1: # The LearningOnline Network
2: # Login Screen
3: #
4: # $Id: lonlogin.pm,v 1.158.2.14 2022/01/16 19:43:41 raeburn Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package Apache::lonlogin;
30:
31: use strict;
32: use Apache::Constants qw(:common);
33: use Apache::File ();
34: use Apache::lonnet;
35: use Apache::loncommon();
36: use Apache::lonauth();
37: use Apache::lonlocal;
38: use Apache::migrateuser();
39: use lib '/home/httpd/lib/perl/';
40: use LONCAPA qw(:DEFAULT :match);
41: use URI::Escape;
42: use HTML::Entities();
43: use CGI::Cookie();
44:
45: sub handler {
46: my $r = shift;
47:
48: &Apache::loncommon::get_unprocessed_cgi
49: (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
50: $ENV{'REDIRECT_QUERY_STRING'}),
51: ['interface','username','domain','firsturl','localpath','localres',
52: 'token','role','symb','iptoken','btoken','saml','sso','retry']);
53:
54: # -- check if they are a migrating user
55: if (defined($env{'form.token'})) {
56: return &Apache::migrateuser::handler($r);
57: }
58:
59: my $lonhost = $r->dir_config('lonHostID');
60: if (($env{'form.sso'}) || ($env{'form.retry'})) {
61: my $infotoken;
62: if ($env{'form.sso'}) {
63: $infotoken = $env{'form.sso'};
64: } else {
65: $infotoken = $env{'form.retry'};
66: }
67: my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost);
68: unless (($data=~/^error/) || ($data eq 'con_lost') ||
69: ($data eq 'no_such_host')) {
70: my %info = &decode_token($data);
71: foreach my $item (keys(%info)) {
72: $env{'form.'.$item} = $info{$item};
73: }
74: &Apache::lonnet::tmpdel($infotoken);
75: }
76: } else {
77: if (!defined($env{'form.firsturl'})) {
78: &Apache::lonacc::get_posted_cgi($r,['firsturl']);
79: }
80: if ($env{'form.firsturl'} eq '/adm/logout') {
81: delete($env{'form.firsturl'});
82: }
83: }
84:
85: # For "public user" - remove any exising "public" cookie, as user really wants to log-in
86: my ($handle,$lonidsdir,$expirepub,$userdom);
87: $lonidsdir=$r->dir_config('lonIDsDir');
88: unless ($r->header_only) {
89: $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom);
90: if ($handle ne '') {
91: if ($handle=~/^publicuser\_/) {
92: unlink($r->dir_config('lonIDsDir')."/$handle.id");
93: undef($handle);
94: undef($userdom);
95: $expirepub = 1;
96: }
97: }
98: }
99:
100: &Apache::loncommon::no_cache($r);
101: &Apache::lonlocal::get_language_handle($r);
102: &Apache::loncommon::content_type($r,'text/html');
103: if ($expirepub) {
104: my $c = new CGI::Cookie(-name => 'lonPubID',
105: -value => '',
106: -expires => '-10y',);
107: $r->header_out('Set-cookie' => $c);
108: } elsif (($handle eq '') && ($userdom ne '')) {
109: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
110: foreach my $name (keys(%cookies)) {
111: next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
112: my $c = new CGI::Cookie(-name => $name,
113: -value => '',
114: -expires => '-10y',);
115: $r->headers_out->add('Set-cookie' => $c);
116: }
117: }
118: $r->send_http_header;
119: return OK if $r->header_only;
120:
121:
122: # Are we re-routing?
123: my $londocroot = $r->dir_config('lonDocRoot');
124: if (-e "$londocroot/lon-status/reroute.txt") {
125: &Apache::lonauth::reroute($r);
126: return OK;
127: }
128:
129: # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
130:
131: my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1);
132: if ($found_server) {
133: my $hostname = &Apache::lonnet::hostname($found_server);
134: if ($hostname ne '') {
135: my $protocol = $Apache::lonnet::protocol{$found_server};
136: $protocol = 'http' if ($protocol ne 'https');
137: my $dest = '/adm/roles';
138: if ($env{'form.firsturl'} ne '') {
139: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
140: }
141: my %info = (
142: balcookie => $lonhost.':'.$balancer_cookie,
143: );
144: if ($env{'form.role'}) {
145: $info{'role'} = $env{'form.role'};
146: }
147: if ($env{'form.symb'}) {
148: $info{'symb'} = $env{'form.symb'};
149: }
150: my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
151: unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') ||
152: ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) {
153: $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token;
154: }
155: unless ($found_server eq $lonhost) {
156: my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server);
157: $hostname = $alias if ($alias ne '');
158: }
159: my $url = $protocol.'://'.$hostname.$dest;
160: my $start_page =
161: &Apache::loncommon::start_page('Switching Server ...',undef,
162: {'redirect' => [0,$url],});
163: my $end_page = &Apache::loncommon::end_page();
164: $r->print($start_page.$end_page);
165: return OK;
166: }
167: }
168:
169: #
170: # Check if a LON-CAPA load balancer sent user here because user's browser sent
171: # it a balancer cookie for an active session on this server.
172: #
173:
174: my $balcookie;
175: if ($env{'form.btoken'}) {
176: my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
177: $balcookie = $info{'balcookie'};
178: &Apache::lonnet::tmpdel($env{'form.btoken'});
179: delete($env{'form.btoken'});
180: }
181:
182: #
183: # If browser sent an old cookie for which the session file had been removed
184: # check if configuration for user's domain has a portal URL set. If so
185: # switch user's log-in to the portal.
186: #
187:
188: if (($handle eq '') && ($userdom ne '')) {
189: my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom);
190: if ($domdefaults{'portal_def'} =~ /^https?\:/) {
191: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
192: {'redirect' => [0,$domdefaults{'portal_def'}],});
193: my $end_page = &Apache::loncommon::end_page();
194: $r->print($start_page.$end_page);
195: return OK;
196: }
197: }
198:
199: # -------------------------------- Prevent users from attempting to login twice
200: if ($handle ne '') {
201: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
202: my $start_page =
203: &Apache::loncommon::start_page('Already logged in');
204: my $end_page =
205: &Apache::loncommon::end_page();
206: my $dest = '/adm/roles';
207: if ($env{'form.firsturl'} ne '') {
208: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
209: }
210: $r->print(
211: $start_page
212: .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
213: .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
214: '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
215: .$end_page
216: );
217: return OK;
218: }
219:
220: # ---------------------------------------------------- No valid token, continue
221:
222: # ---------------------------- Not possible to really login to domain "public"
223: if ($env{'form.domain'} eq 'public') {
224: $env{'form.domain'}='';
225: $env{'form.username'}='';
226: }
227:
228: # ------ Is this page requested because /adm/migrateuser detected an IP change?
229: my %sessiondata;
230: if ($env{'form.iptoken'}) {
231: %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
232: unless ($sessiondata{'sessionserver'}) {
233: my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
234: delete($env{'form.iptoken'});
235: }
236: }
237: # ----------------------------------------------------------- Process Interface
238: $env{'form.interface'}=~s/\W//g;
239:
240: (undef,undef,undef,undef,undef,undef,my $clientmobile) =
241: &Apache::loncommon::decode_user_agent($r);
242:
243: my $iconpath=
244: &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL'));
245:
246: my $domain = &Apache::lonnet::default_login_domain();
247: my $defdom = $domain;
248: if ($lonhost ne '') {
249: unless ($sessiondata{'sessionserver'}) {
250: my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie);
251: if ($redirect) {
252: $r->print($redirect);
253: return OK;
254: }
255: }
256: }
257:
258: if (($sessiondata{'domain'}) &&
259: (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) {
260: $domain=$sessiondata{'domain'};
261: } elsif (($env{'form.domain'}) &&
262: (&Apache::lonnet::domain($env{'form.domain'},'description'))) {
263: $domain=$env{'form.domain'};
264: }
265:
266: my $role = $r->dir_config('lonRole');
267: my $loadlim = $r->dir_config('lonLoadLim');
268: my $uloadlim= $r->dir_config('lonUserLoadLim');
269: my $servadm = $r->dir_config('lonAdmEMail');
270: my $tabdir = $r->dir_config('lonTabDir');
271: my $include = $r->dir_config('lonIncludes');
272: my $expire = $r->dir_config('lonExpire');
273: my $version = $r->dir_config('lonVersion');
274: my $host_name = &Apache::lonnet::hostname($lonhost);
275:
276: # --------------------------------------------- Default values for login fields
277:
278: my ($authusername,$authdomain);
279: if ($sessiondata{'username'}) {
280: $authusername=$sessiondata{'username'};
281: } else {
282: $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'});
283: $authusername=($env{'form.username'}?$env{'form.username'}:'');
284: }
285: if ($sessiondata{'domain'}) {
286: $authdomain=$sessiondata{'domain'};
287: } else {
288: $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'});
289: $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
290: }
291:
292: # ---------------------------------------------------------- Determine own load
293: my $loadavg;
294: {
295: my $loadfile=Apache::File->new('/proc/loadavg');
296: $loadavg=<$loadfile>;
297: }
298: $loadavg =~ s/\s.*//g;
299:
300: my ($loadpercent,$userloadpercent);
301: if ($loadlim) {
302: $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim);
303: }
304: if ($uloadlim) {
305: $userloadpercent=&Apache::lonnet::userload();
306: }
307:
308: my $firsturl=
309: ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'});
310:
311: # ----------------------------------------------------------- Get announcements
312: my $announcements=&Apache::lonnet::getannounce();
313: # -------------------------------------------------------- Set login parameters
314:
315: my @hexstr=('0','1','2','3','4','5','6','7',
316: '8','9','a','b','c','d','e','f');
317: my $lkey='';
318: for (0..7) {
319: $lkey.=$hexstr[rand(15)];
320: }
321:
322: my $ukey='';
323: for (0..7) {
324: $ukey.=$hexstr[rand(15)];
325: }
326:
327: my $lextkey=hex($lkey);
328: if ($lextkey>2147483647) { $lextkey-=4294967296; }
329:
330: my $uextkey=hex($ukey);
331: if ($uextkey>2147483647) { $uextkey-=4294967296; }
332:
333: # -------------------------------------------------------- Store away log token
334: my $tokenextras;
335: my @names = ('role','symb','iptoken');
336: foreach my $name (@names) {
337: if ($env{'form.'.$name} ne '') {
338: $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
339: }
340: }
341: my $logtoken=Apache::lonnet::reply(
342: 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras,
343: $lonhost);
344:
345: # -- If we cannot talk to ourselves, or hostID does not map to a hostname
346: # we are in serious trouble
347:
348: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
349: if ($logtoken eq 'no_such_host') {
350: &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab');
351: }
352: my $spares='';
353: my (@sparehosts,%spareservers);
354: my $sparesref = &Apache::lonnet::this_host_spares($defdom);
355: if (ref($sparesref) eq 'HASH') {
356: foreach my $key (keys(%{$sparesref})) {
357: if (ref($sparesref->{$key}) eq 'ARRAY') {
358: my @sorted = sort { &Apache::lonnet::hostname($a) cmp
359: &Apache::lonnet::hostname($b);
360: } @{$sparesref->{$key}};
361: if (@sorted) {
362: if ($key eq 'primary') {
363: unshift(@sparehosts,@sorted);
364: } elsif ($key eq 'default') {
365: push(@sparehosts,@sorted);
366: }
367: }
368: }
369: }
370: }
371: foreach my $hostid (@sparehosts) {
372: next if ($hostid eq $lonhost);
373: my $hostname = &Apache::lonnet::hostname($hostid);
374: next if (($hostname eq '') || ($spareservers{$hostname}));
375: $spareservers{$hostname} = 1;
376: my $protocol = $Apache::lonnet::protocol{$hostid};
377: $protocol = 'http' if ($protocol ne 'https');
378: $spares.='<br /><span style="font-size: larger;"><a href="'.$protocol.'://'.
379: $hostname.
380: '/adm/login?domain='.$authdomain.'">'.
381: $hostname.'</a>'.
382: ' '.&mt('(preferred)').'</span>'.$/;
383: }
384: if ($spares) {
385: $spares.= '<br />';
386: }
387: my %all_hostnames = &Apache::lonnet::all_hostnames();
388: foreach my $hostid (sort
389: {
390: &Apache::lonnet::hostname($a) cmp
391: &Apache::lonnet::hostname($b);
392: }
393: keys(%all_hostnames)) {
394: next if ($hostid eq $lonhost);
395: my $hostname = &Apache::lonnet::hostname($hostid);
396: next if (($hostname eq '') || ($spareservers{$hostname}));
397: $spareservers{$hostname} = 1;
398: my $protocol = $Apache::lonnet::protocol{$hostid};
399: $protocol = 'http' if ($protocol ne 'https');
400: $spares.='<br /><a href="'.$protocol.'://'.
401: $hostname.
402: '/adm/login?domain='.$authdomain.'">'.
403: $hostname.'</a>';
404: }
405: $r->print(
406: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
407: .'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'
408: .'<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>'
409: .&mt('The LearningOnline Network with CAPA')
410: .'</title></head>'
411: .'<body bgcolor="#FFFFFF">'
412: .'<h1>'.&mt('The LearningOnline Network with CAPA').'</h1>'
413: .'<img src="/adm/lonKaputt/lonlogo_broken.gif" alt="broken icon" align="right" />'
414: .'<h3>'.&mt('This LON-CAPA server is temporarily not available for login.').'</h3>');
415: if ($spares) {
416: $r->print('<p>'.&mt('Please attempt to login to one of the following servers:')
417: .'</p>'
418: .$spares);
419: }
420: $r->print('</body>'
421: .'</html>'
422: );
423: return OK;
424: }
425:
426: # ----------------------------------------------- Apparently we are in business
427: $servadm=~s/\,/\<br \/\>/g;
428:
429: # ----------------------------------------------------------- Front page design
430: my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain);
431: my $font=&Apache::loncommon::designparm('login.font',$domain);
432: my $link=&Apache::loncommon::designparm('login.link',$domain);
433: my $vlink=&Apache::loncommon::designparm('login.vlink',$domain);
434: my $alink=&Apache::loncommon::designparm('login.alink',$domain);
435: my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain);
436: my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain);
437: my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain);
438: my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain);
439: my $logo=&Apache::loncommon::designparm('login.logo',$domain);
440: my $img=&Apache::loncommon::designparm('login.img',$domain);
441: my $domainlogo=&Apache::loncommon::domainlogo($domain);
442: my $showbanner = 1;
443: my $showmainlogo = 1;
444: if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) {
445: $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain);
446: }
447: if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) {
448: $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain);
449: }
450: my $showadminmail;
451: my @possdoms = &Apache::lonnet::current_machine_domains();
452: if (grep(/^\Q$domain\E$/,@possdoms)) {
453: $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
454: }
455: my $showcoursecat =
456: &Apache::loncommon::designparm('login.coursecatalog',$domain);
457: my $shownewuserlink =
458: &Apache::loncommon::designparm('login.newuser',$domain);
459: my $showhelpdesk =
460: &Apache::loncommon::designparm('login.helpdesk',$domain);
461: my $now=time;
462: my $js = (<<ENDSCRIPT);
463:
464: <script type="text/javascript" language="JavaScript">
465: // <![CDATA[
466: function send()
467: {
468: this.document.server.elements.uname.value
469: =this.document.client.elements.uname.value;
470:
471: this.document.server.elements.udom.value
472: =this.document.client.elements.udom.value;
473:
474: uextkey=this.document.client.elements.uextkey.value;
475: lextkey=this.document.client.elements.lextkey.value;
476: initkeys();
477:
478: this.document.server.elements.upass0.value
479: =getCrypted(this.document.client.elements.upass$now.value);
480:
481: this.document.client.elements.uname.value='';
482: this.document.client.elements.upass$now.value='';
483:
484: this.document.server.submit();
485: return false;
486: }
487:
488: function enableInput() {
489: this.document.client.elements.upass$now.removeAttribute("readOnly");
490: this.document.client.elements.uname.removeAttribute("readOnly");
491: this.document.client.elements.udom.removeAttribute("readOnly");
492: return;
493: }
494:
495: // ]]>
496: </script>
497:
498: ENDSCRIPT
499:
500: my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing,
501: $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip);
502: %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
503: @hosts = &Apache::lonnet::current_machine_ids();
504: $lonhost_in_use = $lonhost;
505: if (@hosts > 1) {
506: foreach my $hostid (@hosts) {
507: if (&Apache::lonnet::host_domain($hostid) eq $defdom) {
508: $lonhost_in_use = $hostid;
509: last;
510: }
511: }
512: }
513: $saml_prefix = $defdom.'.login.saml_';
514: if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) {
515: $saml_landing = 1;
516: $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use};
517: $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use};
518: $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use};
519: $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use};
520: $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use};
521: $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use};
522: }
523: if ($saml_landing) {
524: if ($samlssotext eq '') {
525: $samlssotext = 'SSO Login';
526: }
527: if ($samlnonsso eq '') {
528: $samlnonsso = 'Non-SSO Login';
529: }
530: $js .= <<"ENDSAMLJS";
531:
532: <script type="text/javascript">
533: // <![CDATA[
534: function toggleLClogin() {
535: if (document.getElementById('LC_standard_login')) {
536: if (document.getElementById('LC_standard_login').style.display == 'none') {
537: document.getElementById('LC_standard_login').style.display = 'inline-block';
538: if (document.getElementById('LC_login_text')) {
539: document.getElementById('LC_login_text').innerHTML = '$samlnonsso';
540: }
541: if (document.getElementById('LC_SSO_login')) {
542: document.getElementById('LC_SSO_login').style.display = 'none';
543: }
544: } else {
545: document.getElementById('LC_standard_login').style.display = 'none';
546: if (document.getElementById('LC_login_text')) {
547: document.getElementById('LC_login_text').innerHTML = '$samlssotext';
548: }
549: if (document.getElementById('LC_SSO_login')) {
550: document.getElementById('LC_SSO_login').style.display = 'inline-block';
551: }
552: }
553: }
554: return;
555: }
556:
557: // ]]>
558: </script>
559:
560: ENDSAMLJS
561: }
562:
563: # --------------------------------------------------- Print login screen header
564:
565: my %add_entries = (
566: bgcolor => "$mainbg",
567: text => "$font",
568: link => "$link",
569: vlink => "$vlink",
570: alink => "$alink",
571: onload => 'javascript:enableInput();',);
572:
573: my ($headextra,$headextra_exempt);
574: $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use};
575: $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use};
576: if ($headextra) {
577: my $omitextra;
578: if ($headextra_exempt ne '') {
579: my @exempt = split(',',$headextra_exempt);
580: my $ip = &Apache::lonnet::get_requestor_ip();
581: if (grep(/^\Q$ip\E$/,@exempt)) {
582: $omitextra = 1;
583: }
584: }
585: unless ($omitextra) {
586: my $confname = $defdom.'-domainconfig';
587: if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) {
588: my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra));
589: unless ($extra eq '-1') {
590: $js .= "\n".$extra."\n";
591: }
592: }
593: }
594: }
595:
596: $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js,
597: { 'redirect' => [$expire,'/adm/roles'],
598: 'add_entries' => \%add_entries,
599: 'only_body' => 1,}));
600:
601: # ----------------------------------------------------------------------- Texts
602:
603: my %lt=&Apache::lonlocal::texthash(
604: 'un' => 'Username',
605: 'pw' => 'Password',
606: 'dom' => 'Domain',
607: 'perc' => 'percent',
608: 'load' => 'Server Load',
609: 'userload' => 'User Load',
610: 'catalog' => 'Course/Community Catalog',
611: 'log' => 'Log in',
612: 'help' => 'Log-in Help',
613: 'serv' => 'Server',
614: 'servadm' => 'Server Administration',
615: 'helpdesk' => 'Contact Helpdesk',
616: 'forgotpw' => 'Forgot password?',
617: 'newuser' => 'New User?',
618: 'change' => 'Change?',
619: );
620: # -------------------------------------------------- Change password field name
621:
622: my $forgotpw = &forgotpwdisplay(%lt);
623: $forgotpw .= '<br />' if $forgotpw;
624: my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain);
625: if ($loginhelp) {
626: $loginhelp = '<a href="'.$loginhelp.'">'.$lt{'help'}.'</a><br />';
627: }
628:
629: # ---------------------------------------------------- Serve out DES JavaScript
630: {
631: my $jsh=Apache::File->new($include."/londes.js");
632: $r->print(<$jsh>);
633: }
634: # ---------------------------------------------------------- Serve rest of page
635:
636: $r->print(
637: '<div class="LC_Box"'
638: .' style="margin:0 auto; padding:10px; width:90%; height: auto; background-color:#FFFFFF;">'
639: );
640:
641: $r->print(<<ENDSERVERFORM);
642: <form name="server" action="/adm/authenticate" method="post" target="_top">
643: <input type="hidden" name="logtoken" value="$logtoken" />
644: <input type="hidden" name="serverid" value="$lonhost" />
645: <input type="hidden" name="uname" value="" />
646: <input type="hidden" name="upass0" value="" />
647: <input type="hidden" name="udom" value="" />
648: <input type="hidden" name="localpath" value="$env{'form.localpath'}" />
649: <input type="hidden" name="localres" value="$env{'form.localres'}" />
650: </form>
651: ENDSERVERFORM
652: my $coursecatalog;
653: if (($showcoursecat eq '') || ($showcoursecat)) {
654: $coursecatalog = &coursecatalog_link($lt{'catalog'}).'<br />';
655: }
656: my $newuserlink;
657: if ($shownewuserlink) {
658: $newuserlink = &newuser_link($lt{'newuser'}).'<br />';
659: }
660: my $logintitle =
661: '<h2 class="LC_hcell"'
662: .' style="background:'.$loginbox_header_bgcol.';'
663: .' color:'.$loginbox_header_textcol.'">'
664: .$lt{'log'}
665: .'</h2>';
666:
667: my $noscript_warning='<noscript><span class="LC_warning"><b>'
668: .&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.')
669: .'</b></span></noscript>';
670: my $helpdeskscript;
671: my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail,
672: $authdomain,\$helpdeskscript,
673: $showhelpdesk,\@possdoms);
674:
675: my $mobileargs;
676: if ($clientmobile) {
677: $mobileargs = 'autocapitalize="off" autocorrect="off"';
678: }
679: my $loginform=(<<LFORM);
680: <form name="client" action="" onsubmit="return(send())" id="lclogin">
681: <input type="hidden" name="lextkey" value="$lextkey" />
682: <input type="hidden" name="uextkey" value="$uextkey" />
683: <b><label for="uname">$lt{'un'}</label>:</b><br />
684: <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" $mobileargs /><br />
685: <b><label for="upass$now">$lt{'pw'}</label>:</b><br />
686: <input type="password" name="upass$now" id="upass$now" size="15" readonly="readonly" /><br />
687: <b><label for="udom">$lt{'dom'}</label>:</b><br />
688: <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" $mobileargs /><br />
689: <input type="submit" value="$lt{'log'}" />
690: </form>
691: LFORM
692:
693: if ($showbanner) {
694: my $alttext = &Apache::loncommon::designparm('login.alttext_img',$domain);
695: if ($alttext eq '') {
696: $alttext = 'The Learning Online Network with CAPA';
697: }
698: $r->print(<<HEADER);
699: <!-- The LON-CAPA Header -->
700: <div style="background:$pgbg;margin:0;width:100%;">
701: <img src="$img" border="0" alt="$alttext" class="LC_maxwidth" id="lcloginbanner" />
702: </div>
703: HEADER
704: }
705:
706: my $stdauthformstyle = 'inline-block';
707: my $ssoauthstyle = 'none';
708: my $logintype;
709: $r->print('<div style="float:left;margin-top:0;">');
710: if ($saml_landing) {
711: $ssoauthstyle = 'inline-block';
712: $stdauthformstyle = 'none';
713: $logintype = $samlssotext;
714: my $ssologin = '/adm/sso';
715: if ($samlssourl ne '') {
716: $ssologin = $samlssourl;
717: }
718: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
719: my $querystring;
720: if ($env{'form.firsturl'} ne '') {
721: $querystring = 'origurl=';
722: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
723: $querystring .= &uri_escape_utf8($env{'form.firsturl'});
724: } else {
725: $querystring .= &uri_escape($env{'form.firsturl'});
726: }
727: $querystring = &HTML::Entities::encode($querystring,"'");
728: }
729: if ($querystring ne '') {
730: $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
731: }
732: } elsif ($logtoken ne '') {
733: $ssologin .= (($ssologin=~/\?/)?'&':'?') . 'logtoken='.$logtoken;
734: }
735: my $ssohref;
736: if ($samlssoimg ne '') {
737: $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'">'.
738: '<img src="'.$samlssoimg.'" alt="'.$samlssoalt.'" id="lcssobutton" /></a>';
739: } else {
740: $ssohref = '<a href="'.$ssologin.'">'.$samlssotext.'</a>';
741: }
742: if (($env{'form.saml'} eq 'no') ||
743: (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
744: $ssoauthstyle = 'none';
745: $stdauthformstyle = 'inline-block';
746: $logintype = $samlnonsso;
747: }
748: $r->print(<<ENDSAML);
749: <p>
750: Log-in type:
751: <span style="font-weight:bold" id="LC_login_text">$logintype</span><br />
752: <span><a href="javascript:toggleLClogin();" style="color:#000000">$lt{'change'}</a></span>
753: </p>
754: <div style="display:$ssoauthstyle" id="LC_SSO_login">
755: <div class="LC_Box" style="padding-top: 10px;">
756: $ssohref
757: $noscript_warning
758: </div>
759: <div class="LC_Box" style="padding-top: 10px;">
760: $loginhelp
761: $contactblock
762: $coursecatalog
763: </div>
764: </div>
765: ENDSAML
766: }
767:
768: $r->print(<<ENDLOGIN);
769: <div style="display:$stdauthformstyle;" id="LC_standard_login">
770: <div class="LC_Box" style="background:$loginbox_bg;">
771: $logintitle
772: $loginform
773: $noscript_warning
774: </div>
775:
776: <div class="LC_Box" style="padding-top: 10px;">
777: $loginhelp
778: $forgotpw
779: $contactblock
780: $newuserlink
781: $coursecatalog
782: </div>
783: </div>
784:
785: ENDLOGIN
786: $r->print('</div><div>'."\n");
787: if ($showmainlogo) {
788: my $alttext = &Apache::loncommon::designparm('login.alttext_logo',$domain);
789: $r->print(' <img src="'.$logo.'" alt="'.$alttext.'" class="LC_maxwidth" id="lcloginmainlogo" />'."\n");
790: }
791: $r->print(<<ENDTOP);
792: $announcements
793: </div>
794: <hr style="clear:both;" />
795: ENDTOP
796: my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow);
797: $domainrow = <<"END";
798: <tr>
799: <td align="left" valign="top">
800: <small><b>$lt{'dom'}: </b></small>
801: </td>
802: <td align="left" valign="top">
803: <small><tt> $domain</tt></small>
804: </td>
805: </tr>
806: END
807: $serverrow = <<"END";
808: <tr>
809: <td align="left" valign="top">
810: <small><b>$lt{'serv'}: </b></small>
811: </td>
812: <td align="left" valign="top">
813: <small><tt> $lonhost ($role)</tt></small>
814: </td>
815: </tr>
816: END
817: if ($loadlim) {
818: $loadrow = <<"END";
819: <tr>
820: <td align="left" valign="top">
821: <small><b>$lt{'load'}: </b></small>
822: </td>
823: <td align="left" valign="top">
824: <small><tt> $loadpercent $lt{'perc'}</tt></small>
825: </td>
826: </tr>
827: END
828: }
829: if ($uloadlim) {
830: $userloadrow = <<"END";
831: <tr>
832: <td align="left" valign="top">
833: <small><b>$lt{'userload'}: </b></small>
834: </td>
835: <td align="left" valign="top">
836: <small><tt> $userloadpercent $lt{'perc'}</tt></small>
837: </td>
838: </tr>
839: END
840: }
841: if (($version ne '') && ($version ne '<!-- VERSION -->')) {
842: $versionrow = <<"END";
843: <tr>
844: <td colspan="2" align="left">
845: <small>$version</small>
846: </td>
847: </tr>
848: END
849: }
850:
851: $r->print(<<ENDDOCUMENT);
852: <div style="float: left;">
853: <table border="0" cellspacing="0" cellpadding="0">
854: $domainrow
855: $serverrow
856: $loadrow
857: $userloadrow
858: $versionrow
859: </table>
860: </div>
861: <div style="float: right;">
862: $domainlogo
863: </div>
864: <br style="clear:both;" />
865: </div>
866:
867: <script type="text/javascript">
868: // <![CDATA[
869: // the if prevents the script error if the browser can not handle this
870: if ( document.client.uname ) { document.client.uname.focus(); }
871: // ]]>
872: </script>
873: $helpdeskscript
874:
875: ENDDOCUMENT
876: my %endargs = ( 'noredirectlink' => 1, );
877: $r->print(&Apache::loncommon::end_page(\%endargs));
878: return OK;
879: }
880:
881: sub check_loginvia {
882: my ($domain,$lonhost,$lonidsdir,$balcookie) = @_;
883: if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') {
884: return;
885: }
886: my %domconfhash = &Apache::loncommon::get_domainconf($domain);
887: my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost};
888: my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost};
889: my $output;
890: if ($loginvia ne '') {
891: my $noredirect;
892: my $ip = &Apache::lonnet::get_requestor_ip();
893: if ($ip eq '127.0.0.1') {
894: $noredirect = 1;
895: } else {
896: if ($loginvia_exempt ne '') {
897: my @exempt = split(',',$loginvia_exempt);
898: if (grep(/^\Q$ip\E$/,@exempt)) {
899: $noredirect = 1;
900: }
901: }
902: }
903: unless ($noredirect) {
904: my ($newhost,$path);
905: if ($loginvia =~ /:/) {
906: ($newhost,$path) = split(':',$loginvia);
907: } else {
908: $newhost = $loginvia;
909: }
910: if ($newhost ne $lonhost) {
911: if (&Apache::lonnet::hostname($newhost) ne '') {
912: if ($balcookie) {
913: my ($balancer,$cookie) = split(/:/,$balcookie);
914: if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) {
915: my ($udom,$uname,$cookieid) = ($1,$2,$3);
916: unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') {
917: if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) {
918: while (my $filename=readdir($dh)) {
919: if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) {
920: my $handle = $1;
921: my %hash =
922: &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir,
923: ['request.balancercookie',
924: 'user.linkedenv']);
925: if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") {
926: if (unlink("$lonidsdir/$filename")) {
927: if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
928: (-l "$lonidsdir/$hash{'user.linkedenv'}.id") &&
929: (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) {
930: unlink("$lonidsdir/$hash{'user.linkedenv'}.id");
931: }
932: }
933: }
934: last;
935: }
936: }
937: closedir($dh);
938: }
939: }
940: }
941: }
942: $output = &redirect_page($newhost,$path);
943: }
944: }
945: }
946: }
947: return $output;
948: }
949:
950: sub redirect_page {
951: my ($desthost,$path) = @_;
952: my $hostname = &Apache::lonnet::hostname($desthost);
953: my $protocol = $Apache::lonnet::protocol{$desthost};
954: $protocol = 'http' if ($protocol ne 'https');
955: unless ($path =~ m{^/}) {
956: $path = '/'.$path;
957: }
958: my $url = $protocol.'://'.$hostname.$path;
959: if ($env{'form.firsturl'} ne '') {
960: my $querystring;
961: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
962: $querystring = &uri_escape_utf8($env{'form.firsturl'});
963: } else {
964: $querystring = &uri_escape($env{'form.firsturl'});
965: }
966: $querystring = &HTML::Entities::encode($querystring,"'");
967: $url .='?firsturl='.$querystring;
968: }
969: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
970: {'redirect' => [0,$url],});
971: my $end_page = &Apache::loncommon::end_page();
972: return $start_page.$end_page;
973: }
974:
975: sub contactdisplay {
976: my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk,
977: $possdoms) = @_;
978: my $contactblock;
979: my $origmail;
980: if (ref($possdoms) eq 'ARRAY') {
981: if (grep(/^\Q$authdomain\E$/,@{$possdoms})) {
982: $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
983: }
984: }
985: my $requestmail =
986: &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
987: $authdomain,$origmail);
988: unless ($showhelpdesk eq '0') {
989: if ($requestmail =~ m/[^\@]+\@[^\@]+/) {
990: $showhelpdesk = 1;
991: } else {
992: $showhelpdesk = 0;
993: }
994: }
995: if ($servadm && $showadminmail) {
996: $contactblock .= $$lt{'servadm'}.':<br />'.
997: '<tt>'.$servadm.'</tt><br />';
998: }
999: if ($showhelpdesk) {
1000: $contactblock .= '<a href="javascript:helpdesk()">'.$lt->{'helpdesk'}.'</a><br />';
1001: my $thisurl = &escape('/adm/login');
1002: $$helpdeskscript = <<"ENDSCRIPT";
1003: <script type="text/javascript">
1004: // <![CDATA[
1005: function helpdesk() {
1006: var possdom = document.client.udom.value;
1007: var codedom = possdom.replace( new RegExp("[^A-Za-z0-9.\\-]","g"),'');
1008: if (codedom == '') {
1009: codedom = "$authdomain";
1010: }
1011: var querystr = "origurl=$thisurl&codedom="+codedom;
1012: document.location.href = "/adm/helpdesk?"+querystr;
1013: return;
1014: }
1015: // ]]>
1016: </script>
1017: ENDSCRIPT
1018: }
1019: return $contactblock;
1020: }
1021:
1022: sub forgotpwdisplay {
1023: my (%lt) = @_;
1024: my $prompt_for_resetpw = 1;
1025: if ($prompt_for_resetpw) {
1026: return '<a href="/adm/resetpw">'.$lt{'forgotpw'}.'</a>';
1027: }
1028: return;
1029: }
1030:
1031: sub coursecatalog_link {
1032: my ($linkname) = @_;
1033: return <<"END";
1034: <a href="/adm/coursecatalog">$linkname</a>
1035: END
1036: }
1037:
1038: sub newuser_link {
1039: my ($linkname) = @_;
1040: return '<a href="/adm/createaccount">'.$linkname.'</a>';
1041: }
1042:
1043: sub decode_token {
1044: my ($info) = @_;
1045: my ($firsturl,@rest)=split(/\&/,$info);
1046: my %form;
1047: if ($firsturl ne '') {
1048: $form{'firsturl'} = &unescape($firsturl);
1049: }
1050: foreach my $item (@rest) {
1051: my ($key,$value) = split(/=/,$item);
1052: $form{$key} = &unescape($value);
1053: }
1054: return %form;
1055: }
1056:
1057: 1;
1058: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>