Example #1
0
<?php

require_once '../configure.php';
require_once LIBDIR . '/init.php';
setup_database_connection();
require_once LIBWWWDIR . '/common.php';
require_once LIBWWWDIR . '/auth.php';
// Where the user was trying to go, we'll redirect them back
session_start();
$next = $_SESSION['redirect_after_login'];
if (isset($_REQUEST['code'])) {
    try {
        do_login_oidc();
    } catch (OpenIDConnectClientException $exception) {
        // Retry the login request if it was something like
        if ($_REQUEST['code']) {
            header("Location: {$next}");
            exit;
        } else {
            throw $exception;
        }
    }
} else {
    header("Location: ../");
    exit;
}
// Redirect to wherever the user was trying to go initially
header("Location: {$next}");
exit;
Example #2
0
function do_login()
{
    global $DB, $ip, $username, $userdata;
    switch (AUTH_METHOD) {
        // Generic authentication code for IPADDRESS and PHP_SESSIONS;
        // some specializations are handled by if-statements.
        case 'IPADDRESS':
        case 'PHP_SESSIONS':
            if ($_POST['oidc'] == 'true') {
                do_login_oidc();
                break;
            }
            $user = trim($_POST['login']);
            $pass = trim($_POST['passwd']);
            $title = 'Authenticate user';
            $menu = false;
            if (empty($user) || empty($pass)) {
                show_failed_login("Please supply a username and password.");
            }
            do_login_native($user, $pass);
            if (AUTH_METHOD == 'IPADDRESS') {
                $cnt = $DB->q('RETURNAFFECTED UPDATE user SET ip_address = %s
			               WHERE username = %s', $ip, $username);
                if ($cnt != 1) {
                    error("cannot set IP for '{$username}'");
                }
            }
            if (AUTH_METHOD == 'PHP_SESSIONS') {
                session_start();
                $_SESSION['username'] = $username;
                auditlog('user', $userdata['userid'], 'logged in', $ip);
            }
            break;
        case 'LDAP':
            $user = trim($_POST['login']);
            $pass = trim($_POST['passwd']);
            $title = 'Authenticate user';
            $menu = false;
            if (empty($user) || empty($pass)) {
                show_failed_login("Please supply a username and password.");
            }
            $userdata = $DB->q('MAYBETUPLE SELECT * FROM user
		                    WHERE username = %s AND enabled = 1', $user);
            if (!$userdata || !ldap_check_credentials($userdata['username'], $pass)) {
                sleep(1);
                show_failed_login("Invalid username or password supplied. " . "Please try again or contact a staff member.");
            }
            $username = $userdata['username'];
            session_start();
            $_SESSION['username'] = $username;
            auditlog('user', $userdata['userid'], 'logged in', $ip);
            break;
        case 'EXTERNAL':
            if (empty($_SERVER['REMOTE_USER'])) {
                show_failed_login("No authentication data provided by Apache.");
            }
            break;
        default:
            error("Unknown authentication method '" . AUTH_METHOD . "' requested, or login not supported.");
    }
    // Authentication success. We could just return here, but we do a
    // redirect to clear the POST data from the browser.
    $DB->q('UPDATE user SET last_login = %s, last_ip_address = %s
	        WHERE username = %s', now(), $ip, $username);
    $script = $_SERVER['PHP_SELF'];
    if (preg_match('/\\/public\\/login\\.php$/', $_SERVER['PHP_SELF'])) {
        logged_in();
        // fill userdata
        if (checkrole('jury') || checkrole('balloon')) {
            header("Location: ../jury/");
            exit;
        } else {
            if (checkrole('team')) {
                header("Location: ../team/");
                exit;
            }
        }
    }
    header("Location: ./");
    exit;
}