Beispiel #1
0
                $htmlredir .= '<a href="' . K_LOGOUT_URL . '">LOGOUT...</a>' . K_NEWLINE;
                $htmlredir .= '</body>' . K_NEWLINE;
                $htmlredir .= '</html>' . K_NEWLINE;
                header('Location: ' . K_LOGOUT_URL);
                echo $htmlredir;
                exit;
            }
        }
    }
} else {
    F_display_db_error();
}
// try other login systems
// (HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP)
require_once '../../shared/code/tce_altauth.php';
$altusr = F_altLogin();
// --- check if login information has been submitted
if (isset($_POST['logaction']) and $_POST['logaction'] == 'login' and isset($_POST['xuser_name']) and isset($_POST['xuser_password'])) {
    $bruteforce = false;
    if (K_BRUTE_FORCE_DELAY_RATIO > 0) {
        // check login attempt from the current client device to avoid brute force attack
        $bruteforce = true;
        $fingerprintkey = md5(getClientFingerprint());
        // we are using another entry in the session table to keep track of the login attempts
        $sqlt = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $fingerprintkey . '\' LIMIT 1';
        if ($rt = F_db_query($sqlt, $db)) {
            if ($mt = F_db_fetch_array($rt)) {
                // check the expiration time
                if (strtotime($mt['cpsession_expiry']) < time()) {
                    $bruteforce = false;
                }
                        $_SESSION['session_user_lastname'] = urlencode($md['user_lastname']);
                        $_SESSION['session_last_visit'] = 0;
                        $logged = true;
                    }
                } else {
                    F_display_db_error();
                }
            } else {
                // the password is wrong
                F_print_error('WARNING', $l['m_login_wrong']);
            }
        } else {
            // this user doesn't exist on TCExam database
            // try to get account information from alternative systems (RADIUS, LDAP, CAS, ...)
            require_once '../../shared/code/tce_altauth.php';
            $altusr = F_altLogin(stripslashes($_POST['xuser_name']), stripslashes($_POST['xuser_password']));
            if ($altusr !== false) {
                // replicate user account on TCExam local database
                $sql = 'INSERT INTO ' . K_TABLE_USERS . ' (
					user_regdate,
					user_ip,
					user_name,
					user_email,
					user_password,
					user_regnumber,
					user_firstname,
					user_lastname,
					user_birthdate,
					user_birthplace,
					user_ssn,
					user_level