} break; case '2': /* default console page */ header("Location: index.php"); break; case '3': /* default graph page */ header("Location: graph_view.php"); break; } exit; } else { if (!$guest_user && $user_auth) { /* No guest account defined */ auth_display_custom_error_message("Access Denied, please contact you Cacti Administrator."); cacti_log("LOGIN: Access Denied, No guest enabled or template user to copy", false, "AUTH"); exit; } else { /* BAD username/password builtin and LDAP */ db_execute("INSERT INTO user_log (username,user_id,result,ip,time) VALUES ('" . $username . "',0,0,'" . $_SERVER["REMOTE_ADDR"] . "',NOW())"); } } } /* auth_display_custom_error_message - displays a custom error message to the browser that looks like the pre-defined error messages @arg $message - the actual text of the error message to display */ function auth_display_custom_error_message($message) { /* kill the session */ setcookie(session_name(), "", time() - 3600, "/");
function domains_login_process() { global $user, $realm, $username, $user_auth, $ldap_error, $ldap_error_message; if (is_numeric(get_request_var_post('realm')) && strlen(get_request_var_post('login_password')) > 0) { /* include LDAP lib */ include_once './lib/ldap.php'; /* get user DN */ $ldap_dn_search_response = domains_ldap_search_dn($username, get_request_var_post('realm')); if ($ldap_dn_search_response['error_num'] == '0') { $ldap_dn = $ldap_dn_search_response['dn']; } else { /* Error searching */ cacti_log('LOGIN: LDAP Error: ' . $ldap_dn_search_response['error_text'], false, 'AUTH'); $ldap_error = true; $ldap_error_message = 'LDAP Search Error: ' . $ldap_dn_search_response['error_text']; $user_auth = false; $user = array(); } if (!$ldap_error) { /* auth user with LDAP */ $ldap_auth_response = domains_ldap_auth($username, stripslashes(get_request_var_post('login_password')), $ldap_dn, get_request_var_post('realm')); if ($ldap_auth_response['error_num'] == '0') { /* User ok */ $user_auth = true; $copy_user = true; $realm = get_request_var_post('realm'); /* Locate user in database */ cacti_log("LOGIN: LDAP User '" . $username . "' Authenticated from Domain '" . db_fetch_cell('SELECT domain_name FROM user_domains WHERE domain_id=' . ($realm - 1000)) . "'", false, 'AUTH'); $user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm)); /* Create user from template if requested */ $template_user = db_fetch_cell_prepared('SELECT user_id FROM user_domains WHERE domain_id = ?', array(get_request_var_post('realm') - 1000)); $template_username = db_fetch_cell_prepared('SELECT username FROM user_auth WHERE id = ?', array($template_user)); if (!sizeof($user) && $copy_user && $template_user != '0' && strlen($username) > 0) { cacti_log("WARN: User '" . $username . "' does not exist, copying template user", false, 'AUTH'); /* check that template user exists */ if (db_fetch_row_prepared('SELECT id FROM user_auth WHERE id = ? AND realm = 0', array($template_user))) { /* template user found */ user_copy($template_username, $username, 0, $realm); /* requery newly created user */ $user = db_fetch_row_prepared('SELECT * FROM user_auth WHERE username = ? AND realm = ?', array($username, $realm)); } else { /* error */ cacti_log("LOGIN: Template user '" . $template_username . "' does not exist.", false, 'AUTH'); auth_display_custom_error_message("Template user '" . $template_username . "' does not exist."); exit; } } } else { /* error */ cacti_log('LOGIN: LDAP Error: ' . $ldap_auth_response['error_text'], false, 'AUTH'); $ldap_error = true; $ldap_error_message = 'LDAP Error: ' . $ldap_auth_response['error_text']; $user_auth = false; $user = array(); } } } }
function secpass_login_process() { $users = db_fetch_assoc('SELECT username FROM user_auth WHERE realm = 0'); $username = sanitize_search_string(get_request_var_post('login_username')); # Mark failed login attempts if (read_config_option('secpass_lockfailed') > 0) { $max = intval(read_config_option('secpass_lockfailed')); if ($max > 0) { $p = get_request_var_post('login_password'); foreach ($users as $fa) { if ($fa['username'] == $username) { $user = db_fetch_assoc_prepared("SELECT * FROM user_auth WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username)); if (isset($user[0]['username'])) { $user = $user[0]; $unlock = intval(read_config_option('secpass_unlocktime')); if ($unlock > 1440) { $unlock = 1440; } if ($unlock > 0 && time() - $user['lastfail'] > 60 * $unlock) { db_execute_prepared("UPDATE user_auth SET lastfail = 0, failed_attempts = 0, locked = '' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username)); $user['failed_attempts'] = $user['lastfail'] = 0; $user['locked'] == ''; } if ($user['password'] != md5($p)) { $failed = $user['failed_attempts'] + 1; if ($failed >= $max) { db_execute_prepared("UPDATE user_auth SET locked = 'on' WHERE username = ? AND realm = 0 AND enabled = 'on'", array($username)); $user['locked'] = 'on'; } $user['lastfail'] = time(); db_execute_prepared("UPDATE user_auth SET lastfail = ?, failed_attempts = ? WHERE username = ? AND realm = 0 AND enabled = 'on'", array($user['lastfail'], $failed, $username)); if ($user['locked'] != '') { auth_display_custom_error_message('This account has been locked.'); exit; } return false; } if ($user['locked'] != '') { auth_display_custom_error_message('This account has been locked.'); exit; } } } } } } # Check if old password doesn't meet specifications and must be changed if (read_config_option('secpass_forceold') == 'on') { $p = get_request_var_post('login_password'); $error = secpass_check_pass($p); if ($error != '') { foreach ($users as $fa) { if ($fa['username'] == $username) { db_execute_prepared("UPDATE user_auth SET must_change_password = '******' WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array($username, md5(get_request_var_post('login_password')))); return true; } } } } # Set the last Login time if (read_config_option('secpass_expireaccount') > 0) { $p = get_request_var_post('login_password'); foreach ($users as $fa) { if ($fa['username'] == $username) { db_execute_prepared("UPDATE user_auth SET lastlogin = ? WHERE username = ? AND password = ? AND realm = 0 AND enabled = 'on'", array(time(), $username, md5(get_request_var_post('login_password')))); } } } return true; }
function error_generate_user_env($user_id, $message) { db_execute("UPDATE user_auth SET enabled = '' WHERE id = '{$user_id}'"); cacti_log($message, false, "AUTH"); auth_display_custom_error_message($message); }