<?php
require_once '../configure.php';
require_once LIBDIR . '/init.php';
setup_database_connection();
require_once LIBWWWDIR . '/common.php';
require_once LIBWWWDIR . '/auth.php';
// Where the user was trying to go, we'll redirect them back
session_start();
$next = $_SESSION['redirect_after_login'];
if (isset($_REQUEST['code'])) {
try {
do_login_oidc();
} catch (OpenIDConnectClientException $exception) {
// Retry the login request if it was something like
if ($_REQUEST['code']) {
header("Location: {$next}");
exit;
} else {
throw $exception;
}
}
} else {
header("Location: ../");
exit;
}
// Redirect to wherever the user was trying to go initially
header("Location: {$next}");
exit;
function do_login()
{
global $DB, $ip, $username, $userdata;
switch (AUTH_METHOD) {
// Generic authentication code for IPADDRESS and PHP_SESSIONS;
// some specializations are handled by if-statements.
case 'IPADDRESS':
case 'PHP_SESSIONS':
if ($_POST['oidc'] == 'true') {
do_login_oidc();
break;
}
$user = trim($_POST['login']);
$pass = trim($_POST['passwd']);
$title = 'Authenticate user';
$menu = false;
if (empty($user) || empty($pass)) {
show_failed_login("Please supply a username and password.");
}
do_login_native($user, $pass);
if (AUTH_METHOD == 'IPADDRESS') {
$cnt = $DB->q('RETURNAFFECTED UPDATE user SET ip_address = %s
WHERE username = %s', $ip, $username);
if ($cnt != 1) {
error("cannot set IP for '{$username}'");
}
}
if (AUTH_METHOD == 'PHP_SESSIONS') {
session_start();
$_SESSION['username'] = $username;
auditlog('user', $userdata['userid'], 'logged in', $ip);
}
break;
case 'LDAP':
$user = trim($_POST['login']);
$pass = trim($_POST['passwd']);
$title = 'Authenticate user';
$menu = false;
if (empty($user) || empty($pass)) {
show_failed_login("Please supply a username and password.");
}
$userdata = $DB->q('MAYBETUPLE SELECT * FROM user
WHERE username = %s AND enabled = 1', $user);
if (!$userdata || !ldap_check_credentials($userdata['username'], $pass)) {
sleep(1);
show_failed_login("Invalid username or password supplied. " . "Please try again or contact a staff member.");
}
$username = $userdata['username'];
session_start();
$_SESSION['username'] = $username;
auditlog('user', $userdata['userid'], 'logged in', $ip);
break;
case 'EXTERNAL':
if (empty($_SERVER['REMOTE_USER'])) {
show_failed_login("No authentication data provided by Apache.");
}
break;
default:
error("Unknown authentication method '" . AUTH_METHOD . "' requested, or login not supported.");
}
// Authentication success. We could just return here, but we do a
// redirect to clear the POST data from the browser.
$DB->q('UPDATE user SET last_login = %s, last_ip_address = %s
WHERE username = %s', now(), $ip, $username);
$script = $_SERVER['PHP_SELF'];
if (preg_match('/\\/public\\/login\\.php$/', $_SERVER['PHP_SELF'])) {
logged_in();
// fill userdata
if (checkrole('jury') || checkrole('balloon')) {
header("Location: ../jury/");
exit;
} else {
if (checkrole('team')) {
header("Location: ../team/");
exit;
}
}
}
header("Location: ./");
exit;
}