Changeset 3448
- Timestamp:
- 11/03/10 08:21:13 (13 years ago)
- Location:
- branches/2.2
- Files:
-
- 3 edited
-
login.php (modified) (1 diff)
-
phpgwapi/templates/default/login_default.php (modified) (8 diffs)
-
security/captcha.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/2.2/login.php
r3447 r3448 99 99 $GLOBALS['phpgw']->session->phpgw_setcookie('serverID', $GLOBALS['phpgw_info']['server']['use_frontend_id']); 100 100 } 101 102 if( $GLOBALS[ 'phpgw_info' ][ 'server' ][ 'captcha' ] == 1 ) 103 { 104 $key_convert = md5_file( dirname( __FILE__ ) . '/header.inc.php' ); 105 if ( ! $key_convert ) 106 { 107 echo '<b>' . lang( 'Error in access. Please, alert the Administrator.' ) . '</b>'; 108 exit; 109 } 110 session_name('ZABX'); 111 if($_COOKIE['ZABX'] && $key_convert) 112 { 113 $aux = session_convert(base64_decode($_COOKIE['ZABX']),$key_convert); 114 if(substr($aux,0,32) == $key_convert) 115 { 116 session_id(substr($aux,32)); 117 } 118 else 119 { 120 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); 121 } 122 } 123 session_start(); 124 } 125 101 if($GLOBALS['phpgw_info']['server']['captcha']==1) 102 { 103 session_start(); 104 } 126 105 include(personalize_include_path('phpgwapi','login')); 127 106 ?> -
branches/2.2/phpgwapi/templates/default/login_default.php
r3444 r3448 37 37 return '<font color="FF0000">' . lang('Blocked, too many attempts(%1)! Retry in %2 minute(s)',$GLOBALS['phpgw_info']['server']['num_unsuccessful_id'],$GLOBALS['phpgw_info']['server']['block_time']) . '</font>'; 38 38 case 200: 39 return '<font color="FF0000">' . lang('Invalid code') . '</font>'; 40 break; 39 //return '<font color="FF0000">' . lang('Invalid code') . '</font>'; 40 return '<font color="FF0000">' . lang('Bad login or password') . '</font>'; 41 break; 41 42 case 10: 42 43 $GLOBALS['phpgw']->session->phpgw_setcookie('sessionid'); … … 53 54 54 55 default: 55 return ' ';56 return ''; 56 57 } 57 58 } … … 116 117 if($GLOBALS['phpgw_info']['server']['captcha']==1) 117 118 { 118 if(!$_COOKIE['ZABX'])119 {120 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5'));121 }122 119 if($_SESSION['contador'] > $GLOBALS['phpgw_info']['server']['num_badlogin']) 123 120 { 124 121 if ($_SESSION['CAPTCHAString'] != trim(strtoupper($_POST['codigo']))) 125 122 { 126 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=200')); 123 if(!$_GET['cd']) 124 { 125 $_GET['cd'] = '200'; 126 } 127 127 } 128 128 unset($_SESSION['CAPTCHAString']); … … 148 148 !isset($_SERVER['PHP_AUTH_USER']) && !isset($_SERVER['SSL_CLIENT_S_DN'])) 149 149 { 150 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw']->link('/login.php','cd=5')); 150 if(!$_GET['cd']) 151 { 152 $_GET['cd'] = '5'; 153 } 151 154 } 152 155 … … 165 168 $login .= '@'.$GLOBALS['phpgw_info']['server']['default_domain']; 166 169 } 170 If(!$_GET['cd']) 167 171 $GLOBALS['sessionid'] = $GLOBALS['phpgw']->session->create(strtolower($login),$passwd,$passwd_type,'u'); 168 172 169 173 if(!isset($GLOBALS['sessionid']) || ! $GLOBALS['sessionid']) 170 174 { 171 $GLOBALS['phpgw']->redirect($GLOBALS['phpgw_info']['server']['webserver_url'] . '/login.php?cd=' . $GLOBALS['phpgw']->session->cd_reason); 175 176 If(!$_GET['cd']) $_GET['cd'] = $GLOBALS['phpgw']->session->cd_reason; 172 177 } 173 178 else … … 204 209 } 205 210 } 206 else207 {211 //else // ================================================================================= 212 //{ 208 213 $valor_contador = $_SESSION['contador']; 209 214 $valor_contador = $valor_contador + 1; … … 254 259 $tmpl->set_var('lang_message',stripslashes(lang('loginscreen_message'))); 255 260 } 256 }261 //} 257 262 258 263 if($GLOBALS['phpgw_info']['server']['use_prefix_organization']) … … 413 418 414 419 $tmpl->set_var('autocomplete', ($GLOBALS['phpgw_info']['server']['autocomplete_login'] ? 'autocomplete="off"' : '')); 415 416 420 // soh mostra o captcha se for login sem certificado.... 417 421 if($GLOBALS['phpgw_info']['server']['captcha'] && $_GET['cd']!='300' ) 418 422 { 419 $aux_captcha = ' ';420 setcookie(session_name(),base64_encode(session_convert($key_convert . session_id(),$key_convert)),0);423 $aux_captcha = '<input type="hidden" name="' . session_name() . '" value="' . session_id() . '" >'; 424 // setcookie(session_name(),base64_encode(session_convert($key_convert . session_id(),$key_convert)),0); 421 425 if($valor_contador > $GLOBALS['phpgw_info']['server']['num_badlogin']) 422 426 { 423 427 $aux_captcha = '<div class="login_label" > 424 <img src="./security/captcha.php " title="'.lang('Security code').'" alt="'.lang('Security code').'" style="position:static;"><br/>428 <img src="./security/captcha.php?' . session_name() . '=' . session_id() . '" title="'.lang('Security code').'" alt="'.lang('Security code').'" style="position:static;"><br/> 425 429 <input class="input" type="text" maxlength="50" size="20" name="codigo" id="codigo" value="" > 430 <input type="hidden" name="' . session_name() . '" value="' . session_id() . '" > 426 431 </div>'; 427 $tmpl->set_var('captcha',$aux_captcha);428 432 } 429 433 } 430 434 $tmpl->set_var('captcha',$aux_captcha); 431 435 // Testa se deve incluir applet para login com certificado...... 432 436 if ($_GET['cd']=='300' && $GLOBALS['phpgw_info']['server']['certificado']==1) -
branches/2.2/security/captcha.php
r3447 r3448 148 148 149 149 // ************ Fim da Classe ************************* 150 151 function session_convert($str,$ky='') 152 { 153 if($ky=='') return $str; 154 $ky=str_replace(chr(32),'',$ky); 155 if(strlen($ky)<8) return ''; 156 $kl=strlen($ky)<32?strlen($ky):32; 157 $k=array(); 158 for($i=0;$i<$kl;$i++) 159 { 160 $k[$i]=ord($ky{$i})&0x1F; 161 } 162 $j=0; 163 for($i=0;$i<strlen($str);$i++) 164 { 165 $e=ord($str{$i}); 166 $str{$i}=$e&0xE0?chr($e^$k[$j]):chr($e); 167 $j++;$j=$j==$kl?0:$j; 168 } 169 return $str; 170 } 171 172 $key_convert = md5_file( realpath( dirname( __FILE__ ) . '/../header.inc.php' ) ); 173 174 //Cria o CAPTCHA, gera o string e a imagem ... 175 $GLOBALS['captcha'] = new captcha; 176 177 // Guarda o string do captcha na session... 178 session_name( 'ZABX' ); 179 session_id( substr( session_convert( base64_decode( $_REQUEST['ZABX'] ), $key_convert ), 32 ) ); 180 session_start( ); 181 $_SESSION[ 'CAPTCHAString' ] = $GLOBALS[ 'captcha' ] -> GetCaptchaString( ); 182 183 // Vai exibir a imagem do captcha... 184 $GLOBALS['captcha'] ->Showcaptcha(); 150 //Cria o CAPTCHA, gera o string e a imagem ... 151 $GLOBALS['captcha'] = new captcha; 152 // Guarda o string do captcha na session... 153 session_name('sessionid'); 154 session_start(); 155 $_SESSION['CAPTCHAString'] = $GLOBALS['captcha'] ->GetCaptchaString(); 156 // Vai exibir a imagem do captcha... 157 $GLOBALS['captcha'] ->Showcaptcha(); 185 158 ?>
Note: See TracChangeset
for help on using the changeset viewer.
