File:
[LON-CAPA] /
loncom /
auth /
lonlogin.pm
Revision
1.158.2.13:
download - view:
text,
annotated -
select for diffs
Sun Dec 12 11:47:03 2021 UTC (2 years, 9 months ago) by
raeburn
Branches:
version_2_11_X
CVS tags:
version_2_11_4_msu
Diff to branchpoint 1.158:
preferred,
unified
- For 2.11
Backport 1.183, 1.184, 1.185, 1.186, 1.187 (part), 1.188, 1.189, 1.190,
1.191, 1.192 (part), 1.193
1: # The LearningOnline Network
2: # Login Screen
3: #
4: # $Id: lonlogin.pm,v 1.158.2.13 2021/12/12 11:47:03 raeburn Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package Apache::lonlogin;
30:
31: use strict;
32: use Apache::Constants qw(:common);
33: use Apache::File ();
34: use Apache::lonnet;
35: use Apache::loncommon();
36: use Apache::lonauth();
37: use Apache::lonlocal;
38: use Apache::migrateuser();
39: use lib '/home/httpd/lib/perl/';
40: use LONCAPA qw(:DEFAULT :match);
41: use URI::Escape;
42: use HTML::Entities();
43: use CGI::Cookie();
44:
45: sub handler {
46: my $r = shift;
47:
48: &Apache::loncommon::get_unprocessed_cgi
49: (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
50: $ENV{'REDIRECT_QUERY_STRING'}),
51: ['interface','username','domain','firsturl','localpath','localres',
52: 'token','role','symb','iptoken','btoken','saml','sso','retry']);
53:
54: # -- check if they are a migrating user
55: if (defined($env{'form.token'})) {
56: return &Apache::migrateuser::handler($r);
57: }
58:
59: my $lonhost = $r->dir_config('lonHostID');
60: if (($env{'form.sso'}) || ($env{'form.retry'})) {
61: my $infotoken;
62: if ($env{'form.sso'}) {
63: $infotoken = $env{'form.sso'};
64: } else {
65: $infotoken = $env{'form.retry'};
66: }
67: my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost);
68: unless (($data=~/^error/) || ($data eq 'con_lost') ||
69: ($data eq 'no_such_host')) {
70: my %info = &decode_token($data);
71: foreach my $item (keys(%info)) {
72: $env{'form.'.$item} = $info{$item};
73: }
74: &Apache::lonnet::tmpdel($infotoken);
75: }
76: } else {
77: if (!defined($env{'form.firsturl'})) {
78: &Apache::lonacc::get_posted_cgi($r,['firsturl']);
79: }
80: if ($env{'form.firsturl'} eq '/adm/logout') {
81: delete($env{'form.firsturl'});
82: }
83: }
84:
85: # For "public user" - remove any exising "public" cookie, as user really wants to log-in
86: my ($handle,$lonidsdir,$expirepub,$userdom);
87: $lonidsdir=$r->dir_config('lonIDsDir');
88: unless ($r->header_only) {
89: $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom);
90: if ($handle ne '') {
91: if ($handle=~/^publicuser\_/) {
92: unlink($r->dir_config('lonIDsDir')."/$handle.id");
93: undef($handle);
94: undef($userdom);
95: $expirepub = 1;
96: }
97: }
98: }
99:
100: &Apache::loncommon::no_cache($r);
101: &Apache::lonlocal::get_language_handle($r);
102: &Apache::loncommon::content_type($r,'text/html');
103: if ($expirepub) {
104: my $c = new CGI::Cookie(-name => 'lonPubID',
105: -value => '',
106: -expires => '-10y',);
107: $r->header_out('Set-cookie' => $c);
108: } elsif (($handle eq '') && ($userdom ne '')) {
109: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
110: foreach my $name (keys(%cookies)) {
111: next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
112: my $c = new CGI::Cookie(-name => $name,
113: -value => '',
114: -expires => '-10y',);
115: $r->headers_out->add('Set-cookie' => $c);
116: }
117: }
118: $r->send_http_header;
119: return OK if $r->header_only;
120:
121:
122: # Are we re-routing?
123: my $londocroot = $r->dir_config('lonDocRoot');
124: if (-e "$londocroot/lon-status/reroute.txt") {
125: &Apache::lonauth::reroute($r);
126: return OK;
127: }
128:
129: # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
130:
131: my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1);
132: if ($found_server) {
133: my $hostname = &Apache::lonnet::hostname($found_server);
134: if ($hostname ne '') {
135: my $protocol = $Apache::lonnet::protocol{$found_server};
136: $protocol = 'http' if ($protocol ne 'https');
137: my $dest = '/adm/roles';
138: if ($env{'form.firsturl'} ne '') {
139: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
140: }
141: my %info = (
142: balcookie => $lonhost.':'.$balancer_cookie,
143: );
144: if ($env{'form.role'}) {
145: $info{'role'} = $env{'form.role'};
146: }
147: if ($env{'form.symb'}) {
148: $info{'symb'} = $env{'form.symb'};
149: }
150: my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
151: unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') ||
152: ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) {
153: $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token;
154: }
155: unless ($found_server eq $lonhost) {
156: my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server);
157: $hostname = $alias if ($alias ne '');
158: }
159: my $url = $protocol.'://'.$hostname.$dest;
160: my $start_page =
161: &Apache::loncommon::start_page('Switching Server ...',undef,
162: {'redirect' => [0,$url],});
163: my $end_page = &Apache::loncommon::end_page();
164: $r->print($start_page.$end_page);
165: return OK;
166: }
167: }
168:
169: #
170: # Check if a LON-CAPA load balancer sent user here because user's browser sent
171: # it a balancer cookie for an active session on this server.
172: #
173:
174: my $balcookie;
175: if ($env{'form.btoken'}) {
176: my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
177: $balcookie = $info{'balcookie'};
178: &Apache::lonnet::tmpdel($env{'form.btoken'});
179: delete($env{'form.btoken'});
180: }
181:
182: #
183: # If browser sent an old cookie for which the session file had been removed
184: # check if configuration for user's domain has a portal URL set. If so
185: # switch user's log-in to the portal.
186: #
187:
188: if (($handle eq '') && ($userdom ne '')) {
189: my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom);
190: if ($domdefaults{'portal_def'} =~ /^https?\:/) {
191: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
192: {'redirect' => [0,$domdefaults{'portal_def'}],});
193: my $end_page = &Apache::loncommon::end_page();
194: $r->print($start_page.$end_page);
195: return OK;
196: }
197: }
198:
199: # -------------------------------- Prevent users from attempting to login twice
200: if ($handle ne '') {
201: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
202: my $start_page =
203: &Apache::loncommon::start_page('Already logged in');
204: my $end_page =
205: &Apache::loncommon::end_page();
206: my $dest = '/adm/roles';
207: if ($env{'form.firsturl'} ne '') {
208: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
209: }
210: $r->print(
211: $start_page
212: .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
213: .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
214: '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
215: .$end_page
216: );
217: return OK;
218: }
219:
220: # ---------------------------------------------------- No valid token, continue
221:
222: # ---------------------------- Not possible to really login to domain "public"
223: if ($env{'form.domain'} eq 'public') {
224: $env{'form.domain'}='';
225: $env{'form.username'}='';
226: }
227:
228: # ------ Is this page requested because /adm/migrateuser detected an IP change?
229: my %sessiondata;
230: if ($env{'form.iptoken'}) {
231: %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
232: unless ($sessiondata{'sessionserver'}) {
233: my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
234: delete($env{'form.iptoken'});
235: }
236: }
237: # ----------------------------------------------------------- Process Interface
238: $env{'form.interface'}=~s/\W//g;
239:
240: (undef,undef,undef,undef,undef,undef,my $clientmobile) =
241: &Apache::loncommon::decode_user_agent($r);
242:
243: my $iconpath=
244: &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL'));
245:
246: my $domain = &Apache::lonnet::default_login_domain();
247: my $defdom = $domain;
248: if ($lonhost ne '') {
249: unless ($sessiondata{'sessionserver'}) {
250: my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie);
251: if ($redirect) {
252: $r->print($redirect);
253: return OK;
254: }
255: }
256: }
257:
258: if (($sessiondata{'domain'}) &&
259: (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) {
260: $domain=$sessiondata{'domain'};
261: } elsif (($env{'form.domain'}) &&
262: (&Apache::lonnet::domain($env{'form.domain'},'description'))) {
263: $domain=$env{'form.domain'};
264: }
265:
266: my $role = $r->dir_config('lonRole');
267: my $loadlim = $r->dir_config('lonLoadLim');
268: my $uloadlim= $r->dir_config('lonUserLoadLim');
269: my $servadm = $r->dir_config('lonAdmEMail');
270: my $tabdir = $r->dir_config('lonTabDir');
271: my $include = $r->dir_config('lonIncludes');
272: my $expire = $r->dir_config('lonExpire');
273: my $version = $r->dir_config('lonVersion');
274: my $host_name = &Apache::lonnet::hostname($lonhost);
275:
276: # --------------------------------------------- Default values for login fields
277:
278: my ($authusername,$authdomain);
279: if ($sessiondata{'username'}) {
280: $authusername=$sessiondata{'username'};
281: } else {
282: $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'});
283: $authusername=($env{'form.username'}?$env{'form.username'}:'');
284: }
285: if ($sessiondata{'domain'}) {
286: $authdomain=$sessiondata{'domain'};
287: } else {
288: $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'});
289: $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
290: }
291:
292: # ---------------------------------------------------------- Determine own load
293: my $loadavg;
294: {
295: my $loadfile=Apache::File->new('/proc/loadavg');
296: $loadavg=<$loadfile>;
297: }
298: $loadavg =~ s/\s.*//g;
299:
300: my ($loadpercent,$userloadpercent);
301: if ($loadlim) {
302: $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim);
303: }
304: if ($uloadlim) {
305: $userloadpercent=&Apache::lonnet::userload();
306: }
307:
308: my $firsturl=
309: ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'});
310:
311: # ----------------------------------------------------------- Get announcements
312: my $announcements=&Apache::lonnet::getannounce();
313: # -------------------------------------------------------- Set login parameters
314:
315: my @hexstr=('0','1','2','3','4','5','6','7',
316: '8','9','a','b','c','d','e','f');
317: my $lkey='';
318: for (0..7) {
319: $lkey.=$hexstr[rand(15)];
320: }
321:
322: my $ukey='';
323: for (0..7) {
324: $ukey.=$hexstr[rand(15)];
325: }
326:
327: my $lextkey=hex($lkey);
328: if ($lextkey>2147483647) { $lextkey-=4294967296; }
329:
330: my $uextkey=hex($ukey);
331: if ($uextkey>2147483647) { $uextkey-=4294967296; }
332:
333: # -------------------------------------------------------- Store away log token
334: my $tokenextras;
335: my @names = ('role','symb','iptoken');
336: foreach my $name (@names) {
337: if ($env{'form.'.$name} ne '') {
338: $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
339: }
340: }
341: my $logtoken=Apache::lonnet::reply(
342: 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras,
343: $lonhost);
344:
345: # -- If we cannot talk to ourselves, or hostID does not map to a hostname
346: # we are in serious trouble
347:
348: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
349: if ($logtoken eq 'no_such_host') {
350: &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab');
351: }
352: my $spares='';
353: my (@sparehosts,%spareservers);
354: my $sparesref = &Apache::lonnet::this_host_spares($defdom);
355: if (ref($sparesref) eq 'HASH') {
356: foreach my $key (keys(%{$sparesref})) {
357: if (ref($sparesref->{$key}) eq 'ARRAY') {
358: my @sorted = sort { &Apache::lonnet::hostname($a) cmp
359: &Apache::lonnet::hostname($b);
360: } @{$sparesref->{$key}};
361: if (@sorted) {
362: if ($key eq 'primary') {
363: unshift(@sparehosts,@sorted);
364: } elsif ($key eq 'default') {
365: push(@sparehosts,@sorted);
366: }
367: }
368: }
369: }
370: }
371: foreach my $hostid (@sparehosts) {
372: next if ($hostid eq $lonhost);
373: my $hostname = &Apache::lonnet::hostname($hostid);
374: next if (($hostname eq '') || ($spareservers{$hostname}));
375: $spareservers{$hostname} = 1;
376: my $protocol = $Apache::lonnet::protocol{$hostid};
377: $protocol = 'http' if ($protocol ne 'https');
378: $spares.='<br /><span style="font-size: larger;"><a href="'.$protocol.'://'.
379: $hostname.
380: '/adm/login?domain='.$authdomain.'">'.
381: $hostname.'</a>'.
382: ' '.&mt('(preferred)').'</span>'.$/;
383: }
384: if ($spares) {
385: $spares.= '<br />';
386: }
387: my %all_hostnames = &Apache::lonnet::all_hostnames();
388: foreach my $hostid (sort
389: {
390: &Apache::lonnet::hostname($a) cmp
391: &Apache::lonnet::hostname($b);
392: }
393: keys(%all_hostnames)) {
394: next if ($hostid eq $lonhost);
395: my $hostname = &Apache::lonnet::hostname($hostid);
396: next if (($hostname eq '') || ($spareservers{$hostname}));
397: $spareservers{$hostname} = 1;
398: my $protocol = $Apache::lonnet::protocol{$hostid};
399: $protocol = 'http' if ($protocol ne 'https');
400: $spares.='<br /><a href="'.$protocol.'://'.
401: $hostname.
402: '/adm/login?domain='.$authdomain.'">'.
403: $hostname.'</a>';
404: }
405: $r->print(
406: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
407: .'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'
408: .'<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>'
409: .&mt('The LearningOnline Network with CAPA')
410: .'</title></head>'
411: .'<body bgcolor="#FFFFFF">'
412: .'<h1>'.&mt('The LearningOnline Network with CAPA').'</h1>'
413: .'<img src="/adm/lonKaputt/lonlogo_broken.gif" alt="broken icon" align="right" />'
414: .'<h3>'.&mt('This LON-CAPA server is temporarily not available for login.').'</h3>');
415: if ($spares) {
416: $r->print('<p>'.&mt('Please attempt to login to one of the following servers:')
417: .'</p>'
418: .$spares);
419: }
420: $r->print('</body>'
421: .'</html>'
422: );
423: return OK;
424: }
425:
426: # ----------------------------------------------- Apparently we are in business
427: $servadm=~s/\,/\<br \/\>/g;
428:
429: # ----------------------------------------------------------- Front page design
430: my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain);
431: my $font=&Apache::loncommon::designparm('login.font',$domain);
432: my $link=&Apache::loncommon::designparm('login.link',$domain);
433: my $vlink=&Apache::loncommon::designparm('login.vlink',$domain);
434: my $alink=&Apache::loncommon::designparm('login.alink',$domain);
435: my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain);
436: my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain);
437: my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain);
438: my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain);
439: my $logo=&Apache::loncommon::designparm('login.logo',$domain);
440: my $img=&Apache::loncommon::designparm('login.img',$domain);
441: my $domainlogo=&Apache::loncommon::domainlogo($domain);
442: my $showbanner = 1;
443: my $showmainlogo = 1;
444: if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) {
445: $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain);
446: }
447: if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) {
448: $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain);
449: }
450: my $showadminmail;
451: my @possdoms = &Apache::lonnet::current_machine_domains();
452: if (grep(/^\Q$domain\E$/,@possdoms)) {
453: $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
454: }
455: my $showcoursecat =
456: &Apache::loncommon::designparm('login.coursecatalog',$domain);
457: my $shownewuserlink =
458: &Apache::loncommon::designparm('login.newuser',$domain);
459: my $showhelpdesk =
460: &Apache::loncommon::designparm('login.helpdesk',$domain);
461: my $now=time;
462: my $js = (<<ENDSCRIPT);
463:
464: <script type="text/javascript" language="JavaScript">
465: // <![CDATA[
466: function send()
467: {
468: this.document.server.elements.uname.value
469: =this.document.client.elements.uname.value;
470:
471: this.document.server.elements.udom.value
472: =this.document.client.elements.udom.value;
473:
474: uextkey=this.document.client.elements.uextkey.value;
475: lextkey=this.document.client.elements.lextkey.value;
476: initkeys();
477:
478: this.document.server.elements.upass0.value
479: =getCrypted(this.document.client.elements.upass$now.value);
480:
481: this.document.client.elements.uname.value='';
482: this.document.client.elements.upass$now.value='';
483:
484: this.document.server.submit();
485: return false;
486: }
487:
488: function enableInput() {
489: this.document.client.elements.upass$now.removeAttribute("readOnly");
490: this.document.client.elements.uname.removeAttribute("readOnly");
491: this.document.client.elements.udom.removeAttribute("readOnly");
492: return;
493: }
494:
495: // ]]>
496: </script>
497:
498: ENDSCRIPT
499:
500: my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing,
501: $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip);
502: %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
503: @hosts = &Apache::lonnet::current_machine_ids();
504: $lonhost_in_use = $lonhost;
505: if (@hosts > 1) {
506: foreach my $hostid (@hosts) {
507: if (&Apache::lonnet::host_domain($hostid) eq $defdom) {
508: $lonhost_in_use = $hostid;
509: last;
510: }
511: }
512: }
513: $saml_prefix = $defdom.'.login.saml_';
514: if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) {
515: $saml_landing = 1;
516: $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use};
517: $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use};
518: $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use};
519: $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use};
520: $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use};
521: $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use};
522: }
523: if ($saml_landing) {
524: if ($samlssotext eq '') {
525: $samlssotext = 'SSO Login';
526: }
527: if ($samlnonsso eq '') {
528: $samlnonsso = 'Non-SSO Login';
529: }
530: $js .= <<"ENDSAMLJS";
531:
532: <script type="text/javascript">
533: // <![CDATA[
534: function toggleLClogin() {
535: if (document.getElementById('LC_standard_login')) {
536: if (document.getElementById('LC_standard_login').style.display == 'none') {
537: document.getElementById('LC_standard_login').style.display = 'inline-block';
538: if (document.getElementById('LC_login_text')) {
539: document.getElementById('LC_login_text').innerHTML = '$samlnonsso';
540: }
541: if (document.getElementById('LC_SSO_login')) {
542: document.getElementById('LC_SSO_login').style.display = 'none';
543: }
544: } else {
545: document.getElementById('LC_standard_login').style.display = 'none';
546: if (document.getElementById('LC_login_text')) {
547: document.getElementById('LC_login_text').innerHTML = '$samlssotext';
548: }
549: if (document.getElementById('LC_SSO_login')) {
550: document.getElementById('LC_SSO_login').style.display = 'inline-block';
551: }
552: }
553: }
554: return;
555: }
556:
557: // ]]>
558: </script>
559:
560: ENDSAMLJS
561: }
562:
563: # --------------------------------------------------- Print login screen header
564:
565: my %add_entries = (
566: bgcolor => "$mainbg",
567: text => "$font",
568: link => "$link",
569: vlink => "$vlink",
570: alink => "$alink",
571: onload => 'javascript:enableInput();',);
572:
573: my ($headextra,$headextra_exempt);
574: $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use};
575: $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use};
576: if ($headextra) {
577: my $omitextra;
578: if ($headextra_exempt ne '') {
579: my @exempt = split(',',$headextra_exempt);
580: my $ip = &Apache::lonnet::get_requestor_ip();
581: if (grep(/^\Q$ip\E$/,@exempt)) {
582: $omitextra = 1;
583: }
584: }
585: unless ($omitextra) {
586: my $confname = $defdom.'-domainconfig';
587: if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) {
588: my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra));
589: unless ($extra eq '-1') {
590: $js .= "\n".$extra."\n";
591: }
592: }
593: }
594: }
595:
596: $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js,
597: { 'redirect' => [$expire,'/adm/roles'],
598: 'add_entries' => \%add_entries,
599: 'only_body' => 1,}));
600:
601: # ----------------------------------------------------------------------- Texts
602:
603: my %lt=&Apache::lonlocal::texthash(
604: 'un' => 'Username',
605: 'pw' => 'Password',
606: 'dom' => 'Domain',
607: 'perc' => 'percent',
608: 'load' => 'Server Load',
609: 'userload' => 'User Load',
610: 'catalog' => 'Course/Community Catalog',
611: 'log' => 'Log in',
612: 'help' => 'Log-in Help',
613: 'serv' => 'Server',
614: 'servadm' => 'Server Administration',
615: 'helpdesk' => 'Contact Helpdesk',
616: 'forgotpw' => 'Forgot password?',
617: 'newuser' => 'New User?',
618: 'change' => 'Change?',
619: );
620: # -------------------------------------------------- Change password field name
621:
622: my $forgotpw = &forgotpwdisplay(%lt);
623: $forgotpw .= '<br />' if $forgotpw;
624: my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain);
625: if ($loginhelp) {
626: $loginhelp = '<a href="'.$loginhelp.'">'.$lt{'help'}.'</a><br />';
627: }
628:
629: # ---------------------------------------------------- Serve out DES JavaScript
630: {
631: my $jsh=Apache::File->new($include."/londes.js");
632: $r->print(<$jsh>);
633: }
634: # ---------------------------------------------------------- Serve rest of page
635:
636: $r->print(
637: '<div class="LC_Box"'
638: .' style="margin:0 auto; padding:10px; width:90%; height: auto; background-color:#FFFFFF;">'
639: );
640:
641: $r->print(<<ENDSERVERFORM);
642: <form name="server" action="/adm/authenticate" method="post" target="_top">
643: <input type="hidden" name="logtoken" value="$logtoken" />
644: <input type="hidden" name="serverid" value="$lonhost" />
645: <input type="hidden" name="uname" value="" />
646: <input type="hidden" name="upass0" value="" />
647: <input type="hidden" name="udom" value="" />
648: <input type="hidden" name="localpath" value="$env{'form.localpath'}" />
649: <input type="hidden" name="localres" value="$env{'form.localres'}" />
650: </form>
651: ENDSERVERFORM
652: my $coursecatalog;
653: if (($showcoursecat eq '') || ($showcoursecat)) {
654: $coursecatalog = &coursecatalog_link($lt{'catalog'}).'<br />';
655: }
656: my $newuserlink;
657: if ($shownewuserlink) {
658: $newuserlink = &newuser_link($lt{'newuser'}).'<br />';
659: }
660: my $logintitle =
661: '<h2 class="LC_hcell"'
662: .' style="background:'.$loginbox_header_bgcol.';'
663: .' color:'.$loginbox_header_textcol.'">'
664: .$lt{'log'}
665: .'</h2>';
666:
667: my $noscript_warning='<noscript><span class="LC_warning"><b>'
668: .&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.')
669: .'</b></span></noscript>';
670: my $helpdeskscript;
671: my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail,
672: $authdomain,\$helpdeskscript,
673: $showhelpdesk,\@possdoms);
674:
675: my $mobileargs;
676: if ($clientmobile) {
677: $mobileargs = 'autocapitalize="off" autocorrect="off"';
678: }
679: my $loginform=(<<LFORM);
680: <form name="client" action="" onsubmit="return(send())" id="lclogin">
681: <input type="hidden" name="lextkey" value="$lextkey" />
682: <input type="hidden" name="uextkey" value="$uextkey" />
683: <b><label for="uname">$lt{'un'}</label>:</b><br />
684: <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" $mobileargs /><br />
685: <b><label for="upass$now">$lt{'pw'}</label>:</b><br />
686: <input type="password" name="upass$now" id="upass$now" size="15" readonly="readonly" /><br />
687: <b><label for="udom">$lt{'dom'}</label>:</b><br />
688: <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" $mobileargs /><br />
689: <input type="submit" value="$lt{'log'}" />
690: </form>
691: LFORM
692:
693: if ($showbanner) {
694: $r->print(<<HEADER);
695: <!-- The LON-CAPA Header -->
696: <div style="background:$pgbg;margin:0;width:100%;">
697: <img src="$img" border="0" alt="The Learning Online Network with CAPA" class="LC_maxwidth" />
698: </div>
699: HEADER
700: }
701:
702: my $stdauthformstyle = 'inline-block';
703: my $ssoauthstyle = 'none';
704: my $logintype;
705: $r->print('<div style="float:left;margin-top:0;">');
706: if ($saml_landing) {
707: $ssoauthstyle = 'inline-block';
708: $stdauthformstyle = 'none';
709: $logintype = $samlssotext;
710: my $ssologin = '/adm/sso';
711: if ($samlssourl ne '') {
712: $ssologin = $samlssourl;
713: }
714: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
715: my $querystring;
716: if ($env{'form.firsturl'} ne '') {
717: $querystring = 'origurl=';
718: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
719: $querystring .= &uri_escape_utf8($env{'form.firsturl'});
720: } else {
721: $querystring .= &uri_escape($env{'form.firsturl'});
722: }
723: $querystring = &HTML::Entities::encode($querystring,"'");
724: }
725: if ($querystring ne '') {
726: $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
727: }
728: } elsif ($logtoken ne '') {
729: $ssologin .= (($ssologin=~/\?/)?'&':'?') . 'logtoken='.$logtoken;
730: }
731: my $ssohref;
732: if ($samlssoimg ne '') {
733: $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'"><img src="'.$samlssoimg.'" alt="'.$samlssoalt.'" /></a>';
734: } else {
735: $ssohref = '<a href="'.$ssologin.'">'.$samlssotext.'</a>';
736: }
737: if (($env{'form.saml'} eq 'no') ||
738: (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
739: $ssoauthstyle = 'none';
740: $stdauthformstyle = 'inline-block';
741: $logintype = $samlnonsso;
742: }
743: $r->print(<<ENDSAML);
744: <p>
745: Log-in type:
746: <span style="font-weight:bold" id="LC_login_text">$logintype</span><br />
747: <span><a href="javascript:toggleLClogin();" style="color:#000000">$lt{'change'}</a></span>
748: </p>
749: <div style="display:$ssoauthstyle" id="LC_SSO_login">
750: <div class="LC_Box" style="padding-top: 10px;">
751: $ssohref
752: $noscript_warning
753: </div>
754: <div class="LC_Box" style="padding-top: 10px;">
755: $loginhelp
756: $contactblock
757: $coursecatalog
758: </div>
759: </div>
760: ENDSAML
761: }
762:
763: $r->print(<<ENDLOGIN);
764: <div style="display:$stdauthformstyle;" id="LC_standard_login">
765: <div class="LC_Box" style="background:$loginbox_bg;">
766: $logintitle
767: $loginform
768: $noscript_warning
769: </div>
770:
771: <div class="LC_Box" style="padding-top: 10px;">
772: $loginhelp
773: $forgotpw
774: $contactblock
775: $newuserlink
776: $coursecatalog
777: </div>
778: </div>
779:
780: ENDLOGIN
781: $r->print('</div><div>'."\n");
782: if ($showmainlogo) {
783: $r->print(' <img src="'.$logo.'" alt="" class="LC_maxwidth" />'."\n");
784: }
785: $r->print(<<ENDTOP);
786: $announcements
787: </div>
788: <hr style="clear:both;" />
789: ENDTOP
790: my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow);
791: $domainrow = <<"END";
792: <tr>
793: <td align="left" valign="top">
794: <small><b>$lt{'dom'}: </b></small>
795: </td>
796: <td align="left" valign="top">
797: <small><tt> $domain</tt></small>
798: </td>
799: </tr>
800: END
801: $serverrow = <<"END";
802: <tr>
803: <td align="left" valign="top">
804: <small><b>$lt{'serv'}: </b></small>
805: </td>
806: <td align="left" valign="top">
807: <small><tt> $lonhost ($role)</tt></small>
808: </td>
809: </tr>
810: END
811: if ($loadlim) {
812: $loadrow = <<"END";
813: <tr>
814: <td align="left" valign="top">
815: <small><b>$lt{'load'}: </b></small>
816: </td>
817: <td align="left" valign="top">
818: <small><tt> $loadpercent $lt{'perc'}</tt></small>
819: </td>
820: </tr>
821: END
822: }
823: if ($uloadlim) {
824: $userloadrow = <<"END";
825: <tr>
826: <td align="left" valign="top">
827: <small><b>$lt{'userload'}: </b></small>
828: </td>
829: <td align="left" valign="top">
830: <small><tt> $userloadpercent $lt{'perc'}</tt></small>
831: </td>
832: </tr>
833: END
834: }
835: if (($version ne '') && ($version ne '<!-- VERSION -->')) {
836: $versionrow = <<"END";
837: <tr>
838: <td colspan="2" align="left">
839: <small>$version</small>
840: </td>
841: </tr>
842: END
843: }
844:
845: $r->print(<<ENDDOCUMENT);
846: <div style="float: left;">
847: <table border="0" cellspacing="0" cellpadding="0">
848: $domainrow
849: $serverrow
850: $loadrow
851: $userloadrow
852: $versionrow
853: </table>
854: </div>
855: <div style="float: right;">
856: $domainlogo
857: </div>
858: <br style="clear:both;" />
859: </div>
860:
861: <script type="text/javascript">
862: // <![CDATA[
863: // the if prevents the script error if the browser can not handle this
864: if ( document.client.uname ) { document.client.uname.focus(); }
865: // ]]>
866: </script>
867: $helpdeskscript
868:
869: ENDDOCUMENT
870: my %endargs = ( 'noredirectlink' => 1, );
871: $r->print(&Apache::loncommon::end_page(\%endargs));
872: return OK;
873: }
874:
875: sub check_loginvia {
876: my ($domain,$lonhost,$lonidsdir,$balcookie) = @_;
877: if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') {
878: return;
879: }
880: my %domconfhash = &Apache::loncommon::get_domainconf($domain);
881: my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost};
882: my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost};
883: my $output;
884: if ($loginvia ne '') {
885: my $noredirect;
886: my $ip = &Apache::lonnet::get_requestor_ip();
887: if ($ip eq '127.0.0.1') {
888: $noredirect = 1;
889: } else {
890: if ($loginvia_exempt ne '') {
891: my @exempt = split(',',$loginvia_exempt);
892: if (grep(/^\Q$ip\E$/,@exempt)) {
893: $noredirect = 1;
894: }
895: }
896: }
897: unless ($noredirect) {
898: my ($newhost,$path);
899: if ($loginvia =~ /:/) {
900: ($newhost,$path) = split(':',$loginvia);
901: } else {
902: $newhost = $loginvia;
903: }
904: if ($newhost ne $lonhost) {
905: if (&Apache::lonnet::hostname($newhost) ne '') {
906: if ($balcookie) {
907: my ($balancer,$cookie) = split(/:/,$balcookie);
908: if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) {
909: my ($udom,$uname,$cookieid) = ($1,$2,$3);
910: unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') {
911: if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) {
912: while (my $filename=readdir($dh)) {
913: if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) {
914: my $handle = $1;
915: my %hash =
916: &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir,
917: ['request.balancercookie',
918: 'user.linkedenv']);
919: if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") {
920: if (unlink("$lonidsdir/$filename")) {
921: if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
922: (-l "$lonidsdir/$hash{'user.linkedenv'}.id") &&
923: (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) {
924: unlink("$lonidsdir/$hash{'user.linkedenv'}.id");
925: }
926: }
927: }
928: last;
929: }
930: }
931: closedir($dh);
932: }
933: }
934: }
935: }
936: $output = &redirect_page($newhost,$path);
937: }
938: }
939: }
940: }
941: return $output;
942: }
943:
944: sub redirect_page {
945: my ($desthost,$path) = @_;
946: my $hostname = &Apache::lonnet::hostname($desthost);
947: my $protocol = $Apache::lonnet::protocol{$desthost};
948: $protocol = 'http' if ($protocol ne 'https');
949: unless ($path =~ m{^/}) {
950: $path = '/'.$path;
951: }
952: my $url = $protocol.'://'.$hostname.$path;
953: if ($env{'form.firsturl'} ne '') {
954: my $querystring;
955: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
956: $querystring = &uri_escape_utf8($env{'form.firsturl'});
957: } else {
958: $querystring = &uri_escape($env{'form.firsturl'});
959: }
960: $querystring = &HTML::Entities::encode($querystring,"'");
961: $url .='?firsturl='.$querystring;
962: }
963: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
964: {'redirect' => [0,$url],});
965: my $end_page = &Apache::loncommon::end_page();
966: return $start_page.$end_page;
967: }
968:
969: sub contactdisplay {
970: my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk,
971: $possdoms) = @_;
972: my $contactblock;
973: my $origmail;
974: if (ref($possdoms) eq 'ARRAY') {
975: if (grep(/^\Q$authdomain\E$/,@{$possdoms})) {
976: $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
977: }
978: }
979: my $requestmail =
980: &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
981: $authdomain,$origmail);
982: unless ($showhelpdesk eq '0') {
983: if ($requestmail =~ m/[^\@]+\@[^\@]+/) {
984: $showhelpdesk = 1;
985: } else {
986: $showhelpdesk = 0;
987: }
988: }
989: if ($servadm && $showadminmail) {
990: $contactblock .= $$lt{'servadm'}.':<br />'.
991: '<tt>'.$servadm.'</tt><br />';
992: }
993: if ($showhelpdesk) {
994: $contactblock .= '<a href="javascript:helpdesk()">'.$lt->{'helpdesk'}.'</a><br />';
995: my $thisurl = &escape('/adm/login');
996: $$helpdeskscript = <<"ENDSCRIPT";
997: <script type="text/javascript">
998: // <![CDATA[
999: function helpdesk() {
1000: var possdom = document.client.udom.value;
1001: var codedom = possdom.replace( new RegExp("[^A-Za-z0-9.\\-]","g"),'');
1002: if (codedom == '') {
1003: codedom = "$authdomain";
1004: }
1005: var querystr = "origurl=$thisurl&codedom="+codedom;
1006: document.location.href = "/adm/helpdesk?"+querystr;
1007: return;
1008: }
1009: // ]]>
1010: </script>
1011: ENDSCRIPT
1012: }
1013: return $contactblock;
1014: }
1015:
1016: sub forgotpwdisplay {
1017: my (%lt) = @_;
1018: my $prompt_for_resetpw = 1;
1019: if ($prompt_for_resetpw) {
1020: return '<a href="/adm/resetpw">'.$lt{'forgotpw'}.'</a>';
1021: }
1022: return;
1023: }
1024:
1025: sub coursecatalog_link {
1026: my ($linkname) = @_;
1027: return <<"END";
1028: <a href="/adm/coursecatalog">$linkname</a>
1029: END
1030: }
1031:
1032: sub newuser_link {
1033: my ($linkname) = @_;
1034: return '<a href="/adm/createaccount">'.$linkname.'</a>';
1035: }
1036:
1037: sub decode_token {
1038: my ($info) = @_;
1039: my ($firsturl,@rest)=split(/\&/,$info);
1040: my %form;
1041: if ($firsturl ne '') {
1042: $form{'firsturl'} = &unescape($firsturl);
1043: }
1044: foreach my $item (@rest) {
1045: my ($key,$value) = split(/=/,$item);
1046: $form{$key} = &unescape($value);
1047: }
1048: return %form;
1049: }
1050:
1051: 1;
1052: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>