1: # The LearningOnline Network
2: # Login Screen
3: #
4: # $Id: lonlogin.pm,v 1.190 2021/10/08 14:45:45 raeburn Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package Apache::lonlogin;
30:
31: use strict;
32: use Apache::Constants qw(:common);
33: use Apache::File ();
34: use Apache::lonnet;
35: use Apache::loncommon();
36: use Apache::lonauth();
37: use Apache::lonlocal;
38: use Apache::migrateuser();
39: use lib '/home/httpd/lib/perl/';
40: use LONCAPA qw(:DEFAULT :match);
41: use URI::Escape;
42: use HTML::Entities();
43: use CGI::Cookie();
44:
45: sub handler {
46: my $r = shift;
47:
48: &Apache::loncommon::get_unprocessed_cgi
49: (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
50: $ENV{'REDIRECT_QUERY_STRING'}),
51: ['interface','username','domain','firsturl','localpath','localres',
52: 'token','role','symb','iptoken','btoken','ltoken','linkkey','saml']);
53: if (!defined($env{'form.firsturl'})) {
54: &Apache::lonacc::get_posted_cgi($r,['firsturl']);
55: }
56: if (!defined($env{'form.firsturl'})) {
57: if ($ENV{'REDIRECT_URL'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) {
58: $env{'form.firsturl'} = $ENV{'REDIRECT_URL'};
59: }
60: }
61: if (($env{'form.firsturl'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) &&
62: (!$env{'form.ltoken'}) && (!$env{'form.linkkey'})) {
63: &Apache::lonacc::get_posted_cgi($r,['linkkey']);
64: }
65: if ($env{'form.firsturl'} eq '/adm/logout') {
66: delete($env{'form.firsturl'});
67: }
68:
69: # -- check if they are a migrating user
70: if (defined($env{'form.token'})) {
71: return &Apache::migrateuser::handler($r);
72: }
73:
74: # For "public user" - remove any exising "public" cookie, as user really wants to log-in
75: my ($handle,$lonidsdir,$expirepub,$userdom);
76: $lonidsdir=$r->dir_config('lonIDsDir');
77: unless ($r->header_only) {
78: $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom);
79: if ($handle ne '') {
80: if ($handle=~/^publicuser\_/) {
81: unlink($r->dir_config('lonIDsDir')."/$handle.id");
82: undef($handle);
83: undef($userdom);
84: $expirepub = 1;
85: }
86: }
87: }
88:
89: &Apache::loncommon::no_cache($r);
90: &Apache::lonlocal::get_language_handle($r);
91: &Apache::loncommon::content_type($r,'text/html');
92: if ($expirepub) {
93: my $c = new CGI::Cookie(-name => 'lonPubID',
94: -value => '',
95: -expires => '-10y',);
96: $r->header_out('Set-cookie' => $c);
97: } elsif (($handle eq '') && ($userdom ne '')) {
98: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
99: foreach my $name (keys(%cookies)) {
100: next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
101: my $c = new CGI::Cookie(-name => $name,
102: -value => '',
103: -expires => '-10y',);
104: $r->headers_out->add('Set-cookie' => $c);
105: }
106: }
107: $r->send_http_header;
108: return OK if $r->header_only;
109:
110:
111: # Are we re-routing?
112: my $londocroot = $r->dir_config('lonDocRoot');
113: if (-e "$londocroot/lon-status/reroute.txt") {
114: &Apache::lonauth::reroute($r);
115: return OK;
116: }
117:
118: my $lonhost = $r->dir_config('lonHostID');
119:
120: # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
121:
122: my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1);
123: if ($found_server) {
124: my $hostname = &Apache::lonnet::hostname($found_server);
125: if ($hostname ne '') {
126: my $protocol = $Apache::lonnet::protocol{$found_server};
127: $protocol = 'http' if ($protocol ne 'https');
128: my $dest = '/adm/roles';
129: if ($env{'form.firsturl'} ne '') {
130: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
131: $dest = &uri_escape_utf8($env{'form.firsturl'});
132: } else {
133: $dest = &uri_escape($env{'form.firsturl'});
134: }
135: $dest = &HTML::Entities::encode($dest,"'");
136: }
137: my %info = (
138: balcookie => $lonhost.':'.$balancer_cookie,
139: );
140: if ($env{'form.ltoken'}) {
141: my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'});
142: if ($link_info{'linkprot'}) {
143: $info{'linkprot'} = $link_info{'linkprot'};
144: }
145: &Apache::lonnet::tmpdel($env{'form.ltoken'});
146: delete($env{'form.ltoken'});
147: } elsif ($env{'form.linkkey'}) {
148: $info{'linkkey'} = $env{'form.linkkey'};
149: delete($env{'form.linkkey'});
150: }
151: my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
152: if ($balancer_token) {
153: $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token;
154: }
155: unless ($found_server eq $lonhost) {
156: my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server);
157: $hostname = $alias if ($alias ne '');
158: }
159: my $url = $protocol.'://'.$hostname.$dest;
160: my $start_page =
161: &Apache::loncommon::start_page('Switching Server ...',undef,
162: {'redirect' => [0,$url],});
163: my $end_page = &Apache::loncommon::end_page();
164: $r->print($start_page.$end_page);
165: return OK;
166: }
167: }
168:
169: #
170: # Check if a LON-CAPA load balancer sent user here because user's browser sent
171: # it a balancer cookie for an active session on this server.
172: #
173:
174: my ($balcookie,$linkprot,$linkkey);
175: if ($env{'form.btoken'}) {
176: my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
177: $balcookie = $info{'balcookie'};
178: if ($balcookie) {
179: if ($info{'linkprot'}) {
180: $linkprot = $info{'linkprot'};
181: } elsif ($info{'linkkey'}) {
182: $linkkey = $info{'linkkey'};
183: }
184: }
185: &Apache::lonnet::tmpdel($env{'form.btoken'});
186: delete($env{'form.btoken'});
187: }
188:
189: #
190: # If browser sent an old cookie for which the session file had been removed
191: # check if configuration for user's domain has a portal URL set. If so
192: # switch user's log-in to the portal.
193: #
194:
195: if (($handle eq '') && ($userdom ne '')) {
196: my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom);
197: if ($domdefaults{'portal_def'} =~ /^https?\:/) {
198: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
199: {'redirect' => [0,$domdefaults{'portal_def'}],});
200: my $end_page = &Apache::loncommon::end_page();
201: $r->print($start_page.$end_page);
202: return OK;
203: }
204: }
205:
206: # -------------------------------- Prevent users from attempting to login twice
207: if ($handle ne '') {
208: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
209: my $start_page =
210: &Apache::loncommon::start_page('Already logged in');
211: my $end_page =
212: &Apache::loncommon::end_page();
213: my $dest = '/adm/roles';
214: if ($env{'form.firsturl'} ne '') {
215: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
216: $dest = &uri_escape_utf8($env{'form.firsturl'});
217: } else {
218: $dest = &uri_escape($env{'form.firsturl'});
219: }
220: $dest = &HTML::Entities::encode($dest,"'");
221: }
222: if (($env{'form.ltoken'}) || ($linkprot)) {
223: unless ($linkprot) {
224: my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
225: $linkprot = $info{'linkprot'};
226: my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'});
227: delete($env{'form.ltoken'});
228: }
229: if ($linkprot) {
230: my ($linkprotector,$deeplink) = split(/:/,$linkprot,2);
231: if ($env{'user.linkprotector'}) {
232: my @protectors = split(/,/,$env{'user.linkprotector'});
233: unless (grep(/^\Q$linkprotector\E$/,@protectors)) {
234: push(@protectors,$linkprotector);
235: @protectors = sort { $a <=> $b } @protectors;
236: &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)});
237: }
238: } else {
239: &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector });
240: }
241: if ($env{'user.linkproturi'}) {
242: my @proturis = split(/,/,$env{'user.linkproturi'});
243: unless (grep(/^\Q$deeplink\E$/,@proturis)) {
244: push(@proturis,$deeplink);
245: @proturis = sort @proturis;
246: &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)});
247: }
248: } else {
249: &Apache::lonnet::appenv({'user.linkproturi' => $deeplink});
250: }
251: }
252: } elsif (($env{'form.linkkey'}) || ($linkkey)) {
253: if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) {
254: if ($linkkey eq '') {
255: $linkkey = $env{'form.linkkey'};
256: }
257: if ($env{'user.deeplinkkey'}) {
258: my @linkkeys = split(/,/,$env{'user.deeplinkkey'});
259: unless (grep(/^\Q$linkkey\E$/,@linkkeys)) {
260: push(@linkkeys,$linkkey);
261: &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))});
262: }
263: } else {
264: &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey});
265: }
266: my $deeplink = $env{'form.firsturl'};
267: if ($env{'user.keyedlinkuri'}) {
268: my @keyeduris = split(/,/,$env{'user.keyedlinkuri'});
269: unless (grep(/^\Q$deeplink\E$/,@keyeduris)) {
270: push(@keyeduris,$deeplink);
271: &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))});
272: }
273: } else {
274: &Apache::lonnet::appenv({'user.keyedlinkuri' => $deeplink});
275: }
276: }
277: }
278: $r->print(
279: $start_page
280: .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
281: .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
282: '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
283: .$end_page
284: );
285: return OK;
286: }
287:
288: # ---------------------------------------------------- No valid token, continue
289:
290: # ---------------------------- Not possible to really login to domain "public"
291: if ($env{'form.domain'} eq 'public') {
292: $env{'form.domain'}='';
293: $env{'form.username'}='';
294: }
295:
296: # ------ Is this page requested because /adm/migrateuser detected an IP change?
297: my %sessiondata;
298: if ($env{'form.iptoken'}) {
299: %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
300: unless ($sessiondata{'sessionserver'}) {
301: my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
302: delete($env{'form.iptoken'});
303: }
304: }
305: # ----------------------------------------------------------- Process Interface
306: $env{'form.interface'}=~s/\W//g;
307:
308: (undef,undef,undef,undef,undef,undef,my $clientmobile) =
309: &Apache::loncommon::decode_user_agent();
310:
311: my $iconpath=
312: &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL'));
313:
314: my $domain = &Apache::lonnet::default_login_domain();
315: my $defdom = $domain;
316: if ($lonhost ne '') {
317: unless ($sessiondata{'sessionserver'}) {
318: my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie,$linkprot);
319: if ($redirect) {
320: $r->print($redirect);
321: return OK;
322: }
323: }
324: }
325:
326: if (($sessiondata{'domain'}) &&
327: (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) {
328: $domain=$sessiondata{'domain'};
329: } elsif (($env{'form.domain'}) &&
330: (&Apache::lonnet::domain($env{'form.domain'},'description'))) {
331: $domain=$env{'form.domain'};
332: }
333:
334: my $role = $r->dir_config('lonRole');
335: my $loadlim = $r->dir_config('lonLoadLim');
336: my $uloadlim= $r->dir_config('lonUserLoadLim');
337: my $servadm = $r->dir_config('lonAdmEMail');
338: my $tabdir = $r->dir_config('lonTabDir');
339: my $include = $r->dir_config('lonIncludes');
340: my $expire = $r->dir_config('lonExpire');
341: my $version = $r->dir_config('lonVersion');
342: my $host_name = &Apache::lonnet::hostname($lonhost);
343:
344: # --------------------------------------------- Default values for login fields
345:
346: my ($authusername,$authdomain);
347: if ($sessiondata{'username'}) {
348: $authusername=$sessiondata{'username'};
349: } else {
350: $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'});
351: $authusername=($env{'form.username'}?$env{'form.username'}:'');
352: }
353: if ($sessiondata{'domain'}) {
354: $authdomain=$sessiondata{'domain'};
355: } else {
356: $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'});
357: $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
358: }
359:
360: # ---------------------------------------------------------- Determine own load
361: my $loadavg;
362: {
363: my $loadfile=Apache::File->new('/proc/loadavg');
364: $loadavg=<$loadfile>;
365: }
366: $loadavg =~ s/\s.*//g;
367:
368: my ($loadpercent,$userloadpercent);
369: if ($loadlim) {
370: $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim);
371: }
372: if ($uloadlim) {
373: $userloadpercent=&Apache::lonnet::userload();
374: }
375:
376: my $firsturl=
377: ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'});
378:
379: # ----------------------------------------------------------- Get announcements
380: my $announcements=&Apache::lonnet::getannounce();
381: # -------------------------------------------------------- Set login parameters
382:
383: my @hexstr=('0','1','2','3','4','5','6','7',
384: '8','9','a','b','c','d','e','f');
385: my $lkey='';
386: for (0..7) {
387: $lkey.=$hexstr[rand(15)];
388: }
389:
390: my $ukey='';
391: for (0..7) {
392: $ukey.=$hexstr[rand(15)];
393: }
394:
395: my $lextkey=hex($lkey);
396: if ($lextkey>2147483647) { $lextkey-=4294967296; }
397:
398: my $uextkey=hex($ukey);
399: if ($uextkey>2147483647) { $uextkey-=4294967296; }
400:
401: # -------------------------------------------------------- Store away log token
402: my $tokenextras;
403: if ($env{'form.role'}) {
404: $tokenextras = '&role='.&escape($env{'form.role'});
405: }
406: if ($env{'form.symb'}) {
407: if (!$tokenextras) {
408: $tokenextras = '&';
409: }
410: $tokenextras .= '&symb='.&escape($env{'form.symb'});
411: }
412: if ($env{'form.iptoken'}) {
413: if (!$tokenextras) {
414: $tokenextras = '&&';
415: }
416: $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'});
417: }
418: if ($env{'form.ltoken'}) {
419: my %info = &Apache::lonnet::tmpget($env{'form.ltoken'});
420: &Apache::lonnet::tmpdel($env{'form.ltoken'});
421: delete($env{'form.ltoken'});
422: if ($info{'linkprot'}) {
423: if (!$tokenextras) {
424: $tokenextras = '&&&';
425: }
426: $tokenextras .= '&linkprot='.&escape($info{'linkprot'});
427: }
428: } elsif ($env{'form.linkkey'}) {
429: if (!$tokenextras) {
430: $tokenextras = '&&&';
431: }
432: $tokenextras .= '&linkkey='.&escape($env{'form.linkkey'});
433: }
434: my $logtoken=Apache::lonnet::reply(
435: 'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras,
436: $lonhost);
437:
438: # -- If we cannot talk to ourselves, or hostID does not map to a hostname
439: # we are in serious trouble
440:
441: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
442: if ($logtoken eq 'no_such_host') {
443: &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab');
444: }
445: my $spares='';
446: my (@sparehosts,%spareservers);
447: my $sparesref = &Apache::lonnet::this_host_spares($defdom);
448: if (ref($sparesref) eq 'HASH') {
449: foreach my $key (keys(%{$sparesref})) {
450: if (ref($sparesref->{$key}) eq 'ARRAY') {
451: my @sorted = sort { &Apache::lonnet::hostname($a) cmp
452: &Apache::lonnet::hostname($b);
453: } @{$sparesref->{$key}};
454: if (@sorted) {
455: if ($key eq 'primary') {
456: unshift(@sparehosts,@sorted);
457: } elsif ($key eq 'default') {
458: push(@sparehosts,@sorted);
459: }
460: }
461: }
462: }
463: }
464: foreach my $hostid (@sparehosts) {
465: next if ($hostid eq $lonhost);
466: my $hostname = &Apache::lonnet::hostname($hostid);
467: next if (($hostname eq '') || ($spareservers{$hostname}));
468: $spareservers{$hostname} = 1;
469: my $protocol = $Apache::lonnet::protocol{$hostid};
470: $protocol = 'http' if ($protocol ne 'https');
471: $spares.='<br /><span style="font-size: larger;"><a href="'.$protocol.'://'.
472: $hostname.
473: '/adm/login?domain='.$authdomain.'">'.
474: $hostname.'</a>'.
475: ' '.&mt('(preferred)').'</span>'.$/;
476: }
477: if ($spares) {
478: $spares.= '<br />';
479: }
480: my %all_hostnames = &Apache::lonnet::all_hostnames();
481: foreach my $hostid (sort
482: {
483: &Apache::lonnet::hostname($a) cmp
484: &Apache::lonnet::hostname($b);
485: }
486: keys(%all_hostnames)) {
487: next if ($hostid eq $lonhost);
488: my $hostname = &Apache::lonnet::hostname($hostid);
489: next if (($hostname eq '') || ($spareservers{$hostname}));
490: $spareservers{$hostname} = 1;
491: my $protocol = $Apache::lonnet::protocol{$hostid};
492: $protocol = 'http' if ($protocol ne 'https');
493: $spares.='<br /><a href="'.$protocol.'://'.
494: $hostname.
495: '/adm/login?domain='.$authdomain.'">'.
496: $hostname.'</a>';
497: }
498: $r->print(
499: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
500: .'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'
501: .'<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>'
502: .&mt('The LearningOnline Network with CAPA')
503: .'</title></head>'
504: .'<body bgcolor="#FFFFFF">'
505: .'<h1>'.&mt('The LearningOnline Network with CAPA').'</h1>'
506: .'<img src="/adm/lonKaputt/lonlogo_broken.gif" alt="broken icon" align="right" />'
507: .'<h3>'.&mt('This LON-CAPA server is temporarily not available for login.').'</h3>');
508: if ($spares) {
509: $r->print('<p>'.&mt('Please attempt to login to one of the following servers:')
510: .'</p>'
511: .$spares);
512: }
513: $r->print('</body>'
514: .'</html>'
515: );
516: return OK;
517: }
518:
519: # ----------------------------------------------- Apparently we are in business
520: $servadm=~s/\,/\<br \/\>/g;
521:
522: # ----------------------------------------------------------- Front page design
523: my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain);
524: my $font=&Apache::loncommon::designparm('login.font',$domain);
525: my $link=&Apache::loncommon::designparm('login.link',$domain);
526: my $vlink=&Apache::loncommon::designparm('login.vlink',$domain);
527: my $alink=&Apache::loncommon::designparm('login.alink',$domain);
528: my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain);
529: my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain);
530: my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain);
531: my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain);
532: my $logo=&Apache::loncommon::designparm('login.logo',$domain);
533: my $img=&Apache::loncommon::designparm('login.img',$domain);
534: my $domainlogo=&Apache::loncommon::domainlogo($domain);
535: my $showbanner = 1;
536: my $showmainlogo = 1;
537: if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) {
538: $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain);
539: }
540: if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) {
541: $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain);
542: }
543: my $showadminmail;
544: my @possdoms = &Apache::lonnet::current_machine_domains();
545: if (grep(/^\Q$domain\E$/,@possdoms)) {
546: $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
547: }
548: my $showcoursecat =
549: &Apache::loncommon::designparm('login.coursecatalog',$domain);
550: my $shownewuserlink =
551: &Apache::loncommon::designparm('login.newuser',$domain);
552: my $showhelpdesk =
553: &Apache::loncommon::designparm('login.helpdesk',$domain);
554: my $now=time;
555: my $js = (<<ENDSCRIPT);
556:
557: <script type="text/javascript" language="JavaScript">
558: // <![CDATA[
559: function send()
560: {
561: this.document.server.elements.uname.value
562: =this.document.client.elements.uname.value;
563:
564: this.document.server.elements.udom.value
565: =this.document.client.elements.udom.value;
566:
567: uextkey=this.document.client.elements.uextkey.value;
568: lextkey=this.document.client.elements.lextkey.value;
569: initkeys();
570:
571: if(this.document.server.action.substr(0,5) === 'http:'){
572: this.document.server.elements.upass0.value
573: =getCrypted(this.document.client.elements.upass$now.value);
574: } else {
575: this.document.server.elements.upass0.value
576: =this.document.client.elements.upass$now.value;
577: }
578:
579: this.document.client.elements.uname.value='';
580: this.document.client.elements.upass$now.value='';
581:
582: this.document.server.submit();
583: return false;
584: }
585:
586: function enableInput() {
587: this.document.client.elements.upass$now.removeAttribute("readOnly");
588: this.document.client.elements.uname.removeAttribute("readOnly");
589: this.document.client.elements.udom.removeAttribute("readOnly");
590: return;
591: }
592:
593: // ]]>
594: </script>
595:
596: ENDSCRIPT
597:
598: my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing,
599: $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip);
600: %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
601: @hosts = &Apache::lonnet::current_machine_ids();
602: $lonhost_in_use = $lonhost;
603: if (@hosts > 1) {
604: foreach my $hostid (@hosts) {
605: if (&Apache::lonnet::host_domain($hostid) eq $defdom) {
606: $lonhost_in_use = $hostid;
607: last;
608: }
609: }
610: }
611: $saml_prefix = $defdom.'.login.saml_';
612: if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) {
613: $saml_landing = 1;
614: $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use};
615: $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use};
616: $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use};
617: $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use};
618: $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use};
619: $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use};
620: }
621: if ($saml_landing) {
622: if ($samlssotext eq '') {
623: $samlssotext = 'SSO Login';
624: }
625: if ($samlnonsso eq '') {
626: $samlnonsso = 'Non-SSO Login';
627: }
628: $js .= <<"ENDSAMLJS";
629:
630: <script type="text/javascript">
631: // <![CDATA[
632: function toggleLClogin() {
633: if (document.getElementById('LC_standard_login')) {
634: if (document.getElementById('LC_standard_login').style.display == 'none') {
635: document.getElementById('LC_standard_login').style.display = 'inline-block';
636: if (document.getElementById('LC_login_text')) {
637: document.getElementById('LC_login_text').innerHTML = '$samlnonsso';
638: }
639: if (document.getElementById('LC_SSO_login')) {
640: document.getElementById('LC_SSO_login').style.display = 'none';
641: }
642: } else {
643: document.getElementById('LC_standard_login').style.display = 'none';
644: if (document.getElementById('LC_login_text')) {
645: document.getElementById('LC_login_text').innerHTML = '$samlssotext';
646: }
647: if (document.getElementById('LC_SSO_login')) {
648: document.getElementById('LC_SSO_login').style.display = 'inline-block';
649: }
650: }
651: }
652: return;
653: }
654:
655: // ]]>
656: </script>
657:
658: ENDSAMLJS
659: }
660:
661: # --------------------------------------------------- Print login screen header
662:
663: my %add_entries = (
664: bgcolor => "$mainbg",
665: text => "$font",
666: link => "$link",
667: vlink => "$vlink",
668: alink => "$alink",
669: onload => 'javascript:enableInput();',);
670:
671: my ($headextra,$headextra_exempt);
672: $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use};
673: $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use};
674: if ($headextra) {
675: my $omitextra;
676: if ($headextra_exempt ne '') {
677: my @exempt = split(',',$headextra_exempt);
678: my $ip = &Apache::lonnet::get_requestor_ip();
679: if (grep(/^\Q$ip\E$/,@exempt)) {
680: $omitextra = 1;
681: }
682: }
683: unless ($omitextra) {
684: my $confname = $defdom.'-domainconfig';
685: if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) {
686: my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra));
687: unless ($extra eq '-1') {
688: $js .= "\n".$extra."\n";
689: }
690: }
691: }
692: }
693:
694: $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js,
695: { 'redirect' => [$expire,'/adm/roles'],
696: 'add_entries' => \%add_entries,
697: 'only_body' => 1,}));
698:
699: # ----------------------------------------------------------------------- Texts
700:
701: my %lt=&Apache::lonlocal::texthash(
702: 'un' => 'Username',
703: 'pw' => 'Password',
704: 'dom' => 'Domain',
705: 'perc' => 'percent',
706: 'load' => 'Server Load',
707: 'userload' => 'User Load',
708: 'catalog' => 'Course/Community Catalog',
709: 'log' => 'Log in',
710: 'help' => 'Log-in Help',
711: 'serv' => 'Server',
712: 'servadm' => 'Server Administration',
713: 'helpdesk' => 'Contact Helpdesk',
714: 'forgotpw' => 'Forgot password?',
715: 'newuser' => 'New User?',
716: 'change' => 'Change?',
717: );
718: # -------------------------------------------------- Change password field name
719:
720: my $forgotpw = &forgotpwdisplay(%lt);
721: $forgotpw .= '<br />' if $forgotpw;
722: my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain);
723: if ($loginhelp) {
724: $loginhelp = '<a href="'.$loginhelp.'">'.$lt{'help'}.'</a><br />';
725: }
726:
727: # ---------------------------------------------------- Serve out DES JavaScript
728: {
729: my $jsh=Apache::File->new($include."/londes.js");
730: $r->print(<$jsh>);
731: }
732: # ---------------------------------------------------------- Serve rest of page
733:
734: $r->print(
735: '<div class="LC_Box"'
736: .' style="margin:0 auto; padding:10px; width:90%; height: auto; background-color:#FFFFFF;">'
737: );
738:
739: $r->print(<<ENDSERVERFORM);
740: <form name="server" action="/adm/authenticate" method="post" target="_top">
741: <input type="hidden" name="logtoken" value="$logtoken" />
742: <input type="hidden" name="serverid" value="$lonhost" />
743: <input type="hidden" name="uname" value="" />
744: <input type="hidden" name="upass0" value="" />
745: <input type="hidden" name="udom" value="" />
746: <input type="hidden" name="localpath" value="$env{'form.localpath'}" />
747: <input type="hidden" name="localres" value="$env{'form.localres'}" />
748: </form>
749: ENDSERVERFORM
750: my $coursecatalog;
751: if (($showcoursecat eq '') || ($showcoursecat)) {
752: $coursecatalog = &coursecatalog_link($lt{'catalog'}).'<br />';
753: }
754: my $newuserlink;
755: if ($shownewuserlink) {
756: $newuserlink = &newuser_link($lt{'newuser'}).'<br />';
757: }
758: my $logintitle =
759: '<h2 class="LC_hcell"'
760: .' style="background:'.$loginbox_header_bgcol.';'
761: .' color:'.$loginbox_header_textcol.'">'
762: .$lt{'log'}
763: .'</h2>';
764:
765: my $noscript_warning='<noscript><span class="LC_warning"><b>'
766: .&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.')
767: .'</b></span></noscript>';
768: my $helpdeskscript;
769: my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail,
770: $authdomain,\$helpdeskscript,
771: $showhelpdesk,\@possdoms);
772:
773: my $mobileargs;
774: if ($clientmobile) {
775: $mobileargs = 'autocapitalize="off" autocorrect="off"';
776: }
777: my $loginform=(<<LFORM);
778: <form name="client" action="" onsubmit="return(send())" id="lclogin">
779: <input type="hidden" name="lextkey" value="$lextkey" />
780: <input type="hidden" name="uextkey" value="$uextkey" />
781: <b><label for="uname">$lt{'un'}</label>:</b><br />
782: <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" $mobileargs /><br />
783: <b><label for="upass$now">$lt{'pw'}</label>:</b><br />
784: <input type="password" name="upass$now" id="upass$now" size="15" readonly="readonly" /><br />
785: <b><label for="udom">$lt{'dom'}</label>:</b><br />
786: <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" $mobileargs /><br />
787: <input type="submit" value="$lt{'log'}" />
788: </form>
789: LFORM
790:
791: if ($showbanner) {
792: $r->print(<<HEADER);
793: <!-- The LON-CAPA Header -->
794: <div style="background:$pgbg;margin:0;width:100%;">
795: <img src="$img" border="0" alt="The Learning Online Network with CAPA" class="LC_maxwidth" />
796: </div>
797: HEADER
798: }
799:
800: my $stdauthformstyle = 'inline-block';
801: my $ssoauthstyle = 'none';
802: my $logintype;
803: $r->print('<div style="float:left;margin-top:0;">');
804: if ($saml_landing) {
805: $ssoauthstyle = 'inline-block';
806: $stdauthformstyle = 'none';
807: $logintype = $samlssotext;
808: my $ssologin = '/adm/sso';
809: if ($samlssourl ne '') {
810: $ssologin = $samlssourl;
811: }
812: if ($env{'form.firsturl'} ne '') {
813: my $querystring = 'origurl=';
814: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
815: $querystring .= &uri_escape_utf8($env{'form.firsturl'});
816: } else {
817: $querystring .= &uri_escape($env{'form.firsturl'});
818: }
819: $querystring = &HTML::Entities::encode($querystring,"'");
820: $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
821: }
822: my $ssohref;
823: if ($samlssoimg ne '') {
824: $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'"><img src="'.$samlssoimg.'" alt="'.$samlssoalt.'" /></a>';
825: } else {
826: $ssohref = '<a href="'.$ssologin.'">'.$samlssotext.'</a>';
827: }
828: if (($env{'form.saml'} eq 'no') ||
829: (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
830: $ssoauthstyle = 'none';
831: $stdauthformstyle = 'inline-block';
832: $logintype = $samlnonsso;
833: }
834: $r->print(<<ENDSAML);
835: <p>
836: Log-in type:
837: <span style="font-weight:bold" id="LC_login_text">$logintype</span><br />
838: <span><a href="javascript:toggleLClogin();" style="color:#000000">$lt{'change'}</a></span>
839: </p>
840: <div style="display:$ssoauthstyle" id="LC_SSO_login">
841: <div class="LC_Box" style="padding-top: 10px;">
842: $ssohref
843: $noscript_warning
844: </div>
845: <div class="LC_Box" style="padding-top: 10px;">
846: $loginhelp
847: $contactblock
848: $coursecatalog
849: </div>
850: </div>
851: ENDSAML
852: }
853:
854: $r->print(<<ENDLOGIN);
855: <div style="display:$stdauthformstyle;" id="LC_standard_login">
856: <div class="LC_Box" style="background:$loginbox_bg;">
857: $logintitle
858: $loginform
859: $noscript_warning
860: </div>
861:
862: <div class="LC_Box" style="padding-top: 10px;">
863: $loginhelp
864: $forgotpw
865: $contactblock
866: $newuserlink
867: $coursecatalog
868: </div>
869: </div>
870:
871: ENDLOGIN
872: $r->print('</div><div>'."\n");
873: if ($showmainlogo) {
874: $r->print(' <img src="'.$logo.'" alt="" class="LC_maxwidth" />'."\n");
875: }
876: $r->print(<<ENDTOP);
877: $announcements
878: </div>
879: <hr style="clear:both;" />
880: ENDTOP
881: my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow);
882: $domainrow = <<"END";
883: <tr>
884: <td align="left" valign="top">
885: <small><b>$lt{'dom'}: </b></small>
886: </td>
887: <td align="left" valign="top">
888: <small><tt> $domain</tt></small>
889: </td>
890: </tr>
891: END
892: $serverrow = <<"END";
893: <tr>
894: <td align="left" valign="top">
895: <small><b>$lt{'serv'}: </b></small>
896: </td>
897: <td align="left" valign="top">
898: <small><tt> $lonhost ($role)</tt></small>
899: </td>
900: </tr>
901: END
902: if ($loadlim) {
903: $loadrow = <<"END";
904: <tr>
905: <td align="left" valign="top">
906: <small><b>$lt{'load'}: </b></small>
907: </td>
908: <td align="left" valign="top">
909: <small><tt> $loadpercent $lt{'perc'}</tt></small>
910: </td>
911: </tr>
912: END
913: }
914: if ($uloadlim) {
915: $userloadrow = <<"END";
916: <tr>
917: <td align="left" valign="top">
918: <small><b>$lt{'userload'}: </b></small>
919: </td>
920: <td align="left" valign="top">
921: <small><tt> $userloadpercent $lt{'perc'}</tt></small>
922: </td>
923: </tr>
924: END
925: }
926: if (($version ne '') && ($version ne '<!-- VERSION -->')) {
927: $versionrow = <<"END";
928: <tr>
929: <td colspan="2" align="left">
930: <small>$version</small>
931: </td>
932: </tr>
933: END
934: }
935:
936: $r->print(<<ENDDOCUMENT);
937: <div style="float: left;">
938: <table border="0" cellspacing="0" cellpadding="0">
939: $domainrow
940: $serverrow
941: $loadrow
942: $userloadrow
943: $versionrow
944: </table>
945: </div>
946: <div style="float: right;">
947: $domainlogo
948: </div>
949: <br style="clear:both;" />
950: </div>
951:
952: <script type="text/javascript">
953: // <![CDATA[
954: // the if prevents the script error if the browser can not handle this
955: if ( document.client.uname ) { document.client.uname.focus(); }
956: // ]]>
957: </script>
958: $helpdeskscript
959:
960: ENDDOCUMENT
961: my %endargs = ( 'noredirectlink' => 1, );
962: $r->print(&Apache::loncommon::end_page(\%endargs));
963: return OK;
964: }
965:
966: sub check_loginvia {
967: my ($domain,$lonhost,$lonidsdir,$balcookie,$linkprot) = @_;
968: if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') {
969: return;
970: }
971: my %domconfhash = &Apache::loncommon::get_domainconf($domain);
972: my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost};
973: my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost};
974: my $output;
975: if ($loginvia ne '') {
976: my $noredirect;
977: my $ip = &Apache::lonnet::get_requestor_ip();
978: if ($ip eq '127.0.0.1') {
979: $noredirect = 1;
980: } else {
981: if ($loginvia_exempt ne '') {
982: my @exempt = split(',',$loginvia_exempt);
983: if (grep(/^\Q$ip\E$/,@exempt)) {
984: $noredirect = 1;
985: }
986: }
987: }
988: unless ($noredirect) {
989: my ($newhost,$path);
990: if ($loginvia =~ /:/) {
991: ($newhost,$path) = split(':',$loginvia);
992: } else {
993: $newhost = $loginvia;
994: }
995: if ($newhost ne $lonhost) {
996: if (&Apache::lonnet::hostname($newhost) ne '') {
997: if ($balcookie) {
998: my ($balancer,$cookie) = split(/:/,$balcookie);
999: if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) {
1000: my ($udom,$uname,$cookieid) = ($1,$2,$3);
1001: unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') {
1002: if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) {
1003: while (my $filename=readdir($dh)) {
1004: if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) {
1005: my $handle = $1;
1006: my %hash =
1007: &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir,
1008: ['request.balancercookie',
1009: 'user.linkedenv']);
1010: if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") {
1011: if (unlink("$lonidsdir/$filename")) {
1012: if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
1013: (-l "$lonidsdir/$hash{'user.linkedenv'}.id") &&
1014: (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) {
1015: unlink("$lonidsdir/$hash{'user.linkedenv'}.id");
1016: }
1017: }
1018: }
1019: last;
1020: }
1021: }
1022: closedir($dh);
1023: }
1024: }
1025: }
1026: }
1027: $output = &redirect_page($newhost,$path,$linkprot);
1028: }
1029: }
1030: }
1031: }
1032: return $output;
1033: }
1034:
1035: sub redirect_page {
1036: my ($desthost,$path,$linkprot) = @_;
1037: my $hostname = &Apache::lonnet::hostname($desthost);
1038: my $protocol = $Apache::lonnet::protocol{$desthost};
1039: $protocol = 'http' if ($protocol ne 'https');
1040: unless ($path =~ m{^/}) {
1041: $path = '/'.$path;
1042: }
1043: my $url = $protocol.'://'.$hostname.$path;
1044: if ($env{'form.firsturl'} ne '') {
1045: my $querystring;
1046: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
1047: $querystring = &uri_escape_utf8($env{'form.firsturl'});
1048: } else {
1049: $querystring = &uri_escape($env{'form.firsturl'});
1050: }
1051: $querystring = &HTML::Entities::encode($querystring,"'");
1052: $url .='?firsturl='.$querystring
1053: }
1054: if ($linkprot) {
1055: my $ltoken = &Apache::lonnet::tmpput({linkprot => $linkprot},$desthost);
1056: if ($ltoken) {
1057: $url .= (($url =~ /\?/) ? '&' : '?').'ltoken='.$ltoken;
1058: }
1059: }
1060: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
1061: {'redirect' => [0,$url],});
1062: my $end_page = &Apache::loncommon::end_page();
1063: return $start_page.$end_page;
1064: }
1065:
1066: sub contactdisplay {
1067: my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk,
1068: $possdoms) = @_;
1069: my $contactblock;
1070: my $origmail;
1071: if (ref($possdoms) eq 'ARRAY') {
1072: if (grep(/^\Q$authdomain\E$/,@{$possdoms})) {
1073: $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
1074: }
1075: }
1076: my $requestmail =
1077: &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
1078: $authdomain,$origmail);
1079: unless ($showhelpdesk eq '0') {
1080: if ($requestmail =~ m/[^\@]+\@[^\@]+/) {
1081: $showhelpdesk = 1;
1082: } else {
1083: $showhelpdesk = 0;
1084: }
1085: }
1086: if ($servadm && $showadminmail) {
1087: $contactblock .= $$lt{'servadm'}.':<br />'.
1088: '<tt>'.$servadm.'</tt><br />';
1089: }
1090: if ($showhelpdesk) {
1091: $contactblock .= '<a href="javascript:helpdesk()">'.$lt->{'helpdesk'}.'</a><br />';
1092: my $thisurl = &escape('/adm/login');
1093: $$helpdeskscript = <<"ENDSCRIPT";
1094: <script type="text/javascript">
1095: // <![CDATA[
1096: function helpdesk() {
1097: var possdom = document.client.udom.value;
1098: var codedom = possdom.replace( new RegExp("[^A-Za-z0-9.\\-]","g"),'');
1099: if (codedom == '') {
1100: codedom = "$authdomain";
1101: }
1102: var querystr = "origurl=$thisurl&codedom="+codedom;
1103: document.location.href = "/adm/helpdesk?"+querystr;
1104: return;
1105: }
1106: // ]]>
1107: </script>
1108: ENDSCRIPT
1109: }
1110: return $contactblock;
1111: }
1112:
1113: sub forgotpwdisplay {
1114: my (%lt) = @_;
1115: my $prompt_for_resetpw = 1;
1116: if ($prompt_for_resetpw) {
1117: return '<a href="/adm/resetpw">'.$lt{'forgotpw'}.'</a>';
1118: }
1119: return;
1120: }
1121:
1122: sub coursecatalog_link {
1123: my ($linkname) = @_;
1124: return <<"END";
1125: <a href="/adm/coursecatalog">$linkname</a>
1126: END
1127: }
1128:
1129: sub newuser_link {
1130: my ($linkname) = @_;
1131: return '<a href="/adm/createaccount">'.$linkname.'</a>';
1132: }
1133:
1134: 1;
1135: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/back.gif){kind=icon}
Return to lonlogin.pm CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [LON-CAPA] / loncom / auth