maintainance.
Please, check back with us shortly.'); $tmpl->set_file(array ( 'login_form' => 'login_denylogin.tpl' )); $tmpl->set_var('template_set','default'); $tmpl->set_var('deny_msg',$deny_msg); $tmpl->pfp('loginout','login_form'); exit; } $tmpl->set_file(array('login_form' => 'login.tpl')); // !! NOTE !! // Do NOT and I repeat, do NOT touch ANYTHING to do with lang in this file. // If there is a problem, tell me and I will fix it. (jengo) // whoooo scaring if($GLOBALS['phpgw_info']['server']['usecookies'] == True) { $GLOBALS['phpgw']->session->phpgw_setcookie('serverID', '1024'); //GLOBALS['phpgw']->session->phpgw_setcookie('eGroupWareLoginTime', time()); } /* if($_GET['cd'] != 10 && $GLOBALS['phpgw_info']['server']['usecookies'] == False) { $GLOBALS['phpgw']->session->setcookie('sessionid'); $GLOBALS['phpgw']->session->setcookie('kp3'); $GLOBALS['phpgw']->session->setcookie('domain'); } */ /* This is not working yet because I need to figure out a way to clear the $cd =1 if(isset($_SERVER['PHP_AUTH_USER']) && $_GET['cd'] == '1') { Header('HTTP/1.0 401 Unauthorized'); Header('WWW-Authenticate: Basic realm="phpGroupWare"'); echo 'You have to re-authentificate yourself'; exit; } */ function grava_senha_criptografada_com_certificado_no_ldap($aux_uid,$aux_senha) { require_once('./seguranca/classes/CertificadoB.php'); $ldap_context = $GLOBALS['phpgw_info']['server']['ldap_context']; $ldap_servidor = $GLOBALS['phpgw_info']['server']['ldap_host']; $ldap_dn = $GLOBALS['phpgw_info']['server']['ldap_root_dn']; $ldap_passwd = $GLOBALS['phpgw_info']['server']['ldap_root_pw']; $cc=ldap_connect($ldap_servidor); // bind .. $sr=ldap_bind($cc,$ldap_dn,$ldap_passwd); $filtro = 'uid='.$aux_uid; // Pesquisa uid no LDAP $sr=ldap_search($cc, $ldap_context,$filtro); // Pega resultado .... $info = ldap_get_entries($cc, $sr); // Tem de achar só uma entrada.....ao menos uma.... if($info["count"]!=1) { ldap_close($cc); return false; } if(!$info[0]["usercertificate"][0]) { //Usuario sem certificado cadastrado ldap_close($cc); return false; } $a = new certificadoB(); $R = $a->encriptar_senha($aux_senha,$info[0]["usercertificate"][0]); if(!$R) { ldap_close($cc); return false; } $user_info = array(); $aux1 = $info[0]["dn"]; $user_info['cryptpassword'] = $R; ldap_modify($cc,$aux1,$user_info); ldap_close($cc); return true; } function check_logoutcode($code) { switch($code) { case 1: return lang('You have been successfully logged out'); break; case 2: return lang('Sorry, your login has expired'); break; case 4: return lang('Cookies are required to login to this site.'); break; case 5: return '' . lang('Bad login or password') . ''; break; case 200: return '' . lang('Invalid code') . ''; break; case 202: return '' . lang('Account is expired') . ''; break; case 203: return '' . lang('New Password and Confirm Password doesnt are equal') . ''; break; case 204: return '' . lang('New Password and Current Password are similar') . ''; break; case 205: return '' . lang('Your password must contain %1 or more letters', $GLOBALS['phpgw_info']['server']['num_letters_userpass']) . ''; break; case 206: return '' . lang('Your password is very simple, use numbers, uppercase, lowercase and special characters') . ''; break; case 207: return '' . lang('Your password contains characters not allowed') . ''; break; case 208: return '' . lang('New password with more than three consecutives equals caracteres') . ''; break; case 209: return '' . lang('password has been updated') . ''; break; case 98: $valor_cookie = 1; setcookie("contador", 1,0); return '' . lang('Account is expired') . ''; break; case 99: return '' . lang('Blocked, too many attempts') . ''; break; case 10: $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid'); $GLOBALS['phpgw']->session->phpgw_setcookie('kp3'); $GLOBALS['phpgw']->session->phpgw_setcookie('domain'); //fix for bug php4 expired sessions bug if($GLOBALS['phpgw_info']['server']['sessions_type'] == 'php4') { $GLOBALS['phpgw']->session->phpgw_setcookie(PHPGW_PHPSESSID); } return '' . lang('Your session could not be verified.') . ''; break; default: return ' '; } } /* Program starts here */ if($_POST['user']) { # Usuario tem de ser alfanumerico, e pode ter '-_.' .... $test_testx = str_replace('-','',$_POST['user']); $test_testy = str_replace('.','',$test_testx); $test_test = str_replace('_','',$test_testy); if(!ctype_alnum($test_test)) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); exit(); } } if($GLOBALS['phpgw_info']['server']['auth_type'] == 'http' && isset($_SERVER['PHP_AUTH_USER'])) { $submit = True; $login = $_SERVER['PHP_AUTH_USER']; $passwd = $_SERVER['PHP_AUTH_PW']; $passwd_type = 'text'; } else { $passwd = $_POST['passwd']; $passwd_type = $_POST['passwd_type']; } # Apache + mod_ssl style SSL certificate authentication # Certificate (chain) verification occurs inside mod_ssl //$GLOBALS['phpgw_info']['server']['auth_type'] = 'sqlssl'; if($GLOBALS['phpgw_info']['server']['auth_type'] == 'sqlssl' && isset($_SERVER['SSL_CLIENT_S_DN']) && !isset($_GET['cd'])) { # an X.509 subject looks like: # /CN=john.doe/OU=Department/O=Company/C=xx/Email=john@comapy.tld/L=City/ # the username is deliberately lowercase, to ease LDAP integration $sslattribs = explode('/',$_SERVER['SSL_CLIENT_S_DN']); # skip the part in front of the first '/' (nothing) //$sslattributes['Email'] = $GLOBALS['certificado']->dados['email']; while($sslattrib = next($sslattribs)) { list($key,$val) = explode('=',$sslattrib); $sslattributes[$key] = $val; } if(isset($sslattributes['Email'])) { $submit = True; # login will be set here if the user logged out and uses a different username with # the same SSL-certificate. if(!isset($_POST['login'])&&isset($sslattributes['Email'])) { $login = $sslattributes['Email']; # not checked against the database, but delivered to authentication module $passwd = $_SERVER['SSL_CLIENT_S_DN']; } } unset($key); unset($val); unset($sslattributes); } $ldap_info=""; if(isset($passwd_type) || $_POST['submitit_x'] || $_POST['submitit_y'] || $submit) { // Primeiro testa o captcha....se houver...... if( $GLOBALS['phpgw_info']['server']['captcha']==1) { if(isset($_POST['codigo'])) { if ($_SESSION['CAPTCHAString'] != strtoupper($_POST['codigo'])) { if (isset($_POST['npasswd'])) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200&ts=202')); } else { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200')); } } unset($_SESSION['CAPTCHAString']); } } //Faz uma busca inicial por atributos no ldap para que os resultados sejam utilizados pelo restante do programa //Utilizando um diretorio corporativo, o dn do usuario pode estar localizado em qualquer ramo do diretorio //system('echo "Login: bind em ldap" >> /tmp/controle'); $common = CreateObject('phpgwapi.common'); $ldap_conn = $common->ldapConnect(); //bind como Admin para buscar o atributo de expiracao e o dn do usuario if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao'])) { $justthese = array($GLOBALS['phpgw_info']['server']['atributoexpiracao']); } else { $justthese = array("phpgwaccountexpires"); } $filter="(&(phpgwAccountType=u)(uid=".$_POST['user']."))"; $ldap_search = ldap_search($ldap_conn, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $justthese); $ldap_info = ldap_get_entries($ldap_conn, $ldap_search); ldap_close($ldap_conn); // Testa os cpos de troca de senha, se existem if($_POST['npasswd'] || $_POST['cnpasswd']) { // Default number of letters = 8 if (!$GLOBALS['phpgw_info']['server']['num_letters_userpass']) $GLOBALS['phpgw_info']['server']['num_letters_userpass'] = 8; // Default number of special letters = 1 if (!$GLOBALS['phpgw_info']['server']['num_special_letters_userpass']) $GLOBALS['phpgw_info']['server']['num_special_letters_userpass'] = 1; if(strlen($_POST['npasswd']) < $GLOBALS['phpgw_info']['server']['num_letters_userpass']) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=205&ts=202')); } // nova senha e confirma nova senha devem ser iguais ... if($_POST['npasswd'] != $_POST['cnpasswd']) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=203&ts=202')); } if (!(ereg ("(^[a-zA-Z_.\-\!@#$%&*+=|]*)$", $_POST['npasswd'] ) or ereg ("(^[0-9_.\-\!@#$%&*+=|]*)$", $_POST['npasswd'] ) or ereg ("(^[a-zA-Z0-9]*)$", $_POST['npasswd'] ) or ereg ("(^[a-zA-Z0-9_.\-\!@#$%&*+=|]*)$", $_POST['npasswd'] ))) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=207&ts=202')); } for ($j=0 ; $j<(strlen($_POST['npasswd'])-2); $j++) { if ($_POST['npasswd'][$j]==$_POST['npasswd'][$j+1] && $_POST['npasswd'][$j]==$_POST['npasswd'][$j+2]) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=208&ts=202')); break; } } $similar=false; for ($j=0 ; $j<8; $j++) { for ($k=0 ; $k<8; $k++) { if (similar_text(substr($_POST['passwd'],$j,3),substr($_POST['npasswd'],$k,3))>2) { $similar=true; } } } // a nova senha e a senha atual nao podem ser "similares" ... if ($similar || $_POST['passwd'] == $_POST['npasswd']) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=204&ts=202')); } // complexidade da senha $passcomplex=0; if (ereg('[a-zA-Z]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;} if (ereg('[0-9]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;} if (ereg('[^0-9a-zA-Z]',$_POST['npasswd'])) {$passcomplex=$passcomplex+1;} if ($passcomplex < 2) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=206&ts=202')); } //Tentando fazer bind com o dn do usuario $ldap_conn = ldap_connect($GLOBALS['phpgw_info']['server']['ldap_host']); if (!$ldap_conn) { printf("Error: Can't bind to LDAP server!"); die; } $dn=$ldap_info[0]['dn']; //system('echo "'.ldap_errno($ldap_conn).'" >>/tmp/controle'); //Tenta fazer bind no diretorio, se nao conseguir, verifica se a negacao de autenticacao foi por causa de uma expiracao de senhas //system('echo "Dn para bind: '.$ldap_info[0]['dn'].'" >>/tmp/controle'); if (!ldap_bind($ldap_conn,$ldap_info[0]['dn'],$_POST['passwd'])) { //Verificando se a negacao de bind foi proveniente de uma expiracao de senha //system('echo "NAO conseguiu dar bind" >>/tmp/controle'); $now=time(); //Verificando se a senha esta expirada $expired=false; if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao'])) { //system('echo "Atributo de expiracao configurado." >>/tmp/controle'); //system('echo "now: '.$now.'" >>/tmp/controle'); //system('echo "atributo de expiracao: '.strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0]).'" >>/tmp/controle'); //if (strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])<$now) system('echo "chegou" >>/tmp/controle'); if (($ldap_info[0]["phpgwaccountexpires"][0]!="-1")&&(strtotime($ldap_info[0]["phpgwaccountexpires"][0])<$now)) { //system('echo "Encontrou atributo expirado" >>/tmp/controle'); $expired=true; } } else { //Se o atributo de expiracao nao estiver configurado pressupoe que eh unixtime (phpgwaccountexpires) if (($ldap_info[0]["phpgwaccountexpires"][0]!="-1")&&(strtotime($ldap_info[0]["phpgwaccountexpires"][0])<$now)) { //system('echo "Encontrou atributo expirado - phpgwaccoutexpires" >>/tmp/controle'); $expired=true; } } if ($expired) { //A negacao de bind proveio de uma expiracao de senhas. //Providencia a troca de senhas e, se configurado, também o ajuste do atributo de expiracao. //system('echo "vai chamar o change_password" >>/tmp/controle'); if($GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,true)) { //A troca de senhas funcionou //system('echo "Login: troca de senhas OK" >>/tmp/controle'); if($GLOBALS['phpgw_info']['server']['diretorioescravo']) { //Tempo necessario para que o slave receba a atualizacao. sleep(1); } // TESTA SE DEVE CIFRAR A SENHA COM CHAVE PUBLICA DO CERTIFICADO (PARA LOGIN COM CERTIFICADO)... if($GLOBALS['phpgw_info']['server']['certificado']) { if(!$GLOBALS['phpgw_info']['server']['atributousuarios'] or $GLOBALS['phpgw_info']['server']['atributousuarios'] == "person") { $RR = grava_senha_criptografada_com_certificado_no_ldap($_POST['user'],$_POST['npasswd']); } } $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/logout.php?cd=209'); } else { //Direciona para senha incorreta na tela de troca de senhas //system('echo "Login: troca de senhas PROBLEMA" >>/tmp/controle'); $GLOBALS['phpgw']->redirect("" . '/login.php?cd=5&ts=202'); } } else { //A senha digitada estava incorreta $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=5&ts=202'); } } else { //Usuario executou autenticacao no diretorio - a expiracao so pode ter vindo de uma politica de expiracao do proprio expresso //system('echo "SIM conseguiu dar bind" >>/tmp/controle'); if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso') { //Se a politica de senhas for do Expresso eh necessario verificar se o usuario estah expirado $now=time(); $common1 = CreateObject('phpgwapi.common'); $ldap_conn1 = $common1->ldapConnect(); if ($GLOBALS['phpgw_info']['server']['num_days_pwd_validate']) { $aux=$GLOBALS['phpgw_info']['server']['num_days_pwd_validate']; } else { $aux=90; } //$entry['phpgwaccountexpires'] = $now + ($aux * 86400); if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao'])) { if(substr($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1) == "Z") { if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso') { //quando a data de expiracao estah no formato yyyymmddhhmmssZ $entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = strftime("%Y%m%d%H%M%SZ", $now + ($aux * 86400)); } } else { if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso') { //Outro atributo ldap que, assim como o phpgwaccounttype, tambem contem hora em formato unix $entry[$GLOBALS['phpgw_info']['server']['atributoexpiracao']] = $now + ($aux * 86400); } } } else { //Se a política for no diretorio nao precisa alterar o atributo de expiracao if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso') { $entry['phpgwaccountexpires'] = $now + ($aux * 86400); } } ldap_mod_replace($ldap_conn1,$ldap_info[0]['dn'], $entry); } } } if ($ldap_info['count'] != 0) { $_POST['login'] = $_POST['user']; } ldap_close($ldap_conn); if(getenv('REQUEST_METHOD') != 'POST' && $_SERVER['REQUEST_METHOD'] != 'POST' && !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN'])) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); } if($submit == false) { $login = $_POST['login']; } if(strstr($login,'@') === False && isset($_POST['logindomain'])) { $login .= '@' . $_POST['logindomain']; } elseif(!isset($GLOBALS['phpgw_domain'][$GLOBALS['phpgw_info']['user']['domain']])) { $login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain']; } //-------------------------------------------------------------------------------------------------- //LOGIN //-------------------------------------------------------------------------------------------------- //echo "Usuario ==> ".$login." senha ==> ".$passwd; //system('echo "Login: tentou criar sessao" >> /tmp/controle'); //Tantando criar a sessao $GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create(strtolower($login),$passwd,$passwd_type,'u'); if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid']) { //A sessao nao pode ser criada. Verificando quais os possiveis motivos //system('echo "Nao tem sessao" >> /tmp/controle'); if ($GLOBALS['phpgw']->session->cd_reason == 99) { //fazendo o redirecionamento para o caso de bloqueio de por excesso de tentativas erradas $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=99'); } else { //Verifica se o codigo de erro ldap 49, que o session traduz para cd_reason=5, é proveniente de uma expiracao de senhas. Neste caso, mesmo se o usuário digitar a senha errada, devolve-se a informacao de expiracao. O código de erro "5" também é retornado quando não é encontrado o usuário na base ldap if ($GLOBALS['phpgw']->session->cd_reason == 5) { //system('echo "Retornou erro 49" >>/tmp/controle'); //Buscando o atributo de expiracao no ldap $lc = $common->ldapConnect(); if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao'])) { $justthese = array("uid",$GLOBALS['phpgw_info']['server']['atributoexpiracao']); } $filter="(&(phpgwAccountType=u)(uid=".$_POST['user']."))"; $ldap_search = ldap_search($lc, $GLOBALS['phpgw_info']['server']['ldap_context'], $filter, $justthese); $ldap_info = ldap_get_entries($lc, $ldap_search); ldap_close($lc); //Verificando se a senha está expirada if(isset($GLOBALS['phpgw_info']['server']['atributoexpiracao'])) { //Analisa a expiracao atraves do tempo da maquina $now=time(); //Se o atributo de expiracao nao existir pode ser por causa da nao existencia do usuario no ldap //Verifica o tipo do formato do tempo de expiracao para concluir se a senha está expirada ou não. if (($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])&&(substr($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0],-1,1) == "Z")) { if (strtotime($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0] < $now)) { //Senha do usuario estah expirada, pressupoe-se que colocou a senha certa, pois o erro do ldap eh o mesmo (49) //system('echo "Detectou expiracao de senhas: " >>/tmp/controle'); if(isset($GLOBALS['phpgw_info']['server']['webserver_url'])) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=98&ts=202'); } else { //Entra aqui em duas ocasioes - quando expirado: //login errado na tela sem troca de senhas //troca de senhas com a senha atual errada if(isset($_POST['npasswd'])) { //Nao logou porque o usuario estah com a senha expirada - troca de senhas //Pode ter errado a senha também. //system('echo "NAO Achou a url - tela troca de senhas: " >>/tmp/controle'); $GLOBALS['phpgw']->redirect_link("" . '/logout.php?cd=5&ts=202'); } else { //Nao logou porque o usuario estah com a senha expirada - tela inicial //Para o caso de usuario que tenta se logar na tela inicial com a senha expirada //system('echo "NAO Achou a url - tela inicial: " >>/tmp/controle'); //funciona $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=98&ts=202'); //funciona } } } else { //senha do usuario nao estah expirada e, como o ldap deu login invalido, ocorreu erro de senha //system('echo "NAO estah expirado: " >>/tmp/controle'); if(isset($_POST['npasswd'])) { $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5&ts=202'); } else { $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5'); } } } else { //Caso do atributo de expiracao de senhas estar no formato unixtime if (($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0])&&($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0] < $now)&&($ldap_info[0][$GLOBALS['phpgw_info']['server']['atributoexpiracao']][0]!="-1")) { //Senha do usuario estah expirada, pressupoe-se que colocou a senha certa, pois o erro do ldap eh o mesmo (49) //system('echo "Detectou expiracao de senhas: " >>/tmp/controle'); if(isset($GLOBALS['phpgw_info']['server']['webserver_url'])) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=98&ts=202'); } else { //Entra aqui em duas ocasioes - quando expirado: //login errado na tela sem troca de senhas //troca de senhas com a senha atual errada if(isset($_POST['npasswd'])) { //Nao logou porque o usuario estah com a senha expirada - troca de senhas //Pode ter errado a senha também. //system('echo "NAO Achou a url - tela troca de senhas: " >>/tmp/controle'); $GLOBALS['phpgw']->redirect_link("" . '/logout.php?cd=5&ts=202'); } else { //Nao logou porque o usuario estah com a senha expirada - tela inicial //Para o caso de usuario que tenta se logar na tela inicial com a senha expirada //system('echo "NAO Achou a url - tela inicial: " >>/tmp/controle'); //funciona $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=98&ts=202'); //funciona } } } else { //senha do usuario nao estah expirada e, como o ldap deu login invalido, ocorreu erro de senha //system('echo "NAO estah expirado: " >>/tmp/controle'); if(isset($_POST['npasswd'])) { $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5&ts=202'); } else { $GLOBALS['phpgw']->redirect_link("" . '/login.php?cd=5'); } } } } } else { if ($GLOBALS['phpgw']->session->cd_reason == 98) { //fazendo o redirecionamento para o caso de bloqueio de por excesso de tentativas erradas $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=202'); } else { // trocasenha soh vai existir qdo o form for gerado via chamada anterior com com "cd=202" if($_POST['cdx']=='202' ) { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason.'&ts=202'); } else { $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason); } } } } } else { //Realiza a troca de senhas caso a política seja local, ou seja, caso o diretorio continue autenticando o usuario com a senha expirada. //system('echo "Encontrou número de sessao" >> /tmp/controle'); // Atencao: se existir o cpo "npasswd" providencia a troca da senha do usuario.... if($_POST['npasswd']) { //system('echo "entrou no change" >> /tmp/controle'); //$GLOBALS['phpgw']->auth->change_password($passwd, $_POST['npasswd']); if($GLOBALS['phpgw_info']['server']['politicasenhas']=='expresso') { $GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,false); } else { $GLOBALS['phpgw']->auth->change_password_user($passwd, $_POST['npasswd'],$dn,true); } // TESTA SE DEVE CIFRAR A SENHA COM CHAVE PUBLICA DO CERTIFICADO (PARA LOGIN COM CERTIFICADO)... if($GLOBALS['phpgw_info']['server']['certificado']) { if(!$GLOBALS['phpgw_info']['server']['atributousuarios'] or $GLOBALS['phpgw_info']['server']['atributousuarios'] == "person") { $RR = grava_senha_criptografada_com_certificado_no_ldap($_POST['user'],$_POST['npasswd']); } } $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/logout.php?cd=209'); } if ($_POST['lang'] && preg_match('/^[a-z]{2}(-[a-z]{2}){0,1}$/',$_POST['lang']) && $_POST['lang'] != $GLOBALS['phpgw_info']['user']['preferences']['common']['lang']) { $GLOBALS['phpgw']->preferences->add('common','lang',$_POST['lang'],'session'); } if(!$GLOBALS['phpgw_info']['server']['disable_autoload_langfiles']) { $GLOBALS['phpgw']->translation->autoload_changed_langfiles(); } $forward = isset($_GET['phpgw_forward']) ? urldecode($_GET['phpgw_forward']) : @$_POST['phpgw_forward']; if (!$forward) { $extra_vars['cd'] = 'yes'; $forward = '/home.php'; } else { list($forward,$extra_vars) = explode('?',$forward,2); } if ($GLOBALS['phpgw_info']['server']['use_https'] != 2) { $forward = 'http://'.$_SERVER['HTTP_HOST'].($GLOBALS['phpgw']->link($forward.'?cd=yes')); echo ""; } else { $GLOBALS['phpgw']->redirect_link($forward,$extra_vars); } } } else { // !!! DONT CHANGE THESE LINES !!! // If there is something wrong with this code TELL ME! // Commenting out the code will not fix it. (jengo) if(isset($_COOKIE['last_loginid'])) { $accounts = CreateObject('phpgwapi.accounts'); $prefs = CreateObject('phpgwapi.preferences', $accounts->name2id($_COOKIE['last_loginid'])); if($prefs->account_id) { $GLOBALS['phpgw_info']['user']['preferences'] = $prefs->read_repository(); } } if ($_GET['lang']) { $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = $_GET['lang']; } elseif(!isset($_COOKIE['last_loginid']) || !$prefs->account_id) { // If the lastloginid cookies isn't set, we will default to the first language, // the users browser accepts. list($lang) = explode(',',$_SERVER['HTTP_ACCEPT_LANGUAGE']); /* if(strlen($lang) > 2) { $lang = substr($lang,0,2); } */ $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] = $lang; } #print 'LANG:' . $GLOBALS['phpgw_info']['user']['preferences']['common']['lang'] . '
'; $GLOBALS['phpgw']->translation->init(); // this will set the language according to the (new) set prefs $GLOBALS['phpgw']->translation->add_app('login'); $GLOBALS['phpgw']->translation->add_app('loginscreen'); if(lang('loginscreen_message') == 'loginscreen_message*') { $GLOBALS['phpgw']->translation->add_app('loginscreen','en'); // trying the en one } if(lang('loginscreen_message') != 'loginscreen_message*') { $tmpl->set_var('lang_message',stripslashes(lang('loginscreen_message'))); } } if($GLOBALS['phpgw_info']['server']['use_prefix_organization']) { $organization_select = ""; $organization_select .= lang("organization").":"; $organization_select .=""; $organization_select .="\n"; $organization_select .=" "; $tmpl->set_var('select_organization',$organization_select); } $domain_select = ' '; $last_loginid = $_COOKIE['last_loginid']; if($GLOBALS['phpgw_info']['server']['show_domain_selectbox']) { $domain_select = "\n"; } elseif($last_loginid !== '') { reset($GLOBALS['phpgw_domain']); list($default_domain) = each($GLOBALS['phpgw_domain']); if($_COOKIE['last_domain'] != $default_domain && !empty($_COOKIE['last_domain'])) { $last_loginid .= '@' . $_COOKIE['last_domain']; } } $tmpl->set_var('select_domain',$domain_select); foreach($_GET as $name => $value) { if(ereg('phpgw_',$name)) { $extra_vars .= '&' . $name . '=' . urlencode($value); } } if($extra_vars) { $extra_vars = '?' . substr($extra_vars,1); } /********************************************************\ * Check is the registration app is installed, activated * * And if the register link must be placed * \********************************************************/ $cnf_reg = createobject('phpgwapi.config','registration'); $cnf_reg->read_repository(); $config_reg = $cnf_reg->config_data; if($config_reg[enable_registration]=='True' && $config_reg[register_link]=='True') { $reg_link=' '.lang('Not a user yet? Register now').'
'; } $GLOBALS['phpgw_info']['server']['template_set'] = $GLOBALS['phpgw_info']['login_template_set']; $tmpl->set_var('register_link',$reg_link); $tmpl->set_var('charset',$GLOBALS['phpgw']->translation->charset()); $tmpl->set_var('login_url', $GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php' . $extra_vars); $tmpl->set_var('registration_url',$GLOBALS['phpgw_info']['server']['webserver_url'] . '/registration/'); $tmpl->set_var('version',$GLOBALS['phpgw_info']['server']['versions']['phpgwapi']); $tmpl->set_var('cd',check_logoutcode($_GET['cd'])); $tmpl->set_var('cd_field',$_GET['cd']); $tmpl->set_var('cookie',$last_loginid); $tmpl->set_var('lang_password',lang('password')); $tmpl->set_var('lang_login',lang('login')); $aux_captcha = ''; // soh mostra o captcha se for login sem certificado.... if($GLOBALS['phpgw_info']['server']['captcha'] && $_GET['cd']!='300' ) { if($valor_cookie > $GLOBALS['phpgw_info']['server']['num_badlogin']) { $aux_captcha = '----> '; $tmpl->set_var('captcha',$aux_captcha); } } if ($_GET['ts']=='202') { $tmpl->set_var('cdx','202'); $tmpl->set_var('yn','display:yes'); $tmpl->set_var('lang_username',lang('username')); $tmpl->set_var('CPF',''); $senha = ' '.lang('password').' '; $tmpl->set_var('senha',$senha); $aux_html = ' '.lang('New Password').'
'.lang('Confirm New Password').'
'; $tmpl->set_var('trocasenha',$aux_html); $tmpl->set_var('botao','      '); } else { # aqui vai colocar a applet; ATENCAO: TEM DE TESTAR SE O STIO FOI CONFIGURADO PARA TRATAR CERTIFICADO DIGITAL - VER NO HEADER._INC.PHP /*if($GLOBALS['phpgw_info']['server']['certificado']==1) { $cod_applet = ' '; $tmpl->set_var('applet',$cod_applet); $tmpl->set_var('CPF',''); $tmpl->set_var('senha',''); $tmpl->set_var('yn','display: none'); } else {*/ if ($_GET['cd']=='300' && $GLOBALS['phpgw_info']['server']['certificado']==1){ //Zera o Cookie contador, responsavel pelo captcha $valor_cookie = 1; setcookie("contador", 1,0); $link_alterna_login = '' . lang('Access without Digital Certificate') . '
'; $tmpl->set_var('yn','display:yes'); $tmpl->set_var('lang_username',''); $tmpl->set_var('CPF',''); $senha = 'Acessando o Certificado Digital. '; $tmpl->set_var('senha',$senha); $tmpl->set_var('botao',''); // gera paramero com tokens suportados .... $var_tokens = ''; for($ii = 1; $ii < 11; $ii++) { if($GLOBALS['phpgw_info']['server']['test_token' . $ii . '1']) $var_tokens .= $GLOBALS['phpgw_info']['server']['test_token' . $ii . '1'] . ','; } if(!$var_tokens) { $var_tokens = 'ePass2000Lx;/usr/lib/libepsng_p11.so,ePass2000Win;c:/windows/system32/ngp11v211.dll'; } $param1 = " ' ' + "; $param2 = " 'token=\"" . substr($var_tokens,0,strlen($var_tokens)) . "\" ' + "; $cod_applet = /* // com debug ativado ''; */ // sem debug ativado ''; } else{ if($GLOBALS['phpgw_info']['server']['certificado']==1) { $link_alterna_login = '' . lang('Logon with my digital certificate') . '
'; } $tmpl->set_var('yn','display:yes'); $tmpl->set_var('lang_username',lang('username')); $tmpl->set_var('CPF',''); $senha = ' '.lang('password').' '; $tmpl->set_var('senha',$senha); $tmpl->set_var('botao','      '); $cod_applet = ' '; $tmpl->set_var('applet',$cod_applet); } /* else { $tmpl->set_var('yn','display:yes'); $tmpl->set_var('lang_username',lang('username')); $tmpl->set_var('CPF',''); $senha = ' '.lang('password').' '; $tmpl->set_var('senha',$senha); $tmpl->set_var('botao','      '); $cod_applet = ' '; $tmpl->set_var('applet',$cod_applet); } */ $tmpl->set_var('applet',$cod_applet); $tmpl->set_var('link_alterna_login',$link_alterna_login); //} } $tmpl->set_var('xhelp1',lang('Click to help')); $tmpl->set_var('xhelp2',lang('Click to help')); $tmpl->set_var('website_title', $GLOBALS['phpgw_info']['server']['site_title']); $tmpl->set_var('template_set',$GLOBALS['phpgw_info']['login_template_set']); $tmpl->set_var('bg_color',($GLOBALS['phpgw_info']['server']['login_bg_color']?$GLOBALS['phpgw_info']['server']['login_bg_color']:'FFFFFF')); $tmpl->set_var('login_caixa_bg_color',($GLOBALS['phpgw_info']['server']['login_caixa_bg_color']?$GLOBALS['phpgw_info']['server']['login_caixa_bg_color']:'FFFFFF')); $tmpl->set_var('bg_color_title',($GLOBALS['phpgw_info']['server']['login_bg_color_title']?$GLOBALS['phpgw_info']['server']['login_bg_color_title']:'486591')); if (substr($GLOBALS['phpgw_info']['server']['login_logo_file'],0,4) == 'http') { $var['logo_file'] = $GLOBALS['phpgw_info']['server']['login_logo_file']; } else { $var['logo_file'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['login_logo_file']?$GLOBALS['phpgw_info']['server']['login_logo_file']:''); } if (substr($GLOBALS['phpgw_info']['server']['imagem_de_fundo'],0,4) == 'http') { $var['imagem_de_fundo'] = $GLOBALS['phpgw_info']['server']['imagem_de_fundo']; } else { #$var['imagem_de_fundo'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['imagem_de_fundo']?$GLOBALS['phpgw_info']['server']['imagem_de_fundo']:'back.jpg'); $var['imagem_de_fundo'] = $GLOBALS['phpgw']->common->image('phpgwapi',$GLOBALS['phpgw_info']['server']['imagem_de_fundo']); } $var['imagem_de_fundo_exibicao'] = ($GLOBALS['phpgw_info']['server']['imagem_de_fundo_exibicao'] != ''?$GLOBALS['phpgw_info']['server']['imagem_de_fundo_exibicao']:"background-repeat:repeat-x; overflow:auto;overflow-x:hidden;"); $var['logo_url'] = $GLOBALS['phpgw_info']['server']['login_logo_url']?$GLOBALS['phpgw_info']['server']['login_logo_url']:'http://www.eGroupWare.org'; if (substr($var['logo_url'],0,4) != 'http') { $var['logo_url'] = 'http://'.$var['logo_url']; } $var['logo_title'] = $GLOBALS['phpgw_info']['server']['login_logo_title']?$GLOBALS['phpgw_info']['server']['login_logo_title']:'www.eGroupWare.org'; // {logo_imagem} // if($var['logo_file'] == '') { $var['logo_imagem'] = ''; } else { $var['logo_imagem'] = ''; } $tmpl->set_var($var); if (@$GLOBALS['phpgw_info']['server']['login_show_language_selection']) { $select_lang = '\n"; $tmpl->set_var(array( 'lang_language' => lang('Language'), 'select_language' => $select_lang, )); } else { $tmpl->set_block('login_form','language_select'); $tmpl->set_var('language_select',''); } $tmpl->set_var('autocomplete', ($GLOBALS['phpgw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : '')); $tmpl->set_var('vserpro','V - '.$GLOBALS['phpgw_info']['server']['versions']['header'].'-'.$GLOBALS['phpgw_info']['server']['versao-Serpro'].''); $assinaminfazenda = $GLOBALS['phpgw_info']['server']['webserver_url'] . '/phpgwapi/templates/serpro/images/AssinaMinFazenda2.gif' ; $brasil = $GLOBALS['phpgw_info']['server']['webserver_url'] . '/phpgwapi/templates/serpro/images/brasil2.gif' ; $tmpl->set_var('assinaminfazenda',$assinaminfazenda); $tmpl->set_var('brasil',$brasil); if($GLOBALS['phpgw_info']['server']['alimentador_rss']) // http://serpronet.serpro/serpauta/RSS { require_once('./seguranca/simplepie.inc'); $feed = new SimplePie(); $feed->set_feed_url($GLOBALS['phpgw_info']['server']['alimentador_rss']); // alimentador_rss $feed->set_output_encoding('iso-8859-1'); $feed->set_timeout(30); $feed->enable_cache(false); $feed->init(); // This makes sure that the content is sent to the browser as text/html and the UTF-8 character set (since we didn't change it). $feed->handle_content_type(); $rss_titulo = $feed->get_title(); if(!$rss_titulo) { // Continua pegando a msg de erro, mas nao vai exibir nada..... //$rss_titulo = $feed->error(); $rss_titulo = 'Não foi possível contatar alimentador das notícias.'; } else { $aux_rss ='

     Notícias - Fonte: ' . $rss_titulo . '
'; $numero_max = 1; foreach ($feed->get_items() as $item): $aux_1 = $item->get_permalink(); $aux_2 = $item->get_title(); $aux_3 = $item->get_date('d/m/Y - H:i'); $aux_rss = $aux_rss . '

' . $aux_2 . '

' . $aux_3 . '
'; $numero_max = $numero_max+1; if($numero_max>7) break; endforeach; $aux_rss = $aux_rss . '
'; $feed->__destruct(); $tmpl->set_var('rss',$aux_rss); // posiciona_login if($GLOBALS['phpgw_info']['server']['posiciona_login']) { $tmpl->set_var('float_rss','float:left;'); // left } else { $tmpl->set_var('float_rss','float:right;'); // right } } } $tmpl->pfp('loginout','login_form'); ?>