# The LearningOnline Network # Login Screen # # $Id: lonlogin.pm,v 1.158.2.13.2.6 2022/07/08 15:43:51 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonlogin; use strict; use Apache::Constants qw(:common); use Apache::File (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonauth(); use Apache::lonlocal; use Apache::migrateuser(); use lib '/home/httpd/lib/perl/'; use LONCAPA qw(:DEFAULT :match); use URI::Escape; use HTML::Entities(); use CGI::Cookie(); sub handler { my $r = shift; &Apache::loncommon::get_unprocessed_cgi (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'}, $ENV{'REDIRECT_QUERY_STRING'}), ['interface','username','domain','firsturl','localpath','localres', 'token','role','symb','iptoken','btoken','ltoken','ttoken','linkkey', 'saml','sso','retry']); # -- check if they are a migrating user if (defined($env{'form.token'})) { return &Apache::migrateuser::handler($r); } my $lonhost = $r->dir_config('lonHostID'); if ($env{'form.ttoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.ttoken'}); &Apache::lonnet::tmpdel($env{'form.ttoken'}); if ($info{'origurl'}) { $env{'form.firsturl'} = $info{'origurl'}; } if ($info{'ltoken'}) { $env{'form.ltoken'} = $info{'ltoken'}; } elsif ($info{'linkprot'}) { $env{'form.linkprot'} = $info{'linkprot'}; foreach my $item ('linkprotuser','linkprotexit') { if ($info{$item} ne '') { $env{'form.'.$item} = $info{$item}; } } } elsif ($info{'linkkey'} ne '') { $env{'form.linkkey'} = $info{'linkkey'}; } } elsif (($env{'form.sso'}) || ($env{'form.retry'})) { my $infotoken; if ($env{'form.sso'}) { $infotoken = $env{'form.sso'}; } else { $infotoken = $env{'form.retry'}; } my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost); unless (($data=~/^error/) || ($data eq 'con_lost') || ($data eq 'no_such_host')) { my %info = &decode_token($data); foreach my $item (keys(%info)) { $env{'form.'.$item} = $info{$item}; } &Apache::lonnet::tmpdel($infotoken); } } else { if (!defined($env{'form.firsturl'})) { &Apache::lonacc::get_posted_cgi($r,['firsturl']); } if (!defined($env{'form.firsturl'})) { if ($ENV{'REDIRECT_URL'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) { $env{'form.firsturl'} = $ENV{'REDIRECT_URL'}; } } if (($env{'form.firsturl'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) && (!$env{'form.ltoken'}) && (!$env{'form.linkprot'}) && (!$env{'form.linkkey'})) { &Apache::lonacc::get_posted_cgi($r,['linkkey']); } if ($env{'form.firsturl'} eq '/adm/logout') { delete($env{'form.firsturl'}); } } # For "public user" - remove any exising "public" cookie, as user really wants to log-in my ($handle,$lonidsdir,$expirepub,$userdom); $lonidsdir=$r->dir_config('lonIDsDir'); unless ($r->header_only) { $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom); if ($handle ne '') { if ($handle=~/^publicuser\_/) { unlink($r->dir_config('lonIDsDir')."/$handle.id"); undef($handle); undef($userdom); $expirepub = 1; } } } &Apache::loncommon::no_cache($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); if ($expirepub) { my $c = new CGI::Cookie(-name => 'lonPubID', -value => '', -expires => '-10y',); $r->header_out('Set-cookie' => $c); } elsif (($handle eq '') && ($userdom ne '')) { my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); foreach my $name (keys(%cookies)) { next unless ($name =~ /^lon(|S|Link|Pub)ID$/); my $c = new CGI::Cookie(-name => $name, -value => '', -expires => '-10y',); $r->headers_out->add('Set-cookie' => $c); } } $r->send_http_header; return OK if $r->header_only; # Are we re-routing? my $londocroot = $r->dir_config('lonDocRoot'); if (-e "$londocroot/lon-status/reroute.txt") { &Apache::lonauth::reroute($r); return OK; } # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1); if ($found_server) { my $hostname = &Apache::lonnet::hostname($found_server); if ($hostname ne '') { my $protocol = $Apache::lonnet::protocol{$found_server}; $protocol = 'http' if ($protocol ne 'https'); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); } my %info = ( balcookie => $lonhost.':'.$balancer_cookie, ); if ($env{'form.role'}) { $info{'role'} = $env{'form.role'}; } if ($env{'form.symb'}) { $info{'symb'} = $env{'form.symb'}; } my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server); unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') || ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) { $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token; } if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { my %link_info; if ($env{'form.ltoken'}) { $link_info{'ltoken'} = $env{'form.ltoken'}; } elsif ($env{'form.linkprot'}) { $link_info{'linkprot'} = $env{'form.linkprot'}; foreach my $item ('linkprotuser','linkprotexit') { if ($env{'form.'.$item} ne '') { $link_info{$item} = $env{'form.'.$item}; } } } elsif ($env{'form.linkkey'} ne '') { $link_info{'linkkey'} = $env{'form.linkkey'}; } if (keys(%link_info)) { $link_info{'origurl'} = $env{'form.firsturl'}; my $token = &Apache::lonnet::tmpput(\%link_info,$found_server,'link'); unless (($token eq 'con_lost') || ($token eq 'refused') || ($token eq 'unknown_cmd') || ($token eq 'no_such_host')) { $dest .= (($dest=~/\?/)?'&':'?') . 'ttoken='.$token; } } } unless ($found_server eq $lonhost) { my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server); $hostname = $alias if ($alias ne ''); } my $url = $protocol.'://'.$hostname.$dest; my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$url],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # # Check if a LON-CAPA load balancer sent user here because user's browser sent # it a balancer cookie for an active session on this server. # my $balcookie; if ($env{'form.btoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.btoken'}); $balcookie = $info{'balcookie'}; &Apache::lonnet::tmpdel($env{'form.btoken'}); delete($env{'form.btoken'}); } # # If browser sent an old cookie for which the session file had been removed # check if configuration for user's domain has a portal URL set. If so # switch user's log-in to the portal. # if (($handle eq '') && ($userdom ne '')) { my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom); if ($domdefaults{'portal_def'} =~ /^https?\:/) { my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$domdefaults{'portal_def'}],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # -------------------------------- Prevent users from attempting to login twice if ($handle ne '') { &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); my $start_page = &Apache::loncommon::start_page('Already logged in'); my $end_page = &Apache::loncommon::end_page(); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&'); } if (($env{'form.ltoken'}) || ($env{'form.linkprot'})) { my ($linkprot,$linkprotuser,$linkprotexit); if ($env{'form.ltoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); $linkprot = $info{'linkprot'}; if ($info{'linkprotuser'} ne '') { $linkprotuser = $info{'linkprotuser'}; } if ($info{'linkprotexit'} ne '') { $linkprotexit = $info{'linkprotexit'}; } } else { $linkprot = $env{'form.linkprot'}; $linkprotuser = $env{'form.linkprotuser'}; $linkprotexit = $env{'form.linkprotexit'}; } if ($linkprot) { my ($linkprotector,$deeplink) = split(/:/,$linkprot,2); if (($deeplink =~ m{^/tiny/$match_domain/\w+$}) && ($linkprotuser ne '') && ($linkprotuser ne $env{'user.name'}.':'.$env{'user.domain'})) { my $ip = &Apache::lonnet::get_requestor_ip(); my %linkprotinfo = ( origurl => $deeplink, linkprot => $linkprot, linkprotuser => $linkprotuser, linkprotexit => $linkprotexit, ); if ($env{'form.ltoken'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'}); } &Apache::migrateuser::logout($r,$ip,$handle,undef,undef,\%linkprotinfo); return OK; } if ($env{'user.linkprotector'}) { my @protectors = split(/,/,$env{'user.linkprotector'}); unless (grep(/^\Q$linkprotector\E$/,@protectors)) { push(@protectors,$linkprotector); @protectors = sort { $a <=> $b } @protectors; &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)}); } } else { &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector }); } if ($env{'user.linkproturi'}) { my @proturis = split(/,/,$env{'user.linkproturi'}); unless (grep(/^\Q$deeplink\E$/,@proturis)) { push(@proturis,$deeplink); @proturis = sort @proturis; &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)}); } } else { &Apache::lonnet::appenv({'user.linkproturi' => $deeplink}); } } } elsif ($env{'form.linkkey'} ne '') { if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { my $linkkey = $env{'form.linkkey'}; if ($env{'user.deeplinkkey'}) { my @linkkeys = split(/,/,$env{'user.deeplinkkey'}); unless (grep(/^\Q$linkkey\E$/,@linkkeys)) { push(@linkkeys,$linkkey); &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))}); } } else { &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey}); } my $deeplink = $env{'form.firsturl'}; if ($env{'user.keyedlinkuri'}) { my @keyeduris = split(/,/,$env{'user.keyedlinkuri'}); unless (grep(/^\Q$deeplink\E$/,@keyeduris)) { push(@keyeduris,$deeplink); &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))}); } } else { &Apache::lonnet::appenv({'user.keyedlinkuri' => $deeplink}); } } } if ($env{'form.ltoken'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'}); } $r->print( $start_page .'
'.&mt('You are already logged in!').'
' .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', '','','','').'
' .$end_page ); return OK; } # ---------------------------------------------------- No valid token, continue # ---------------------------- Not possible to really login to domain "public" if ($env{'form.domain'} eq 'public') { $env{'form.domain'}=''; $env{'form.username'}=''; } # ------ Is this page requested because /adm/migrateuser detected an IP change? my %sessiondata; if ($env{'form.iptoken'}) { %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'}); unless ($sessiondata{'sessionserver'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'}); delete($env{'form.iptoken'}); } } # ----------------------------------------------------------- Process Interface $env{'form.interface'}=~s/\W//g; (undef,undef,undef,undef,undef,undef,my $clientmobile) = &Apache::loncommon::decode_user_agent($r); my $iconpath= &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL')); my $domain = &Apache::lonnet::default_login_domain(); my $defdom = $domain; if ($lonhost ne '') { unless ($sessiondata{'sessionserver'}) { my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie); if ($redirect) { $r->print($redirect); return OK; } } } if (($sessiondata{'domain'}) && (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) { $domain=$sessiondata{'domain'}; } elsif (($env{'form.domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$env{'form.domain'}; } my $role = $r->dir_config('lonRole'); my $loadlim = $r->dir_config('lonLoadLim'); my $uloadlim= $r->dir_config('lonUserLoadLim'); my $servadm = $r->dir_config('lonAdmEMail'); my $tabdir = $r->dir_config('lonTabDir'); my $include = $r->dir_config('lonIncludes'); my $expire = $r->dir_config('lonExpire'); my $version = $r->dir_config('lonVersion'); my $host_name = &Apache::lonnet::hostname($lonhost); # --------------------------------------------- Default values for login fields my ($authusername,$authdomain); if ($sessiondata{'username'}) { $authusername=$sessiondata{'username'}; } else { $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'}); $authusername=($env{'form.username'}?$env{'form.username'}:''); } if ($sessiondata{'domain'}) { $authdomain=$sessiondata{'domain'}; } else { $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'}); $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain); } # ---------------------------------------------------------- Determine own load my $loadavg; { my $loadfile=Apache::File->new('/proc/loadavg'); $loadavg=<$loadfile>; } $loadavg =~ s/\s.*//g; my ($loadpercent,$userloadpercent); if ($loadlim) { $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); } if ($uloadlim) { $userloadpercent=&Apache::lonnet::userload(); } my $firsturl= ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'}); # ----------------------------------------------------------- Get announcements my $announcements=&Apache::lonnet::getannounce(); # -------------------------------------------------------- Set login parameters my @hexstr=('0','1','2','3','4','5','6','7', '8','9','a','b','c','d','e','f'); my $lkey=''; for (0..7) { $lkey.=$hexstr[rand(15)]; } my $ukey=''; for (0..7) { $ukey.=$hexstr[rand(15)]; } my $lextkey=hex($lkey); if ($lextkey>2147483647) { $lextkey-=4294967296; } my $uextkey=hex($ukey); if ($uextkey>2147483647) { $uextkey-=4294967296; } # -------------------------------------------------------- Store away log token my ($tokenextras,$tokentype,$linkprot_for_login); my @names = ('role','symb','iptoken','ltoken','linkprotuser','linkprotexit','linkprot','linkkey'); foreach my $name (@names) { if ($env{'form.'.$name} ne '') { if ($name eq 'ltoken') { my %info = &Apache::lonnet::tmpget($env{'form.'.$name}); if ($info{'linkprot'}) { $linkprot_for_login = $info{'linkprot'}; $tokenextras .= '&linkprot='.&escape($info{'linkprot'}); foreach my $item ('linkprotuser','linkprotexit') { if ($info{$item}) { $tokenextras .= '&'.$item.'='.&escape($info{$item}); } } $tokentype = 'link'; last; } } else { $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name}); if (($name eq 'linkkey') || ($name eq 'linkprot')) { if ((($env{'form.retry'}) || ($env{'form.sso'})) && (!$env{'form.ltoken'}) && ($name eq 'linkprot')) { $linkprot_for_login = $env{'form.linkprot'}; } $tokentype = 'link'; } } } } if ($tokentype) { $tokenextras .= ":$tokentype"; } my $logtoken=Apache::lonnet::reply( 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras, $lonhost); # -- If we cannot talk to ourselves, or hostID does not map to a hostname # we are in serious trouble if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { if ($logtoken eq 'no_such_host') { &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab'); } if ($env{'form.ltoken'}) { &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } my $spares=''; my (@sparehosts,%spareservers); my $sparesref = &Apache::lonnet::this_host_spares($defdom); if (ref($sparesref) eq 'HASH') { foreach my $key (keys(%{$sparesref})) { if (ref($sparesref->{$key}) eq 'ARRAY') { my @sorted = sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } @{$sparesref->{$key}}; if (@sorted) { if ($key eq 'primary') { unshift(@sparehosts,@sorted); } elsif ($key eq 'default') { push(@sparehosts,@sorted); } } } } } foreach my $hostid (@sparehosts) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); next if (($hostname eq '') || ($spareservers{$hostname})); $spareservers{$hostname} = 1; my $protocol = $Apache::lonnet::protocol{$hostid}; $protocol = 'http' if ($protocol ne 'https'); $spares.=''.&mt('Please attempt to login to one of the following servers:') .'
' .$spares); } $r->print('' .'' ); return OK; } # ----------------------------------------------- Apparently we are in business $servadm=~s/\,/\