Browse code

Login am Webiterface mit Googleauth möglich

Bernd Wurst authored on18/09/2012 12:32:29
Showing4 changed files
... ...
@@ -14,7 +14,6 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-
18 17
 function account_has_googleauth($username)
19 18
 {
20 19
   $username = mysql_real_escape_string($username);
... ...
@@ -77,11 +77,41 @@ function find_role($login, $password, $i_am_admin = False)
77 77
     return ROLE_CUSTOMER;
78 78
   }
79 79
 
80
+  // Sub-User
81
+
82
+  $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'");
83
+  if (@mysql_num_rows($result) > 0)
84
+  {
85
+    $entry = mysql_fetch_object($result);
86
+    $db_password = $entry->password;
87
+    // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
88
+    if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin)
89
+    {
90
+      logger(LOG_INFO, "session/checkuser", "login", "logged in virtual subuser »{$login}«.");
91
+      return ROLE_SUBUSER;
92
+    }
93
+    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing subuser »{$login}«.");
94
+  }
95
+
96
+
80 97
   // Mail-Account
81 98
   $account = $login;
82 99
   if (! strstr($account, '@')) {
83 100
     $account .= '@'.config('masterdomain');
84 101
   }
102
+  if (!$i_am_admin && have_module('googleauth')) {
103
+    require_once('modules/googleauth/include/googleauth.php');
104
+    if (account_has_googleauth($account)) {
105
+      if (check_webmail_password($account, $password)) {
106
+        $_SESSION['googleauth_username'] = $account;
107
+        $_SESSION['googleauth'] = True;
108
+        show_page('googleauth-login');
109
+        die();
110
+      } else {
111
+        return NULL;
112
+      }
113
+    }
114
+  }
85 115
   $result = db_query("SELECT cryptpass FROM mail.courier_mailaccounts WHERE account='{$account}' LIMIT 1;");
86 116
   if (@mysql_num_rows($result) > 0)
87 117
   {
... ...
@@ -113,22 +143,6 @@ function find_role($login, $password, $i_am_admin = False)
113 143
   }
114 144
   
115 145
 
116
-  // Sub-User
117
-
118
-  $result = db_query("SELECT password FROM system.subusers WHERE username='{$login}'");
119
-  if (@mysql_num_rows($result) > 0)
120
-  {
121
-    $entry = mysql_fetch_object($result);
122
-    $db_password = $entry->password;
123
-    // SHA1 für alte Subuser (kaylee), SHA256 für neue Subuser
124
-    if (hash("sha1", $password) == $db_password || hash("sha256", $password) == $db_password || $i_am_admin)
125
-    {
126
-      logger(LOG_INFO, "session/checkuser", "login", "logged in virtual subuser »{$login}«.");
127
-      return ROLE_SUBUSER;
128
-    }
129
-    logger(LOG_WARNING, "session/checkuser", "login", "wrong password for existing subuser »{$login}«.");
130
-  }
131
-
132 146
 
133 147
   // Nothing?
134 148
   return NULL;
... ...
@@ -23,6 +23,29 @@ if (!session_start())
23 23
 
24 24
 DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
25 25
 
26
+if (have_module('googleauth') && isset($_POST['webinterface_googlecode']) && isset($_SESSION['googleauth']) && isset($_SESSION['googleauth_username'])) {
27
+  require_once('modules/googleauth/include/googleauth.php');
28
+  $role = NULL;
29
+  if (check_googleauth($_SESSION['googleauth_username'], $_POST['webinterface_googlecode'])) {
30
+    $role = find_role($_SESSION['googleauth_username'], '', true);
31
+  }
32
+  if ($role === NULL)
33
+  {
34
+    $_SESSION['role'] = ROLE_ANONYMOUS;
35
+    logger(LOG_WARNING, "session/start", "login", "wrong googleauth code (username: »{$_SESSION['googleauth_username']}«)");
36
+    warning('Ihre Anmeldung konnte nicht durchgeführt werden. Geben Sie bitte einen neuen Code ein.');
37
+    show_page('googleauth-login');
38
+    die();
39
+  }
40
+  else
41
+  {
42
+    setup_session($role, $_SESSION['googleauth_username']);
43
+  }
44
+  unset($_POST['webinterface_googlecode']);
45
+  unset($_SESSION['googleauth']);
46
+  unset($_SESSION['googleauth_username']);
47
+}
48
+
26 49
 if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password']))
27 50
 {
28 51
   $role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']);
29 52
new file mode 100644
... ...
@@ -0,0 +1,71 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+?><?xml version="1.0" encoding="utf-8"?>
17
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
18
+    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
19
+
20
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de">
21
+<head>
22
+
23
+<?php 
24
+if ($title)
25
+	echo "<title>$title - Administration</title>";
26
+else
27
+	echo "<title>Administration</title>";
28
+?>
29
+<link rel="stylesheet" href="<?php echo $THEME_PATH; ?>style.css" type="text/css" media="screen" title="Normal" />
30
+<link rel="shortcut icon" href="<?php echo $THEME_PATH; ?>favicon.ico" type="image/x-icon" />
31
+<?php echo $html_header; ?>
32
+</head>
33
+
34
+<body onload="javascript:document.getElementById('code').focus();">
35
+<div><a href="#content" style="display: none;">Zum Inhalt</a></div>
36
+
37
+<div class="menu">
38
+<a href="<?php echo $BASE_PATH; ?>"><img src="<?php echo $THEME_PATH; ?>images/schokokeks.png" width="190" height="141" alt="schokokeks.org Hosting" /></a>
39
+
40
+<?php echo $menu; ?>
41
+
42
+<?php echo $userinfo; ?>
43
+
44
+</div>
45
+
46
+<div class="content">
47
+<a id="content" style="display: none"> </a>
48
+
49
+<?php
50
+if ($messages) {
51
+  echo $messages;
52
+}
53
+?>
54
+
55
+<h3>Sicherheits-Code von Google-Authenticator</h3>
56
+<p>Ihr Zugang ist mit einem zweistufigen Login-Prozess geschützt. Sie müssen daher jetzt noch den aktuellsten Code des Google-Authenticators eingeben.</p>
57
+<form action="" method="post">
58
+<p><label for="code" class="login_label">Google-Authenticator-Code:</label> <input type="text" id="code" name="webinterface_googlecode" size="20" /></p>
59
+<p><span class="login_label">&#160;</span> <input type="submit" value="Prüfen" /></p>
60
+</form>
61
+
62
+</div>
63
+
64
+<div class="foot">
65
+<p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>. Unser <a href="http://www.schokokeks.org/kontakt">Impressum</a> finden Sie auf der <a href="http://www.schokokeks.org/">öffentlichen Seite</a>. Lizenzinformationen zu diesem Webinterface und verwendeten Rechten finden Sie <a href="../../images/about.php">indem Sie hier klicken</a>.</p>
66
+
67
+</div>
68
+
69
+
70
+</body>
71
+</html>