# The LearningOnline Network # Login Screen # # $Id: lonlogin.pm,v 1.158.2.13.2.10 2023/07/05 17:03:27 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonlogin; use strict; use Apache::Constants qw(:common); use Apache::File (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonauth(); use Apache::lonlocal; use Apache::migrateuser(); use lib '/home/httpd/lib/perl/'; use LONCAPA qw(:DEFAULT :match); use URI::Escape; use HTML::Entities(); use CGI::Cookie(); sub handler { my $r = shift; &Apache::loncommon::get_unprocessed_cgi (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'}, $ENV{'REDIRECT_QUERY_STRING'}), ['interface','username','domain','firsturl','localpath','localres', 'token','role','symb','iptoken','btoken','ltoken','ttoken','linkkey', 'saml','sso','retry','display']); # -- check if they are a migrating user if (defined($env{'form.token'})) { return &Apache::migrateuser::handler($r); } my $lonhost = $r->dir_config('lonHostID'); if ($env{'form.ttoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.ttoken'}); &Apache::lonnet::tmpdel($env{'form.ttoken'}); if ($info{'origurl'}) { $env{'form.firsturl'} = $info{'origurl'}; } if ($info{'ltoken'}) { $env{'form.ltoken'} = $info{'ltoken'}; } elsif ($info{'linkprot'}) { $env{'form.linkprot'} = $info{'linkprot'}; foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { if ($info{$item} ne '') { $env{'form.'.$item} = $info{$item}; } } } elsif ($info{'linkkey'} ne '') { $env{'form.linkkey'} = $info{'linkkey'}; } } elsif (($env{'form.sso'}) || ($env{'form.retry'})) { my $infotoken; if ($env{'form.sso'}) { $infotoken = $env{'form.sso'}; } else { $infotoken = $env{'form.retry'}; } my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost); unless (($data=~/^error/) || ($data eq 'con_lost') || ($data eq 'no_such_host')) { my %info = &decode_token($data); foreach my $item (keys(%info)) { $env{'form.'.$item} = $info{$item}; } &Apache::lonnet::tmpdel($infotoken); } } else { if (!defined($env{'form.firsturl'})) { &Apache::lonacc::get_posted_cgi($r,['firsturl']); } if (!defined($env{'form.firsturl'})) { if ($ENV{'REDIRECT_URL'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) { $env{'form.firsturl'} = $ENV{'REDIRECT_URL'}; } } if (($env{'form.firsturl'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) && (!$env{'form.ltoken'}) && (!$env{'form.linkprot'}) && (!$env{'form.linkkey'})) { &Apache::lonacc::get_posted_cgi($r,['linkkey']); } if ($env{'form.firsturl'} eq '/adm/logout') { delete($env{'form.firsturl'}); } } # For "public user" - remove any exising "public" cookie, as user really wants to log-in my ($handle,$lonidsdir,$expirepub,$userdom); $lonidsdir=$r->dir_config('lonIDsDir'); unless ($r->header_only) { $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom); if ($handle ne '') { if ($handle=~/^publicuser\_/) { unlink($r->dir_config('lonIDsDir')."/$handle.id"); undef($handle); undef($userdom); $expirepub = 1; } } } &Apache::loncommon::no_cache($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); if ($expirepub) { my $c = new CGI::Cookie(-name => 'lonPubID', -value => '', -expires => '-10y',); $r->header_out('Set-cookie' => $c); } elsif (($handle eq '') && ($userdom ne '')) { my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); foreach my $name (keys(%cookies)) { next unless ($name =~ /^lon(|S|Link|Pub)ID$/); my $c = new CGI::Cookie(-name => $name, -value => '', -expires => '-10y',); $r->headers_out->add('Set-cookie' => $c); } } $r->send_http_header; return OK if $r->header_only; # Are we re-routing? my $londocroot = $r->dir_config('lonDocRoot'); if (-e "$londocroot/lon-status/reroute.txt") { &Apache::lonauth::reroute($r); return OK; } # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1); if ($found_server) { my $hostname = &Apache::lonnet::hostname($found_server); if ($hostname ne '') { my $protocol = $Apache::lonnet::protocol{$found_server}; $protocol = 'http' if ($protocol ne 'https'); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); } my %info = ( balcookie => $lonhost.':'.$balancer_cookie, ); if ($env{'form.role'}) { $info{'role'} = $env{'form.role'}; } if ($env{'form.symb'}) { $info{'symb'} = $env{'form.symb'}; } if (($env{'form.firsturl'} eq '/adm/email') && ($env{'form.display'} ne '')) { if ($env{'form.sso'}) { if ($env{'form.mailrecip'}) { $info{'display'} = &escape($env{'form.display'}); $info{'mailrecip'} = &escape($env{'form.mailrecip'}); } } else { if (($env{'form.username'}) && ($env{'form.domain'})) { $info{'display'} = &escape($env{'form.display'}); $info{'mailrecip'} = &escape($env{'form.username'}.':'.$env{'form.domain'}); } } } my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server); unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') || ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) { $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token; } if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { my %link_info; if ($env{'form.ltoken'}) { $link_info{'ltoken'} = $env{'form.ltoken'}; } elsif ($env{'form.linkprot'}) { $link_info{'linkprot'} = $env{'form.linkprot'}; foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { if ($env{'form.'.$item} ne '') { $link_info{$item} = $env{'form.'.$item}; } } } elsif ($env{'form.linkkey'} ne '') { $link_info{'linkkey'} = $env{'form.linkkey'}; } if (keys(%link_info)) { $link_info{'origurl'} = $env{'form.firsturl'}; my $token = &Apache::lonnet::tmpput(\%link_info,$found_server,'link'); unless (($token eq 'con_lost') || ($token eq 'refused') || ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { $dest .= (($dest=~/\?/)?'&':'?') . 'ttoken='.$token; } } } unless ($found_server eq $lonhost) { my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server); $hostname = $alias if ($alias ne ''); } my $url = $protocol.'://'.$hostname.$dest; my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$url],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # # Check if a LON-CAPA load balancer sent user here because user's browser sent # it a balancer cookie for an active session on this server. # my $balcookie; if ($env{'form.btoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.btoken'}); $balcookie = $info{'balcookie'}; &Apache::lonnet::tmpdel($env{'form.btoken'}); delete($env{'form.btoken'}); if (($env{'form.firsturl'} eq '/adm/email') && (exists($info{'display'})) && (exists($info{'mailrecip'}))) { $env{'form.display'} = &unescape($info{'display'}); $env{'form.mailrecip'} = &unescape($info{'mailrecip'}); } } # # If browser sent an old cookie for which the session file had been removed # check if configuration for user's domain has a portal URL set. If so # switch user's log-in to the portal. # if (($handle eq '') && ($userdom ne '')) { my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom); if ($domdefaults{'portal_def'} =~ /^https?\:/) { my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$domdefaults{'portal_def'}],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # -------------------------------- Prevent users from attempting to login twice if ($handle ne '') { &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); my $start_page = &Apache::loncommon::start_page('Already logged in'); my $end_page = &Apache::loncommon::end_page(); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); } if (($env{'form.ltoken'}) || ($env{'form.linkprot'})) { my ($linkprot,$linkprotuser,$linkprotexit,$linkprotpbid,$linkprotpburl); if ($env{'form.ltoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); $linkprot = $info{'linkprot'}; if ($info{'linkprotuser'} ne '') { $linkprotuser = $info{'linkprotuser'}; } if ($info{'linkprotexit'} ne '') { $linkprotexit = $info{'linkprotexit'}; } if ($info{'linkprotpbid'} ne '') { $linkprotpbid = $info{'linkprotpbid'}; } if ($info{'linkprotpburl'} ne '') { $linkprotpburl = $info{'linkprotpburl'}; } } else { $linkprot = $env{'form.linkprot'}; $linkprotuser = $env{'form.linkprotuser'}; $linkprotexit = $env{'form.linkprotexit'}; $linkprotpbid = $env{'form.linkprotpbid'}; $linkprotpburl = $env{'form.linkprotpburl'}; } if ($linkprot) { my ($linkprotector,$deeplink) = split(/:/,$linkprot,2); if (($deeplink =~ m{^/tiny/$match_domain/\w+$}) && ($linkprotuser ne '') && ($linkprotuser ne $env{'user.name'}.':'.$env{'user.domain'})) { my $ip = &Apache::lonnet::get_requestor_ip(); my %linkprotinfo = ( origurl => $deeplink, linkprot => $linkprot, linkprotuser => $linkprotuser, linkprotexit => $linkprotexit, linkprotpbid => $linkprotpbid, linkprotpburl => $linkprotpburl, ); if ($env{'form.ltoken'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'}); } &Apache::migrateuser::logout($r,$ip,$handle,undef,undef,\%linkprotinfo); return OK; } if ($env{'user.linkprotector'}) { my @protectors = split(/,/,$env{'user.linkprotector'}); unless (grep(/^\Q$linkprotector\E$/,@protectors)) { push(@protectors,$linkprotector); @protectors = sort { $a <=> $b } @protectors; &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)}); } } else { &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector }); } if ($env{'user.linkproturi'}) { my @proturis = split(/,/,$env{'user.linkproturi'}); unless (grep(/^\Q$deeplink\E$/,@proturis)) { push(@proturis,$deeplink); @proturis = sort @proturis; &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)}); } } else { &Apache::lonnet::appenv({'user.linkproturi' => $deeplink}); } } } elsif ($env{'form.linkkey'} ne '') { if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { my $linkkey = $env{'form.linkkey'}; if ($env{'user.deeplinkkey'}) { my @linkkeys = split(/,/,$env{'user.deeplinkkey'}); unless (grep(/^\Q$linkkey\E$/,@linkkeys)) { push(@linkkeys,$linkkey); &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))}); } } else { &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey}); } my $deeplink = $env{'form.firsturl'}; if ($env{'user.keyedlinkuri'}) { my @keyeduris = split(/,/,$env{'user.keyedlinkuri'}); unless (grep(/^\Q$deeplink\E$/,@keyeduris)) { push(@keyeduris,$deeplink); &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))}); } } else { &Apache::lonnet::appenv({'user.keyedlinkuri' => $deeplink}); } } } if ($env{'form.ltoken'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'}); } if (($env{'form.firsturl'} eq '/adm/email') && ($env{'form.display'})) { if ($env{'form.mailrecip'}) { if ($env{'form.mailrecip'} eq "$env{'user.name'}:$env{'user.domain'}") { $dest .= (($dest=~/\?/)?'&':'?') . 'display='.&escape($env{'form.display'}). '&mailrecip='.&escape($env{'form.mailrecip'}); } } elsif (($env{'form.username'} eq $env{'user.name'}) && ($env{'form.domain'} eq $env{'user.domain'})) { $dest .= (($dest=~/\?/)?'&':'?') . 'display='.&escape($env{'form.display'}). '&mailrecip='.&escape("$env{'user.name'}:$env{'form.domain'}"); } } $r->print( $start_page .'

'.&mt('You are already logged in!').'

' .'

'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', '','','','').'

' .$end_page ); return OK; } # ---------------------------------------------------- No valid token, continue # ---------------------------- Not possible to really login to domain "public" if ($env{'form.domain'} eq 'public') { $env{'form.domain'}=''; $env{'form.username'}=''; } # ------ Is this page requested because /adm/migrateuser detected an IP change? my %sessiondata; if ($env{'form.iptoken'}) { %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'}); unless ($sessiondata{'sessionserver'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'}); delete($env{'form.iptoken'}); } } # ----------------------------------------------------------- Process Interface $env{'form.interface'}=~s/\W//g; (undef,undef,undef,undef,undef,undef,my $clientmobile) = &Apache::loncommon::decode_user_agent($r); my $iconpath= &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL')); my $domain = &Apache::lonnet::default_login_domain(); my $defdom = $domain; if ($lonhost ne '') { unless ($sessiondata{'sessionserver'}) { my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie); if ($redirect) { $r->print($redirect); return OK; } } } if (($sessiondata{'domain'}) && (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) { $domain=$sessiondata{'domain'}; } elsif (($env{'form.domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$env{'form.domain'}; } my $role = $r->dir_config('lonRole'); my $loadlim = $r->dir_config('lonLoadLim'); my $uloadlim= $r->dir_config('lonUserLoadLim'); my $servadm = $r->dir_config('lonAdmEMail'); my $tabdir = $r->dir_config('lonTabDir'); my $include = $r->dir_config('lonIncludes'); my $expire = $r->dir_config('lonExpire'); my $version = $r->dir_config('lonVersion'); my $host_name = &Apache::lonnet::hostname($lonhost); # --------------------------------------------- Default values for login fields my ($authusername,$authdomain); if ($sessiondata{'username'}) { $authusername=$sessiondata{'username'}; } else { $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'}); $authusername=($env{'form.username'}?$env{'form.username'}:''); } if ($sessiondata{'domain'}) { $authdomain=$sessiondata{'domain'}; } else { $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'}); $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain); } # ---------------------------------------------------------- Determine own load my $loadavg; { my $loadfile=Apache::File->new('/proc/loadavg'); $loadavg=<$loadfile>; } $loadavg =~ s/\s.*//g; my ($loadpercent,$userloadpercent); if ($loadlim) { $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); } if ($uloadlim) { $userloadpercent=&Apache::lonnet::userload(); } my $firsturl= ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'}); # ----------------------------------------------------------- Get announcements my $announcements=&Apache::lonnet::getannounce(); # -------------------------------------------------------- Set login parameters my @hexstr=('0','1','2','3','4','5','6','7', '8','9','a','b','c','d','e','f'); my $lkey=''; for (0..7) { $lkey.=$hexstr[rand(15)]; } my $ukey=''; for (0..7) { $ukey.=$hexstr[rand(15)]; } my $lextkey=hex($lkey); if ($lextkey>2147483647) { $lextkey-=4294967296; } my $uextkey=hex($ukey); if ($uextkey>2147483647) { $uextkey-=4294967296; } # -------------------------------------------------------- Store away log token my ($tokenextras,$tokentype,$linkprot_for_login); my @names = ('role','symb','iptoken','ltoken','linkprotuser','linkprotexit', 'linkprot','linkkey','display','linkprotpbid','linkprotpburl'); foreach my $name (@names) { if ($env{'form.'.$name} ne '') { if ($name eq 'ltoken') { my %info = &Apache::lonnet::tmpget($env{'form.'.$name}); if ($info{'linkprot'}) { $linkprot_for_login = $info{'linkprot'}; $tokenextras .= '&linkprot='.&escape($info{'linkprot'}); foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { if ($info{$item}) { $tokenextras .= '&'.$item.'='.&escape($info{$item}); } } $tokentype = 'link'; last; } } elsif ($env{'form.display'} && ($env{'form.firsturl'} eq '/adm/email')) { if (($env{'form.mailrecip'}) || ($env{'form.username'} =~ /^$match_username$/) && ($env{'form.domain'} =~ /^$match_domain$/)) { $tokenextras .= '&'.$name.'='.&escape($env{'form.display'}); if ($env{'form.mailrecip'}) { $tokenextras .= '&mailrecip='.&escape($env{'form.mailrecip'}); } else { $tokenextras .= '&mailrecip='.&escape($env{'form.username'}.':'.$env{'form.domain'}); } } } else { $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name}); if (($name eq 'linkkey') || ($name eq 'linkprot')) { if ((($env{'form.retry'}) || ($env{'form.sso'})) && (!$env{'form.ltoken'}) && ($name eq 'linkprot')) { $linkprot_for_login = $env{'form.linkprot'}; } $tokentype = 'link'; } } } } if ($tokentype) { $tokenextras .= ":$tokentype"; } my $logtoken=Apache::lonnet::reply( 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras, $lonhost); # -- If we cannot talk to ourselves, or hostID does not map to a hostname # we are in serious trouble if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { if ($logtoken eq 'no_such_host') { &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab'); } if ($env{'form.ltoken'}) { &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } my $spares=''; my (@sparehosts,%spareservers); my $sparesref = &Apache::lonnet::this_host_spares($defdom); if (ref($sparesref) eq 'HASH') { foreach my $key (keys(%{$sparesref})) { if (ref($sparesref->{$key}) eq 'ARRAY') { my @sorted = sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } @{$sparesref->{$key}}; if (@sorted) { if ($key eq 'primary') { unshift(@sparehosts,@sorted); } elsif ($key eq 'default') { push(@sparehosts,@sorted); } } } } } foreach my $hostid (@sparehosts) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); next if (($hostname eq '') || ($spareservers{$hostname})); $spareservers{$hostname} = 1; my $protocol = $Apache::lonnet::protocol{$hostid}; $protocol = 'http' if ($protocol ne 'https'); $spares.='
'. $hostname.''. ' '.&mt('(preferred)').''.$/; } if ($spares) { $spares.= '
'; } my %all_hostnames = &Apache::lonnet::all_hostnames(); foreach my $hostid (sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } keys(%all_hostnames)) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); next if (($hostname eq '') || ($spareservers{$hostname})); $spareservers{$hostname} = 1; my $protocol = $Apache::lonnet::protocol{$hostid}; $protocol = 'http' if ($protocol ne 'https'); $spares.='
'. $hostname.''; } $r->print( '' .'' .'' .&mt('The LearningOnline Network with CAPA') .'' .'' .'

'.&mt('The LearningOnline Network with CAPA').'

' .'broken icon' .'

'.&mt('This LON-CAPA server is temporarily not available for login.').'

'); if ($spares) { $r->print('

'.&mt('Please attempt to login to one of the following servers:') .'

' .$spares); } $r->print('' .'' ); return OK; } # ----------------------------------------------- Apparently we are in business $servadm=~s/\,/\
/g; # ----------------------------------------------------------- Front page design my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain); my $font=&Apache::loncommon::designparm('login.font',$domain); my $link=&Apache::loncommon::designparm('login.link',$domain); my $vlink=&Apache::loncommon::designparm('login.vlink',$domain); my $alink=&Apache::loncommon::designparm('login.alink',$domain); my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain); my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain); my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain); my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain); my $logo=&Apache::loncommon::designparm('login.logo',$domain); my $img=&Apache::loncommon::designparm('login.img',$domain); my $domainlogo=&Apache::loncommon::domainlogo($domain); my $showbanner = 1; my $showmainlogo = 1; if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) { $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain); } if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) { $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain); } my $showadminmail; my @possdoms = &Apache::lonnet::current_machine_domains(); if (grep(/^\Q$domain\E$/,@possdoms)) { $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain); } my $showcoursecat = &Apache::loncommon::designparm('login.coursecatalog',$domain); my $shownewuserlink = &Apache::loncommon::designparm('login.newuser',$domain); my $showhelpdesk = &Apache::loncommon::designparm('login.helpdesk',$domain); my $now=time; my $js = (< // ENDSCRIPT my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing, $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip, $samlwindow); %defaultdomconf = &Apache::loncommon::get_domainconf($defdom); @hosts = &Apache::lonnet::current_machine_ids(); $lonhost_in_use = $lonhost; if (@hosts > 1) { foreach my $hostid (@hosts) { if (&Apache::lonnet::host_domain($hostid) eq $defdom) { $lonhost_in_use = $hostid; last; } } } $saml_prefix = $defdom.'.login.saml_'; if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) { $saml_landing = 1; $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use}; $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use}; $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use}; $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use}; $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use}; $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use}; $samlwindow = $defaultdomconf{$saml_prefix.'window_'.$lonhost_in_use}; } if ($saml_landing) { if ($samlssotext eq '') { $samlssotext = 'SSO Login'; } if ($samlnonsso eq '') { $samlnonsso = 'Non-SSO Login'; } $js .= <<"ENDSAMLJS"; ENDSAMLJS } # --------------------------------------------------- Print login screen header my %add_entries = ( bgcolor => "$mainbg", text => "$font", link => "$link", vlink => "$vlink", alink => "$alink", onload => 'javascript:enableInput();',); my ($headextra,$headextra_exempt); $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use}; $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use}; if ($headextra) { my $omitextra; if ($headextra_exempt ne '') { my @exempt = split(',',$headextra_exempt); my $ip = &Apache::lonnet::get_requestor_ip(); if (grep(/^\Q$ip\E$/,@exempt)) { $omitextra = 1; } } unless ($omitextra) { my $confname = $defdom.'-domainconfig'; if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) { my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra)); unless ($extra eq '-1') { $js .= "\n".$extra."\n"; } } } } $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js, { 'redirect' => [$expire,'/adm/roles'], 'add_entries' => \%add_entries, 'only_body' => 1,})); # ----------------------------------------------------------------------- Texts my %lt=&Apache::lonlocal::texthash( 'un' => 'Username', 'pw' => 'Password', 'dom' => 'Domain', 'perc' => 'percent', 'load' => 'Server Load', 'userload' => 'User Load', 'catalog' => 'Course/Community Catalog', 'log' => 'Log in', 'help' => 'Log-in Help', 'serv' => 'Server', 'servadm' => 'Server Administration', 'helpdesk' => 'Contact Helpdesk', 'forgotpw' => 'Forgot password?', 'newuser' => 'New User?', 'change' => 'Change?', ); # -------------------------------------------------- Change password field name my $forgotpw = &forgotpwdisplay(%lt); $forgotpw .= '
' if $forgotpw; my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain); if ($loginhelp) { $loginhelp = ''.$lt{'help'}.'
'; } # ---------------------------------------------------- Serve out DES JavaScript { my $jsh=Apache::File->new($include."/londes.js"); $r->print(<$jsh>); } # ---------------------------------------------------------- Serve rest of page $r->print( '
' ); $r->print(< ENDSERVERFORM my $coursecatalog; if (($showcoursecat eq '') || ($showcoursecat)) { $coursecatalog = &coursecatalog_link($lt{'catalog'}).'
'; } my $newuserlink; if ($shownewuserlink) { $newuserlink = &newuser_link($lt{'newuser'}).'
'; } my $logintitle = '

' .$lt{'log'} .'

'; my $noscript_warning=''; my $helpdeskscript; my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail, $authdomain,\$helpdeskscript, $showhelpdesk,\@possdoms); my $mobileargs; if ($clientmobile) { $mobileargs = 'autocapitalize="off" autocorrect="off"'; } my $loginform=(< :

:

:

LFORM if ($showbanner) { my $alttext = &Apache::loncommon::designparm('login.alttext_img',$domain); if ($alttext eq '') { $alttext = 'The Learning Online Network with CAPA'; } $r->print(<
$alttext
HEADER } my $stdauthformstyle = 'inline-block'; my $ssoauthstyle = 'none'; my $sso_onclick; my $logintype; $r->print('
'); if ($saml_landing) { $ssoauthstyle = 'inline-block'; $stdauthformstyle = 'none'; $logintype = $samlssotext; my $ssologin = '/adm/sso'; if ($samlssourl ne '') { $ssologin = $samlssourl; } my $ssologin_for_js = &js_escape($ssologin); my $querystr_for_js; if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { my $querystring; if ($env{'form.firsturl'} ne '') { $querystring = 'origurl='; if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) { $querystring .= &uri_escape_utf8($env{'form.firsturl'}); } else { $querystring .= &uri_escape($env{'form.firsturl'}); } $querystring = &HTML::Entities::encode($querystring,"'"); } if ($env{'form.ltoken'} ne '') { $querystring .= (($querystring eq '')?'':'&') . 'ltoken='. &HTML::Entities::encode(&uri_escape($env{'form.ltoken'})); } elsif ($env{'form.linkkey'}) { $querystring .= (($querystring eq '')?'':'&') . 'linkkey='. &HTML::Entities::encode(&uri_escape($env{'form.linkkey'})); } if ($querystring ne '') { $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring; $querystr_for_js = &js_escape($querystring); } } elsif ($logtoken ne '') { $ssologin .= (($ssologin=~/\?/)?'&':'?') . 'logtoken='.$logtoken; $querystr_for_js = &js_escape('logtoken='.$logtoken); } my $ssohref; if ($samlwindow) { $sso_onclick = <<"ENDJS"; if (document.getElementById('LC_sso_login_link')) { var ssoelem = document.getElementById('LC_sso_login_link') ssoelem.addEventListener('click',samlWinFunction,false); var windows = {}; function samlWinFunction(evt) { evt.preventDefault(); var url = '$ssologin_for_js'; var name = 'lcssowin'; var querystr = '$querystr_for_js'; if (querystr) { url += '?'+querystr+'&lcssowin=1'; } else { url += '?lcssowin=1'; } if ((typeof windows[name] !== 'undefined') && (!windows[name].closed)) { windows[name].close(); } windows[name]=window.open(url,name,'width=350,height=600'); windows[name].focus(); return false; } } ENDJS } if ($samlssoimg ne '') { $ssohref = ''. ''.$samlssoalt.''; } else { $ssohref = ''.$samlssotext.''; } if (($env{'form.saml'} eq 'no') || (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) { $ssoauthstyle = 'none'; $stdauthformstyle = 'inline-block'; $logintype = $samlnonsso; } $r->print(< Log-in type: $logintype
$lt{'change'}

$ssohref $noscript_warning
$loginhelp $contactblock $coursecatalog
ENDSAML } else { if ($env{'form.ltoken'}) { &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } } my $in_frame_js; if ($linkprot_for_login) { my ($linkprotector,$linkproturi) = split(/:/,$linkprot_for_login,2); if (($linkprotector =~ /^\d+(c|d)$/) && ($linkproturi =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$})) { my $set_target; if (($env{'form.retry'}) || ($env{'form.sso'})) { if ($linkproturi eq $env{'form.firsturl'}) { $set_target = " document.server.target = '_self';"; } } else { $set_target = < // ENDJS } } elsif ($samlwindow) { $in_frame_js = < // ENDJS } $r->print(<
$logintitle $loginform $noscript_warning
$loginhelp $forgotpw $contactblock $newuserlink $coursecatalog
ENDLOGIN $r->print('
'."\n"); if ($showmainlogo) { my $alttext = &Apache::loncommon::designparm('login.alttext_logo',$domain); $r->print(' '."\n"); } $r->print(<
ENDTOP my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow); $domainrow = <<"END"; $lt{'dom'}:   $domain END $serverrow = <<"END"; $lt{'serv'}:   $lonhost ($role) END if ($loadlim) { $loadrow = <<"END"; $lt{'load'}:   $loadpercent $lt{'perc'} END } if ($uloadlim) { $userloadrow = <<"END"; $lt{'userload'}:   $userloadpercent $lt{'perc'} END } if (($version ne '') && ($version ne '')) { $versionrow = <<"END"; $version END } $r->print(< $domainrow $serverrow $loadrow $userloadrow $versionrow
$domainlogo

$in_frame_js $helpdeskscript ENDDOCUMENT my %endargs = ( 'noredirectlink' => 1, ); $r->print(&Apache::loncommon::end_page(\%endargs)); return OK; } sub check_loginvia { my ($domain,$lonhost,$lonidsdir,$balcookie) = @_; if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') { return; } my %domconfhash = &Apache::loncommon::get_domainconf($domain); my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost}; my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost}; my $output; if ($loginvia ne '') { my $noredirect; my $ip = &Apache::lonnet::get_requestor_ip(); if ($ip eq '127.0.0.1') { $noredirect = 1; } else { if ($loginvia_exempt ne '') { my @exempt = split(',',$loginvia_exempt); if (grep(/^\Q$ip\E$/,@exempt)) { $noredirect = 1; } } } unless ($noredirect) { my ($newhost,$path); if ($loginvia =~ /:/) { ($newhost,$path) = split(':',$loginvia); } else { $newhost = $loginvia; } if ($newhost ne $lonhost) { if (&Apache::lonnet::hostname($newhost) ne '') { if ($balcookie) { my ($balancer,$cookie) = split(/:/,$balcookie); if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) { my ($udom,$uname,$cookieid) = ($1,$2,$3); unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') { if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) { while (my $filename=readdir($dh)) { if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) { my $handle = $1; my %hash = &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir, ['request.balancercookie', 'user.linkedenv']); if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") { if (unlink("$lonidsdir/$filename")) { if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) && (-l "$lonidsdir/$hash{'user.linkedenv'}.id") && (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) { unlink("$lonidsdir/$hash{'user.linkedenv'}.id"); } } } last; } } closedir($dh); } } } } $output = &redirect_page($newhost,$path); } } } } return $output; } sub redirect_page { my ($desthost,$path) = @_; my $hostname = &Apache::lonnet::hostname($desthost); my $protocol = $Apache::lonnet::protocol{$desthost}; $protocol = 'http' if ($protocol ne 'https'); unless ($path =~ m{^/}) { $path = '/'.$path; } my $url = $protocol.'://'.$hostname.$path; my $args = {}; if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { $url = $protocol.'://'.$hostname.$env{'form.firsturl'}; if (($env{'form.ltoken'}) || ($env{'form.linkprot'} ne '') || ($env{'form.linkkey'} ne '')) { my %link_info; if ($env{'form.ltoken'}) { %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'}); &Apache::lonnet::tmpdel($env{'form.ltoken'}); $args->{'only_body'} = 1; } elsif ($env{'form.linkprot'}) { $link_info{'linkprot'} = $env{'form.linkprot'}; foreach my $item ('linkprotuser','linkprotexit','linkprotpbid','linkprotpburl') { if ($env{'form.'.$item}) { $link_info{$item} = $env{'form.'.$item}; } } $args->{'only_body'} = 1; } elsif ($env{'form.linkkey'} ne '') { $link_info{'linkkey'} = $env{'form.linkkey'}; } my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link'); unless (($token eq 'con_lost') || ($token eq 'refused') || ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { $url .= '?ltoken='.$token; } } } else { my $querystring; if ($env{'form.firsturl'} ne '') { if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) { $querystring = &uri_escape_utf8($env{'form.firsturl'}); } else { $querystring = &uri_escape($env{'form.firsturl'}); } $querystring = &HTML::Entities::encode($querystring,"'"); $querystring = '?firsturl='.$querystring; } if ($env{'form.ltoken'}) { my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'}); &Apache::lonnet::tmpdel($env{'form.ltoken'}); my $token = &Apache::lonnet::tmpput(\%link_info,$desthost,'link'); unless (($token eq 'con_lost') || ($token eq 'refused') || ($token =~ /^error:/) || ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { unless (($path eq '/adm/roles') || ($path eq '/adm/login')) { $url = $protocol.'://'.$hostname.'/adm/roles'; } $querystring .= (($querystring =~/^\?/)?'&':'?') . 'ttoken='.$token; } } $url .= $querystring; } $args->{'redirect'} = [0,$url]; my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,$args); my $end_page = &Apache::loncommon::end_page(); return $start_page.$end_page; } sub contactdisplay { my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk, $possdoms) = @_; my $contactblock; my $origmail; if (ref($possdoms) eq 'ARRAY') { if (grep(/^\Q$authdomain\E$/,@{$possdoms})) { $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'}; } } my $requestmail = &Apache::loncommon::build_recipient_list(undef,'helpdeskmail', $authdomain,$origmail); unless ($showhelpdesk eq '0') { if ($requestmail =~ m/[^\@]+\@[^\@]+/) { $showhelpdesk = 1; } else { $showhelpdesk = 0; } } if ($servadm && $showadminmail) { $contactblock .= $$lt{'servadm'}.':
'. ''.$servadm.'
'; } if ($showhelpdesk) { $contactblock .= ''.$lt->{'helpdesk'}.'
'; my $thisurl = &escape('/adm/login'); $$helpdeskscript = <<"ENDSCRIPT"; ENDSCRIPT } return $contactblock; } sub forgotpwdisplay { my (%lt) = @_; my $prompt_for_resetpw = 1; if ($prompt_for_resetpw) { return ''.$lt{'forgotpw'}.''; } return; } sub coursecatalog_link { my ($linkname) = @_; return <<"END"; $linkname END } sub newuser_link { my ($linkname) = @_; return ''.$linkname.''; } sub decode_token { my ($info) = @_; my ($firsturl,@rest)=split(/\&/,$info); my %form; if ($firsturl ne '') { $form{'firsturl'} = &unescape($firsturl); } foreach my $item (@rest) { my ($key,$value) = split(/=/,$item); $form{$key} = &unescape($value); } return %form; } 1; __END__