$htmlredir .= '<a href="' . K_LOGOUT_URL . '">LOGOUT...</a>' . K_NEWLINE; $htmlredir .= '</body>' . K_NEWLINE; $htmlredir .= '</html>' . K_NEWLINE; header('Location: ' . K_LOGOUT_URL); echo $htmlredir; exit; } } } } else { F_display_db_error(); } // try other login systems // (HTTP-BASIC, CAS, SHIBBOLETH, RADIUS, LDAP) require_once '../../shared/code/tce_altauth.php'; $altusr = F_altLogin(); // --- check if login information has been submitted if (isset($_POST['logaction']) and $_POST['logaction'] == 'login' and isset($_POST['xuser_name']) and isset($_POST['xuser_password'])) { $bruteforce = false; if (K_BRUTE_FORCE_DELAY_RATIO > 0) { // check login attempt from the current client device to avoid brute force attack $bruteforce = true; $fingerprintkey = md5(getClientFingerprint()); // we are using another entry in the session table to keep track of the login attempts $sqlt = 'SELECT * FROM ' . K_TABLE_SESSIONS . ' WHERE cpsession_id=\'' . $fingerprintkey . '\' LIMIT 1'; if ($rt = F_db_query($sqlt, $db)) { if ($mt = F_db_fetch_array($rt)) { // check the expiration time if (strtotime($mt['cpsession_expiry']) < time()) { $bruteforce = false; }
$_SESSION['session_user_lastname'] = urlencode($md['user_lastname']); $_SESSION['session_last_visit'] = 0; $logged = true; } } else { F_display_db_error(); } } else { // the password is wrong F_print_error('WARNING', $l['m_login_wrong']); } } else { // this user doesn't exist on TCExam database // try to get account information from alternative systems (RADIUS, LDAP, CAS, ...) require_once '../../shared/code/tce_altauth.php'; $altusr = F_altLogin(stripslashes($_POST['xuser_name']), stripslashes($_POST['xuser_password'])); if ($altusr !== false) { // replicate user account on TCExam local database $sql = 'INSERT INTO ' . K_TABLE_USERS . ' ( user_regdate, user_ip, user_name, user_email, user_password, user_regnumber, user_firstname, user_lastname, user_birthdate, user_birthplace, user_ssn, user_level