New file |
0,0 → 1,142 |
<?php |
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */ |
|
/** |
* Standard Html Login form |
* |
* PHP versions 4 and 5 |
* |
* LICENSE: This source file is subject to version 3.01 of the PHP license |
* that is available through the world-wide-web at the following URI: |
* http://www.php.net/license/3_01.txt. If you did not receive a copy of |
* the PHP License and are unable to obtain it through the web, please |
* send a note to license@php.net so we can mail you a copy immediately. |
* |
* @category Authentication |
* @package Auth |
* @author Martin Jansen <mj@php.net> |
* @author Adam Ashley <aashley@php.net> |
* @copyright 2001-2006 The PHP Group |
* @license http://www.php.net/license/3_01.txt PHP License 3.01 |
* @version CVS: $Id$ |
* @link http://pear.php.net/package/Auth |
* @since File available since Release 1.3.0 |
*/ |
|
/** |
* Standard Html Login form |
* |
* @category Authentication |
* @package Auth |
* @author Yavor Shahpasov <yavo@netsmart.com.cy> |
* @author Adam Ashley <aashley@php.net> |
* @copyright 2001-2006 The PHP Group |
* @license http://www.php.net/license/3_01.txt PHP License 3.01 |
* @version Release: @package_version@ File: $Revision$ |
* @link http://pear.php.net/package/Auth |
* @since Class available since Release 1.3.0 |
*/ |
class Auth_Frontend_Html { |
|
// {{{ render() |
|
/** |
* Displays the login form |
* |
* @param object The calling auth instance |
* @param string The previously used username |
* @return void |
*/ |
function render(&$caller, $username = '') { |
$loginOnClick = 'return true;'; |
|
// Try To Use Challene response |
// TODO javascript might need some improvement for work on other browsers |
if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) { |
|
// Init the secret cookie |
$caller->session['loginchallenege'] = md5(microtime()); |
|
print "\n"; |
print '<script language="JavaScript">'."\n"; |
|
include 'Auth/Frontend/md5.js'; |
|
print "\n"; |
print ' function securePassword() { '."\n"; |
print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n"; |
print ' var secret = document.getElementById(\'authsecret\')'."\n"; |
//print ' alert(pass);alert(secret); '."\n"; |
|
// If using md5 for password storage md5 the password before |
// we hash it with the secret |
// print ' alert(pass.value);'; |
if ($caller->storage->getCryptType() == 'md5' ) { |
print ' pass.value = hex_md5(pass.value); '."\n"; |
#print ' alert(pass.value);'; |
} |
|
print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n"; |
// print ' alert(pass.value);'; |
print ' secret.value = 1;'."\n"; |
print ' var doLogin = document.getElementById(\'doLogin\')'."\n"; |
print ' doLogin.disabled = true;'."\n"; |
print ' return true;'; |
print ' } '."\n"; |
print '</script>'."\n";; |
print "\n"; |
|
$loginOnClick = ' return securePassword(); '; |
} |
|
print '<center>'."\n"; |
|
$status = ''; |
if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) { |
$status = '<i>Your session has expired. Please login again!</i>'."\n"; |
} else if (!empty($caller->status) && $caller->status == AUTH_IDLED) { |
$status = '<i>You have been idle for too long. Please login again!</i>'."\n"; |
} else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) { |
$status = '<i>Wrong login data!</i>'."\n"; |
} else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) { |
$status = '<i>Security problem detected. </i>'."\n"; |
} |
|
print '<form method="post" action="'.$caller->server['PHP_SELF'].'" ' |
.'onSubmit="'.$loginOnClick.'">'."\n"; |
print '<table border="0" cellpadding="2" cellspacing="0" ' |
.'summary="login form" align="center" >'."\n"; |
print '<tr>'."\n"; |
print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>' |
.$status.'</td>'."\n"; |
print '</tr>'."\n"; |
print '<tr>'."\n"; |
print ' <td>Username:</td>'."\n"; |
print ' <td><input type="text" id="'.$caller->getPostUsernameField() |
.'" name="'.$caller->getPostUsernameField().'" value="' . $username |
.'" /></td>'."\n"; |
print '</tr>'."\n"; |
print '<tr>'."\n"; |
print ' <td>Password:</td>'."\n"; |
print ' <td><input type="password" id="'.$caller->getPostPasswordField() |
.'" name="'.$caller->getPostPasswordField().'" /></td>'."\n"; |
print '</tr>'."\n"; |
print '<tr>'."\n"; |
|
//onClick=" '.$loginOnClick.' " |
print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" ' |
.'id="doLogin" name="doLogin" type="submit" /></td>'."\n"; |
print '</tr>'."\n"; |
print '</table>'."\n"; |
|
// Might be a good idea to make the variable name variable |
print '<input type="hidden" id="authsecret" name="authsecret" value="" />'; |
print '</form>'."\n"; |
print '</center>'."\n"; |
} |
|
// }}} |
|
} |
|
?> |