ILIAS  release_5-1 Revision 5.0.0-5477-g43f3e3fab5f
Html.php
Go to the documentation of this file.
1<?php
2/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
3
40
41 // {{{ render()
42
50 function render(&$caller, $username = '') {
51 $loginOnClick = 'return true;';
52
53 // Try To Use Challene response
54 // TODO javascript might need some improvement for work on other browsers
55 if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
56
57 // Init the secret cookie
58 $caller->session['loginchallenege'] = md5(microtime());
59
60 print "\n";
61 print '<script language="JavaScript">'."\n";
62
63 include 'Auth/Frontend/md5.js';
64
65 print "\n";
66 print ' function securePassword() { '."\n";
67 print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
68 print ' var secret = document.getElementById(\'authsecret\')'."\n";
69 //print ' alert(pass);alert(secret); '."\n";
70
71 // If using md5 for password storage md5 the password before
72 // we hash it with the secret
73 // print ' alert(pass.value);';
74 if ($caller->storage->getCryptType() == 'md5' ) {
75 print ' pass.value = hex_md5(pass.value); '."\n";
76 #print ' alert(pass.value);';
77 }
78
79 print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
80 // print ' alert(pass.value);';
81 print ' secret.value = 1;'."\n";
82 print ' var doLogin = document.getElementById(\'doLogin\')'."\n";
83 print ' doLogin.disabled = true;'."\n";
84 print ' return true;';
85 print ' } '."\n";
86 print '</script>'."\n";;
87 print "\n";
88
89 $loginOnClick = ' return securePassword(); ';
90 }
91
92 print '<center>'."\n";
93
94 $status = '';
95 if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
96 $status = '<i>Your session has expired. Please login again!</i>'."\n";
97 } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
98 $status = '<i>You have been idle for too long. Please login again!</i>'."\n";
99 } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
100 $status = '<i>Wrong login data!</i>'."\n";
101 } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
102 $status = '<i>Security problem detected. </i>'."\n";
103 }
104
105 print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
106 .'onSubmit="'.$loginOnClick.'">'."\n";
107 print '<table border="0" cellpadding="2" cellspacing="0" '
108 .'summary="login form" align="center" >'."\n";
109 print '<tr>'."\n";
110 print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
111 .$status.'</td>'."\n";
112 print '</tr>'."\n";
113 print '<tr>'."\n";
114 print ' <td>Username:</td>'."\n";
115 print ' <td><input type="text" id="'.$caller->getPostUsernameField()
116 .'" name="'.$caller->getPostUsernameField().'" value="' . $username
117 .'" /></td>'."\n";
118 print '</tr>'."\n";
119 print '<tr>'."\n";
120 print ' <td>Password:</td>'."\n";
121 print ' <td><input type="password" id="'.$caller->getPostPasswordField()
122 .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
123 print '</tr>'."\n";
124 print '<tr>'."\n";
125
126 //onClick=" '.$loginOnClick.' "
127 print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
128 .'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
129 print '</tr>'."\n";
130 print '</table>'."\n";
131
132 // Might be a good idea to make the variable name variable
133 print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
134 print '</form>'."\n";
135 print '</center>'."\n";
136 }
137
138 // }}}
139
140}
141
142?>
const AUTH_SECURITY_BREACH
Returned if new Advanced security system detects a breach.
Definition: Auth.php:46
const AUTH_EXPIRED
Returned if session has expired.
Definition: Auth.php:34
const AUTH_WRONG_LOGIN
Returned if container is unable to authenticate user/password pair.
Definition: Auth.php:38
const AUTH_IDLED
Returned if session exceeds idle time.
Definition: Auth.php:30
render(&$caller, $username='')
Displays the login form.
Definition: Html.php:50
if(!file_exists(getcwd().'/ilias.ini.php')) if(isset( $_GET["client_id"]))
registration confirmation script for ilias
Definition: confirmReg.php:20
if(! $in) print