access/login.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12         if (!isset($path_to_root) || isset($_GET['path_to_root']) || isset($_POST['path_to_root']))
  13                 die(_("Restricted access"));
  14         include_once($path_to_root . "/includes/ui.inc");
  15         include_once($path_to_root . "/includes/page/header.inc");
  16
  17         $js = "<script language='JavaScript' type='text/javascript'>
  18 function defaultCompany()
  19 {
  20         document.forms[0].company_login_name.options[".user_company()."].selected = true;
  21 }
  22 </script>";
  23
  24         add_js_file('login.js');
  25         // Display demo user name and password within login form if allow_demo_mode option is true
  26         if ($SysPrefs->allow_demo_mode == true)
  27         {
  28             $demo_text = _("Login as user: demouser and password: password");
  29         }
  30         else
  31         {
  32                 $demo_text = _("Please login here");
  33         if (@$SysPrefs->allow_password_reset) {
  34                 $demo_text .= " "._("or")." <a href='$path_to_root/index.php?reset=1'>"._("request new password")."</a>";
  35         }
  36         }
  37
  38         if (check_faillog())
  39         {
  40                 $blocked = true;
  41
  42             $js .= "<script>setTimeout(function() {
  43                 document.getElementsByName('SubmitUser')[0].disabled=0;
  44                 document.getElementById('log_msg').innerHTML='$demo_text'}, 1000*".$SysPrefs->login_delay.");</script>";
  45             $demo_text = '<span class="redfg">'._('Too many failed login attempts.<br>Please wait a while or try later.').'</span>';
  46         } elseif ($_SESSION["wa_current_user"]->login_attempt > 1) {
  47                 $demo_text = '<span class="redfg">'._("Invalid password or username. Please, try again.").'</span>';
  48         }
  49
  50         flush_dir(user_js_cache());
  51         if (!isset($def_coy))
  52                 $def_coy = 0;
  53         $def_theme = "default";
  54
  55         $login_timeout = $_SESSION["wa_current_user"]->last_act;
  56
  57         $title = $login_timeout ? _('Authorization timeout') : $SysPrefs->app_title." ".$version." - "._("Login");
  58         $encoding = isset($_SESSION['language']->encoding) ? $_SESSION['language']->encoding : "iso-8859-1";
  59         $rtl = isset($_SESSION['language']->dir) ? $_SESSION['language']->dir : "ltr";
  60         $onload = !$login_timeout ? "onload='defaultCompany()'" : "";
  61
  62         echo "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01 Transitional//EN\" \"http://www.w3.org/TR/html4/loose.dtd\">\n";
  63         echo "<html dir='$rtl' >\n";
  64         echo "<head profile=\"http://www.w3.org/2005/10/profile\"><title>$title</title>\n";
  65         echo "<meta http-equiv='Content-type' content='text/html; charset=$encoding' >\n";
  66         echo "<link href='$path_to_root/themes/$def_theme/default.css' rel='stylesheet' type='text/css'> \n";
  67         echo "<link href='$path_to_root/themes/default/images/favicon.ico' rel='icon' type='image/x-icon'> \n";
  68         send_scripts();
  69         if (!$login_timeout)
  70         {
  71                 echo $js;
  72         }
  73
  74         echo "</head>\n";
  75
  76         echo "<body id='loginscreen' $onload>\n";
  77
  78         echo "<table class='titletext'><tr><td>$title</td></tr></table>\n";
  79
  80         div_start('_page_body');
  81         br();br();
  82         start_form(false, false, $_SESSION['timeout']['uri'], "loginform");
  83         start_table(false, "class='login'");
  84         start_row();
  85         echo "<td align='center' colspan=2>";
  86         if (!$login_timeout) { // FA logo
  87         echo "<a target='_blank' href='".$SysPrefs->power_url."'><img src='$path_to_root/themes/$def_theme/images/logo_frontaccounting.png' alt='FrontAccounting' height='50' onload='fixPNG(this)' border='0' ></a>";
  88         } else {
  89                 echo "<font size=5>"._('Authorization timeout')."</font>";
  90         }
  91         echo "</td>\n";
  92         end_row();
  93         if (!$login_timeout)
  94                 table_section_title(_("Version")." $version   Build ".$SysPrefs->build_version." - "._("Login"));
  95
  96         $value = $login_timeout ? $_SESSION['wa_current_user']->loginname : ($SysPrefs->allow_demo_mode ? "demouser":"");
  97
  98         text_row(_("User name"), "user_name_entry_field", $value, 20, 30);
  99
 100         $password = $SysPrefs->allow_demo_mode ? "password":"";
 101
 102         password_row(_("Password:"), 'password', $password);
 103
 104         if ($login_timeout) {
 105                 hidden('company_login_name', user_company());
 106         } else {
 107                 $coy =  user_company();
 108                 if (!isset($coy))
 109                         $coy = $def_coy;
 110                 if (!@$SysPrefs->text_company_selection) {
 111                         echo "<tr><td>"._("Company")."</td><td><select name='company_login_name'>\n";
 112                         for ($i = 0; $i < count($db_connections); $i++)
 113                                 echo "<option value=$i ".($i==$coy ? 'selected':'') .">" . $db_connections[$i]["name"] . "</option>";
 114                         echo "</select>\n";
 115                         echo "</td></tr>";
 116                 } else {
 117                         text_row(_("Company"), "company_login_nickname", "", 20, 50);
 118                 }
 119         };
 120         start_row();
 121         label_cell($demo_text, "colspan=2 align='center' id='log_msg'");
 122         end_row();
 123         end_table(1);
 124         echo "<input type='hidden' id=ui_mode name='ui_mode' value='".!fallback_mode()."' >\n";
 125         echo "<center><input type='submit' value='&nbsp;&nbsp;"._("Login -->")."&nbsp;&nbsp;' name='SubmitUser'"
 126                 ." onclick='".(in_ajax() ? 'retry();': 'set_fullmode();')."'".(isset($blocked) ? " disabled" : '')." ></center>\n";
 127
 128         foreach($_SESSION['timeout']['post'] as $p => $val) {
 129                 // add all request variables to be resend together with login data
 130                 if (!in_array($p, array('ui_mode', 'user_name_entry_field',
 131                         'password', 'SubmitUser', 'company_login_name')))
 132                         if (!is_array($val))
 133                                 echo "<input type='hidden' name='$p' value='$val'>";
 134                         else
 135                                 foreach($val as $i => $v)
 136                                         echo "<input type='hidden' name='{$p}[$i]' value='$v'>";
 137         }
 138         end_form(1);
 139         $Ajax->addScript(true, "if (document.forms.length) document.forms[0].password.focus();");
 140
 141     echo "<script language='JavaScript' type='text/javascript'>
 142     //<![CDATA[
 143             <!--
 144             document.forms[0].user_name_entry_field.select();
 145             document.forms[0].user_name_entry_field.focus();
 146             //-->
 147     //]]>
 148     </script>";
 149     div_end();
 150         echo "<table class='bottomBar'>\n";
 151         echo "<tr>";
 152         if (isset($_SESSION['wa_current_user']))
 153                 $date = Today() . " | " . Now();
 154         else
 155                 $date = date("m/d/Y") . " | " . date("h.i am");
 156         echo "<td class='bottomBarCell'>$date</td>\n";
 157         echo "</tr></table>\n";
 158         echo "<table class='footer'>\n";
 159         echo "<tr>\n";
 160         echo "<td><a target='_blank' href='".$SysPrefs->power_url."' tabindex='-1'>".$SysPrefs->app_title." $version - " . _("Theme:") . " " . $def_theme . "</a></td>\n";
 161         echo "</tr>\n";
 162         echo "<tr>\n";
 163         echo "<td><a target='_blank' href='".$SysPrefs->power_url."' tabindex='-1'>".$SysPrefs->power_by."</a></td>\n";
 164         echo "</tr>\n";
 165         echo "</table><br><br>\n";
 166         echo "</body></html>\n";
 167