X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=access%2Flogin.php;h=c1d1ebf94c6bd429bc3f096eacd7f99e4778f7b2;hb=7b4a41683cfde121c70adbb44ddcc30efa5c2f95;hp=5644151811e195cbd93c31dbdc909626cc5aa095;hpb=bf343dcf1df5d82c25ed8079bed766a54bd1b17c;p=fa-stable.git

diff --git a/access/login.php b/access/login.php
index 56441518..c1d1ebf9 100644
--- a/access/login.php
+++ b/access/login.php
@@ -1,143 +1,177 @@
 <?php
+/**********************************************************************
+    Copyright (C) FrontAccounting, LLC.
+	Released under the terms of the GNU General Public License, GPL, 
+	as published by the Free Software Foundation, either version 3 
+	of the License, or (at your option) any later version.
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  
+    See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
+***********************************************************************/
 	if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
-		die("Restricted access");
-	include_once($path_to_root . "/includes/ui/ui_view.inc");
-	// Display demo user name and password within login form if "$allow_demo_mode" is true
-	$demo_text = "";
-	if ($allow_demo_mode == True)
+		die(_("Restricted access"));
+	include_once($path_to_root . "/includes/ui.inc");
+	include_once($path_to_root . "/includes/page/header.inc");
+
+	$js = "<script language='JavaScript' type='text/javascript'>
+function defaultCompany()
+{
+	document.forms[0].company_login_name.options[".user_company()."].selected = true;
+}
+</script>";
+
+	add_js_file('login.js');
+	// Display demo user name and password within login form if allow_demo_mode option is true
+	if ($SysPrefs->allow_demo_mode == true)
 	{
-	    $demo_text = "Login as user: demouser and password: cooldemo";
+	    $demo_text = _("Login as user: demouser and password: password");
 	}
 	else
 	{
-		$demo_text = "Please login here";
+		$demo_text = _("Please login here");
+    	if (@$SysPrefs->allow_password_reset) {
+      		$demo_text .= " "._("or")." <a href='$path_to_root/index.php?reset=1'>"._("request new password")."</a>";
+    	}
 	}
+
+	if (check_faillog())
+	{
+		$blocked = true;
+
+	    $js .= "<script>setTimeout(function() {
+	    	document.getElementsByName('SubmitUser')[0].disabled=0;
+	    	document.getElementById('log_msg').innerHTML='$demo_text'}, 1000*".$SysPrefs->login_delay.");</script>";
+	    $demo_text = '<span class="redfg">'._('Too many failed login attempts.<br>Please wait a while or try later.').'</span>';
+	} elseif ($_SESSION["wa_current_user"]->login_attempt > 1) {
+		$demo_text = '<span class="redfg">'._("Invalid password or username. Please, try again.").'</span>';
+	}
+
+	flush_dir(user_js_cache());
 	if (!isset($def_coy))
 		$def_coy = 0;
-	$def_theme = $path_to_root . '/themes/default';
-?>
-<html>
-<head>
-<?php echo get_js_png_fix(); ?>
-<script type="text/javascript">
-function defaultCompany()
-{
-	document.forms[0].company_login_name.options[<?php echo $def_coy; ?>].selected = true;
-	document.getElementById('ui_mode').value = 1;
-}
-</script>
-    <title><?php echo $app_title . " " . $version;?></title>
-    <meta http-equiv="Content-type" content="text/html; charset=iso-8859-1" />
-    <link rel="stylesheet" href="<?php echo $def_theme;?>/login.css" type="text/css" />
-</head>
-
-<body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onload="defaultCompany()">
-    <table width="100%" height="100%" border="0" cellpadding="0" cellspacing="0">
-        <tr>
-            <td align="center" valign="bottom"><a target="_blank" href="<?php $power_url; ?>"><img src="<?php echo $def_theme;?>/images/logo_frontaccounting.png" alt="FrontAccounting" width="250" height="50" onload="fixPNG(this)" border="0" /></a></td>
-		</tr>
-
-        <tr>
-            <td align="center" valign="top">
-
-		    <table border="0" cellpadding="0" cellspacing="0">
-			<tr><td colspan=2 align="center"><font size=4><b><?php echo _("Version") . " " . $version . "   Build " . $build_version ?></b></font><br><br></td></tr>
-		        <tr>
-		            <td colspan="2" rowspan="2">
-                    <table width="346" border="0" cellpadding="0" cellspacing="0">
-					<form action="<?php echo $_SERVER['PHP_SELF'];?>" name="loginform" method="post">
-						<input type="hidden" id=ui_mode name="ui_mode" value="0">
-                        <tr>
-                            <td colspan="5" bgcolor="#FFFFFF"><img src="<?php echo $def_theme; ?>/images/spacer.png" width="346" height="1" alt="" /></td>
-
-						</tr>
-
-                        <tr>
-
-
-
-                            <td bgcolor="#367CB5"><img src="<?php echo $def_theme; ?>/images/spacer.png" width="12" height="200" alt="" /></td>
-
-                            <!--<td background="<?php echo $def_theme; ?>/images/outline/bg.png" width="233" height="200" colspan="3" valign="top">-->
-                            <td class="login" colspan="3" valign="top">
-                                <table border="0" cellpadding="3" cellspacing="0" width="100%">
-                                    <tr>
-                                        <td align="right">
-                                        <!--<span class="loginText">Client login<input name="external_login" type="checkbox" value="1" class="loginText"></span>-->
-                                        <br /></td>
-                                    </tr>
-
-                                    <tr>
-                                        <td width="90"></td><td class="loginText" width="283"><span>User name:</span><br />
-                                         <input type="text" name="user_name_entry_field"/><br />
-                                         <span>Password:</span><br />
-                                         <input type="password" name="password">
-                                         <br />
-											<span>Company:</span><br />
-											<!--<select name="company_login_name" onchange="setCookie()">-->
-											<select name="company_login_name">
-<?php
-for ($i = 0; $i < count($db_connections); $i++)
-{
-	echo "<option value=$i>" . $db_connections[$i]["name"] . "</option>";
-}
-?>
-											</select>
-										<br /><br />
-                                         <?php echo $demo_text;?>
-                                        </td>
-                                    </tr>
-
-                                    <tr>
-                                        <td></td><td align="left"><input type="submit" value=" Login -->" name="SubmitUser" /></td>
-                                    </tr>
-                                </table>
-	                        </td>
-                        </tr>
-                        <tr>
-                            <td colspan="5" bgcolor="#FFFFFF"><img src="<?php echo $def_theme; ?>/images/spacer.png" width="346" height="1" alt="" /></td>
-                        </tr>
-						</form>
-                    </table>
-		            </td>
-		            <!--<td background="<?php echo $def_theme; ?>/images/outline/r.png" colspan="3" align="right" valign="top"><img src="<?php echo $def_theme; ?>/images/outline/tr.png" width="10" height="10" alt="" /></td>-->
-		        </tr>
-		        <tr>
-		            <!--<td background="<?php echo $def_theme; ?>/images/outline/r.png"><img src="<?php echo $def_theme; ?>/images/outline/r.png" width="10" height="10" alt=""></td>-->
-		        </tr>
-		        <tr>
-					<!--<td background="<?php echo $def_theme; ?>/images/outline/bm.png"><img src="<?php echo $def_theme; ?>/images/outline/bl.png" width="10" height="10" alt=""></td>-->
-		            <!--<td background="<?php echo $def_theme; ?>/images/outline/bm.png"><img src="<?php echo $def_theme; ?>/images/outline/bm.png" width="10" height="10" alt=""></td>-->
-		            <!--<td><img src="<?php echo $def_theme; ?>/images/outline/br.png" width="10" height="10" alt="" /></td>-->
-		        </tr>
-<tr><td>&nbsp;</td></tr><tr>
-		<td align="center" class="footer"><font size=1><a target='_blank' style="text-decoration: none" HREF='<?php echo $power_url; ?>'><font color="#FFFF00" valign="top">&nbsp;&nbsp;<?php echo $power_by; ?></font></a></font></td>
-	</tr>
-<!--<tr><td>&nbsp;</td></tr><tr>
-	<td align="center" class="footer"><a target="_blank" HREF="http://frontaccounting.com/"><img src="<?php echo $def_theme; ?>/images/logo_frontaccounting.png"  height="60" width="60" border="0"/></a></td>
-</tr>-->
-<?php
-if ($allow_demo_mode == true)
-{
-    ?>
-      <tr>
-        <!--<td><br><div align="center"><a href="http://frontaccounting.com"><img src="<?php echo $def_theme; ?>/images/logo_frontaccounting.png"  border="0" align="middle" /></a></div></td>-->
-      </tr>
-    <?php
-}
-?>
-		    </table>
+	$def_theme = "default";
+
+	$login_timeout = $_SESSION["wa_current_user"]->last_act;
 
-            </td>
-        </tr>
-    </table>
-    <script language="JavaScript" type="text/javascript">
+	$title = $login_timeout ? _('Authorization timeout') : $SysPrefs->app_title." ".$version." - "._("Login");
+	$encoding = isset($_SESSION['language']->encoding) ? $_SESSION['language']->encoding : "iso-8859-1";
+	$rtl = isset($_SESSION['language']->dir) ? $_SESSION['language']->dir : "ltr";
+	$onload = !$login_timeout ? "onload='defaultCompany()'" : "";
+
+	echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n";
+	echo "<html dir='$rtl' >\n";
+	echo "<head profile=\"http://www.w3.org/2005/10/profile\"><title>$title</title>\n";
+   	echo "<meta http-equiv='Content-type' content='text/html; charset=$encoding' >\n";
+	echo "<link href='$path_to_root/themes/$def_theme/default.css' rel='stylesheet' type='text/css'> \n";
+ 	echo "<link href='$path_to_root/themes/default/images/favicon.ico' rel='icon' type='image/x-icon'> \n";
+	send_scripts();
+	if (!$login_timeout)
+	{
+		echo $js;
+	}
+
+	echo "</head>\n";
+
+	echo "<body id='loginscreen' $onload>\n";
+
+	echo "<table class='titletext'><tr><td>$title</td></tr></table>\n";
+	
+	div_start('_page_body');
+	br();br();
+	start_form(false, false, $_SESSION['timeout']['uri'], "loginform");
+	start_table(false, "class='login'");
+
+	start_row();
+	echo "<td align='center' colspan=2>";
+	if (!$login_timeout) { // FA logo
+    	echo "<a target='_blank' href='".$SysPrefs->power_url."'><img src='$path_to_root/themes/$def_theme/images/logo_frontaccounting.png' alt='FrontAccounting' height='50' onload='fixPNG(this)' border='0' ></a>";
+	} else { 
+		echo "<font size=5>"._('Authorization timeout')."</font>";
+	} 
+	echo "</td>\n";
+	end_row();
+	if (!$login_timeout)
+		table_section_title(_("Version")." $version   Build ".$SysPrefs->build_version." - "._("Login"));
+
+	$value = $login_timeout ? $_SESSION['wa_current_user']->loginname : ($SysPrefs->allow_demo_mode ? "demouser":"");
+
+	$allow = SECURE_ONLY !== true ? true : (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') || $_SERVER['SERVER_NAME'] === "localhost";
+
+	if ($allow) {
+
+		text_row(_("User name"), "user_name_entry_field", $value, 20, 30);
+
+		$password = $SysPrefs->allow_demo_mode ? "password":"";
+
+		password_row(_("Password:"), 'password', $password);
+
+		if ($login_timeout) {
+			hidden('company_login_name', user_company());
+		} else {
+			$coy =  user_company();
+			if (!isset($coy))
+				$coy = $def_coy;
+			if (!@$SysPrefs->text_company_selection) {
+				echo "<tr><td>"._("Company")."</td><td><select name='company_login_name'>\n";
+				for ($i = 0; $i < count($db_connections); $i++)
+					echo "<option value=$i ".($i==$coy ? 'selected':'') .">" . $db_connections[$i]["name"] . "</option>";
+				echo "</select>\n";
+				echo "</td></tr>";
+			} else {
+				text_row(_("Company"), "company_login_nickname", "", 20, 50);
+			}
+		}
+	}
+ 	else {
+		$demo_text = '<span class="redfg">'._("HTTP access is not allowed on this site. This is unsecure. If you really want to access this unsecure site then set the SECURE_ONLY to false in /includes/session.inc file.").'</span>';
+	}
+	start_row();
+	label_cell($demo_text, "colspan=2 align='center' id='log_msg'");
+	end_row();
+	end_table(1);
+	echo "<input type='hidden' id=ui_mode name='ui_mode' value='".!fallback_mode()."' >\n";
+	if ($allow) {
+		echo "<center><input type='submit' value='&nbsp;&nbsp;"._("Login -->")."&nbsp;&nbsp;' name='SubmitUser'"
+			." onclick='".(in_ajax() ? 'retry();': 'set_fullmode();')."'".(isset($blocked) ? " disabled" : '')." ></center>\n";
+	}		
+	foreach($_SESSION['timeout']['post'] as $p => $val) {
+		// add all request variables to be resend together with login data
+		if (!in_array($p, array('ui_mode', 'user_name_entry_field', 
+			'password', 'SubmitUser', 'company_login_name'))) 
+			if (!is_array($val))
+				echo "<input type='hidden' name='$p' value='$val'>";
+			else
+				foreach($val as $i => $v)
+					echo "<input type='hidden' name='{$p}[$i]' value='$v'>";
+	}
+	end_form(1);
+	$Ajax->addScript(true, "if (document.forms.length) document.forms[0].password.focus();");
+
+    echo "<script language='JavaScript' type='text/javascript'>
     //<![CDATA[
             <!--
             document.forms[0].user_name_entry_field.select();
             document.forms[0].user_name_entry_field.focus();
             //-->
     //]]>
-    </script>
-</body>
-</html>
+    </script>";
+    div_end();
+	echo "<table class='bottomBar'>\n";
+	echo "<tr>";
+	if (isset($_SESSION['wa_current_user'])) 
+		$date = Today() . " | " . Now();
+	else	
+		$date = date("m/d/Y") . " | " . date("h.i am");
+	echo "<td class='bottomBarCell'>$date</td>\n";
+	echo "</tr></table>\n";
+	echo "<table class='footer'>\n";
+	echo "<tr>\n";
+	echo "<td><a target='_blank' href='".$SysPrefs->power_url."' tabindex='-1'>".$SysPrefs->app_title." $version - " . _("Theme:") . " " . $def_theme . "</a></td>\n";
+	echo "</tr>\n";
+	echo "<tr>\n";
+	echo "<td><a target='_blank' href='".$SysPrefs->power_url."' tabindex='-1'>".$SysPrefs->power_by."</a></td>\n";
+	echo "</tr>\n";
+	echo "</table><br><br>\n";
+	echo "</body></html>\n";
+