Changeset 717
- Timestamp:
- 09/07/05 22:16:10 (8 years ago)
- Location:
- trunk/wifidog-auth
- Files:
-
- 15 modified
-
ChangeLog (modified) (1 diff)
-
wifidog/admin/hotspot.php (modified) (1 diff)
-
wifidog/admin/hotspot_owner.php (modified) (1 diff)
-
wifidog/auth/index.php (modified) (4 diffs)
-
wifidog/change_password.php (modified) (1 diff)
-
wifidog/classes/Authenticator.php (modified) (2 diffs)
-
wifidog/classes/AuthenticatorLocalUser.php (modified) (2 diffs)
-
wifidog/classes/AuthenticatorRadius.php (modified) (8 diffs)
-
wifidog/classes/Network.php (modified) (1 diff)
-
wifidog/classes/Security.php (modified) (2 diffs)
-
wifidog/classes/User.php (modified) (10 diffs)
-
wifidog/install.php (modified) (1 diff)
-
wifidog/lib/RssPressReview/RssPressReview.php (modified) (4 diffs)
-
wifidog/login/index.php (modified) (8 diffs)
-
wifidog/signup.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/wifidog-auth/ChangeLog
r716 r717 1 2005-09-07 Benoit Grégoire <bock@step.polymtl.ca> 2 * RssPressReview.php: Fix z-index so the hovers will overlap the expanded news. 3 * login/index.php: Reorganise code to make it more legible and comment what it does. 4 Emphasise error messages and put them right above where they clicked so users can actually see them. 5 * Security.php: Remove deprecated login code 6 * Authenticator.php: Change calling convention for better encapsulation 7 * New feature: Support multiple simultaneous logins if enabled in network configuration 8 * New feature (in testing): Splash-only node support 9 1 10 2005-09-05 Benoit Grégoire <bock@step.polymtl.ca> 2 11 * include/common.php: Add code to undo the effect of magic_quote if enabled in the server config. It is still strongly recommended to disable magic_quote -
trunk/wifidog-auth/wifidog/admin/hotspot.php
r601 r717 32 32 require_once BASEPATH.'classes/Node.php'; 33 33 require_once BASEPATH.'classes/User.php'; 34 35 $user_id = $session->get(SESS_USER_ID_VAR);36 $smarty->assign("user_id", $user_id); // DEBUG37 34 38 35 empty($_REQUEST['action']) ? $action = '' : $action = $_REQUEST['action']; -
trunk/wifidog-auth/wifidog/admin/hotspot_owner.php
r636 r717 37 37 require_once BASEPATH.'classes/User.php'; 38 38 39 $user_id = $session->get(SESS_USER_ID_VAR);39 $user_id = User::getCurrentUser()->getId(); 40 40 $smarty->assign("user_id", $user_id); // DEBUG 41 41 -
trunk/wifidog-auth/wifidog/auth/index.php
r712 r717 43 43 { 44 44 // Retrieve the associated authenticator 45 $authenticator = Network::getObject($info['account_origin'])->getAuthenticator(); 45 $network = Network::getObject($info['account_origin']); 46 $authenticator = $network->getAuthenticator(); 46 47 if(!$authenticator) 47 48 { … … 64 65 { 65 66 // Start accounting 66 if($authenticator->acctStart($info , $auth_message))67 if($authenticator->acctStart($info['conn_id'], $auth_message)) 67 68 $auth_response = ACCOUNT_STATUS_ALLOWED; 68 69 else … … 94 95 if ($info['token_status'] == TOKEN_INUSE) 95 96 { 96 /* This is for the 15 minutes validation period, the exact same code is also present inwhen the stage is login. If you update this one don't forget to update the other one! */97 /* This is for the 15 minutes validation period, the exact same code is also present when the stage is login. If you update this one don't forget to update the other one! */ 97 98 if (($info['account_status'] == ACCOUNT_STATUS_VALIDATION) && ($info['validation_grace_time_expired'] == 't')) 98 99 { … … 115 116 if (($incoming >= $info['incoming']) && ($outgoing >= $info['outgoing'])) 116 117 { 117 $authenticator->acctUpdate($info , $incoming, $outgoing);118 $authenticator->acctUpdate($info['conn_id'], $incoming, $outgoing); 118 119 $auth_message .= "| Updated counters. "; 119 120 } -
trunk/wifidog-auth/wifidog/change_password.php
r711 r717 51 51 // Warning for now, password change only works for local users, registered through our signup process. 52 52 $user = User::getUserByUsernameAndOrigin($username, $account_origin); 53 /** 54 * utf8_decode is used for backward compatibility with old passwords 55 * containing special characters. 56 * Conversion from UTF-8 to ISO-8859-1 is done to match the MD5 hash 57 */ 58 if ($user->getPasswordHash() != User::passwordHash(utf8_decode($current_password))) 53 if ($user->getPasswordHash() != User::passwordHash($current_password)) 59 54 throw new Exception(_("Wrong password.")); 60 55 -
trunk/wifidog-auth/wifidog/classes/Authenticator.php
r715 r717 49 49 } 50 50 51 /** Start accounting traffic for the user */ 52 function acctStart($info) 53 { 51 /** Start accounting traffic for the user 52 * $conn_id: The connection id for the connection to work on */ 53 function acctStart($conn_id) 54 {//$info['conn_id'] 54 55 global $db; 56 $conn_id = $db->escapeString($conn_id); 57 $db->ExecSqlUniqueRes("SELECT NOW(), *, CASE WHEN ((NOW() - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired FROM connections JOIN users ON (users.user_id=connections.user_id) JOIN networks ON (users.account_origin = networks.network_id) WHERE connections.conn_id='$conn_id'", $info, false); 58 $network= Network::getObject($info['network_id']); 59 $splash_user_id = $network->getSplashOnlyUser()->getId(); 55 60 $auth_response = $info['account_status']; 56 61 /* Login the user */ 57 62 $mac = $db->EscapeString($_REQUEST['mac']); 58 63 $ip = $db->EscapeString($_REQUEST['ip']); 59 $sql = "UPDATE connections SET "."token_status='".TOKEN_INUSE."',"."user_mac='$mac',"."user_ip='$ip',"."last_updated=NOW()"."WHERE conn_id='{$ info['conn_id']}';\n";64 $sql = "UPDATE connections SET "."token_status='".TOKEN_INUSE."',"."user_mac='$mac',"."user_ip='$ip',"."last_updated=NOW()"."WHERE conn_id='{$conn_id}';\n"; 60 65 $db->ExecSqlUpdate($sql, false); 61 62 /* Logging in with a new token implies that all other active tokens should expire */ 63 $token = $db->EscapeString($_REQUEST['token']); 64 $sql = "UPDATE connections SET "."timestamp_out=NOW(), token_status='".TOKEN_USED."' "."WHERE user_id = '{$info['user_id']}' AND token_status='".TOKEN_INUSE."' AND token!='$token';\n"; 65 $db->ExecSqlUpdate($sql, false); 66 if($splash_user_id != $info['user_id'] && $network->getMultipleLoginAllowed()==false) 67 { 68 /* The user isn't the splash_only user and the network config does not allow multiple logins. 69 * Logging in with a new token implies that all other active tokens should expire */ 70 $token = $db->EscapeString($_REQUEST['token']); 71 $sql = "UPDATE connections SET "."timestamp_out=NOW(), token_status='".TOKEN_USED."' "."WHERE user_id = '{$info['user_id']}' AND token_status='".TOKEN_INUSE."' AND token!='$token';\n"; 72 $db->ExecSqlUpdate($sql, false); 73 } 74 66 75 /* Delete all unused tokens for this user, so we don't fill the database with them */ 67 76 $sql = "DELETE FROM connections "."WHERE token_status='".TOKEN_UNUSED."' AND user_id = '{$info['user_id']}';\n"; … … 69 78 } 70 79 71 /** Update traffic counters */ 72 function acctUpdate($info, $incoming, $outgoing) 80 /** Update traffic counters 81 * $conn_id: The connection id for the connection to work on */ 82 function acctUpdate($conn_id, $incoming, $outgoing) 73 83 { 74 84 // Write traffic counters to database 75 85 global $db; 76 $db->ExecSqlUpdate("UPDATE connections SET "."incoming='$incoming',"."outgoing='$outgoing',"."last_updated=NOW() "."WHERE conn_id='{$info['conn_id']}'"); 86 $conn_id = $db->escapeString($conn_id); 87 $db->ExecSqlUpdate("UPDATE connections SET "."incoming='$incoming',"."outgoing='$outgoing',"."last_updated=NOW() "."WHERE conn_id='{$conn_id}'"); 77 88 } 78 89 79 /** Final update and stop accounting */ 80 function acctStop($info) 90 /** Final update and stop accounting 91 * $conn_id: The connection id (the token id) for the connection to work on 92 * */ 93 function acctStop($conn_id) 81 94 { 82 95 // Stop traffic counters update 83 96 global $db; 84 $db->ExecSqlUpdate("UPDATE connections SET "."timestamp_out=NOW(),"."token_status='".TOKEN_USED."' "."WHERE conn_id='{$info['conn_id']}';\n", false); 97 $conn_id = $db->escapeString($conn_id); 98 $db->ExecSqlUpdate("UPDATE connections SET "."timestamp_out=NOW(),"."token_status='".TOKEN_USED."' "."WHERE conn_id='{$conn_id}';\n", false); 85 99 } 86 100 -
trunk/wifidog-auth/wifidog/classes/AuthenticatorLocalUser.php
r708 r717 61 61 $username = $db->EscapeString($username); 62 62 $password = $db->EscapeString($password); 63 /** 64 * utf8_decode is used for backward compatibility with old passwords 65 * containing special characters. 66 * Conversion from UTF-8 to ISO-8859-1 is done to match the MD5 hash 67 */ 68 $password_hash = User :: passwordHash(utf8_decode($_REQUEST['password'])); 63 $password_hash = User :: passwordHash($_REQUEST['password']); 69 64 70 65 $sql = "SELECT user_id FROM users WHERE (username='$username' OR email='$username') AND account_origin='".$this->getAccountOrigin()."' AND pass='$password_hash'"; … … 77 72 { 78 73 $retval = & $user; 79 $security->login($user->getId(), $password_hash);74 User::setCurrentUser($user); 80 75 $errmsg = _("Login successfull"); 81 76 } -
trunk/wifidog-auth/wifidog/classes/AuthenticatorRadius.php
r708 r717 74 74 * @param username: A valid identifying token for the source. Not necessarily unique. For local user, bots username and email are valid. 75 75 * @param password: Clear text password. 76 * @retval The actual User object if sogin was successfull, false otherwise.76 * @retval The actual User object if login was successfull, false otherwise. 77 77 */ 78 78 function login($username, $password, & $errmsg = null) … … 83 83 $username = $db->EscapeString($username); 84 84 $password = $db->EscapeString($password); 85 // Local database password hashing is based on an empty string ( we do not store remote passwords )86 /**87 * Backward compatibility conversion is not needed since the password is88 * blank ( we do not keep RADIUS passwords89 */90 $password_hash = User :: passwordHash("");91 85 92 86 /* … … 161 155 // RADIUS authentication succeeded ! 162 156 // Now checking for local copy of this user 163 $sql = "SELECT user_id FROM users WHERE (username='$username') AND account_origin='".$this->getAccountOrigin()."' AND pass='$password_hash'";157 $sql = "SELECT user_id, pass FROM users WHERE (username='$username') AND account_origin='".$this->getAccountOrigin()."'"; 164 158 $db->ExecSqlUniqueRes($sql, $user_info, false); 165 159 … … 170 164 { 171 165 $retval = $user; 172 $security->login($user->getId(), $password_hash);166 User::setCurrentUser($user); 173 167 $errmsg = _("Login successfull"); 174 168 } … … 183 177 // This user has been succcessfully authenticated through remote RADIUS, but it's not yet in our local database 184 178 // Creating the user with a Global Unique ID, empty email and password 179 // Local database password hashing is based on an empty string ( we do not store remote passwords ) 185 180 $user = User :: createUser(get_guid(), $username, $this->getAccountOrigin(), "", ""); 186 181 $retval = & $user; 187 182 // Validate the user right away ! 188 183 $user->setAccountStatus(ACCOUNT_STATUS_ALLOWED); 189 $security->login($user->getId(), $password_hash);184 User::setCurrentUser($user); 190 185 $errmsg = _("Login successfull"); 191 186 } … … 208 203 } 209 204 210 /** Start accounting traffic for the user */ 211 function acctStart($info, & $errmsg = null) 212 { 205 /** Start accounting traffic for the user 206 * $conn_id: The connection id for the connection to work on */ 207 function acctStart($conn_id, & $errmsg = null) 208 { 209 global $db; 210 $conn_id = $db->escapeString($conn_id); 211 $db->ExecSqlUniqueRes("SELECT NOW(), *, CASE WHEN ((NOW() - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired FROM connections JOIN users ON (users.user_id=connections.user_id) JOIN networks ON (users.account_origin = networks.network_id) WHERE connections.conn_id='$conn_id'", $info, false); 212 213 213 // RADIUS accounting start 214 214 $radius_acct = new Auth_RADIUS_Acct_Start; … … 246 246 } 247 247 248 /** Update traffic counters */ 249 function acctUpdate($info, $incoming, $outgoing, & $errmsg = null) 248 /** Update traffic counters 249 * $conn_id: The connection id for the connection to work on */ 250 function acctUpdate($conn_id, $incoming, $outgoing, & $errmsg = null) 250 251 { 251 252 // Call generic traffic updater ( local database ) 252 parent :: acctUpdate($info, $incoming, $outgoing); 253 253 parent :: acctUpdate($conn_id, $incoming, $outgoing); 254 global $db; 255 $conn_id = $db->escapeString($conn_id); 256 $db->ExecSqlUniqueRes("SELECT NOW(), *, CASE WHEN ((NOW() - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired FROM connections JOIN users ON (users.user_id=connections.user_id) JOIN networks ON (users.account_origin = networks.network_id) WHERE connections.conn_id='$conn_id'", $info, false); 257 254 258 // RADIUS accounting ping 255 259 // Session is completely based on Database time … … 290 294 } 291 295 292 /** Final update and stop accounting */ 293 function acctStop($info, & $errmsg = null) 294 { 295 parent :: acctStop($info); 296 /** Final update and stop accounting 297 * $conn_id: The connection id (the token id) for the connection to work on 298 * */ 299 function acctStop($conn_id, & $errmsg = null) 300 { 301 parent :: acctStop($conn_id); 302 global $db; 303 $conn_id = $db->escapeString($conn_id); 304 $db->ExecSqlUniqueRes("SELECT NOW(), *, CASE WHEN ((NOW() - reg_date) > networks.validation_grace_time) THEN true ELSE false END AS validation_grace_time_expired FROM connections JOIN users ON (users.user_id=connections.user_id) JOIN networks ON (users.account_origin = networks.network_id) WHERE connections.conn_id='$conn_id'", $info, false); 296 305 297 306 // RADIUS accounting stop -
trunk/wifidog-auth/wifidog/classes/Network.php
r715 r717 445 445 } 446 446 447 /** Get's the splash-only user. This is the user that people logged-in at a splash-only hotspot will show up as. This user always has multiple-login capabilities. 448 * @param $username The username of the user 449 * @param $account_origin The account origin 450 * @return a User object 451 */ 452 public static function getSplashOnlyUser() 453 { 454 $username = 'SPLASH_ONLY_USER'; 455 456 $user = getUserByUsernameAndOrigin($username, $this); 457 if(!$user) 458 { 459 $user = User::createUser($id, $username, $this, '', ''); 460 $user->setAccountStatus(ACCOUNT_STATUS_ALLOWED); 461 } 462 return $user; 463 } 447 464 /** Are nodes allowed to redirect users to an arbitrary web page instead of the portal? 448 465 * @return true or false */ -
trunk/wifidog-auth/wifidog/classes/Security.php
r695 r717 34 34 } 35 35 36 /**37 * @deprecated Moved to User38 */39 function login($user_id, $hash) {40 global $db;41 $user_id = $db->EscapeString($user_id);42 $hash = $db->EscapeString($hash);43 $db->ExecSqlUniqueRes("SELECT * FROM users WHERE user_id='$user_id' AND pass='$hash'", $user_info, false);44 if (empty($user_info)) {45 echo '<p class=error>'._("Your user_id and password do not match")."</p>\n";46 exit;47 } else {48 /* Access granted */49 $this->session->set(SESS_USER_ID_VAR, $user_id);50 $this->session->set(SESS_PASSWORD_HASH_VAR, $hash);51 }52 }53 54 36 function requireAdmin() { 55 37 $current_user = User::getCurrentUser(); … … 66 48 67 49 function requireOwner($node_id) { 68 // If the user has super power let him i t!50 // If the user has super power let him in ! 69 51 $current_user = User::getCurrentUser(); 70 52 if ($current_user && User::getCurrentUser()->isSuperAdmin()) 71 53 return true; 72 54 73 global $db; 74 //$this->session->dump(); 75 $user = $this->session->get(SESS_USER_ID_VAR); 76 $password_hash = $this->session->get(SESS_PASSWORD_HASH_VAR); 77 78 $db->ExecSqlUniqueRes("SELECT * FROM users NATURAL JOIN node_stakeholders WHERE is_owner = true AND (users.user_id='$user') AND pass='$password_hash' AND node_stakeholders.node_id='$node_id'", $user_info, false); 79 if(empty($user_info)) { 55 $node=Node::getObject($node_id); 56 57 if(!$node->isOwner($current_user)) { 80 58 echo '<p class=error>'._("You do not have owner privileges")."</p>\n"; 81 59 exit; -
trunk/wifidog-auth/wifidog/classes/User.php
r708 r717 69 69 } 70 70 71 /** Associates the user passed in parameter with the session 71 /** Associates the user passed in parameter with the session. This should NOT be called by anything except the Authenticators 72 72 * @param User a user object 73 73 * @return boolean true if everything went well setting the session... … … 90 90 /** Instantiate a user object 91 91 * @param $username The username of the user 92 * @param $account_origin The account origin92 * @param $account_origin Network: The account origin 93 93 * @return a User object, or null if there was an error 94 94 */ 95 public static function getUserByUsernameAndOrigin($username, $account_origin)95 public static function getUserByUsernameAndOrigin($username, Network $account_origin) 96 96 { 97 97 global $db; … … 99 99 100 100 $username_str = $db->EscapeString($username); 101 $account_origin_str = $db->EscapeString($account_origin );101 $account_origin_str = $db->EscapeString($account_origin->getId()); 102 102 $db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE username = '$username_str' AND account_origin = '$account_origin_str'", $user_info, false); 103 103 … … 109 109 /** Instantiate a user object 110 110 * @param $email The email of the user 111 * @param $account_origin The account origin111 * @param $account_origin Network: The account origin 112 112 * @return a User object, or null if there was an error 113 113 */ 114 public static function getUserByEmailAndOrigin($email, $account_origin)114 public static function getUserByEmailAndOrigin($email, Network $account_origin) 115 115 { 116 116 global $db; … … 118 118 119 119 $email_str = $db->EscapeString($email); 120 $account_origin_str = $db->EscapeString($account_origin );120 $account_origin_str = $db->EscapeString($account_origin->getId()); 121 121 $db->ExecSqlUniqueRes("SELECT user_id FROM users WHERE email = '$email_str' AND account_origin = '$account_origin_str'", $user_info, false); 122 122 … … 131 131 public static function passwordHash($password) 132 132 { 133 return base64_encode(pack("H*", md5($password)));134 }135 136 /** Create a new User in the database137 * @param $id The id to be given to the new user138 * @return the newly created User object, or null if there was an error139 */140 static function createUser($id, $username, $account_origin, $email, $password)141 {142 global $db;143 144 $object = null;145 $id_str = $db->EscapeString($id);146 $username_str = $db->EscapeString($username);147 $account_origin_str = $db->EscapeString($account_origin);148 $email_str = $db->EscapeString($email);149 133 /** 150 134 * utf8_decode is used for backward compatibility with old passwords … … 152 136 * Conversion from UTF-8 to ISO-8859-1 is done to match the MD5 hash 153 137 */ 154 $password_hash = $db->EscapeString(User :: passwordHash(utf8_decode($password))); 138 return base64_encode(pack("H*", md5(utf8_decode($password)))); 139 } 140 141 /** Create a new User in the database 142 * @param $id The id to be given to the new user 143 * @return the newly created User object, or null if there was an error 144 */ 145 static function createUser($id, $username, Network $account_origin, $email, $password) 146 { 147 global $db; 148 149 $object = null; 150 $id_str = $db->EscapeString($id); 151 $username_str = $db->EscapeString($username); 152 $account_origin_str = $db->EscapeString($account_origin->getId()); 153 $email_str = $db->EscapeString($email); 154 155 $password_hash = $db->EscapeString(User :: passwordHash($password)); 155 156 $status = ACCOUNT_STATUS_VALIDATION; 156 157 $token = User :: generateToken(); … … 241 242 } 242 243 244 /** get the hashed password stored in the database */ 243 245 public function getPasswordHash() 244 246 { … … 378 380 global $db; 379 381 380 $new_password_hash = User :: passwordHash( utf8_decode($password));382 $new_password_hash = User :: passwordHash($password); 381 383 if (!($update = $db->ExecSqlUpdate("UPDATE users SET pass='$new_password_hash' WHERE user_id='{$this->id}'"))) 382 384 { … … 575 577 { 576 578 $username = $_REQUEST[$name]; 577 return self :: getUserByUsernameAndOrigin($username, $network ->GetId());579 return self :: getUserByUsernameAndOrigin($username, $network); 578 580 } 579 581 else -
trunk/wifidog-auth/wifidog/install.php
r708 r717 1172 1172 require_once BASEPATH.'classes/User.php'; 1173 1173 1174 $created_user = User :: CreateUser(get_guid(), $username, 'LOCAL_USER', $email, $password);1174 $created_user = User :: createUser(get_guid(), $username, Network::getDefaultNetwork(), $email, $password); 1175 1175 $user_id = $created_user->getId(); 1176 1176 -
trunk/wifidog-auth/wifidog/lib/RssPressReview/RssPressReview.php
r696 r717 656 656 text-decoration: none; 657 657 /*border: 1px solid black*/ } 658 /*.rpr_expand_switch:before { content: "+"; }*/659 658 660 659 .rpr_popup_inner_div { 661 z-index: 1000;662 display: inline;663 660 padding: 0.5em; 664 661 border: 2px outset #324C48; … … 670 667 width: 350px; 671 668 -moz-opacity: 0.95; filter: alpha(opacity=95); 669 z-index: 1; 672 670 } 673 671 … … 678 676 background-color: #f9f9f9; 679 677 } 678 680 679 .rpr_popup_outer_div { 681 z-index: 1000;682 680 position: relative; 683 display: inline;684 681 } 685 682 … … 768 765 $feed_html .= "</span></p>\n"; 769 766 $feed_html .= "<div class='rpr_popup_outer_div'>\n"; 767 $class = 'rpr_popup_inner_div'; 770 768 $item['rpr_is_today'] ? $class = 'rpr_popup_inner_div_expanded' : $class = 'rpr_popup_inner_div'; 771 $feed_html .= "<div class='$class' id='$dhtml_id'>\n"; 769 $style = ''; 770 //$item['rpr_is_today'] ? $style = 'z-index: 1000;' : $style = ''; 771 $item['rpr_is_today'] ? $script= "changestyle('$dhtml_id','visible');" : $script = ''; 772 $feed_html .= "<div class='$class' style='$style' id='$dhtml_id'>\n"; 773 //$feed_html .= "<script type=\"text/javascript\">$script</script>\n"; 772 774 $feed_html .= "<p class='rpr_text'>{$item['rpr_author']} ({$feed['channel']['title']}) $display_date</p>\n"; 773 775 $summary = strip_tags($item['rpr_content'], "<br><p><a><img><b><i>"); -
trunk/wifidog-auth/wifidog/login/index.php
r708 r717 21 21 \********************************************************************/ 22 22 /**@file 23 * Login page 23 * Login page, will both display the login page, and process login and logout 24 * requests. 24 25 * @author Copyright (C) 2004 Benoit Grégoire et Philippe April 25 26 */ … … 32 33 require_once BASEPATH.'classes/Network.php'; 33 34 34 // Logout process 35 if ((!empty ($_REQUEST['logout']) && $_REQUEST['logout'] == true) && ($user = User::getCurrentUser()) != null) 36 { 37 $user->logout(); 38 } 35 36 /* Start general request parameter processing section */ 37 $node = null; 38 if (!empty ($_REQUEST['gw_id'])) 39 { 40 $gw_id = $_REQUEST['gw_id']; 41 42 try 43 { 44 $node = Node :: getObject($_REQUEST['gw_id']); 45 $hotspot_name = $node->getName(); 46 $network = $node->getNetwork(); 47 } 48 catch (Exception $e) 49 { 50 $smarty->assign("error", $e->getMessage()); 51 $smarty->display("templates/generic_error.html"); 52 exit; 53 } 54 } 55 else 56 { 57 /* Gateway ID is not set... Virtual login */ 58 $network = Network::getCurrentNetwork(); 59 } 60 61 isset ($_REQUEST["username"]) && $username = $_REQUEST["username"]; 62 isset ($_REQUEST["gw_address"]) && $gw_address = $_REQUEST['gw_address']; 63 isset ($_REQUEST["gw_port"]) && $gw_port = $_REQUEST['gw_port']; 64 isset ($_REQUEST["gw_id"]) && $gw_id = $_REQUEST['gw_id']; 65 66 isset ($_REQUEST["gw_address"]) && $session->set(SESS_GW_ADDRESS_VAR, $_REQUEST['gw_address']); 67 isset ($_REQUEST["gw_port"]) && $session->set(SESS_GW_PORT_VAR, $_REQUEST['gw_port']); 68 isset ($_REQUEST["gw_id"]) && $session->set(SESS_GW_ID_VAR, $_REQUEST['gw_id']); 39 69 40 70 // Store original URL typed by user. … … 44 74 $session->set(SESS_ORIGINAL_URL_VAR, $_REQUEST['url']); 45 75 } 46 47 // Actual login process 76 /* End general request parameter processing section */ 77 78 /* Start login process section. 79 * If successfull, the browser is redirected to another page */ 80 81 /* If this is a splash-only node, skip the login interface and log-in using the splash_only user */ 82 if($node && $node->isSplashOnly()) 83 { 84 $user = getSplashOnlyUser(); 85 $token = $user->generateConnectionToken(); 86 User::setCurrentUser($user); 87 header("Location: http://".$_REQUEST['gw_address'].":".$_REQUEST['gw_port']."/wifidog/auth?token=$token"); 88 } 89 90 /* Normal login process */ 48 91 if (!empty ($_REQUEST['username']) && !empty ($_REQUEST['password']) && !empty ($_REQUEST['auth_source'])) 49 92 { 93 50 94 $errmsg = ''; 51 95 $username = $db->EscapeString($_REQUEST['username']); … … 57 101 if ($user != null) 58 102 { 59 if (isset ($_REQUEST['gw_address']) && isset ($_REQUEST['gw_port']) && ($token = $user->generateConnectionToken()))103 if (isset ($_REQUEST['gw_address']) && isset ($_REQUEST['gw_port'])) 60 104 { 105 /* Login from a gateway, redirect to the gateway to activate the token */ 106 $token = $user->generateConnectionToken(); 61 107 header("Location: http://".$_REQUEST['gw_address'].":".$_REQUEST['gw_port']."/wifidog/auth?token=$token"); 62 108 } 63 109 else 64 110 { 65 /* Virtual login */66 header("Location: ".BASE_ NON_SSL_PATH);111 /* Virtual login, redirect to the auth server homepage */ 112 header("Location: ".BASE_SSL_PATH); 67 113 } 68 114 exit; … … 75 121 else 76 122 { 123 //Note that this is executed even when we have just arrived at the login page, so the user is reminded to supply a username and password 77 124 $error = _('Your must specify your username and password'); 78 125 } 79 80 $node = null; 81 if (!empty ($_REQUEST['gw_id'])) 82 { 83 $gw_id = $_REQUEST['gw_id']; 84 85 try 86 { 87 $node = Node :: getObject($_REQUEST['gw_id']); 88 $hotspot_name = $node->getName(); 89 $network = $node->getNetwork(); 90 } 91 catch (Exception $e) 92 { 93 $smarty->assign("error", $e->getMessage()); 94 $smarty->display("templates/generic_error.html"); 95 exit; 96 } 97 } 98 else 99 { 100 /* Gateway ID is not set... Virtual login */ 101 $network = Network::getCurrentNetwork(); 102 } 103 104 isset ($_REQUEST["username"]) && $username = $_REQUEST["username"]; 105 isset ($_REQUEST["gw_address"]) && $gw_address = $_REQUEST['gw_address']; 106 isset ($_REQUEST["gw_port"]) && $gw_port = $_REQUEST['gw_port']; 107 isset ($_REQUEST["gw_id"]) && $gw_id = $_REQUEST['gw_id']; 108 109 isset ($_REQUEST["gw_address"]) && $session->set(SESS_GW_ADDRESS_VAR, $_REQUEST['gw_address']); 110 isset ($_REQUEST["gw_port"]) && $session->set(SESS_GW_PORT_VAR, $_REQUEST['gw_port']); 111 isset ($_REQUEST["gw_id"]) && $session->set(SESS_GW_ID_VAR, $_REQUEST['gw_id']); 112 126 /* End login process section.*/ 127 128 /* Start logout process section. 129 * Once logged out, we display the login page */ 130 if ((!empty ($_REQUEST['logout']) && $_REQUEST['logout'] == true) && ($user = User::getCurrentUser()) != null) 131 { 132 $user->logout(); 133 } 134 /* End logout process section. */ 135 136 /* Start login interface section */ 113 137 $html = ''; 114 138 $html .= '<div id="form">'."\n"; … … 141 165 $html .= _("Password").':<br>'."\n"; 142 166 $html .= '<input type="password" name="password" size="20"><br>'."\n"; 167 if ($error) 168 { 169 $html .= '<div class="errormsg">'."\n"; 170 $html .= "$error\n"; 171 $html .= '</div>'."\n"; 172 } 173 143 174 $html .= '<input class="submit" type="submit" name="submit" value="'._("Login").'"><br>'."\n"; 144 175 ; … … 163 194 $html .= '</div>'."\n"; 164 195 165 if ($error)166 {167 $html .= '<div id="help">'."\n";168 $html .= "$error\n";169 $html .= '</div>'."\n";170 }171 172 196 // HTML body 173 197 $hotspot_network_name = $network->getName(); … … 190 214 $ui->setMainContent($html_body); 191 215 $ui->display(); 216 /* End login interface section */ 192 217 ?> -
trunk/wifidog-auth/wifidog/signup.php
r712 r717 97 97 throw new Exception(_("Sorry, a user account is already associated to this email address.")); 98 98 99 $created_user = User :: CreateUser(get_guid(), $username, $account_origin, $email, $password);99 $created_user = User :: createUser(get_guid(), $username, $account_origin, $email, $password); 100 100 $created_user->sendValidationEmail(); 101 101 … … 112 112 113 113 // Make sure the user IDs match 114 if(($created_user->getId() == $authenticated_user->getId()) && ($token = $created_user->generateConnectionToken()))114 if(($created_user->getId() == $authenticated_user->getId())) 115 115 { 116 $token = $created_user->generateConnectionToken(); 116 117 header("Location: http://{$gw_address}:{$gw_port}/wifidog/auth?token={$token}"); 117 118 }
