217 lines
6.8 KiB
PHP
217 lines
6.8 KiB
PHP
<?php
|
|
###############################################################
|
|
# Page Password Protect 1.4
|
|
###############################################################
|
|
# By Michael R. - swiss
|
|
###############################################################
|
|
# LOGIN OVERRIDE FUNCTION FOR LOCAL ACCESS!
|
|
|
|
function getUserIP()
|
|
{
|
|
$client = @$_SERVER['HTTP_CLIENT_IP'];
|
|
$forward = @$_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
$remote = $_SERVER['REMOTE_ADDR'];
|
|
|
|
if (filter_var($client, FILTER_VALIDATE_IP)) {
|
|
$ip = $client;
|
|
} elseif (filter_var($forward, FILTER_VALIDATE_IP)) {
|
|
$ip = $forward;
|
|
} else {
|
|
$ip = $remote;
|
|
}
|
|
return $ip;
|
|
}
|
|
$user_ip = getUserIP();
|
|
|
|
$str = strrev($_SERVER['REQUEST_URI']);
|
|
$bits = explode('/', $str);
|
|
$script_path = strrev($bits[1]);
|
|
|
|
|
|
if ($user_ip != "83.150.6.68") {
|
|
# IF IP-ADRESS IS NOT NETCLOUD INTERN, CONSTRUCT LOGIN-PAGE:
|
|
|
|
$adminPassword = "learn@mit-2021";
|
|
|
|
$LOGIN_INFORMATION = array($adminPassword);
|
|
defined('USE_USERNAME') or define('USE_USERNAME', false);
|
|
// time out after NN minutes of inactivity. Set to 0 to not timeout
|
|
defined('TIMEOUT_MINUTES') or define('TIMEOUT_MINUTES', 0);
|
|
// This parameter is only useful when TIMEOUT_MINUTES is not zero
|
|
// true - timeout time from last activity, false - timeout time from login
|
|
defined('TIMEOUT_CHECK_ACTIVITY') or define('TIMEOUT_CHECK_ACTIVITY', true);
|
|
|
|
// timeout in seconds
|
|
$timeout = (TIMEOUT_MINUTES == 0 ? 0 : time() + TIMEOUT_MINUTES * 60);
|
|
// logout?
|
|
if (isset($_GET['logout'])) {
|
|
setcookie("verify", '', $timeout, '/'); // clear password;
|
|
//header('Location: ' . "/$script_path");
|
|
header('Location: ' . "/study");
|
|
exit();
|
|
}
|
|
if (!function_exists('showLoginPasswordProtect')) {
|
|
// show login form
|
|
function showLoginPasswordProtect($error_msg)
|
|
{
|
|
?>
|
|
<!DOCTYPE html>
|
|
<html>
|
|
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>Please provide MLP</title>
|
|
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=yes">
|
|
<meta name="theme-color" content="#191a1b" />
|
|
<link rel='stylesheet prefetch' href='//fonts.googleapis.com/css?family=Open+Sans'>
|
|
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
|
|
<link href="assets/css/login.css?random=<?php echo uniqid(); ?>" rel="stylesheet" />
|
|
<!-- Matomo -->
|
|
<script type="text/javascript">
|
|
var _paq = window._paq = window._paq || [];
|
|
/* tracker methods like "setCustomDimension" should be called before "trackPageView" */
|
|
_paq.push(["setCookieDomain", "*.michu-it.com"]);
|
|
_paq.push(['trackPageView']);
|
|
_paq.push(['enableLinkTracking']);
|
|
(function() {
|
|
var u="https://analytics.michu-it.com/";
|
|
_paq.push(['setTrackerUrl', u+'matomo.php']);
|
|
_paq.push(['setSiteId', '3']);
|
|
var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
|
|
g.type='text/javascript'; g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
|
|
})();
|
|
</script>
|
|
<noscript><p><img src="https://analytics.michu-it.com/matomo.php?idsite=3&rec=1" style="border:0;" alt="" /></p></noscript>
|
|
<!-- End Matomo Code -->
|
|
</head>
|
|
|
|
<body onLoad="document.getElementsByTagName('input')[0].focus();" <div class="container">
|
|
<div class="row">
|
|
<div class="login">
|
|
<div class="login__lock">
|
|
<div class="mit-logo"></div>
|
|
<i class="fa fa-lock" aria-hidden="true"></i>
|
|
</div>
|
|
<div class="login__form">
|
|
|
|
<form method="post">
|
|
<div class="login__row">
|
|
<svg class="login__icon pass svg-icon" viewBox="0 0 20 20">
|
|
<path d="M0,20 20,20 20,8 0,8z M10,13 10,16z M4,8 a6,8 0 0,1 12,0" />
|
|
</svg>
|
|
<input type="password" name="access_password" class="login__input pass" placeholder="Password" />
|
|
</div>
|
|
<button type="submit" value="Submit" class="login__submit">Login</button>
|
|
</form>
|
|
|
|
<p class="login__signup">Please provide the michu-it learning password. Found in our internal wiki.</p>
|
|
<font color="red" style="font-size: x-small" ;><?php echo $error_msg; ?></font>
|
|
</div>
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
<script src='//cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js'></script>
|
|
<script>
|
|
$(document).ready(function() {
|
|
|
|
var animating = false,
|
|
submitPhase1 = 1100,
|
|
submitPhase2 = 400,
|
|
logoutPhase1 = 800,
|
|
$login = $(".login"),
|
|
$app = $(".app");
|
|
|
|
function ripple(elem, e) {
|
|
$(".ripple").remove();
|
|
var elTop = elem.offset().top,
|
|
elLeft = elem.offset().left,
|
|
x = e.pageX - elLeft,
|
|
y = e.pageY - elTop;
|
|
var $ripple = $("<div class='ripple'></div>");
|
|
$ripple.css({
|
|
top: y,
|
|
left: x
|
|
});
|
|
elem.append($ripple);
|
|
};
|
|
|
|
$(document).on("click", ".login__submit", function(e) {
|
|
if (animating) return;
|
|
animating = true;
|
|
var that = this;
|
|
ripple($(that), e);
|
|
$(that).addClass("processing");
|
|
setTimeout(function() {
|
|
$(that).addClass("success");
|
|
setTimeout(function() {
|
|
$app.show();
|
|
$app.css("top");
|
|
$app.addClass("active");
|
|
}, submitPhase2 - 70);
|
|
setTimeout(function() {
|
|
$login.hide();
|
|
$login.addClass("inactive");
|
|
animating = false;
|
|
$(that).removeClass("success processing");
|
|
}, submitPhase2);
|
|
}, submitPhase1);
|
|
});
|
|
|
|
});
|
|
</script>
|
|
|
|
</body>
|
|
|
|
</html>
|
|
|
|
<?php
|
|
// stop at this point
|
|
die();
|
|
}
|
|
}
|
|
// user provided password
|
|
if (isset($_POST['access_password'])) {
|
|
$login = isset($_POST['access_login']) ? $_POST['access_login'] : '';
|
|
$pass = $_POST['access_password'];
|
|
if (
|
|
!USE_USERNAME && !in_array($pass, $LOGIN_INFORMATION)
|
|
|| (USE_USERNAME && (!array_key_exists($login, $LOGIN_INFORMATION) || $LOGIN_INFORMATION[$login] != $pass))
|
|
) {
|
|
showLoginPasswordProtect("wrong password!");
|
|
} else {
|
|
// set cookie if password was validated
|
|
setcookie("verify", md5($login . '%' . $pass), $timeout, '/');
|
|
|
|
// Some programs (like Form1 Bilder) check $_POST array to see if parameters passed
|
|
// So need to clear password protector variables
|
|
unset($_POST['access_login']);
|
|
unset($_POST['access_password']);
|
|
unset($_POST['Submit']);
|
|
//header('Location: ' . $logoutURL . "/$script_path");
|
|
header('Location: ' . $logoutURL . "/study");
|
|
}
|
|
} else {
|
|
// check if password cookie is set
|
|
if (!isset($_COOKIE['verify'])) {
|
|
showLoginPasswordProtect("");
|
|
}
|
|
// check if cookie is good
|
|
$found = false;
|
|
foreach ($LOGIN_INFORMATION as $key => $val) {
|
|
$lp = (USE_USERNAME ? $key : '') . '%' . $val;
|
|
if ($_COOKIE['verify'] == md5($lp)) {
|
|
$found = true;
|
|
// prolong timeout
|
|
if (TIMEOUT_CHECK_ACTIVITY) {
|
|
setcookie("verify", md5($lp), $timeout, '/');
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
if (!$found) {
|
|
showLoginPasswordProtect("");
|
|
}
|
|
}
|
|
}
|
|
?>
|