Subversion Repositories Sites.tela-botanica.org

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
420 florian 1
<?php
2
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
3
 
4
/**
5
 * Standard Html Login form
6
 *
7
 * PHP versions 4 and 5
8
 *
9
 * LICENSE: This source file is subject to version 3.01 of the PHP license
10
 * that is available through the world-wide-web at the following URI:
11
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
12
 * the PHP License and are unable to obtain it through the web, please
13
 * send a note to license@php.net so we can mail you a copy immediately.
14
 *
15
 * @category   Authentication
16
 * @package    Auth
17
 * @author     Martin Jansen <mj@php.net>
18
 * @author     Adam Ashley <aashley@php.net>
19
 * @copyright  2001-2006 The PHP Group
20
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
21
 * @version    CVS: $Id: Html.php,v 1.10 2006/08/10 02:15:40 aashley Exp $
22
 * @link       http://pear.php.net/package/Auth
23
 * @since      File available since Release 1.3.0
24
 */
25
 
26
/**
27
 * Standard Html Login form
28
 *
29
 * @category   Authentication
30
 * @package    Auth
31
 * @author     Yavor Shahpasov <yavo@netsmart.com.cy>
32
 * @author     Adam Ashley <aashley@php.net>
33
 * @copyright  2001-2006 The PHP Group
34
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
35
 * @version    Release: @package_version@  File: $Revision: 1.10 $
36
 * @link       http://pear.php.net/package/Auth
37
 * @since      Class available since Release 1.3.0
38
 */
39
class Auth_Frontend_Html {
40
 
41
    // {{{ render()
42
 
43
    /**
44
     * Displays the login form
45
     *
46
     * @param object The calling auth instance
47
     * @param string The previously used username
48
     * @return void
49
     */
50
    function render(&$caller, $username = '') {
51
        $loginOnClick = 'return true;';
52
 
53
        // Try To Use Challene response
54
        // TODO javascript might need some improvement for work on other browsers
55
        if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
56
 
57
            // Init the secret cookie
58
            $caller->session['loginchallenege'] = md5(microtime());
59
 
60
            print "\n";
61
            print '<script language="JavaScript">'."\n";
62
 
63
 
64
            print "\n";
65
            print ' function securePassword() { '."\n";
66
            print '   var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
67
            print '   var secret = document.getElementById(\'authsecret\')'."\n";
68
            //print '   alert(pass);alert(secret); '."\n";
69
 
70
            // If using md5 for password storage md5 the password before
71
            // we hash it with the secret
72
            // print '   alert(pass.value);';
73
            if ($caller->storage->getCryptType() == 'md5' ) {
74
                print '   pass.value = hex_md5(pass.value); '."\n";
75
                #print '   alert(pass.value);';
76
            }
77
 
78
            print '   pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
79
            // print '   alert(pass.value);';
80
            print '   secret.value = 1;'."\n";
81
            print '   var doLogin = document.getElementById(\'doLogin\')'."\n";
82
            print '   doLogin.disabled = true;'."\n";
83
            print '   return true;';
84
            print ' } '."\n";
85
            print '</script>'."\n";;
86
            print "\n";
87
 
88
            $loginOnClick = ' return securePassword(); ';
89
        }
90
 
91
        print '<center>'."\n";
92
 
93
        $status = '';
94
        if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
95
            $status = '<i>Your session has expired. Please login again!</i>'."\n";
96
        } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
97
            $status = '<i>You have been idle for too long. Please login again!</i>'."\n";
98
        } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
99
            $status = '<i>Wrong login data!</i>'."\n";
100
        } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
101
            $status = '<i>Security problem detected. </i>'."\n";
102
        }
103
 
104
        print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
105
            .'onSubmit="'.$loginOnClick.'">'."\n";
106
        print '<table border="0" cellpadding="2" cellspacing="0" '
107
            .'summary="login form" align="center" >'."\n";
108
        print '<tr>'."\n";
109
        print '    <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
110
            .$status.'</td>'."\n";
111
        print '</tr>'."\n";
112
        print '<tr>'."\n";
113
        print '    <td>Username:</td>'."\n";
114
        print '    <td><input type="text" id="'.$caller->getPostUsernameField()
115
            .'" name="'.$caller->getPostUsernameField().'" value="' . $username
116
            .'" /></td>'."\n";
117
        print '</tr>'."\n";
118
        print '<tr>'."\n";
119
        print '    <td>Password:</td>'."\n";
120
        print '    <td><input type="password" id="'.$caller->getPostPasswordField()
121
            .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
122
        print '</tr>'."\n";
123
        print '<tr>'."\n";
124
 
125
        //onClick=" '.$loginOnClick.' "
126
        print '    <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
127
            .'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
128
        print '</tr>'."\n";
129
        print '</table>'."\n";
130
 
131
        // Might be a good idea to make the variable name variable
132
        print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
133
        print '</form>'."\n";
134
        print '</center>'."\n";
135
    }
136
 
137
    // }}}
138
 
139
}
140
 
141
?>