1: <?php
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22: 23: 24: 25: 26: 27: 28:
29:
30: 31: 32: 33: 34: 35: 36: 37: 38: 39: 40: 41: 42: 43: 44: 45:
46: function F_loginForm($faction, $fid, $fmethod, $fenctype, $username)
47: {
48: global $l;
49: require_once('../config/tce_config.php');
50: require_once('../../shared/config/tce_user_registration.php');
51: $str = '';
52: $str .= '<div class="container">'.K_NEWLINE;
53: if (K_USRREG_ENABLED) {
54: $str .= '<small><a href="../../public/code/tce_user_registration.php" title="'.$l['t_user_registration'].'">'.$l['w_user_registration_link'].'</a></small>'.K_NEWLINE;
55: }
56: $str .= '<div class="tceformbox">'.K_NEWLINE;
57: $str .= '<form action="'.$faction.'" method="'.$fmethod.'" id="'.$fid.'" enctype="'.$fenctype.'">'.K_NEWLINE;
58:
59: $str .= getFormRowTextInput('xuser_name', $l['w_username'], $l['h_login_name'], '', $username, '', 255, false, false, false, '');
60:
61: $str .= getFormRowTextInput('xuser_password', $l['w_password'], $l['h_password'], '', '', '', 255, false, false, true, '');
62:
63: if (K_OTP_LOGIN) {
64: $str .= getFormRowTextInput('xuser_otpcode', $l['w_otpcode'], $l['h_otpcode'], '', '', '', 255, false, false, true, '');
65: }
66: if (defined('K_PASSWORD_RESET') and K_PASSWORD_RESET) {
67:
68: $str .= '<div class="row">'.K_NEWLINE;
69: $str .= '<span class="formw"><a href="../../public/code/tce_password_reset.php" title="'.$l['h_reset_password'].'" style="font-size:90%;">'.$l['w_forgot_password'].'</a></span>'.K_NEWLINE;
70: $str .= '</div>'.K_NEWLINE;
71: }
72:
73: $str .= '<div class="row">'.K_NEWLINE;
74: $str .= '<input type="submit" name="login" id="login" value="'.$l['w_login'].'" title="'.$l['h_login_button'].'" />'.K_NEWLINE;
75:
76: $str .= '<input type="hidden" name="logaction" id="logaction" value="login" />'.K_NEWLINE;
77: $str .= '</div>'.K_NEWLINE;
78: $str .= '</form>'.K_NEWLINE;
79: $str .= '</div>'.K_NEWLINE;
80: $str .= '<div class="pagehelp">'.$l['hp_login'].'</div>'.K_NEWLINE;
81: $str .= '</div>'.K_NEWLINE;
82: return $str;
83: }
84:
85: 86: 87: 88:
89: function F_login_form()
90: {
91: global $l, $thispage_title;
92: global $xuser_name, $xuser_password;
93: require_once('../config/tce_config.php');
94:
95: require_once('../../shared/config/tce_httpbasic.php');
96: if (K_HTTPBASIC_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
97:
98: header('WWW-Authenticate: Basic realm="TCExam"');
99: header('HTTP/1.0 401 Unauthorized');
100: require_once('../code/tce_page_header.php');
101: F_print_error('WARNING', $l['m_authorization_denied']);
102: require_once('../code/tce_page_footer.php');
103: exit();
104: }
105:
106: require_once('../../shared/config/tce_shibboleth.php');
107: if (K_SHIBBOLETH_ENABLED and (!isset($_SESSION['logout']) or !$_SESSION['logout'])) {
108:
109: header('Location: '.K_SHIBBOLETH_LOGIN);
110:
111: echo '<'.'?xml version="1.0" encoding="'.$l['a_meta_charset'].'"?'.'>'.K_NEWLINE;
112: echo '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">'.K_NEWLINE;
113: echo '<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="'.$l['a_meta_language'].'" lang="'.$l['a_meta_language'].'" dir="'.$l['a_meta_dir'].'">'.K_NEWLINE;
114: echo '<head>'.K_NEWLINE;
115: echo '<title>LOGIN</title>'.K_NEWLINE;
116: echo '<meta http-equiv="refresh" content="0" />'.K_NEWLINE;
117: echo '</head>'.K_NEWLINE;
118: echo '<body>'.K_NEWLINE;
119: echo '<a href="'.K_SHIBBOLETH_LOGIN.'">LOGIN</a>'.K_NEWLINE;
120: echo '</body>'.K_NEWLINE;
121: echo '</html>'.K_NEWLINE;
122: exit();
123: }
124: require_once('../../shared/code/tce_functions_form.php');
125: $thispage_title = $l['t_login_form'];
126: require_once('../code/tce_page_header.php');
127: echo F_loginForm($_SERVER['SCRIPT_NAME'], 'form_login', 'post', 'multipart/form-data', $xuser_name);
128: require_once('../code/tce_page_footer.php');
129: exit();
130: }
131:
132:
133: 134: 135: 136:
137: function F_logout_form()
138: {
139: global $l;
140: require_once('../config/tce_config.php');
141: require_once('../../shared/code/tce_functions_form.php');
142: $str = K_NEWLINE;
143: $str .= '<div class="container">'.K_NEWLINE;
144: $str .= '<div class="tceformbox">'.K_NEWLINE;
145: $str .= '<form action="../code/tce_logout.php" method="post" id="form_logout" enctype="multipart/form-data">'.K_NEWLINE;
146:
147: $str .= '<div class="row">'.K_NEWLINE;
148: $str .= $l['d_logout_desc'].K_NEWLINE;
149: $str .= '</div>'.K_NEWLINE;
150:
151: $str .= '<div class="row">'.K_NEWLINE;
152:
153: $str .= '<input type="hidden" name="current_page" id="current_page" value="'.$_SERVER['SCRIPT_NAME'].'" />'.K_NEWLINE;
154: $str .= '<input type="hidden" name="logaction" id="logaction" value="" />'.K_NEWLINE;
155: $str .= '<input type="submit" name="login" id="login" value="'.$l['w_logout'].'" />'.K_NEWLINE;
156: $str .= '</div>'.K_NEWLINE;
157: $str .= '</form>'.K_NEWLINE;
158: $str .= '</div>'.K_NEWLINE;
159: return $str;
160: }
161:
162: 163: 164: 165:
166: function F_logout_page()
167: {
168: global $l, $thispage_title;
169: require_once('../config/tce_config.php');
170: $thispage_title = $l['t_logout_form'];
171: require_once('../code/tce_page_header.php');
172: echo F_logout_form();
173: require_once('../code/tce_page_footer.php');
174: exit();
175: }
176:
177: 178: 179: 180: 181: 182: 183: 184: 185: 186:
187: function F_isAuthorizedUser($table, $field_id_name, $value_id, $field_user_id)
188: {
189: global $l,$db;
190: require_once('../config/tce_config.php');
191: $table = F_escape_sql($db, $table);
192: $field_id_name = F_escape_sql($db, $field_id_name);
193: $value_id = intval($value_id);
194: $field_user_id = F_escape_sql($db, $field_user_id);
195: $user_id = intval($_SESSION['session_user_id']);
196:
197: if (defined('K_AUTH_ADMINISTRATOR') and ($_SESSION['session_user_level'] >= K_AUTH_ADMINISTRATOR)) {
198: return true;
199: }
200:
201: if (F_count_rows($table.' WHERE '.$field_id_name.'='.$value_id.' AND '.$field_user_id.'='.$user_id.' LIMIT 1') > 0) {
202: return true;
203: }
204:
205:
206: $author_id = 0;
207: $sql = 'SELECT '.$field_user_id.' FROM '.$table.' WHERE '.$field_id_name.'='.$value_id.' LIMIT 1';
208: if ($r = F_db_query($sql, $db)) {
209: if ($m = F_db_fetch_array($r)) {
210: $author_id = $m[0];
211: }
212: } else {
213: F_display_db_error();
214: }
215: if (($author_id > 1)
216: and (F_count_rows(K_TABLE_USERGROUP.' AS ta, '.K_TABLE_USERGROUP.' AS tb
217: WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
218: AND ta.usrgrp_user_id='.$author_id.'
219: AND tb.usrgrp_user_id='.$user_id.'
220: LIMIT 1') > 0)) {
221: return true;
222: }
223: return false;
224: }
225:
226: 227: 228: 229: 230: 231: 232:
233: function F_getAuthorizedUsers($user_id)
234: {
235: global $l,$db;
236: require_once('../config/tce_config.php');
237: $str = '';
238: $user_id = intval($user_id);
239: $sql = 'SELECT tb.usrgrp_user_id
240: FROM '.K_TABLE_USERGROUP.' AS ta, '.K_TABLE_USERGROUP.' AS tb
241: WHERE ta.usrgrp_group_id=tb.usrgrp_group_id
242: AND ta.usrgrp_user_id='.$user_id.'';
243: if ($r = F_db_query($sql, $db)) {
244: while ($m = F_db_fetch_array($r)) {
245: $str .= $m[0].',';
246: }
247: } else {
248: F_display_db_error();
249: }
250:
251: $str .= $user_id;
252: return $str;
253: }
254:
255: 256: 257: 258: 259: 260: 261:
262: function F_syncUserGroups($usrid, $grpids)
263: {
264: global $l,$db;
265: require_once('../config/tce_config.php');
266: $usrid = intval($usrid);
267:
268: $newgrps = array();
269: if (is_string($grpids)) {
270:
271: $newgrps = explode(',', $grpids);
272: array_walk($newgrps, 'intval');
273: $newgrps = array_unique($newgrps, SORT_NUMERIC);
274: } elseif ($grpids == 0) {
275:
276: $sqlg = 'SELECT group_id FROM '.K_TABLE_GROUPS.'';
277: if ($rg = F_db_query($sqlg, $db)) {
278: while ($mg = F_db_fetch_array($rg)) {
279: $newgrps[] = $mg['group_id'];
280: }
281: } else {
282: F_display_db_error();
283: }
284: } elseif ($grpids > 0) {
285:
286: $newgrps[] = intval($grpids);
287: }
288: if (empty($newgrps)) {
289: return;
290: }
291:
292: $usrgrps = array();
293: $sqlu = 'SELECT usrgrp_group_id FROM '.K_TABLE_USERGROUP.' WHERE usrgrp_user_id='.$usrid.'';
294: if ($ru = F_db_query($sqlu, $db)) {
295: while ($mu = F_db_fetch_array($ru)) {
296: $usrgrps[] = $mu['usrgrp_group_id'];
297: }
298: } else {
299: F_display_db_error();
300: }
301:
302: $diffgrps = array_values(array_diff($newgrps, $usrgrps));
303:
304: foreach ($diffgrps as $grpid) {
305: if ($grpid > 0) {
306:
307: $sql = 'INSERT INTO '.K_TABLE_USERGROUP.' (
308: usrgrp_user_id,
309: usrgrp_group_id
310: ) VALUES (
311: \''.$usrid.'\',
312: \''.$grpid.'\'
313: )';
314: if (!$r = F_db_query($sql, $db)) {
315: F_display_db_error();
316: }
317: }
318: }
319: }
320:
321: 322: 323: 324: 325: 326:
327: function F_isSslCertificateValid()
328: {
329: if (!isset($_SERVER['SSL_CLIENT_M_SERIAL'])
330: or !isset($_SERVER['SSL_CLIENT_I_DN'])
331: or !isset($_SERVER['SSL_CLIENT_V_END'])
332: or !isset($_SERVER['SSL_CLIENT_VERIFY'])
333: or ($_SERVER['SSL_CLIENT_VERIFY'] !== 'SUCCESS')
334: or !isset($_SERVER['SSL_CLIENT_V_REMAIN'])
335: or ($_SERVER['SSL_CLIENT_V_REMAIN'] <= 0)) {
336:
337: return false;
338: }
339:
340: return true;
341: }
342:
343: 344: 345: 346: 347: 348: 349: 350:
351: function F_getSSLCertificateHash($cert, $pkcs12 = false)
352: {
353: if ($pkcs12) {
354: $certs = array();
355: openssl_pkcs12_read($cert, $certs, '');
356: $cert = $certs['cert'];
357: }
358: $ssldata = openssl_x509_parse($cert);
359: $sslhash = '';
360: $sslhash .= isset($ssldata['serialNumber'])?bcdechex($ssldata['serialNumber']):'';
361: $sslhash .= isset($ssldata['issuer']['C'])?$ssldata['issuer']['C']:'';
362: $sslhash .= isset($ssldata['issuer']['ST'])?$ssldata['issuer']['ST']:'';
363: $sslhash .= isset($ssldata['issuer']['O'])?$ssldata['issuer']['O']:'';
364: $sslhash .= isset($ssldata['issuer']['OU'])?$ssldata['issuer']['OU']:'';
365: $sslhash .= isset($ssldata['issuer']['CN'])?$ssldata['issuer']['CN']:'';
366: $sslhash .= isset($ssldata['issuer']['emailAddress'])?$ssldata['issuer']['emailAddress']:'';
367: $sslhash .= isset($ssldata['subject']['C'])?$ssldata['subject']['C']:'';
368: $sslhash .= isset($ssldata['subject']['ST'])?$ssldata['subject']['ST']:'';
369: $sslhash .= isset($ssldata['subject']['O'])?$ssldata['subject']['O']:'';
370: $sslhash .= isset($ssldata['subject']['OU'])?$ssldata['subject']['OU']:'';
371: $sslhash .= isset($ssldata['subject']['CN'])?$ssldata['subject']['CN']:'';
372: $sslhash .= isset($ssldata['subject']['emailAddress'])?$ssldata['subject']['emailAddress']:'';
373: if (isset($ssldata['validTo_time_t'])) {
374: $endtime = $ssldata['validTo_time_t'];
375: } else {
376: $endtime = time();
377: }
378: $sslhash .= $endtime;
379: return array(md5($sslhash), date(K_TIMESTAMP_FORMAT, $endtime));
380: }
381:
382: 383: 384: 385: 386: 387:
388: function F_getSSLClientHash()
389: {
390: $crthash = '';
391: $crthash .= isset($_SERVER['SSL_CLIENT_M_SERIAL'])?strtoupper($_SERVER['SSL_CLIENT_M_SERIAL']):'';
392: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_C'])?$_SERVER['SSL_CLIENT_I_DN_C']:'';
393: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_ST'])?$_SERVER['SSL_CLIENT_I_DN_ST']:'';
394: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_O'])?$_SERVER['SSL_CLIENT_I_DN_O']:'';
395: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_OU'])?$_SERVER['SSL_CLIENT_I_DN_OU']:'';
396: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_CN'])?$_SERVER['SSL_CLIENT_I_DN_CN']:'';
397: $crthash .= isset($_SERVER['SSL_CLIENT_I_DN_Email'])?$_SERVER['SSL_CLIENT_I_DN_Email']:'';
398: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_C'])?$_SERVER['SSL_CLIENT_S_DN_C']:'';
399: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_ST'])?$_SERVER['SSL_CLIENT_S_DN_ST']:'';
400: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_O'])?$_SERVER['SSL_CLIENT_S_DN_O']:'';
401: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_OU'])?$_SERVER['SSL_CLIENT_S_DN_OU']:'';
402: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_CN'])?$_SERVER['SSL_CLIENT_S_DN_CN']:'';
403: $crthash .= isset($_SERVER['SSL_CLIENT_S_DN_Email'])?$_SERVER['SSL_CLIENT_S_DN_Email']:'';
404: $crthash .= isset($_SERVER['SSL_CLIENT_V_END'])?strtotime($_SERVER['SSL_CLIENT_V_END']):'';
405: return md5($crthash);
406: }
407:
408:
409:
410:
411: