} else { $_SESSION['javascript_enabled'] = false; } if (!$authmethod) { $authmethod = 'sql'; } $_SESSION['authmethod'] = $authmethod; $_SESSION['PHP_AUTH_USER'] = $PHP_AUTH_USER; // when the login was secure but user does not wanna stay secure if (getenv('HTTPS') && !$_POST['ssl']) { // send meta tag redirecting to http page and exit $PHP_SELF = $_SERVER['PHP_SELF']; $server = getenv('HTTP_HOST'); $url = "http://{$server}{$PHP_SELF}"; $get_string = getenv('QUERY_STRING'); $url = url_get_string($url); echo "<html>\n<head>\n"; echo "<meta http-equiv='refresh' content=0;URL='{$url}'>"; echo "</head>\n</html>"; exit; } } else { $PHP_AUTH_USER = false; // delay to discourage brute force cracks usleep(500000); loginscreen("<h4>Your credentials were not accepted, Please try again</h4>"); exit; } } else { // no username and/or passwd found in get or post loginscreen("<h4>Please enter your username and password</h4>");
/** * presents the login screen when authenticating witth sessions * */ function loginscreen($message = "<h3>Login to PhpLabWare</h3>") { global $_SERVER, $system_settings; $PHP_SELF = $_SERVER['PHP_SELF']; if ($system_settings['secure_server']) { $server = getenv('HTTP_HOST'); if (!$server) { $server = $_SERVER['HTTP_HOST']; } $addres = "https://{$server}{$PHP_SELF}"; } else { $addres = $PHP_SELF; } $addres = url_get_string($addres); // prevent cross-site scripting: $addres = strip_xss_stuff($addres); printheader("Login to PhpLabWare"); echo "<noscript><br><align='center'><b><div id='nojs'>Javascript is not used. Although navigation of phplabware is possible without javascript, it is not actively supported and will limit functionality drastically. Please enable JavaScript to view this page properly.</div></b></align></br></noscript>\n"; echo "<form name='loginform' method='post' action='{$addres}' onSubmit='this.javascript_enabled.value=\"true\"'>\n"; echo "<input type='hidden' name='logon' value='true'>\n"; echo "<input type='hidden' name='javascript_enabled' value='0'>\n"; echo "<table align=center>\n"; echo "<tr><td colspan=2 align='center'>{$message}</td>\n"; $imstring = randomimage("frontims"); if ($imstring) { } echo "<td rowspan=6>   {$imstring}</td>"; echo "</tr>\n"; echo "<tr><td>Your login name:</td>\n"; echo "<td><input name='user' size=10 value=''></td></tr>\n"; echo "<tr><td>Password:</td>\n"; echo "<td><input type='password' name='pwd' size=10 value=''></td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; if ($system_settings["secure_server"]) { echo "<input type='checkbox' name='ssl' checked>Keep a secure connection"; } echo "</td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; echo "<input type='submit' name='submit' value='Login'></td></tr>\n"; echo "<tr><td colspan=2 align='center'>"; //echo "Note: Cookies must be enabled beyond this point</td></tr>\n"; echo "</table>\n</form>\n"; printfooter(); }