# The LearningOnline Network # Login Screen # # $Id: lonlogin.pm,v 1.173 2018/07/04 16:58:19 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonlogin; use strict; use Apache::Constants qw(:common); use Apache::File (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonauth(); use Apache::lonlocal; use Apache::migrateuser(); use lib '/home/httpd/lib/perl/'; use LONCAPA; use CGI::Cookie(); sub handler { my $r = shift; &Apache::loncommon::get_unprocessed_cgi (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'}, $ENV{'REDIRECT_QUERY_STRING'}), ['interface','username','domain','firsturl','localpath','localres', 'token','role','symb','iptoken']); if (!defined($env{'form.firsturl'})) { &Apache::lonacc::get_posted_cgi($r,['firsturl']); } if (!defined($env{'form.firsturl'})) { if ($ENV{'REDIRECT_URL'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) { $env{'form.firsturl'} = $ENV{'REDIRECT_URL'}; } } # -- check if they are a migrating user if (defined($env{'form.token'})) { return &Apache::migrateuser::handler($r); } # For "public user" - remove any exising "public" cookie, as user really wants to log-in my ($handle,$lonidsdir,$expirepub,$userdom); unless ($r->header_only) { $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom); if ($handle ne '') { $lonidsdir=$r->dir_config('lonIDsDir'); if ($handle=~/^publicuser\_/) { unlink($r->dir_config('lonIDsDir')."/$handle.id"); undef($handle); undef($userdom); $expirepub = 1; } } } &Apache::loncommon::no_cache($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); if ($expirepub) { my $c = new CGI::Cookie(-name => 'lonPubID', -value => '', -expires => '-10y',); $r->header_out('Set-cookie' => $c); } elsif (($handle eq '') && ($userdom ne '')) { my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); foreach my $name (keys(%cookies)) { next unless ($name =~ /^lon(|S|Link|Pub)ID$/); my $c = new CGI::Cookie(-name => $name, -value => '', -expires => '-10y',); $r->headers_out->add('Set-cookie' => $c); } } $r->send_http_header; return OK if $r->header_only; # Are we re-routing? my $londocroot = $r->dir_config('lonDocRoot'); if (-e "$londocroot/lon-status/reroute.txt") { &Apache::lonauth::reroute($r); return OK; } # # If browser sent an old cookie for which the session file had been removed # check if configuration for user's domain has a portal URL set. If so # switch user's log-in to the portal. # if (($handle eq '') && ($userdom ne '')) { my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom); if ($domdefaults{'portal_def'} =~ /^https?\:/) { my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$domdefaults{'portal_def'}],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } $env{'form.firsturl'} =~ s/(`)/'/g; # -------------------------------- Prevent users from attempting to login twice if ($handle ne '') { &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); my $start_page = &Apache::loncommon::start_page('Already logged in'); my $end_page = &Apache::loncommon::end_page(); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { $dest = $env{'form.firsturl'}; } $r->print( $start_page .'

'.&mt('You are already logged in!').'

' .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', '','','','').'

' .$end_page ); return OK; } # ---------------------------------------------------- No valid token, continue # ---------------------------- Not possible to really login to domain "public" if ($env{'form.domain'} eq 'public') { $env{'form.domain'}=''; $env{'form.username'}=''; } # ------ Is this page requested because /adm/migrateuser detected an IP change? my %sessiondata; if ($env{'form.iptoken'}) { %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'}); unless ($sessiondata{'sessionserver'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'}); delete($env{'form.iptoken'}); } } # ----------------------------------------------------------- Process Interface $env{'form.interface'}=~s/\W//g; (undef,undef,undef,undef,undef,undef,my $clientmobile) = &Apache::loncommon::decode_user_agent(); my $iconpath= &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL')); my $lonhost = $r->dir_config('lonHostID'); my $domain = &Apache::lonnet::default_login_domain(); my $defdom = $domain; if ($lonhost ne '') { unless ($sessiondata{'sessionserver'}) { my $redirect = &check_loginvia($domain,$lonhost); if ($redirect) { $r->print($redirect); return OK; } } } if (($sessiondata{'domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$sessiondata{'domain'}; } elsif (($env{'form.domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$env{'form.domain'}; } my $role = $r->dir_config('lonRole'); my $loadlim = $r->dir_config('lonLoadLim'); my $uloadlim= $r->dir_config('lonUserLoadLim'); my $servadm = $r->dir_config('lonAdmEMail'); my $tabdir = $r->dir_config('lonTabDir'); my $include = $r->dir_config('lonIncludes'); my $expire = $r->dir_config('lonExpire'); my $version = $r->dir_config('lonVersion'); my $host_name = &Apache::lonnet::hostname($lonhost); # --------------------------------------------- Default values for login fields my ($authusername,$authdomain); if ($sessiondata{'username'}) { $authusername=$sessiondata{'username'}; } else { $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'}); $authusername=($env{'form.username'}?$env{'form.username'}:''); } if ($sessiondata{'domain'}) { $authdomain=$sessiondata{'domain'}; } else { $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'}); $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain); } # ---------------------------------------------------------- Determine own load my $loadavg; { my $loadfile=Apache::File->new('/proc/loadavg'); $loadavg=<$loadfile>; } $loadavg =~ s/\s.*//g; my ($loadpercent,$userloadpercent); if ($loadlim) { $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); } if ($uloadlim) { $userloadpercent=&Apache::lonnet::userload(); } my $firsturl= ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'}); # ----------------------------------------------------------- Get announcements my $announcements=&Apache::lonnet::getannounce(); # -------------------------------------------------------- Set login parameters my @hexstr=('0','1','2','3','4','5','6','7', '8','9','a','b','c','d','e','f'); my $lkey=''; for (0..7) { $lkey.=$hexstr[rand(15)]; } my $ukey=''; for (0..7) { $ukey.=$hexstr[rand(15)]; } my $lextkey=hex($lkey); if ($lextkey>2147483647) { $lextkey-=4294967296; } my $uextkey=hex($ukey); if ($uextkey>2147483647) { $uextkey-=4294967296; } # -------------------------------------------------------- Store away log token my $tokenextras; if ($env{'form.role'}) { $tokenextras = '&role='.&escape($env{'form.role'}); } if ($env{'form.symb'}) { if (!$tokenextras) { $tokenextras = '&'; } $tokenextras .= '&symb='.&escape($env{'form.symb'}); } if ($env{'form.iptoken'}) { if (!$tokenextras) { $tokenextras = '&&'; } $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'}); } my $logtoken=Apache::lonnet::reply( 'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras, $lonhost); # -- If we cannot talk to ourselves, or hostID does not map to a hostname # we are in serious trouble if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { if ($logtoken eq 'no_such_host') { &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab'); } my $spares=''; my $last; foreach my $hostid (sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } keys(%Apache::lonnet::spareid)) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); next if (($last eq $hostname) || ($hostname eq '')); $spares.='
'. $hostname.''. ' '.&mt('(preferred)').''.$/; $last=$hostname; } if ($spares) { $spares.= '
'; } my %all_hostnames = &Apache::lonnet::all_hostnames(); foreach my $hostid (sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } keys(%all_hostnames)) { next if ($hostid eq $lonhost || $Apache::lonnet::spareid{$hostid}); my $hostname = &Apache::lonnet::hostname($hostid); next if (($last eq $hostname) || ($hostname eq '')); $spares.='
'. $hostname.''; $last=$hostname; } $r->print( '' .'' .&mt('The LearningOnline Network with CAPA') .'' .'' .'

'.&mt('The LearningOnline Network with CAPA').'

' .'' .'

'.&mt('This LON-CAPA server is temporarily not available for login.').'

'); if ($spares) { $r->print('

'.&mt('Please attempt to login to one of the following servers:') .'

' .$spares); } $r->print('' .'' ); return OK; } # ----------------------------------------------- Apparently we are in business $servadm=~s/\,/\
/g; # ----------------------------------------------------------- Front page design my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain); my $font=&Apache::loncommon::designparm('login.font',$domain); my $link=&Apache::loncommon::designparm('login.link',$domain); my $vlink=&Apache::loncommon::designparm('login.vlink',$domain); my $alink=&Apache::loncommon::designparm('login.alink',$domain); my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain); my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain); my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain); my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain); my $logo=&Apache::loncommon::designparm('login.logo',$domain); my $img=&Apache::loncommon::designparm('login.img',$domain); my $domainlogo=&Apache::loncommon::domainlogo($domain); my $showbanner = 1; my $showmainlogo = 1; if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) { $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain); } if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) { $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain); } my $showadminmail; my @possdoms = &Apache::lonnet::current_machine_domains(); if (grep(/^\Q$domain\E$/,@possdoms)) { $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain); } my $showcoursecat = &Apache::loncommon::designparm('login.coursecatalog',$domain); my $shownewuserlink = &Apache::loncommon::designparm('login.newuser',$domain); my $showhelpdesk = &Apache::loncommon::designparm('login.helpdesk',$domain); my $now=time; my $js = (< // ENDSCRIPT # --------------------------------------------------- Print login screen header my %add_entries = ( bgcolor => "$mainbg", text => "$font", link => "$link", vlink => "$vlink", alink => "$alink", onload => 'javascript:enableInput();',); my ($lonhost_in_use,$headextra,$headextra_exempt,@hosts,%defaultdomconf); @hosts = &Apache::lonnet::current_machine_ids(); $lonhost_in_use = $lonhost; if (@hosts > 1) { foreach my $hostid (@hosts) { if (&Apache::lonnet::host_domain($hostid) eq $defdom) { $lonhost_in_use = $hostid; last; } } } %defaultdomconf = &Apache::loncommon::get_domainconf($defdom); $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use}; $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use}; if ($headextra) { my $omitextra; if ($headextra_exempt ne '') { my @exempt = split(',',$headextra_exempt); my $ip = $ENV{'REMOTE_ADDR'}; if (grep(/^\Q$ip\E$/,@exempt)) { $omitextra = 1; } } unless ($omitextra) { my $confname = $defdom.'-domainconfig'; if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) { my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra)); unless ($extra eq '-1') { $js .= "\n".$extra."\n"; } } } } $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js, { 'redirect' => [$expire,'/adm/roles'], 'add_entries' => \%add_entries, 'only_body' => 1,})); # ----------------------------------------------------------------------- Texts my %lt=&Apache::lonlocal::texthash( 'un' => 'Username', 'pw' => 'Password', 'dom' => 'Domain', 'perc' => 'percent', 'load' => 'Server Load', 'userload' => 'User Load', 'catalog' => 'Course/Community Catalog', 'log' => 'Log in', 'help' => 'Log-in Help', 'serv' => 'Server', 'servadm' => 'Server Administration', 'helpdesk' => 'Contact Helpdesk', 'forgotpw' => 'Forgot password?', 'newuser' => 'New User?', ); # -------------------------------------------------- Change password field name my $forgotpw = &forgotpwdisplay(%lt); $forgotpw .= '
' if $forgotpw; my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain); if ($loginhelp) { $loginhelp = ''.$lt{'help'}.'
'; } # ---------------------------------------------------- Serve out DES JavaScript { my $jsh=Apache::File->new($include."/londes.js"); $r->print(<$jsh>); } # ---------------------------------------------------------- Serve rest of page $r->print( '
' ); $r->print(< ENDSERVERFORM my $coursecatalog; if (($showcoursecat eq '') || ($showcoursecat)) { $coursecatalog = &coursecatalog_link($lt{'catalog'}).'
'; } my $newuserlink; if ($shownewuserlink) { $newuserlink = &newuser_link($lt{'newuser'}).'
'; } my $logintitle = '

' .$lt{'log'} .'

'; my $noscript_warning=''; my $helpdeskscript; my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail, $authdomain,\$helpdeskscript, $showhelpdesk,\@possdoms); my $mobileargs; if ($clientmobile) { $mobileargs = 'autocapitalize="off" autocorrect="off"'; } my $loginform=(< :

:

:

LFORM if ($showbanner) { $r->print(<
The Learning Online Network with CAPA
HEADER } $r->print(<
$logintitle $loginform $noscript_warning
$loginhelp $forgotpw $contactblock $newuserlink $coursecatalog
ENDTOP if ($showmainlogo) { $r->print(' '."\n"); } $r->print(<
ENDTOP my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow); $domainrow = <<"END"; $lt{'dom'}:   $domain END $serverrow = <<"END"; $lt{'serv'}:   $lonhost ($role) END if ($loadlim) { $loadrow = <<"END"; $lt{'load'}:   $loadpercent $lt{'perc'} END } if ($uloadlim) { $userloadrow = <<"END"; $lt{'userload'}:   $userloadpercent $lt{'perc'} END } if (($version ne '') && ($version ne '')) { $versionrow = <<"END"; $version END } $r->print(< $domainrow $serverrow $loadrow $userloadrow $versionrow
$domainlogo

$helpdeskscript ENDDOCUMENT my %endargs = ( 'noredirectlink' => 1, ); $r->print(&Apache::loncommon::end_page(\%endargs)); return OK; } sub check_loginvia { my ($domain,$lonhost) = @_; if ($domain eq '' || $lonhost eq '') { return; } my %domconfhash = &Apache::loncommon::get_domainconf($domain); my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost}; my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost}; my $output; if ($loginvia ne '') { my $noredirect; my $ip = $ENV{'REMOTE_ADDR'}; if ($ip eq '127.0.0.1') { $noredirect = 1; } else { if ($loginvia_exempt ne '') { my @exempt = split(',',$loginvia_exempt); if (grep(/^\Q$ip\E$/,@exempt)) { $noredirect = 1; } } } unless ($noredirect) { my ($newhost,$path); if ($loginvia =~ /:/) { ($newhost,$path) = split(':',$loginvia); } else { $newhost = $loginvia; } if ($newhost ne $lonhost) { if (&Apache::lonnet::hostname($newhost) ne '') { $output = &redirect_page($newhost,$path); } } } } return $output; } sub redirect_page { my ($desthost,$path) = @_; my $protocol = $Apache::lonnet::protocol{$desthost}; $protocol = 'http' if ($protocol ne 'https'); unless ($path =~ m{^/}) { $path = '/'.$path; } my $url = $protocol.'://'.&Apache::lonnet::hostname($desthost).$path; if ($env{'form.firsturl'} ne '') { $url .='?firsturl='.$env{'form.firsturl'}; } my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$url],}); my $end_page = &Apache::loncommon::end_page(); return $start_page.$end_page; } sub contactdisplay { my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk, $possdoms) = @_; my $contactblock; my $origmail; if (ref($possdoms) eq 'ARRAY') { if (grep(/^\Q$authdomain\E$/,@{$possdoms})) { $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; } } my $requestmail = &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', $authdomain,$origmail); unless ($showhelpdesk eq '0') { if ($requestmail =~ m/[^\@]+\@[^\@]+/) { $showhelpdesk = 1; } else { $showhelpdesk = 0; } } if ($servadm && $showadminmail) { $contactblock .= $$lt{'servadm'}.':
'. ''.$servadm.'
'; } if ($showhelpdesk) { $contactblock .= ''.$lt->{'helpdesk'}.'
'; my $thisurl = &escape('/adm/login'); $$helpdeskscript = <<"ENDSCRIPT"; ENDSCRIPT } return $contactblock; } sub forgotpwdisplay { my (%lt) = @_; my $prompt_for_resetpw = 1; if ($prompt_for_resetpw) { return ''.$lt{'forgotpw'}.''; } return; } sub coursecatalog_link { my ($linkname) = @_; return <<"END"; $linkname END } sub newuser_link { my ($linkname) = @_; return ''.$linkname.''; } 1; __END__