Changeset 3437
- Timestamp:
- 10/29/10 10:14:12 (13 years ago)
- Location:
- branches/2.2
- Files:
-
- 6 edited
-
login.php (modified) (2 diffs)
-
phpgwapi/inc/common_functions.inc.php (modified) (1 diff)
-
phpgwapi/setup/phpgw_en.lang (modified) (previous)
-
phpgwapi/setup/phpgw_pt-br.lang (modified) (previous)
-
phpgwapi/templates/default/login_default.php (modified) (5 diffs)
-
security/captcha.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/login.php
r1742 r3437 1 1 <?php 2 //Valida a existencia do cookie, antes de grava-lo3 if(isset($_COOKIE['contador'])) {4 $valor_cookie = $_COOKIE['contador'];5 if( isset( $_POST['user'] ) && isset( $_POST['passwd'] ) )6 {7 $valor_cookie = $valor_cookie + 1;8 setcookie("contador", $valor_cookie,0);9 }10 }11 //Cookie inexistente: tenta gravar um12 else13 {14 if (setcookie("contador", 1,0))15 //echo "OK, cookie gravado.";16 $valor_cookie = 1;17 else18 //echo "Nao gravou o cookie";19 $valor_cookie = "9999"; // forca captcha20 }21 // logout, inicia contador novamente.....22 if( ( isset( $_GET[ 'cd' ] ) && ( $_GET['cd']=='1' || $_GET['cd'] == 10 ) ) || ( isset( $_COOKIE['sessionid'] ) ) )23 {24 $valor_cookie = 1;25 setcookie("contador", 1,0);26 }27 28 2 /**************************************************************************\ 29 3 * eGroupWare login * … … 125 99 $GLOBALS['phpgw']->session->phpgw_setcookie('serverID', $GLOBALS['phpgw_info']['server']['use_frontend_id']); 126 100 } 127 101 if($GLOBALS['phpgw_info']['server']['captcha']==1) 102 { 103 $key_convert = md5_file($_SERVER["DOCUMENT_ROOT"].'header.inc.php'); 104 if(!$key_convert) 105 { 106 echo '<b>' . lang('Error in access. Please, alert the Administrator.') . '</b>'; 107 exit(); 108 } 109 session_name('ZABX'); 110 if($_COOKIE['ZABX'] && $key_convert) 111 { 112 $aux = session_convert(base64_decode($_COOKIE['ZABX']),$key_convert); 113 if(substr($aux,0,32) == $key_convert) 114 { 115 session_id(substr($aux,32)); 116 } 117 else 118 { 119 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); 120 } 121 } 122 session_start(); 123 } 128 124 include(personalize_include_path('phpgwapi','login')); 129 125 ?> -
branches/2.2/phpgwapi/inc/common_functions.inc.php
r1681 r3437 707 707 708 708 /*! 709 @function session_convert 710 @abstract cipher/decipher session id. 711 @Include by Serpro ( Antonio Carlos da Silva). 712 @discussion This function cipher/decipher session id to captcha. 713 */ 714 function session_convert($str,$ky='') 715 { 716 if($ky=='') return $str; 717 $ky=str_replace(chr(32),'',$ky); 718 if(strlen($ky)<8) return ''; 719 $kl=strlen($ky)<32?strlen($ky):32; 720 $k=array(); 721 for($i=0;$i<$kl;$i++) 722 { 723 $k[$i]=ord($ky{$i})&0x1F; 724 } 725 $j=0; 726 for($i=0;$i<strlen($str);$i++) 727 { 728 $e=ord($str{$i}); 729 $str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e); 730 $j++;$j=$j==$kl?0:$j; 731 } 732 return $str; 733 } 734 735 /*! 709 736 @function CreateObject 710 737 @abstract Load a class and include the class file if not done so already. -
branches/2.2/phpgwapi/templates/default/login_default.php
r3243 r3437 12 12 \**************************************************************************/ 13 13 14 14 function check_logoutcode($code) 15 15 { 16 16 switch($code) … … 56 56 } 57 57 } 58 58 59 59 /* Program starts here */ 60 60 … … 104 104 unset($sslattributes); 105 105 } 106 session_start(); 106 107 if( isset( $_GET[ 'cd' ] ) && ( $_GET['cd']=='1' || $_GET['cd'] == 10 ) ) 108 { 109 $_SESSION['contador'] = 0; 110 } 111 107 112 if(isset($passwd_type) || $_POST['submitit_x'] || $_POST['submitit_y'] || $submit) 108 113 { 109 110 // Primeiro testa o captcha....se houver...... 111 if( $GLOBALS['phpgw_info']['server']['captcha']==1) 112 { 113 if(isset($_POST['codigo'])) 114 { 115 if ($_SESSION['CAPTCHAString'] != strtoupper($_POST['codigo'])) 116 { 117 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200')); 118 } 119 unset($_SESSION['CAPTCHAString']); 120 } 121 } 114 115 // Primeiro testa o captcha....se houver...... 116 if($GLOBALS['phpgw_info']['server']['captcha']==1) 117 { 118 if(!$_COOKIE['ZABX']) 119 { 120 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); 121 } 122 if($_SESSION['contador'] > $GLOBALS['phpgw_info']['server']['num_badlogin']) 123 { 124 if ($_SESSION['CAPTCHAString'] != trim(strtoupper($_POST['codigo']))) 125 { 126 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200')); 127 } 128 unset($_SESSION['CAPTCHAString']); 129 } 130 } 122 131 if($_POST['user']) { 123 132 if($GLOBALS['phpgw_info']['server']['use_prefix_organization']) { … … 197 206 else 198 207 { 208 $valor_contador = $_SESSION['contador']; 209 $valor_contador = $valor_contador + 1; 210 $_SESSION['contador'] = $valor_contador; 199 211 // !!! DONT CHANGE THESE LINES !!! 200 212 // If there is something wrong with this code TELL ME! … … 402 414 $tmpl->set_var('autocomplete', ($GLOBALS['phpgw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : '')); 403 415 404 $aux_captcha = '';405 416 // soh mostra o captcha se for login sem certificado.... 406 417 if($GLOBALS['phpgw_info']['server']['captcha'] && $_GET['cd']!='300' ) 407 408 if($valor_cookie > $GLOBALS['phpgw_info']['server']['num_badlogin']) 409 { 410 $aux_captcha = '<div class="login_label" > 411 <input type="hidden" name="' . session_name() .'" value="' . session_id() . '" >412 <img src="./security/captcha.php?xsid='.session_id().'" title="'.lang('Security code').'" alt="'.lang('Security code').'" style="width:60;">413 <br/>414 <input class="input" type="text" maxlength="50" size="20" name="codigo" id="codigo" value="" >415 </div>';416 417 418 419 418 { 419 $aux_captcha = ''; 420 setcookie(session_name(),base64_encode(session_convert($key_convert . session_id(),$key_convert)),0); 421 if($valor_contador > $GLOBALS['phpgw_info']['server']['num_badlogin']) 422 { 423 $aux_captcha = '<div class="login_label" > 424 <img src="./security/captcha.php" title="'.lang('Security code').'" alt="'.lang('Security code').'" style="width:60;"><br/> 425 <input class="input" type="text" maxlength="50" size="20" name="codigo" id="codigo" value="" > 426 </div>'; 427 $tmpl->set_var('captcha',$aux_captcha); 428 } 429 } 430 420 431 // Testa se deve incluir applet para login com certificado...... 421 432 if ($_GET['cd']=='300' && $GLOBALS['phpgw_info']['server']['certificado']==1) 422 433 { 423 434 //Zera o Cookie contador, responsavel pelo captcha 424 $valor_cookie = 1; 425 setcookie("contador", 1,0); 426 435 $_SESSION['contador'] = 0; 436 $valor_contador = 0; 427 437 $link_alterna_login = '<img border=0 style="padding: 0px 5px 0px 0px" src="phpgwapi/templates/default/images/warning.gif"/><a href="login.php" style="margin: 0px; padding: 0px; text-decoration:none;"><font color="#ffffff" face="Verdana, Arial, Helvetica, sans-serif" size="1">' . lang('Access without Digital Certificate') . '</a>'; 428 438 $tmpl->set_var('show','none'); -
branches/2.2/security/captcha.php
r3018 r3437 106 106 107 107 // ************ Fim da Classe ************************* 108 109 110 //Cria o CAPTCHA( gera o string e a imagem ... 108 109 function session_convert($str,$ky='') 110 { 111 if($ky=='') return $str; 112 $ky=str_replace(chr(32),'',$ky); 113 if(strlen($ky)<8) return ''; 114 $kl=strlen($ky)<32?strlen($ky):32; 115 $k=array(); 116 for($i=0;$i<$kl;$i++) 117 { 118 $k[$i]=ord($ky{$i})&0x1F; 119 } 120 $j=0; 121 for($i=0;$i<strlen($str);$i++) 122 { 123 $e=ord($str{$i}); 124 $str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e); 125 $j++;$j=$j==$kl?0:$j; 126 } 127 return $str; 128 } 129 130 $key_convert = md5_file($_SERVER["DOCUMENT_ROOT"].'header.inc.php'); 131 //Cria o CAPTCHA, gera o string e a imagem ... 111 132 $GLOBALS['captcha'] = new captcha; 112 133 // Guarda o string do captcha na session... 113 session_id($_REQUEST['xsid']); 134 session_name('ZABX'); 135 session_id(substr(session_convert(base64_decode($_REQUEST['ZABX']),$key_convert),32)); 114 136 session_start(); 115 137 $_SESSION['CAPTCHAString'] = $GLOBALS['captcha'] ->GetCaptchaString();
Note: See TracChangeset
for help on using the changeset viewer.
