WebSVN – Applications.papyrus – Diff – /trunk/api/pear/Auth/Frontend/Html.php


<?php
/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */
 
/**
 * Standard Html Login form
 *
 * PHP versions 4 and 5
 *
 * LICENSE: This source file is subject to version 3.01 of the PHP license
 * that is available through the world-wide-web at the following URI:
 * http://www.php.net/license/3_01.txt.  If you did not receive a copy of
 * the PHP License and are unable to obtain it through the web, please
 * send a note to license@php.net so we can mail you a copy immediately.
 *
 * @category   Authentication
 * @package    Auth
 * @author     Martin Jansen <mj@php.net>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    CVS: $Id: Html.php,v 1.11 2007/06/12 03:11:26 aashley Exp $
 * @link       http://pear.php.net/package/Auth
 * @since      File available since Release 1.3.0
 */
 
/**
 * Standard Html Login form
 *
 * @category   Authentication
 * @package    Auth
 * @author     Yavor Shahpasov <yavo@netsmart.com.cy>
 * @author     Adam Ashley <aashley@php.net>
 * @copyright  2001-2006 The PHP Group
 * @license    http://www.php.net/license/3_01.txt  PHP License 3.01
 * @version    Release: 1.5.4  File: $Revision: 1.11 $
 * @link       http://pear.php.net/package/Auth
 * @since      Class available since Release 1.3.0
 */
class Auth_Frontend_Html {
 
    // {{{ render()
 
    /**
     * Displays the login form
     *
     * @param object The calling auth instance
     * @param string The previously used username
     * @return void
     */
    function render(&$caller, $username = '') {
        $loginOnClick = 'return true;';
 
        // Try To Use Challene response
        // TODO javascript might need some improvement for work on other browsers
        if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {
 
            // Init the secret cookie
            $caller->session['loginchallenege'] = md5(microtime());
 
            print "\n";
            print '<script language="JavaScript">'."\n";
 
            include 'Auth/Frontend/md5.js';
 
            print "\n";
            print ' function securePassword() { '."\n";
            print '   var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";
            print '   var secret = document.getElementById(\'authsecret\')'."\n";
            //print '   alert(pass);alert(secret); '."\n";
 
            // If using md5 for password storage md5 the password before
            // we hash it with the secret
            // print '   alert(pass.value);';
            if ($caller->storage->getCryptType() == 'md5' ) {
                print '   pass.value = hex_md5(pass.value); '."\n";
                #print '   alert(pass.value);';
            }
 
            print '   pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";
            // print '   alert(pass.value);';
            print '   secret.value = 1;'."\n";
            print '   var doLogin = document.getElementById(\'doLogin\')'."\n";
            print '   doLogin.disabled = true;'."\n";
            print '   return true;';
            print ' } '."\n";
            print '</script>'."\n";;
            print "\n";
 
            $loginOnClick = ' return securePassword(); ';
        }
 
        print '<center>'."\n";
 
        $status = '';
        if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {
            $status = '<i>Your session has expired. Please login again!</i>'."\n";
        } else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {
            $status = '<i>You have been idle for too long. Please login again!</i>'."\n";
        } else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {
            $status = '<i>Wrong login data!</i>'."\n";
        } else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {
            $status = '<i>Security problem detected. </i>'."\n";
        }
 
        print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '
            .'onSubmit="'.$loginOnClick.'">'."\n";
        print '<table border="0" cellpadding="2" cellspacing="0" '
            .'summary="login form" align="center" >'."\n";
        print '<tr>'."\n";
        print '    <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'
            .$status.'</td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";
        print '    <td>Username:</td>'."\n";
        print '    <td><input type="text" id="'.$caller->getPostUsernameField()
            .'" name="'.$caller->getPostUsernameField().'" value="' . $username
            .'" /></td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";
        print '    <td>Password:</td>'."\n";
        print '    <td><input type="password" id="'.$caller->getPostPasswordField()
            .'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";
        print '</tr>'."\n";
        print '<tr>'."\n";
 
        //onClick=" '.$loginOnClick.' "
        print '    <td colspan="2" bgcolor="#eeeeee"><input value="Login" '
            .'id="doLogin" name="doLogin" type="submit" /></td>'."\n";
        print '</tr>'."\n";
        print '</table>'."\n";
 
        // Might be a good idea to make the variable name variable
        print '<input type="hidden" id="authsecret" name="authsecret" value="" />';
        print '</form>'."\n";
        print '</center>'."\n";
    }
 
    // }}}
 
}
 
?>

Subversion Repositories Applications.papyrus

(root)/trunk/api/pear/Auth/Frontend/Html.php – Rev 1713 → 2150

Rev 1713		Rev 2150
1	`<?php`	1	`<?php`
2	`/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */`	2	`/* vim: set expandtab tabstop=4 shiftwidth=4 softtabstop=4 foldmethod=marker: */`
3		3
4	`/**`	4	`/**`
5	`* Standard Html Login form`	5	`* Standard Html Login form`
6	`*`	6	`*`
7	`* PHP versions 4 and 5`	7	`* PHP versions 4 and 5`
8	`*`	8	`*`
9	`* LICENSE: This source file is subject to version 3.01 of the PHP license`	9	`* LICENSE: This source file is subject to version 3.01 of the PHP license`
10	`* that is available through the world-wide-web at the following URI:`	10	`* that is available through the world-wide-web at the following URI:`
11	`* http://www.php.net/license/3_01.txt. If you did not receive a copy of`	11	`* http://www.php.net/license/3_01.txt. If you did not receive a copy of`
12	`* the PHP License and are unable to obtain it through the web, please`	12	`* the PHP License and are unable to obtain it through the web, please`
13	`* send a note to license@php.net so we can mail you a copy immediately.`	13	`* send a note to license@php.net so we can mail you a copy immediately.`
14	`*`	14	`*`
15	`* @category Authentication`	15	`* @category Authentication`
16	`* @package Auth`	16	`* @package Auth`
17	`* @author Martin Jansen <mj@php.net>`	17	`* @author Martin Jansen <mj@php.net>`
18	`* @author Adam Ashley <aashley@php.net>`	18	`* @author Adam Ashley <aashley@php.net>`
19	`* @copyright 2001-2006 The PHP Group`	19	`* @copyright 2001-2006 The PHP Group`
20	`* @license http://www.php.net/license/3_01.txt PHP License 3.01`	20	`* @license http://www.php.net/license/3_01.txt PHP License 3.01`
21	`* @version CVS: $Id: Html.php,v 1.2 2007-11-19 15:11:00 jp_milcent Exp $`	21	`* @version CVS: $Id: Html.php,v 1.11 2007/06/12 03:11:26 aashley Exp $`
22	`* @link http://pear.php.net/package/Auth`	22	`* @link http://pear.php.net/package/Auth`
23	`* @since File available since Release 1.3.0`	23	`* @since File available since Release 1.3.0`
24	`*/`	24	`*/`
25		25
26	`/**`	26	`/**`
27	`* Standard Html Login form`	27	`* Standard Html Login form`
28	`*`	28	`*`
29	`* @category Authentication`	29	`* @category Authentication`
30	`* @package Auth`	30	`* @package Auth`
31	`* @author Yavor Shahpasov <yavo@netsmart.com.cy>`	31	`* @author Yavor Shahpasov <yavo@netsmart.com.cy>`
32	`* @author Adam Ashley <aashley@php.net>`	32	`* @author Adam Ashley <aashley@php.net>`
33	`* @copyright 2001-2006 The PHP Group`	33	`* @copyright 2001-2006 The PHP Group`
34	`* @license http://www.php.net/license/3_01.txt PHP License 3.01`	34	`* @license http://www.php.net/license/3_01.txt PHP License 3.01`
35	`* @version Release: 1.5.4 File: $Revision: 1.2 $`	35	`* @version Release: 1.5.4 File: $Revision: 1.11 $`
36	`* @link http://pear.php.net/package/Auth`	36	`* @link http://pear.php.net/package/Auth`
37	`* @since Class available since Release 1.3.0`	37	`* @since Class available since Release 1.3.0`
38	`*/`	38	`*/`
39	`class Auth_Frontend_Html {`	39	`class Auth_Frontend_Html {`
40		40
41	`// {{{ render()`	41	`// {{{ render()`
42		42
43	`/**`	43	`/**`
44	`* Displays the login form`	44	`* Displays the login form`
45	`*`	45	`*`
46	`* @param object The calling auth instance`	46	`* @param object The calling auth instance`
47	`* @param string The previously used username`	47	`* @param string The previously used username`
48	`* @return void`	48	`* @return void`
49	`*/`	49	`*/`
50	`function render(&$caller, $username = '') {`	50	`function render(&$caller, $username = '') {`
51	`$loginOnClick = 'return true;';`	51	`$loginOnClick = 'return true;';`
52		52
53	`// Try To Use Challene response`	53	`// Try To Use Challene response`
54	`// TODO javascript might need some improvement for work on other browsers`	54	`// TODO javascript might need some improvement for work on other browsers`
55	`if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {`	55	`if($caller->advancedsecurity && $caller->storage->supportsChallengeResponse() ) {`
56		56
57	`// Init the secret cookie`	57	`// Init the secret cookie`
58	`$caller->session['loginchallenege'] = md5(microtime());`	58	`$caller->session['loginchallenege'] = md5(microtime());`
59		59
60	`print "\n";`	60	`print "\n";`
61	`print '<script language="JavaScript">'."\n";`	61	`print '<script language="JavaScript">'."\n";`
62		62
63	`include 'Auth/Frontend/md5.js';`	63	`include 'Auth/Frontend/md5.js';`
64		64
65	`print "\n";`	65	`print "\n";`
66	`print ' function securePassword() { '."\n";`	66	`print ' function securePassword() { '."\n";`
67	`print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";`	67	`print ' var pass = document.getElementById(\''.$caller->getPostPasswordField().'\');'."\n";`
68	`print ' var secret = document.getElementById(\'authsecret\')'."\n";`	68	`print ' var secret = document.getElementById(\'authsecret\')'."\n";`
69	`//print ' alert(pass);alert(secret); '."\n";`	69	`//print ' alert(pass);alert(secret); '."\n";`
70		70
71	`// If using md5 for password storage md5 the password before`	71	`// If using md5 for password storage md5 the password before`
72	`// we hash it with the secret`	72	`// we hash it with the secret`
73	`// print ' alert(pass.value);';`	73	`// print ' alert(pass.value);';`
74	`if ($caller->storage->getCryptType() == 'md5' ) {`	74	`if ($caller->storage->getCryptType() == 'md5' ) {`
75	`print ' pass.value = hex_md5(pass.value); '."\n";`	75	`print ' pass.value = hex_md5(pass.value); '."\n";`
76	`#print ' alert(pass.value);';`	76	`#print ' alert(pass.value);';`
77	`}`	77	`}`
78		78
79	`print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";`	79	`print ' pass.value = hex_md5(pass.value+\''.$caller->session['loginchallenege'].'\'); '."\n";`
80	`// print ' alert(pass.value);';`	80	`// print ' alert(pass.value);';`
81	`print ' secret.value = 1;'."\n";`	81	`print ' secret.value = 1;'."\n";`
82	`print ' var doLogin = document.getElementById(\'doLogin\')'."\n";`	82	`print ' var doLogin = document.getElementById(\'doLogin\')'."\n";`
83	`print ' doLogin.disabled = true;'."\n";`	83	`print ' doLogin.disabled = true;'."\n";`
84	`print ' return true;';`	84	`print ' return true;';`
85	`print ' } '."\n";`	85	`print ' } '."\n";`
86	`print '</script>'."\n";;`	86	`print '</script>'."\n";;`
87	`print "\n";`	87	`print "\n";`
88		88
89	`$loginOnClick = ' return securePassword(); ';`	89	`$loginOnClick = ' return securePassword(); ';`
90	`}`	90	`}`
91		91
92	`print '<center>'."\n";`	92	`print '<center>'."\n";`
93		93
94	`$status = '';`	94	`$status = '';`
95	`if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {`	95	`if (!empty($caller->status) && $caller->status == AUTH_EXPIRED) {`
96	`$status = '<i>Your session has expired. Please login again!</i>'."\n";`	96	`$status = '<i>Your session has expired. Please login again!</i>'."\n";`
97	`} else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {`	97	`} else if (!empty($caller->status) && $caller->status == AUTH_IDLED) {`
98	`$status = '<i>You have been idle for too long. Please login again!</i>'."\n";`	98	`$status = '<i>You have been idle for too long. Please login again!</i>'."\n";`
99	`} else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {`	99	`} else if (!empty ($caller->status) && $caller->status == AUTH_WRONG_LOGIN) {`
100	`$status = '<i>Wrong login data!</i>'."\n";`	100	`$status = '<i>Wrong login data!</i>'."\n";`
101	`} else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {`	101	`} else if (!empty ($caller->status) && $caller->status == AUTH_SECURITY_BREACH) {`
102	`$status = '<i>Security problem detected. </i>'."\n";`	102	`$status = '<i>Security problem detected. </i>'."\n";`
103	`}`	103	`}`
104		104
105	`print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '`	105	`print '<form method="post" action="'.$caller->server['PHP_SELF'].'" '`
106	`.'onSubmit="'.$loginOnClick.'">'."\n";`	106	`.'onSubmit="'.$loginOnClick.'">'."\n";`
107	`print '<table border="0" cellpadding="2" cellspacing="0" '`	107	`print '<table border="0" cellpadding="2" cellspacing="0" '`
108	`.'summary="login form" align="center" >'."\n";`	108	`.'summary="login form" align="center" >'."\n";`
109	`print '<tr>'."\n";`	109	`print '<tr>'."\n";`
110	`print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'`	110	`print ' <td colspan="2" bgcolor="#eeeeee"><strong>Login </strong>'`
111	`.$status.'</td>'."\n";`	111	`.$status.'</td>'."\n";`
112	`print '</tr>'."\n";`	112	`print '</tr>'."\n";`
113	`print '<tr>'."\n";`	113	`print '<tr>'."\n";`
114	`print ' <td>Username:</td>'."\n";`	114	`print ' <td>Username:</td>'."\n";`
115	`print ' <td><input type="text" id="'.$caller->getPostUsernameField()`	115	`print ' <td><input type="text" id="'.$caller->getPostUsernameField()`
116	`.'" name="'.$caller->getPostUsernameField().'" value="' . $username`	116	`.'" name="'.$caller->getPostUsernameField().'" value="' . $username`
117	`.'" /></td>'."\n";`	117	`.'" /></td>'."\n";`
118	`print '</tr>'."\n";`	118	`print '</tr>'."\n";`
119	`print '<tr>'."\n";`	119	`print '<tr>'."\n";`
120	`print ' <td>Password:</td>'."\n";`	120	`print ' <td>Password:</td>'."\n";`
121	`print ' <td><input type="password" id="'.$caller->getPostPasswordField()`	121	`print ' <td><input type="password" id="'.$caller->getPostPasswordField()`
122	`.'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";`	122	`.'" name="'.$caller->getPostPasswordField().'" /></td>'."\n";`
123	`print '</tr>'."\n";`	123	`print '</tr>'."\n";`
124	`print '<tr>'."\n";`	124	`print '<tr>'."\n";`
125		125
126	`//onClick=" '.$loginOnClick.' "`	126	`//onClick=" '.$loginOnClick.' "`
127	`print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" '`	127	`print ' <td colspan="2" bgcolor="#eeeeee"><input value="Login" '`
128	`.'id="doLogin" name="doLogin" type="submit" /></td>'."\n";`	128	`.'id="doLogin" name="doLogin" type="submit" /></td>'."\n";`
129	`print '</tr>'."\n";`	129	`print '</tr>'."\n";`
130	`print '</table>'."\n";`	130	`print '</table>'."\n";`
131		131
132	`// Might be a good idea to make the variable name variable`	132	`// Might be a good idea to make the variable name variable`
133	`print '<input type="hidden" id="authsecret" name="authsecret" value="" />';`	133	`print '<input type="hidden" id="authsecret" name="authsecret" value="" />';`
134	`print '</form>'."\n";`	134	`print '</form>'."\n";`
135	`print '</center>'."\n";`	135	`print '</center>'."\n";`
136	`}`	136	`}`
137		137
138	`// }}}`	138	`// }}}`
139		139
140	`}`	140	`}`
141		141
142	`?>`	142	`?>`