# The LearningOnline Network # Login Screen # # $Id: lonlogin.pm,v 1.191 2021/10/10 23:22:30 raeburn Exp $ # # Copyright Michigan State University Board of Trustees # # This file is part of the LearningOnline Network with CAPA (LON-CAPA). # # LON-CAPA is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # LON-CAPA is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with LON-CAPA; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA # # /home/httpd/html/adm/gpl.txt # # http://www.lon-capa.org/ # package Apache::lonlogin; use strict; use Apache::Constants qw(:common); use Apache::File (); use Apache::lonnet; use Apache::loncommon(); use Apache::lonauth(); use Apache::lonlocal; use Apache::migrateuser(); use lib '/home/httpd/lib/perl/'; use LONCAPA qw(:DEFAULT :match); use URI::Escape; use HTML::Entities(); use CGI::Cookie(); sub handler { my $r = shift; &Apache::loncommon::get_unprocessed_cgi (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'}, $ENV{'REDIRECT_QUERY_STRING'}), ['interface','username','domain','firsturl','localpath','localres', 'token','role','symb','iptoken','btoken','ltoken','linkkey','saml']); if (!defined($env{'form.firsturl'})) { &Apache::lonacc::get_posted_cgi($r,['firsturl']); } if (!defined($env{'form.firsturl'})) { if ($ENV{'REDIRECT_URL'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) { $env{'form.firsturl'} = $ENV{'REDIRECT_URL'}; } } if (($env{'form.firsturl'} =~ m{^/+tiny/+$LONCAPA::match_domain/+\w+$}) && (!$env{'form.ltoken'}) && (!$env{'form.linkkey'})) { &Apache::lonacc::get_posted_cgi($r,['linkkey']); } if ($env{'form.firsturl'} eq '/adm/logout') { delete($env{'form.firsturl'}); } # -- check if they are a migrating user if (defined($env{'form.token'})) { return &Apache::migrateuser::handler($r); } # For "public user" - remove any exising "public" cookie, as user really wants to log-in my ($handle,$lonidsdir,$expirepub,$userdom); $lonidsdir=$r->dir_config('lonIDsDir'); unless ($r->header_only) { $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom); if ($handle ne '') { if ($handle=~/^publicuser\_/) { unlink($r->dir_config('lonIDsDir')."/$handle.id"); undef($handle); undef($userdom); $expirepub = 1; } } } &Apache::loncommon::no_cache($r); &Apache::lonlocal::get_language_handle($r); &Apache::loncommon::content_type($r,'text/html'); if ($expirepub) { my $c = new CGI::Cookie(-name => 'lonPubID', -value => '', -expires => '-10y',); $r->header_out('Set-cookie' => $c); } elsif (($handle eq '') && ($userdom ne '')) { my %cookies=CGI::Cookie->parse($r->header_in('Cookie')); foreach my $name (keys(%cookies)) { next unless ($name =~ /^lon(|S|Link|Pub)ID$/); my $c = new CGI::Cookie(-name => $name, -value => '', -expires => '-10y',); $r->headers_out->add('Set-cookie' => $c); } } $r->send_http_header; return OK if $r->header_only; # Are we re-routing? my $londocroot = $r->dir_config('lonDocRoot'); if (-e "$londocroot/lon-status/reroute.txt") { &Apache::lonauth::reroute($r); return OK; } my $lonhost = $r->dir_config('lonHostID'); # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer) my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1); if ($found_server) { my $hostname = &Apache::lonnet::hostname($found_server); if ($hostname ne '') { my $protocol = $Apache::lonnet::protocol{$found_server}; $protocol = 'http' if ($protocol ne 'https'); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) { $dest = &uri_escape_utf8($env{'form.firsturl'}); } else { $dest = &uri_escape($env{'form.firsturl'}); } $dest = &HTML::Entities::encode($dest,"'"); } my %info = ( balcookie => $lonhost.':'.$balancer_cookie, ); if ($env{'form.ltoken'}) { my %link_info = &Apache::lonnet::tmpget($env{'form.ltoken'}); if ($link_info{'linkprot'}) { $info{'linkprot'} = $link_info{'linkprot'}; } &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } elsif ($env{'form.linkkey'}) { $info{'linkkey'} = $env{'form.linkkey'}; delete($env{'form.linkkey'}); } my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server); if ($balancer_token) { $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token; } unless ($found_server eq $lonhost) { my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server); $hostname = $alias if ($alias ne ''); } my $url = $protocol.'://'.$hostname.$dest; my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$url],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # # Check if a LON-CAPA load balancer sent user here because user's browser sent # it a balancer cookie for an active session on this server. # my ($balcookie,$linkprot,$linkkey); if ($env{'form.btoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.btoken'}); $balcookie = $info{'balcookie'}; if ($balcookie) { if ($info{'linkprot'}) { $linkprot = $info{'linkprot'}; } elsif ($info{'linkkey'}) { $linkkey = $info{'linkkey'}; } } &Apache::lonnet::tmpdel($env{'form.btoken'}); delete($env{'form.btoken'}); } # # If browser sent an old cookie for which the session file had been removed # check if configuration for user's domain has a portal URL set. If so # switch user's log-in to the portal. # if (($handle eq '') && ($userdom ne '')) { my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom); if ($domdefaults{'portal_def'} =~ /^https?\:/) { my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef, {'redirect' => [0,$domdefaults{'portal_def'}],}); my $end_page = &Apache::loncommon::end_page(); $r->print($start_page.$end_page); return OK; } } # -------------------------------- Prevent users from attempting to login twice if ($handle ne '') { &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle); my $start_page = &Apache::loncommon::start_page('Already logged in'); my $end_page = &Apache::loncommon::end_page(); my $dest = '/adm/roles'; if ($env{'form.firsturl'} ne '') { if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) { $dest = &uri_escape_utf8($env{'form.firsturl'}); } else { $dest = &uri_escape($env{'form.firsturl'}); } $dest = &HTML::Entities::encode($dest,"'"); } if (($env{'form.ltoken'}) || ($linkprot)) { unless ($linkprot) { my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); $linkprot = $info{'linkprot'}; my $delete = &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } if ($linkprot) { my ($linkprotector,$deeplink) = split(/:/,$linkprot,2); if ($env{'user.linkprotector'}) { my @protectors = split(/,/,$env{'user.linkprotector'}); unless (grep(/^\Q$linkprotector\E$/,@protectors)) { push(@protectors,$linkprotector); @protectors = sort { $a <=> $b } @protectors; &Apache::lonnet::appenv({'user.linkprotector' => join(',',@protectors)}); } } else { &Apache::lonnet::appenv({'user.linkprotector' => $linkprotector }); } if ($env{'user.linkproturi'}) { my @proturis = split(/,/,$env{'user.linkproturi'}); unless (grep(/^\Q$deeplink\E$/,@proturis)) { push(@proturis,$deeplink); @proturis = sort @proturis; &Apache::lonnet::appenv({'user.linkproturi' => join(',',@proturis)}); } } else { &Apache::lonnet::appenv({'user.linkproturi' => $deeplink}); } } } elsif (($env{'form.linkkey'}) || ($linkkey)) { if ($env{'form.firsturl'} =~ m{^/tiny/$match_domain/\w+$}) { if ($linkkey eq '') { $linkkey = $env{'form.linkkey'}; } if ($env{'user.deeplinkkey'}) { my @linkkeys = split(/,/,$env{'user.deeplinkkey'}); unless (grep(/^\Q$linkkey\E$/,@linkkeys)) { push(@linkkeys,$linkkey); &Apache::lonnet::appenv({'user.deeplinkkey' => join(',',sort(@linkkeys))}); } } else { &Apache::lonnet::appenv({'user.deeplinkkey' => $linkkey}); } my $deeplink = $env{'form.firsturl'}; if ($env{'user.keyedlinkuri'}) { my @keyeduris = split(/,/,$env{'user.keyedlinkuri'}); unless (grep(/^\Q$deeplink\E$/,@keyeduris)) { push(@keyeduris,$deeplink); &Apache::lonnet::appenv({'user.keyedlinkuri' => join(',',sort(@keyeduris))}); } } else { &Apache::lonnet::appenv({'user.keyedlinkuri' => $deeplink}); } } } $r->print( $start_page .'
'.&mt('You are already logged in!').'
' .''.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].', '','','','').'
' .$end_page ); return OK; } # ---------------------------------------------------- No valid token, continue # ---------------------------- Not possible to really login to domain "public" if ($env{'form.domain'} eq 'public') { $env{'form.domain'}=''; $env{'form.username'}=''; } # ------ Is this page requested because /adm/migrateuser detected an IP change? my %sessiondata; if ($env{'form.iptoken'}) { %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'}); unless ($sessiondata{'sessionserver'}) { my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'}); delete($env{'form.iptoken'}); } } # ----------------------------------------------------------- Process Interface $env{'form.interface'}=~s/\W//g; (undef,undef,undef,undef,undef,undef,my $clientmobile) = &Apache::loncommon::decode_user_agent(); my $iconpath= &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL')); my $domain = &Apache::lonnet::default_login_domain(); my $defdom = $domain; if ($lonhost ne '') { unless ($sessiondata{'sessionserver'}) { my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie,$linkprot); if ($redirect) { $r->print($redirect); return OK; } } } if (($sessiondata{'domain'}) && (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) { $domain=$sessiondata{'domain'}; } elsif (($env{'form.domain'}) && (&Apache::lonnet::domain($env{'form.domain'},'description'))) { $domain=$env{'form.domain'}; } my $role = $r->dir_config('lonRole'); my $loadlim = $r->dir_config('lonLoadLim'); my $uloadlim= $r->dir_config('lonUserLoadLim'); my $servadm = $r->dir_config('lonAdmEMail'); my $tabdir = $r->dir_config('lonTabDir'); my $include = $r->dir_config('lonIncludes'); my $expire = $r->dir_config('lonExpire'); my $version = $r->dir_config('lonVersion'); my $host_name = &Apache::lonnet::hostname($lonhost); # --------------------------------------------- Default values for login fields my ($authusername,$authdomain); if ($sessiondata{'username'}) { $authusername=$sessiondata{'username'}; } else { $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'}); $authusername=($env{'form.username'}?$env{'form.username'}:''); } if ($sessiondata{'domain'}) { $authdomain=$sessiondata{'domain'}; } else { $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'}); $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain); } # ---------------------------------------------------------- Determine own load my $loadavg; { my $loadfile=Apache::File->new('/proc/loadavg'); $loadavg=<$loadfile>; } $loadavg =~ s/\s.*//g; my ($loadpercent,$userloadpercent); if ($loadlim) { $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim); } if ($uloadlim) { $userloadpercent=&Apache::lonnet::userload(); } my $firsturl= ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'}); # ----------------------------------------------------------- Get announcements my $announcements=&Apache::lonnet::getannounce(); # -------------------------------------------------------- Set login parameters my @hexstr=('0','1','2','3','4','5','6','7', '8','9','a','b','c','d','e','f'); my $lkey=''; for (0..7) { $lkey.=$hexstr[rand(15)]; } my $ukey=''; for (0..7) { $ukey.=$hexstr[rand(15)]; } my $lextkey=hex($lkey); if ($lextkey>2147483647) { $lextkey-=4294967296; } my $uextkey=hex($ukey); if ($uextkey>2147483647) { $uextkey-=4294967296; } # -------------------------------------------------------- Store away log token my $tokenextras; if ($env{'form.role'}) { $tokenextras = '&role='.&escape($env{'form.role'}); } if ($env{'form.symb'}) { if (!$tokenextras) { $tokenextras = '&'; } $tokenextras .= '&symb='.&escape($env{'form.symb'}); } if ($env{'form.iptoken'}) { if (!$tokenextras) { $tokenextras = '&&'; } $tokenextras .= '&iptoken='.&escape($env{'form.iptoken'}); } if ($env{'form.ltoken'}) { my %info = &Apache::lonnet::tmpget($env{'form.ltoken'}); if ($info{'linkprot'}) { if (!$tokenextras) { $tokenextras = '&&&'; } $tokenextras .= '&linkprot='.&escape($info{'linkprot'}); } } elsif ($env{'form.linkkey'}) { if (!$tokenextras) { $tokenextras = '&&&'; } $tokenextras .= '&linkkey='.&escape($env{'form.linkkey'}); } my $logtoken=Apache::lonnet::reply( 'tmpput:'.$ukey.$lkey.'&'.$firsturl.$tokenextras, $lonhost); # -- If we cannot talk to ourselves, or hostID does not map to a hostname # we are in serious trouble if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) { if ($logtoken eq 'no_such_host') { &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab'); } if ($env{'form.ltoken'}) { &Apache::lonnet::tmpdel($env{'form.ltoken'}); delete($env{'form.ltoken'}); } my $spares=''; my (@sparehosts,%spareservers); my $sparesref = &Apache::lonnet::this_host_spares($defdom); if (ref($sparesref) eq 'HASH') { foreach my $key (keys(%{$sparesref})) { if (ref($sparesref->{$key}) eq 'ARRAY') { my @sorted = sort { &Apache::lonnet::hostname($a) cmp &Apache::lonnet::hostname($b); } @{$sparesref->{$key}}; if (@sorted) { if ($key eq 'primary') { unshift(@sparehosts,@sorted); } elsif ($key eq 'default') { push(@sparehosts,@sorted); } } } } } foreach my $hostid (@sparehosts) { next if ($hostid eq $lonhost); my $hostname = &Apache::lonnet::hostname($hostid); next if (($hostname eq '') || ($spareservers{$hostname})); $spareservers{$hostname} = 1; my $protocol = $Apache::lonnet::protocol{$hostid}; $protocol = 'http' if ($protocol ne 'https'); $spares.=''.&mt('Please attempt to login to one of the following servers:') .'
' .$spares); } $r->print('' .'' ); return OK; } # ----------------------------------------------- Apparently we are in business $servadm=~s/\,/\