1: # The LearningOnline Network
2: # Login Screen
3: #
4: # $Id: lonlogin.pm,v 1.158.2.16 2024/07/04 04:36:42 raeburn Exp $
5: #
6: # Copyright Michigan State University Board of Trustees
7: #
8: # This file is part of the LearningOnline Network with CAPA (LON-CAPA).
9: #
10: # LON-CAPA is free software; you can redistribute it and/or modify
11: # it under the terms of the GNU General Public License as published by
12: # the Free Software Foundation; either version 2 of the License, or
13: # (at your option) any later version.
14: #
15: # LON-CAPA is distributed in the hope that it will be useful,
16: # but WITHOUT ANY WARRANTY; without even the implied warranty of
17: # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18: # GNU General Public License for more details.
19: #
20: # You should have received a copy of the GNU General Public License
21: # along with LON-CAPA; if not, write to the Free Software
22: # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
23: #
24: # /home/httpd/html/adm/gpl.txt
25: #
26: # http://www.lon-capa.org/
27: #
28:
29: package Apache::lonlogin;
30:
31: use strict;
32: use Apache::Constants qw(:common);
33: use Apache::File ();
34: use Apache::lonnet;
35: use Apache::loncommon();
36: use Apache::lonauth();
37: use Apache::lonlocal;
38: use Apache::migrateuser();
39: use lib '/home/httpd/lib/perl/';
40: use LONCAPA qw(:DEFAULT :match);
41: use URI::Escape;
42: use HTML::Entities();
43: use CGI::Cookie();
44:
45: sub handler {
46: my $r = shift;
47:
48: &Apache::loncommon::get_unprocessed_cgi
49: (join('&',$ENV{'QUERY_STRING'},$env{'request.querystring'},
50: $ENV{'REDIRECT_QUERY_STRING'}),
51: ['interface','username','domain','firsturl','localpath','localres',
52: 'token','role','symb','iptoken','btoken','saml','sso','retry']);
53:
54: # -- check if they are a migrating user
55: if (defined($env{'form.token'})) {
56: return &Apache::migrateuser::handler($r);
57: }
58:
59: my $lonhost = $r->dir_config('lonHostID');
60: if (($env{'form.sso'}) || ($env{'form.retry'})) {
61: my $infotoken;
62: if ($env{'form.sso'}) {
63: $infotoken = $env{'form.sso'};
64: } else {
65: $infotoken = $env{'form.retry'};
66: }
67: my $data = &Apache::lonnet::reply('tmpget:'.$infotoken,$lonhost);
68: unless (($data=~/^error/) || ($data eq 'con_lost') ||
69: ($data eq 'no_such_host')) {
70: my %info = &decode_token($data);
71: foreach my $item (keys(%info)) {
72: $env{'form.'.$item} = $info{$item};
73: }
74: &Apache::lonnet::tmpdel($infotoken);
75: }
76: } else {
77: if (!defined($env{'form.firsturl'})) {
78: &Apache::lonacc::get_posted_cgi($r,['firsturl']);
79: }
80: if ($env{'form.firsturl'} eq '/adm/logout') {
81: delete($env{'form.firsturl'});
82: }
83: }
84:
85: # For "public user" - remove any exising "public" cookie, as user really wants to log-in
86: my ($handle,$lonidsdir,$expirepub,$userdom);
87: $lonidsdir=$r->dir_config('lonIDsDir');
88: unless ($r->header_only) {
89: $handle = &Apache::lonnet::check_for_valid_session($r,'lonID',undef,\$userdom);
90: if ($handle ne '') {
91: if ($handle=~/^publicuser\_/) {
92: unlink($r->dir_config('lonIDsDir')."/$handle.id");
93: undef($handle);
94: undef($userdom);
95: $expirepub = 1;
96: }
97: }
98: }
99:
100: &Apache::loncommon::no_cache($r);
101: &Apache::lonlocal::get_language_handle($r);
102: &Apache::loncommon::content_type($r,'text/html');
103: if ($expirepub) {
104: my $c = new CGI::Cookie(-name => 'lonPubID',
105: -value => '',
106: -expires => '-10y',);
107: $r->header_out('Set-cookie' => $c);
108: } elsif (($handle eq '') && ($userdom ne '')) {
109: my %cookies=CGI::Cookie->parse($r->header_in('Cookie'));
110: foreach my $name (keys(%cookies)) {
111: next unless ($name =~ /^lon(|S|Link|Pub)ID$/);
112: my $c = new CGI::Cookie(-name => $name,
113: -value => '',
114: -expires => '-10y',);
115: $r->headers_out->add('Set-cookie' => $c);
116: }
117: }
118: $r->send_http_header;
119: return OK if $r->header_only;
120:
121:
122: # Are we re-routing?
123: my $londocroot = $r->dir_config('lonDocRoot');
124: if (-e "$londocroot/lon-status/reroute.txt") {
125: &Apache::lonauth::reroute($r);
126: return OK;
127: }
128:
129: # Check if browser sent a LON-CAPA load balancer cookie (and this is a balancer)
130:
131: my ($found_server,$balancer_cookie) = &Apache::lonnet::check_for_balancer_cookie($r,1);
132: if ($found_server) {
133: my $hostname = &Apache::lonnet::hostname($found_server);
134: if ($hostname ne '') {
135: my $protocol = $Apache::lonnet::protocol{$found_server};
136: $protocol = 'http' if ($protocol ne 'https');
137: my $dest = '/adm/roles';
138: if ($env{'form.firsturl'} ne '') {
139: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
140: }
141: my %info = (
142: balcookie => $lonhost.':'.$balancer_cookie,
143: );
144: if ($env{'form.role'}) {
145: $info{'role'} = $env{'form.role'};
146: }
147: if ($env{'form.symb'}) {
148: $info{'symb'} = $env{'form.symb'};
149: }
150: my $balancer_token = &Apache::lonnet::tmpput(\%info,$found_server);
151: unless (($balancer_token eq 'con_lost') || ($balancer_token eq 'refused') ||
152: ($balancer_token eq 'unknown_cmd') || ($balancer_token eq 'no_such_host')) {
153: $dest .= (($dest=~/\?/)?'&':'?') . 'btoken='.$balancer_token;
154: }
155: unless ($found_server eq $lonhost) {
156: my $alias = &Apache::lonnet::use_proxy_alias($r,$found_server);
157: $hostname = $alias if ($alias ne '');
158: }
159: my $url = $protocol.'://'.$hostname.$dest;
160: my $start_page =
161: &Apache::loncommon::start_page('Switching Server ...',undef,
162: {'redirect' => [0,$url],});
163: my $end_page = &Apache::loncommon::end_page();
164: $r->print($start_page.$end_page);
165: return OK;
166: }
167: }
168:
169: #
170: # Check if a LON-CAPA load balancer sent user here because user's browser sent
171: # it a balancer cookie for an active session on this server.
172: #
173:
174: my $balcookie;
175: if ($env{'form.btoken'}) {
176: my %info = &Apache::lonnet::tmpget($env{'form.btoken'});
177: $balcookie = $info{'balcookie'};
178: &Apache::lonnet::tmpdel($env{'form.btoken'});
179: delete($env{'form.btoken'});
180: }
181:
182: #
183: # If browser sent an old cookie for which the session file had been removed
184: # check if configuration for user's domain has a portal URL set. If so
185: # switch user's log-in to the portal.
186: #
187:
188: if (($handle eq '') && ($userdom ne '')) {
189: my %domdefaults = &Apache::lonnet::get_domain_defaults($userdom);
190: if ($domdefaults{'portal_def'} =~ /^https?\:/) {
191: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
192: {'redirect' => [0,$domdefaults{'portal_def'}],});
193: my $end_page = &Apache::loncommon::end_page();
194: $r->print($start_page.$end_page);
195: return OK;
196: }
197: }
198:
199: # -------------------------------- Prevent users from attempting to login twice
200: if ($handle ne '') {
201: &Apache::lonnet::transfer_profile_to_env($lonidsdir,$handle);
202: my $start_page =
203: &Apache::loncommon::start_page('Already logged in');
204: my $end_page =
205: &Apache::loncommon::end_page();
206: my $dest = '/adm/roles';
207: if ($env{'form.firsturl'} ne '') {
208: $dest = &HTML::Entities::encode($env{'form.firsturl'},'\'"<>&');
209: }
210: $r->print(
211: $start_page
212: .'<p class="LC_warning">'.&mt('You are already logged in!').'</p>'
213: .'<p>'.&mt('Please either [_1]continue the current session[_2] or [_3]log out[_4].',
214: '<a href="'.$dest.'">','</a>','<a href="/adm/logout">','</a>').'</p>'
215: .$end_page
216: );
217: return OK;
218: }
219:
220: # ---------------------------------------------------- No valid token, continue
221:
222: # ---------------------------- Not possible to really login to domain "public"
223: if ($env{'form.domain'} eq 'public') {
224: $env{'form.domain'}='';
225: $env{'form.username'}='';
226: }
227:
228: # ------ Is this page requested because /adm/migrateuser detected an IP change?
229: my %sessiondata;
230: if ($env{'form.iptoken'}) {
231: %sessiondata = &Apache::lonnet::tmpget($env{'form.iptoken'});
232: unless ($sessiondata{'sessionserver'}) {
233: my $delete = &Apache::lonnet::tmpdel($env{'form.iptoken'});
234: delete($env{'form.iptoken'});
235: }
236: }
237: # ----------------------------------------------------------- Process Interface
238: $env{'form.interface'}=~s/\W//g;
239:
240: (undef,undef,undef,undef,undef,undef,my $clientmobile) =
241: &Apache::loncommon::decode_user_agent($r);
242:
243: my $iconpath=
244: &Apache::loncommon::lonhttpdurl($r->dir_config('lonIconsURL'));
245:
246: my $domain = &Apache::lonnet::default_login_domain();
247: my $defdom = $domain;
248: if ($lonhost ne '') {
249: unless ($sessiondata{'sessionserver'}) {
250: my $redirect = &check_loginvia($domain,$lonhost,$lonidsdir,$balcookie);
251: if ($redirect) {
252: $r->print($redirect);
253: return OK;
254: }
255: }
256: }
257:
258: if (($sessiondata{'domain'}) &&
259: (&Apache::lonnet::domain($sessiondata{'domain'},'description'))) {
260: $domain=$sessiondata{'domain'};
261: } elsif (($env{'form.domain'}) &&
262: (&Apache::lonnet::domain($env{'form.domain'},'description'))) {
263: $domain=$env{'form.domain'};
264: }
265:
266: my $role = $r->dir_config('lonRole');
267: my $loadlim = $r->dir_config('lonLoadLim');
268: my $uloadlim= $r->dir_config('lonUserLoadLim');
269: my $servadm = $r->dir_config('lonAdmEMail');
270: my $tabdir = $r->dir_config('lonTabDir');
271: my $include = $r->dir_config('lonIncludes');
272: my $expire = $r->dir_config('lonExpire');
273: my $version = $r->dir_config('lonVersion');
274: my $host_name = &Apache::lonnet::hostname($lonhost);
275:
276: # --------------------------------------------- Default values for login fields
277:
278: my ($authusername,$authdomain);
279: if ($sessiondata{'username'}) {
280: $authusername=$sessiondata{'username'};
281: } else {
282: $env{'form.username'} = &Apache::loncommon::cleanup_html($env{'form.username'});
283: $authusername=($env{'form.username'}?$env{'form.username'}:'');
284: }
285: if ($sessiondata{'domain'}) {
286: $authdomain=$sessiondata{'domain'};
287: } else {
288: $env{'form.domain'} = &Apache::loncommon::cleanup_html($env{'form.domain'});
289: $authdomain=($env{'form.domain'}?$env{'form.domain'}:$domain);
290: }
291:
292: # ---------------------------------------------------------- Determine own load
293: my $loadavg;
294: {
295: my $loadfile=Apache::File->new('/proc/loadavg');
296: $loadavg=<$loadfile>;
297: }
298: $loadavg =~ s/\s.*//g;
299:
300: my ($loadpercent,$userloadpercent);
301: if ($loadlim) {
302: $loadpercent=sprintf("%.1f",100*$loadavg/$loadlim);
303: }
304: if ($uloadlim) {
305: $userloadpercent=&Apache::lonnet::userload();
306: }
307:
308: my $firsturl=
309: ($env{'request.firsturl'}?$env{'request.firsturl'}:$env{'form.firsturl'});
310:
311: # ----------------------------------------------------------- Get announcements
312: my $announcements=&Apache::lonnet::getannounce();
313: # -------------------------------------------------------- Set login parameters
314:
315: my @hexstr=('0','1','2','3','4','5','6','7',
316: '8','9','a','b','c','d','e','f');
317: my $lkey='';
318: for (0..7) {
319: $lkey.=$hexstr[rand(15)];
320: }
321:
322: my $ukey='';
323: for (0..7) {
324: $ukey.=$hexstr[rand(15)];
325: }
326:
327: my $lextkey=hex($lkey);
328: if ($lextkey>2147483647) { $lextkey-=4294967296; }
329:
330: my $uextkey=hex($ukey);
331: if ($uextkey>2147483647) { $uextkey-=4294967296; }
332:
333: # -------------------------------------------------------- Store away log token
334: my $tokenextras;
335: my @names = ('role','symb','iptoken');
336: foreach my $name (@names) {
337: if ($env{'form.'.$name} ne '') {
338: $tokenextras .= '&'.$name.'='.&escape($env{'form.'.$name});
339: }
340: }
341: my $logtoken=Apache::lonnet::reply(
342: 'tmpput:'.$ukey.$lkey.'&'.&escape($firsturl).$tokenextras,
343: $lonhost);
344:
345: # -- If we cannot talk to ourselves, or hostID does not map to a hostname
346: # we are in serious trouble
347:
348: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
349: if ($logtoken eq 'no_such_host') {
350: &Apache::lonnet::logthis('No valid logtoken for log-in page -- unable to determine hostname for hostID: '.$lonhost.'. Check entry in hosts.tab');
351: }
352: my $spares='';
353: my (@sparehosts,%spareservers);
354: my $sparesref = &Apache::lonnet::this_host_spares($defdom);
355: if (ref($sparesref) eq 'HASH') {
356: foreach my $key (keys(%{$sparesref})) {
357: if (ref($sparesref->{$key}) eq 'ARRAY') {
358: my @sorted = sort { &Apache::lonnet::hostname($a) cmp
359: &Apache::lonnet::hostname($b);
360: } @{$sparesref->{$key}};
361: if (@sorted) {
362: if ($key eq 'primary') {
363: unshift(@sparehosts,@sorted);
364: } elsif ($key eq 'default') {
365: push(@sparehosts,@sorted);
366: }
367: }
368: }
369: }
370: }
371: foreach my $hostid (@sparehosts) {
372: next if ($hostid eq $lonhost);
373: my $hostname = &Apache::lonnet::hostname($hostid);
374: next if (($hostname eq '') || ($spareservers{$hostname}));
375: $spareservers{$hostname} = 1;
376: my $protocol = $Apache::lonnet::protocol{$hostid};
377: $protocol = 'http' if ($protocol ne 'https');
378: $spares.='<br /><span style="font-size: larger;"><a href="'.$protocol.'://'.
379: $hostname.
380: '/adm/login?domain='.$authdomain.'">'.
381: $hostname.'</a>'.
382: ' '.&mt('(preferred)').'</span>'.$/;
383: }
384: if ($spares) {
385: $spares.= '<br />';
386: }
387: my %all_hostnames = &Apache::lonnet::all_hostnames();
388: foreach my $hostid (sort
389: {
390: &Apache::lonnet::hostname($a) cmp
391: &Apache::lonnet::hostname($b);
392: }
393: keys(%all_hostnames)) {
394: next if ($hostid eq $lonhost);
395: my $hostname = &Apache::lonnet::hostname($hostid);
396: next if (($hostname eq '') || ($spareservers{$hostname}));
397: $spareservers{$hostname} = 1;
398: my $protocol = $Apache::lonnet::protocol{$hostid};
399: $protocol = 'http' if ($protocol ne 'https');
400: $spares.='<br /><a href="'.$protocol.'://'.
401: $hostname.
402: '/adm/login?domain='.$authdomain.'">'.
403: $hostname.'</a>';
404: }
405: $r->print(
406: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">'
407: .'<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">'
408: .'<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>'
409: .&mt('The LearningOnline Network with CAPA')
410: .'</title></head>'
411: .'<body bgcolor="#FFFFFF">'
412: .'<h1>'.&mt('The LearningOnline Network with CAPA').'</h1>'
413: .'<img src="/adm/lonKaputt/lonlogo_broken.gif" alt="broken icon" align="right" />'
414: .'<h3>'.&mt('This LON-CAPA server is temporarily not available for login.').'</h3>');
415: if ($spares) {
416: $r->print('<p>'.&mt('Please attempt to login to one of the following servers:')
417: .'</p>'
418: .$spares);
419: }
420: $r->print('</body>'
421: .'</html>'
422: );
423: return OK;
424: }
425:
426: # ----------------------------------------------- Apparently we are in business
427: $servadm=~s/\,/\<br \/\>/g;
428:
429: # ----------------------------------------------------------- Front page design
430: my $pgbg=&Apache::loncommon::designparm('login.pgbg',$domain);
431: my $font=&Apache::loncommon::designparm('login.font',$domain);
432: my $link=&Apache::loncommon::designparm('login.link',$domain);
433: my $vlink=&Apache::loncommon::designparm('login.vlink',$domain);
434: my $alink=&Apache::loncommon::designparm('login.alink',$domain);
435: my $mainbg=&Apache::loncommon::designparm('login.mainbg',$domain);
436: my $loginbox_bg=&Apache::loncommon::designparm('login.sidebg',$domain);
437: my $loginbox_header_bgcol=&Apache::loncommon::designparm('login.bgcol',$domain);
438: my $loginbox_header_textcol=&Apache::loncommon::designparm('login.textcol',$domain);
439: my $logo=&Apache::loncommon::designparm('login.logo',$domain);
440: my $img=&Apache::loncommon::designparm('login.img',$domain);
441: my $domainlogo=&Apache::loncommon::domainlogo($domain);
442: my $showbanner = 1;
443: my $showmainlogo = 1;
444: if (defined(&Apache::loncommon::designparm('login.showlogo_img',$domain))) {
445: $showbanner = &Apache::loncommon::designparm('login.showlogo_img',$domain);
446: }
447: if (defined(&Apache::loncommon::designparm('login.showlogo_logo',$domain))) {
448: $showmainlogo = &Apache::loncommon::designparm('login.showlogo_logo',$domain);
449: }
450: my $showadminmail;
451: my @possdoms = &Apache::lonnet::current_machine_domains();
452: if (grep(/^\Q$domain\E$/,@possdoms)) {
453: $showadminmail=&Apache::loncommon::designparm('login.adminmail',$domain);
454: }
455: my $showcoursecat =
456: &Apache::loncommon::designparm('login.coursecatalog',$domain);
457: my $shownewuserlink =
458: &Apache::loncommon::designparm('login.newuser',$domain);
459: my $showhelpdesk =
460: &Apache::loncommon::designparm('login.helpdesk',$domain);
461: my $now=time;
462: my $js = (<<ENDSCRIPT);
463:
464: <script type="text/javascript" language="JavaScript">
465: // <![CDATA[
466: function send()
467: {
468: this.document.server.elements.uname.value
469: =this.document.client.elements.uname.value;
470:
471: this.document.server.elements.udom.value
472: =this.document.client.elements.udom.value;
473:
474: uextkey=this.document.client.elements.uextkey.value;
475: lextkey=this.document.client.elements.lextkey.value;
476: initkeys();
477:
478: this.document.server.elements.upass0.value
479: =getCrypted(this.document.client.elements.upass$now.value);
480:
481: this.document.client.elements.uname.value='';
482: this.document.client.elements.upass$now.value='';
483:
484: this.document.server.submit();
485: return false;
486: }
487:
488: function enableInput() {
489: this.document.client.elements.upass$now.removeAttribute("readOnly");
490: this.document.client.elements.uname.removeAttribute("readOnly");
491: this.document.client.elements.udom.removeAttribute("readOnly");
492: return;
493: }
494:
495: // ]]>
496: </script>
497:
498: ENDSCRIPT
499:
500: my ($lonhost_in_use,@hosts,%defaultdomconf,$saml_prefix,$saml_landing,
501: $samlssotext,$samlnonsso,$samlssoimg,$samlssoalt,$samlssourl,$samltooltip);
502: %defaultdomconf = &Apache::loncommon::get_domainconf($defdom);
503: @hosts = &Apache::lonnet::current_machine_ids();
504: $lonhost_in_use = $lonhost;
505: if (@hosts > 1) {
506: foreach my $hostid (@hosts) {
507: if (&Apache::lonnet::host_domain($hostid) eq $defdom) {
508: $lonhost_in_use = $hostid;
509: last;
510: }
511: }
512: }
513: $saml_prefix = $defdom.'.login.saml_';
514: if ($defaultdomconf{$saml_prefix.$lonhost_in_use}) {
515: $saml_landing = 1;
516: $samlssotext = $defaultdomconf{$saml_prefix.'text_'.$lonhost_in_use};
517: $samlnonsso = $defaultdomconf{$saml_prefix.'notsso_'.$lonhost_in_use};
518: $samlssoimg = $defaultdomconf{$saml_prefix.'img_'.$lonhost_in_use};
519: $samlssoalt = $defaultdomconf{$saml_prefix.'alt_'.$lonhost_in_use};
520: $samlssourl = $defaultdomconf{$saml_prefix.'url_'.$lonhost_in_use};
521: $samltooltip = $defaultdomconf{$saml_prefix.'title_'.$lonhost_in_use};
522: }
523: if ($saml_landing) {
524: if ($samlssotext eq '') {
525: $samlssotext = 'SSO Login';
526: }
527: if ($samlnonsso eq '') {
528: $samlnonsso = 'Non-SSO Login';
529: }
530: $js .= <<"ENDSAMLJS";
531:
532: <script type="text/javascript">
533: // <![CDATA[
534: function toggleLClogin() {
535: if (document.getElementById('LC_standard_login')) {
536: if (document.getElementById('LC_standard_login').style.display == 'none') {
537: document.getElementById('LC_standard_login').style.display = 'inline-block';
538: if (document.getElementById('LC_login_text')) {
539: document.getElementById('LC_login_text').innerHTML = '$samlnonsso';
540: }
541: if ( document.client.uname ) { document.client.uname.focus(); }
542: if (document.getElementById('LC_SSO_login')) {
543: document.getElementById('LC_SSO_login').style.display = 'none';
544: }
545: } else {
546: document.getElementById('LC_standard_login').style.display = 'none';
547: if (document.getElementById('LC_login_text')) {
548: document.getElementById('LC_login_text').innerHTML = '$samlssotext';
549: }
550: if (document.getElementById('LC_SSO_login')) {
551: document.getElementById('LC_SSO_login').style.display = 'inline-block';
552: }
553: }
554: }
555: return;
556: }
557:
558: // ]]>
559: </script>
560:
561: ENDSAMLJS
562: }
563:
564: # --------------------------------------------------- Print login screen header
565:
566: my %add_entries = (
567: bgcolor => "$mainbg",
568: text => "$font",
569: link => "$link",
570: vlink => "$vlink",
571: alink => "$alink",
572: onload => 'javascript:enableInput();',);
573:
574: my ($headextra,$headextra_exempt);
575: $headextra = $defaultdomconf{$defdom.'.login.headtag_'.$lonhost_in_use};
576: $headextra_exempt = $defaultdomconf{$domain.'.login.headtag_exempt_'.$lonhost_in_use};
577: if ($headextra) {
578: my $omitextra;
579: if ($headextra_exempt ne '') {
580: my @exempt = split(',',$headextra_exempt);
581: my $ip = &Apache::lonnet::get_requestor_ip();
582: if (grep(/^\Q$ip\E$/,@exempt)) {
583: $omitextra = 1;
584: }
585: }
586: unless ($omitextra) {
587: my $confname = $defdom.'-domainconfig';
588: if ($headextra =~ m{^\Q/res/$defdom/$confname/login/headtag/$lonhost_in_use/\E}) {
589: my $extra = &Apache::lonnet::getfile(&Apache::lonnet::filelocation("",$headextra));
590: unless ($extra eq '-1') {
591: $js .= "\n".$extra."\n";
592: }
593: }
594: }
595: }
596:
597: $r->print(&Apache::loncommon::start_page('The LearningOnline Network with CAPA Login',$js,
598: { 'redirect' => [$expire,'/adm/roles'],
599: 'add_entries' => \%add_entries,
600: 'only_body' => 1,}));
601:
602: # ----------------------------------------------------------------------- Texts
603:
604: my %lt=&Apache::lonlocal::texthash(
605: 'un' => 'Username',
606: 'pw' => 'Password',
607: 'dom' => 'Domain',
608: 'perc' => 'percent',
609: 'load' => 'Server Load',
610: 'userload' => 'User Load',
611: 'catalog' => 'Course/Community Catalog',
612: 'log' => 'Log in',
613: 'help' => 'Log-in Help',
614: 'serv' => 'Server',
615: 'servadm' => 'Server Administration',
616: 'helpdesk' => 'Contact Helpdesk',
617: 'forgotpw' => 'Forgot password?',
618: 'newuser' => 'New User?',
619: 'change' => 'Change?',
620: );
621: # -------------------------------------------------- Change password field name
622:
623: my $forgotpw = &forgotpwdisplay(%lt);
624: $forgotpw .= '<br />' if $forgotpw;
625: my $loginhelp = &Apache::lonauth::loginhelpdisplay($authdomain);
626: if ($loginhelp) {
627: $loginhelp = '<a href="'.$loginhelp.'">'.$lt{'help'}.'</a><br />';
628: }
629:
630: # ---------------------------------------------------- Serve out DES JavaScript
631: {
632: my $jsh=Apache::File->new($include."/londes.js");
633: $r->print(<$jsh>);
634: }
635: # ---------------------------------------------------------- Serve rest of page
636:
637: $r->print(
638: '<div class="LC_Box"'
639: .' style="margin:0 auto; padding:10px; width:90%; height: auto; background-color:#FFFFFF;">'
640: );
641:
642: $r->print(<<ENDSERVERFORM);
643: <form name="server" action="/adm/authenticate" method="post" target="_top">
644: <input type="hidden" name="logtoken" value="$logtoken" />
645: <input type="hidden" name="serverid" value="$lonhost" />
646: <input type="hidden" name="uname" value="" />
647: <input type="hidden" name="upass0" value="" />
648: <input type="hidden" name="udom" value="" />
649: <input type="hidden" name="localpath" value="$env{'form.localpath'}" />
650: <input type="hidden" name="localres" value="$env{'form.localres'}" />
651: </form>
652: ENDSERVERFORM
653: my $coursecatalog;
654: if (($showcoursecat eq '') || ($showcoursecat)) {
655: $coursecatalog = &coursecatalog_link($lt{'catalog'}).'<br />';
656: }
657: my $newuserlink;
658: if ($shownewuserlink) {
659: $newuserlink = &newuser_link($lt{'newuser'}).'<br />';
660: }
661: my $logintitle =
662: '<h2 class="LC_hcell"'
663: .' style="background:'.$loginbox_header_bgcol.';'
664: .' color:'.$loginbox_header_textcol.'">'
665: .$lt{'log'}
666: .'</h2>';
667:
668: my $noscript_warning='<noscript><span class="LC_warning"><b>'
669: .&mt('Use of LON-CAPA requires Javascript to be enabled in your web browser.')
670: .'</b></span></noscript>';
671: my $helpdeskscript;
672: my $contactblock = &contactdisplay(\%lt,$servadm,$showadminmail,
673: $authdomain,\$helpdeskscript,
674: $showhelpdesk,\@possdoms);
675:
676: my $mobileargs;
677: if ($clientmobile) {
678: $mobileargs = 'autocapitalize="off" autocorrect="off"';
679: }
680: my $loginform=(<<LFORM);
681: <form name="client" action="" onsubmit="return(send())" id="lclogin">
682: <input type="hidden" name="lextkey" value="$lextkey" />
683: <input type="hidden" name="uextkey" value="$uextkey" />
684: <b><label for="uname">$lt{'un'}</label>:</b><br />
685: <input type="text" name="uname" id="uname" size="15" value="$authusername" readonly="readonly" $mobileargs /><br />
686: <b><label for="upass$now">$lt{'pw'}</label>:</b><br />
687: <input type="password" name="upass$now" id="upass$now" size="15" readonly="readonly" /><br />
688: <b><label for="udom">$lt{'dom'}</label>:</b><br />
689: <input type="text" name="udom" id="udom" size="15" value="$authdomain" readonly="readonly" $mobileargs /><br />
690: <input type="submit" value="$lt{'log'}" />
691: </form>
692: LFORM
693:
694: if ($showbanner) {
695: my $alttext = &Apache::loncommon::designparm('login.alttext_img',$domain);
696: if ($alttext eq '') {
697: $alttext = 'The Learning Online Network with CAPA';
698: }
699: $r->print(<<HEADER);
700: <!-- The LON-CAPA Header -->
701: <div style="background:$pgbg;margin:0;width:100%;">
702: <img src="$img" border="0" alt="$alttext" class="LC_maxwidth" id="lcloginbanner" />
703: </div>
704: HEADER
705: }
706:
707: my $stdauthformstyle = 'inline-block';
708: my $ssoauthstyle = 'none';
709: my $logintype;
710: $r->print('<div style="float:left;margin-top:0;">');
711: if ($saml_landing) {
712: $ssoauthstyle = 'inline-block';
713: $stdauthformstyle = 'none';
714: $logintype = $samlssotext;
715: my $ssologin = '/adm/sso';
716: if ($samlssourl ne '') {
717: $ssologin = $samlssourl;
718: }
719: if (($logtoken eq 'con_lost') || ($logtoken eq 'no_such_host')) {
720: my $querystring;
721: if ($env{'form.firsturl'} ne '') {
722: $querystring = 'origurl=';
723: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
724: $querystring .= &uri_escape_utf8($env{'form.firsturl'});
725: } else {
726: $querystring .= &uri_escape($env{'form.firsturl'});
727: }
728: $querystring = &HTML::Entities::encode($querystring,"'");
729: }
730: if ($querystring ne '') {
731: $ssologin .= (($ssologin=~/\?/)?'&':'?') . $querystring;
732: }
733: } elsif ($logtoken ne '') {
734: $ssologin .= (($ssologin=~/\?/)?'&':'?') . 'logtoken='.$logtoken;
735: }
736: my $ssohref;
737: if ($samlssoimg ne '') {
738: $ssohref = '<a href="'.$ssologin.'" title="'.$samltooltip.'">'.
739: '<img src="'.$samlssoimg.'" alt="'.$samlssoalt.'" id="lcssobutton" /></a>';
740: } else {
741: $ssohref = '<a href="'.$ssologin.'">'.$samlssotext.'</a>';
742: }
743: if (($env{'form.saml'} eq 'no') ||
744: (($env{'form.username'} ne '') && ($env{'form.domain'} ne ''))) {
745: $ssoauthstyle = 'none';
746: $stdauthformstyle = 'inline-block';
747: $logintype = $samlnonsso;
748: }
749: $r->print(<<ENDSAML);
750: <p>
751: Log-in type:
752: <span style="font-weight:bold" id="LC_login_text">$logintype</span><br />
753: <span><a href="javascript:toggleLClogin();" style="color:#000000">$lt{'change'}</a></span>
754: </p>
755: <div style="display:$ssoauthstyle" id="LC_SSO_login">
756: <div class="LC_Box" style="padding-top: 10px;">
757: $ssohref
758: $noscript_warning
759: </div>
760: <div class="LC_Box" style="padding-top: 10px;">
761: $loginhelp
762: $contactblock
763: $coursecatalog
764: </div>
765: </div>
766: ENDSAML
767: }
768:
769: $r->print(<<ENDLOGIN);
770: <div style="display:$stdauthformstyle;" id="LC_standard_login">
771: <div class="LC_Box" style="background:$loginbox_bg;">
772: $logintitle
773: $loginform
774: $noscript_warning
775: </div>
776:
777: <div class="LC_Box" style="padding-top: 10px;">
778: $loginhelp
779: $forgotpw
780: $contactblock
781: $newuserlink
782: $coursecatalog
783: </div>
784: </div>
785:
786: ENDLOGIN
787: $r->print('</div><div>'."\n");
788: if ($showmainlogo) {
789: my $alttext = &Apache::loncommon::designparm('login.alttext_logo',$domain);
790: $r->print(' <img src="'.$logo.'" alt="'.$alttext.'" class="LC_maxwidth" id="lcloginmainlogo" />'."\n");
791: }
792: $r->print(<<ENDTOP);
793: $announcements
794: </div>
795: <hr style="clear:both;" />
796: ENDTOP
797: my ($domainrow,$serverrow,$loadrow,$userloadrow,$versionrow);
798: $domainrow = <<"END";
799: <tr>
800: <td align="left" valign="top">
801: <small><b>$lt{'dom'}: </b></small>
802: </td>
803: <td align="left" valign="top">
804: <small><tt> $domain</tt></small>
805: </td>
806: </tr>
807: END
808: $serverrow = <<"END";
809: <tr>
810: <td align="left" valign="top">
811: <small><b>$lt{'serv'}: </b></small>
812: </td>
813: <td align="left" valign="top">
814: <small><tt> $lonhost ($role)</tt></small>
815: </td>
816: </tr>
817: END
818: if ($loadlim) {
819: $loadrow = <<"END";
820: <tr>
821: <td align="left" valign="top">
822: <small><b>$lt{'load'}: </b></small>
823: </td>
824: <td align="left" valign="top">
825: <small><tt> $loadpercent $lt{'perc'}</tt></small>
826: </td>
827: </tr>
828: END
829: }
830: if ($uloadlim) {
831: $userloadrow = <<"END";
832: <tr>
833: <td align="left" valign="top">
834: <small><b>$lt{'userload'}: </b></small>
835: </td>
836: <td align="left" valign="top">
837: <small><tt> $userloadpercent $lt{'perc'}</tt></small>
838: </td>
839: </tr>
840: END
841: }
842: if (($version ne '') && ($version ne '<!-- VERSION -->')) {
843: $versionrow = <<"END";
844: <tr>
845: <td colspan="2" align="left">
846: <small>$version</small>
847: </td>
848: </tr>
849: END
850: }
851:
852: $r->print(<<ENDDOCUMENT);
853: <div style="float: left;">
854: <table border="0" cellspacing="0" cellpadding="0">
855: $domainrow
856: $serverrow
857: $loadrow
858: $userloadrow
859: $versionrow
860: </table>
861: </div>
862: <div style="float: right;">
863: $domainlogo
864: </div>
865: <br style="clear:both;" />
866: </div>
867:
868: <script type="text/javascript">
869: // <![CDATA[
870: // the if prevents the script error if the browser can not handle this
871: if ( document.client.uname ) { document.client.uname.focus(); }
872: // ]]>
873: </script>
874: $helpdeskscript
875:
876: ENDDOCUMENT
877: my %endargs = ( 'noredirectlink' => 1, );
878: $r->print(&Apache::loncommon::end_page(\%endargs));
879: return OK;
880: }
881:
882: sub check_loginvia {
883: my ($domain,$lonhost,$lonidsdir,$balcookie) = @_;
884: if ($domain eq '' || $lonhost eq '' || $lonidsdir eq '') {
885: return;
886: }
887: my %domconfhash = &Apache::loncommon::get_domainconf($domain);
888: my $loginvia = $domconfhash{$domain.'.login.loginvia_'.$lonhost};
889: my $loginvia_exempt = $domconfhash{$domain.'.login.loginvia_exempt_'.$lonhost};
890: my $output;
891: if ($loginvia ne '') {
892: my $noredirect;
893: my $ip = &Apache::lonnet::get_requestor_ip();
894: if ($ip eq '127.0.0.1') {
895: $noredirect = 1;
896: } else {
897: if ($loginvia_exempt ne '') {
898: my @exempt = split(',',$loginvia_exempt);
899: if (grep(/^\Q$ip\E$/,@exempt)) {
900: $noredirect = 1;
901: }
902: }
903: }
904: unless ($noredirect) {
905: my ($newhost,$path);
906: if ($loginvia =~ /:/) {
907: ($newhost,$path) = split(':',$loginvia);
908: } else {
909: $newhost = $loginvia;
910: }
911: if ($newhost ne $lonhost) {
912: if (&Apache::lonnet::hostname($newhost) ne '') {
913: if ($balcookie) {
914: my ($balancer,$cookie) = split(/:/,$balcookie);
915: if ($cookie =~ /^($match_domain)_($match_username)_([a-f0-9]+)$/) {
916: my ($udom,$uname,$cookieid) = ($1,$2,$3);
917: unless (&Apache::lonnet::delbalcookie($cookie,$balancer) eq 'ok') {
918: if ((-d $lonidsdir) && (opendir(my $dh,$lonidsdir))) {
919: while (my $filename=readdir($dh)) {
920: if ($filename=~/^(\Q$uname\E_\d+_\Q$udom\E_$match_lonid)\.id$/) {
921: my $handle = $1;
922: my %hash =
923: &Apache::lonnet::get_sessionfile_vars($handle,$lonidsdir,
924: ['request.balancercookie',
925: 'user.linkedenv']);
926: if ($hash{'request.balancercookie'} eq "$balancer:$cookieid") {
927: if (unlink("$lonidsdir/$filename")) {
928: if (($hash{'user.linkedenv'} =~ /^[a-f0-9]+_linked$/) &&
929: (-l "$lonidsdir/$hash{'user.linkedenv'}.id") &&
930: (readlink("$lonidsdir/$hash{'user.linkedenv'}.id") eq "$lonidsdir/$filename")) {
931: unlink("$lonidsdir/$hash{'user.linkedenv'}.id");
932: }
933: }
934: }
935: last;
936: }
937: }
938: closedir($dh);
939: }
940: }
941: }
942: }
943: $output = &redirect_page($newhost,$path);
944: }
945: }
946: }
947: }
948: return $output;
949: }
950:
951: sub redirect_page {
952: my ($desthost,$path) = @_;
953: my $hostname = &Apache::lonnet::hostname($desthost);
954: my $protocol = $Apache::lonnet::protocol{$desthost};
955: $protocol = 'http' if ($protocol ne 'https');
956: unless ($path =~ m{^/}) {
957: $path = '/'.$path;
958: }
959: my $url = $protocol.'://'.$hostname.$path;
960: if ($env{'form.firsturl'} ne '') {
961: my $querystring;
962: if ($env{'form.firsturl'} =~ /[^\x00-\xFF]/) {
963: $querystring = &uri_escape_utf8($env{'form.firsturl'});
964: } else {
965: $querystring = &uri_escape($env{'form.firsturl'});
966: }
967: $querystring = &HTML::Entities::encode($querystring,"'");
968: $url .='?firsturl='.$querystring;
969: }
970: my $start_page = &Apache::loncommon::start_page('Switching Server ...',undef,
971: {'redirect' => [0,$url],'',1});
972: my $end_page = &Apache::loncommon::end_page();
973: return $start_page.$end_page;
974: }
975:
976: sub contactdisplay {
977: my ($lt,$servadm,$showadminmail,$authdomain,$helpdeskscript,$showhelpdesk,
978: $possdoms) = @_;
979: my $contactblock;
980: my $origmail;
981: if (ref($possdoms) eq 'ARRAY') {
982: if (grep(/^\Q$authdomain\E$/,@{$possdoms})) {
983: $origmail = $Apache::lonnet::perlvar{'lonSupportEMail'};
984: }
985: }
986: my $requestmail =
987: &Apache::loncommon::build_recipient_list(undef,'helpdeskmail',
988: $authdomain,$origmail);
989: unless ($showhelpdesk eq '0') {
990: if ($requestmail =~ m/[^\@]+\@[^\@]+/) {
991: $showhelpdesk = 1;
992: } else {
993: $showhelpdesk = 0;
994: }
995: }
996: if ($servadm && $showadminmail) {
997: $contactblock .= $$lt{'servadm'}.':<br />'.
998: '<tt>'.$servadm.'</tt><br />';
999: }
1000: if ($showhelpdesk) {
1001: $contactblock .= '<a href="javascript:helpdesk()">'.$lt->{'helpdesk'}.'</a><br />';
1002: my $thisurl = &escape('/adm/login');
1003: $$helpdeskscript = <<"ENDSCRIPT";
1004: <script type="text/javascript">
1005: // <![CDATA[
1006: function helpdesk() {
1007: var possdom = document.client.udom.value;
1008: var codedom = possdom.replace( new RegExp("[^A-Za-z0-9.\\-]","g"),'');
1009: if (codedom == '') {
1010: codedom = "$authdomain";
1011: }
1012: var querystr = "origurl=$thisurl&codedom="+codedom;
1013: document.location.href = "/adm/helpdesk?"+querystr;
1014: return;
1015: }
1016: // ]]>
1017: </script>
1018: ENDSCRIPT
1019: }
1020: return $contactblock;
1021: }
1022:
1023: sub forgotpwdisplay {
1024: my (%lt) = @_;
1025: my $prompt_for_resetpw = 1;
1026: if ($prompt_for_resetpw) {
1027: return '<a href="/adm/resetpw">'.$lt{'forgotpw'}.'</a>';
1028: }
1029: return;
1030: }
1031:
1032: sub coursecatalog_link {
1033: my ($linkname) = @_;
1034: return <<"END";
1035: <a href="/adm/coursecatalog">$linkname</a>
1036: END
1037: }
1038:
1039: sub newuser_link {
1040: my ($linkname) = @_;
1041: return '<a href="/adm/createaccount">'.$linkname.'</a>';
1042: }
1043:
1044: sub decode_token {
1045: my ($info) = @_;
1046: my ($firsturl,@rest)=split(/\&/,$info);
1047: my %form;
1048: if ($firsturl ne '') {
1049: $form{'firsturl'} = &unescape($firsturl);
1050: }
1051: foreach my $item (@rest) {
1052: my ($key,$value) = split(/=/,$item);
1053: $form{$key} = &unescape($value);
1054: }
1055: return %form;
1056: }
1057:
1058: 1;
1059: __END__
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>