}
break;
case '2':
/* default console page */
header("Location: index.php");
break;
case '3':
/* default graph page */
header("Location: graph_view.php");
break;
}
exit;
} else {
if (!$guest_user && $user_auth) {
/* No guest account defined */
auth_display_custom_error_message("Access Denied, please contact you Cacti Administrator.");
cacti_log("LOGIN: Access Denied, No guest enabled or template user to copy", false, "AUTH");
exit;
} else {
/* BAD username/password builtin and LDAP */
db_execute("INSERT INTO user_log (username,user_id,result,ip,time) VALUES ('" . $username . "',0,0,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())");
}
}
}
/* auth_display_custom_error_message - displays a custom error message to the browser that looks like
the pre-defined error messages
@arg $message - the actual text of the error message to display */
function auth_display_custom_error_message($message)
{
/* kill the session */
setcookie(session_name(), "", time() - 3600, "/");
function domains_login_process()
{
global $user, $realm, $username, $user_auth, $ldap_error, $ldap_error_message;
if (is_numeric(get_request_var_post('realm')) && strlen(get_request_var_post('login_password')) > 0) {
/* include LDAP lib */
include_once './lib/ldap.php';
/* get user DN */
$ldap_dn_search_response = domains_ldap_search_dn($username, get_request_var_post('realm'));
if ($ldap_dn_search_response['error_num'] == '0') {
$ldap_dn = $ldap_dn_search_response['dn'];
} else {
/* Error searching */
cacti_log('LOGIN: LDAP Error: ' . $ldap_dn_search_response['error_text'], false, 'AUTH');
$ldap_error = true;
$ldap_error_message = 'LDAP Search Error: ' . $ldap_dn_search_response['error_text'];
$user_auth = false;
$user = array();
}
if (!$ldap_error) {
/* auth user with LDAP */
$ldap_auth_response = domains_ldap_auth($username, stripslashes(get_request_var_post('login_password')), $ldap_dn, get_request_var_post('realm'));
if ($ldap_auth_response['error_num'] == '0') {
/* User ok */
$user_auth = true;
$copy_user = true;
$realm = get_request_var_post('realm');
/* Locate user in database */
cacti_log("LOGIN: LDAP User '" . $username . "' Authenticated from Domain '" . db_fetch_cell('SELECT domain_name FROM user_domains WHERE domain_id=' . ($realm - 1000)) . "'", false, 'AUTH');
$user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm));
/* Create user from template if requested */
$template_user = db_fetch_cell_prepared('SELECT user_id FROM user_domains WHERE domain_id = ?', array(get_request_var_post('realm') - 1000));
$template_username = db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($template_user));
if (!sizeof($user) && $copy_user && $template_user != '0' && strlen($username) > 0) {
cacti_log("WARN: User '" . $username . "' does not exist, copying template user", false, 'AUTH');
/* check that template user exists */
if (db_fetch_row_prepared('SELECT id FROM user_auth WHERE id = ? AND realm = 0', array($template_user))) {
/* template user found */
user_copy($template_username, $username, 0, $realm);
/* requery newly created user */
$user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm));
} else {
/* error */
cacti_log("LOGIN: Template user '" . $template_username . "' does not exist.", false, 'AUTH');
auth_display_custom_error_message("Template user '" . $template_username . "' does not exist.");
exit;
}
}
} else {
/* error */
cacti_log('LOGIN: LDAP Error: ' . $ldap_auth_response['error_text'], false, 'AUTH');
$ldap_error = true;
$ldap_error_message = 'LDAP Error: ' . $ldap_auth_response['error_text'];
$user_auth = false;
$user = array();
}
}
}
}
function secpass_login_process()
{
$users = db_fetch_assoc('SELECT username FROM user_auth WHERE realm = 0');
$username = sanitize_search_string(get_request_var_post('login_username'));
# Mark failed login attempts
if (read_config_option('secpass_lockfailed') > 0) {
$max = intval(read_config_option('secpass_lockfailed'));
if ($max > 0) {
$p = get_request_var_post('login_password');
foreach ($users as $fa) {
if ($fa['username'] == $username) {
$user = db_fetch_assoc_prepared("SELECT * FROM user_auth WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
if (isset($user[0]['username'])) {
$user = $user[0];
$unlock = intval(read_config_option('secpass_unlocktime'));
if ($unlock > 1440) {
$unlock = 1440;
}
if ($unlock > 0 && time() - $user['lastfail'] > 60 * $unlock) {
db_execute_prepared("UPDATE user_auth SET lastfail = 0, failed_attempts = 0, locked = '' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
$user['failed_attempts'] = $user['lastfail'] = 0;
$user['locked'] == '';
}
if ($user['password'] != md5($p)) {
$failed = $user['failed_attempts'] + 1;
if ($failed >= $max) {
db_execute_prepared("UPDATE user_auth SET locked = 'on' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username));
$user['locked'] = 'on';
}
$user['lastfail'] = time();
db_execute_prepared("UPDATE user_auth SET lastfail = ?, failed_attempts = ? WHERE username = ? AND realm = 0 AND enabled = 'on'", array($user['lastfail'], $failed, $username));
if ($user['locked'] != '') {
auth_display_custom_error_message('This account has been locked.');
exit;
}
return false;
}
if ($user['locked'] != '') {
auth_display_custom_error_message('This account has been locked.');
exit;
}
}
}
}
}
}
# Check if old password doesn't meet specifications and must be changed
if (read_config_option('secpass_forceold') == 'on') {
$p = get_request_var_post('login_password');
$error = secpass_check_pass($p);
if ($error != '') {
foreach ($users as $fa) {
if ($fa['username'] == $username) {
db_execute_prepared("UPDATE user_auth SET must_change_password = '******' WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array($username, md5(get_request_var_post('login_password'))));
return true;
}
}
}
}
# Set the last Login time
if (read_config_option('secpass_expireaccount') > 0) {
$p = get_request_var_post('login_password');
foreach ($users as $fa) {
if ($fa['username'] == $username) {
db_execute_prepared("UPDATE user_auth SET lastlogin = ? WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array(time(), $username, md5(get_request_var_post('login_password'))));
}
}
}
return true;
}
function error_generate_user_env($user_id, $message)
{
db_execute("UPDATE user_auth SET enabled = '' WHERE id = '{$user_id}'");
cacti_log($message, false, "AUTH");
auth_display_custom_error_message($message);
}
