forked from services/mlmmj-light-web-ecg
Initial commit for release of version 1.0
This commit is contained in:
123
login.php
123
login.php
@@ -1,79 +1,78 @@
|
||||
<?php
|
||||
|
||||
# TODO: Remove this afterwards
|
||||
error_reporting(E_ALL);
|
||||
ini_set("display_errors", 1);
|
||||
|
||||
require("init.php");
|
||||
$login_domain = isset($_POST["login_domain"]) ? $_POST["login_domain"] : "";
|
||||
|
||||
$login_username = isset($_POST["login_username"]) ? $_POST["login_username"] : "";
|
||||
$login_pass = isset($_POST["login_pass"]) ? $_POST["login_pass"] : "";
|
||||
|
||||
// Convert to lower case
|
||||
#$login_domain = strtolower($login_domain);
|
||||
# Sanitize user input
|
||||
$login_username = filter_var($_POST['login_username'], FILTER_SANITIZE_STRING);
|
||||
# TODO: Maybe this filter applied to the password does not fit our password rules - we will see
|
||||
$login_pass = filter_var($_POST['login_pass'], FILTER_SANITIZE_FULL_SPECIAL_CHARS);
|
||||
|
||||
if( !empty($login_domain) && !empty($login_pass) )
|
||||
# Convert username to lower case
|
||||
$login_username = strtolower($login_username);
|
||||
|
||||
if (!empty($login_username) && !empty($login_pass))
|
||||
{
|
||||
#if ( preg_match("/[^a-z0-9\-\.]/", $login_domain) )
|
||||
#{
|
||||
# // Domain must contain only english letters, digits, hyphens and dots
|
||||
# $_SESSION["error_code"] = 1;
|
||||
# header("Location: error.php");
|
||||
# exit();
|
||||
#}
|
||||
$ldap_server = "localhost";
|
||||
$ldap_port = 30389;
|
||||
|
||||
if ( preg_match("/[^A-Za-z0-9]/", $login_pass) )
|
||||
{
|
||||
// Password must contain only english letters and digits
|
||||
$_SESSION["error_code"] = 2;
|
||||
header("Location: error.php");
|
||||
exit();
|
||||
}
|
||||
$connect = ldap_connect($ldap_server, $ldap_port); #or die("Failed to connect to the LDAP server.");
|
||||
|
||||
// Sha256 sum of entered password
|
||||
$login_hash = hash("sha256", $login_pass);
|
||||
ldap_set_option($connect, LDAP_OPT_PROTOCOL_VERSION, 3);
|
||||
ldap_set_option($connect, LDAP_OPT_REFERRALS, 0);
|
||||
|
||||
#$hashes = file_get_contents("$lists_path/passwords.txt");
|
||||
#preg_match("/^$login_domain:(.*).*/m", $hashes, $hash);
|
||||
# bind user
|
||||
$auth_user = "uid=" . $login_username . ",ou=users,ou=ecg";
|
||||
$auth_pass = $login_pass;
|
||||
$bind = ldap_bind($connect, $auth_user, $auth_pass); #or die("Failed to bind to LDAP server.");
|
||||
|
||||
// Is there such domain?
|
||||
#if ( count($hash) == 0 )
|
||||
#{
|
||||
# preg_match("/^list\.$login_domain:(.*).*/m", $hashes, $hash);
|
||||
# // Maybe user omitted "list." prefix?
|
||||
# if ( count($hash) == 0 )
|
||||
# {
|
||||
# // No luck. Incorrect domain
|
||||
# $_SESSION["error_code"] = 4;
|
||||
# header("Location: error.php");
|
||||
# exit();
|
||||
# }
|
||||
# else
|
||||
# {
|
||||
# // Yes, he omitted "list."
|
||||
# $login_domain = "list.$login_domain";
|
||||
# }
|
||||
#}
|
||||
# If the bind was successfull
|
||||
if ($bind)
|
||||
{
|
||||
# Get list of all lists the person owns and tranform them into an array
|
||||
$array_lists_owned = explode("\n", shell_exec("cd $lists_path/$domain_global ; grep -r \"" . $login_username . "@ecogood.org\" */control/owner | cut -d':' -f1 | cut -d'/' -f1"));
|
||||
|
||||
// Compare hashes
|
||||
if($login_hash == "3b844f5e23039700921b7a301b99d17470cf1f466986aa4e4e2e566369412d32")
|
||||
{
|
||||
// Authentication successful - Set session
|
||||
$_SESSION["auth"] = 1;
|
||||
$_SESSION["domain"] = "mlmmj"; #$login_domain;
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
// Incorrect password
|
||||
$_SESSION["error_code"] = 3;
|
||||
header("Location: error.php");
|
||||
exit();
|
||||
}
|
||||
// Authentication successful - Set session
|
||||
$_SESSION["auth"] = 1;
|
||||
$_SESSION["username"] = $login_username;
|
||||
$_SESSION["domain"] = $domain_global; # This is needed for the script to function properly
|
||||
$_SESSION["array_lists_owned"] = $array_lists_owned;
|
||||
|
||||
shell_exec('curl -X POST -H \'Content-Type: application/json\' --data \'{"alias":"ECG Notification Bot","emoji":":ghost:","text":"' . $_SESSION["username"] . ' logged in"}\' https://chat.ecogood.org/hooks/' . $rc_webhook);
|
||||
|
||||
# Audit log
|
||||
$return = audit_log("login");
|
||||
if (!$return["success"])
|
||||
{
|
||||
# If debug mode is on show error message
|
||||
if ($debug)
|
||||
{
|
||||
echo $return["message"];
|
||||
}
|
||||
else
|
||||
{
|
||||
shell_exec('curl -X POST -H \'Content-Type: application/json\' --data \'{"alias":"ECG Notification Bot","emoji":":ghost:","text":"' . $return["message"] . '"}\' https://chat.ecogood.org/hooks/' . $rc_webhook);
|
||||
}
|
||||
}
|
||||
|
||||
header("Location: index.php");
|
||||
exit();
|
||||
}
|
||||
else
|
||||
{
|
||||
// Incorrect password
|
||||
$_SESSION["error_code"] = 3;
|
||||
header("Location: error.php");
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
// If no submission, display login form
|
||||
$smarty->display("login.tpl");
|
||||
// If no submission, display login form
|
||||
$smarty->assign("headline", $headline);
|
||||
$smarty->display("login.tpl");
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user