site_login/index.php - websites/dev.eclipse.org - Git at Google

 <?php
 /*******************************************************************************
  * Copyright (c) 2012-2014 Eclipse Foundation and others.
  * All rights reserved. This program and the accompanying materials
  * are made available under the terms of the Eclipse Public License v1.0
  * which accompanies this distribution, and is available at
  * http://www.eclipse.org/legal/epl-v10.html
  *
  * Contributors:
  *    Denis Roy (Eclipse Foundation)- initial API and implementation
  *******************************************************************************/

   require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
   require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
   require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
   require_once($_SERVER['DOCUMENT_ROOT'] . "/site_login/classes/account_creator.class.php");

   $App   = new App();
   $Nav  = new Nav();
   $Menu   = new Menu();
   include("_projectCommon.php");
   $error       = "";

   $App->preventCaching();

   header("Content-type: text/html; charset=utf-8");
   $pageTitle     = "Eclipse Login";
   $pageKeywords  = "eclipse,friends,login,account,signon,sign-on";
   $pageAuthor    = "Eclipse Foundation, Inc.";

   $username    = $App->getHTTPParameter("username", "POST");
   $password    = $App->getHTTPParameter("password", "POST");
   # $remember    = $App->getHTTPParameter("remember", "POST") ? "checked='checked'" : "";
   $remember    = $App->getHTTPParameter("remember", "POST");
   $submit      = $App->getHTTPParameter("submit");
   $takemeback  = urldecode($App->getHTTPParameter("takemeback", "POST"));
   $githubid     = $App->getHTTPParameter("githubid", "POST");

   # Sanitize takemeback for XSS
   $takemeback   = preg_replace($xss_patterns, '', $takemeback);

   # $username    = preg_replace($xss_patterns, '', $username);
   if(!preg_match($email_regexp, $username) && $submit == "Login") {
     $submit = "";
     $email = "";
     $username = preg_replace($xss_patterns, '', $username);
     $error = "Your email address does not appear to be valid.";
   }
   $password    = preg_replace($xss_patterns, '', $password);
   if(!is_numeric($remember)) {
     $remember = 0;
   }
   $includefile  = "content/en_" . $App->getScriptName();

   if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
     $password = stripslashes($password);
   }


   # Takemeback processing
   $referer = "";
   if(isset($_SERVER['HTTP_REFERER'])) {
       $referer = $_SERVER['HTTP_REFERER'];
   }
   # Coming from the Wiki?  Redirect to Special:Userlogin to finish processign
   if(preg_match("/^(http|https):\/\/(wiki|wikitest)\.eclipse\.org\//", $referer, $matches)) {
       $location = substr($referer, strlen($matches[0]));
       #strip 'extra' index data bug 308257
       $location = preg_replace("/index\.php\?title\=/","",$location);
     $referer = $matches[0] . "index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=" . $location ;
   }
   # Forum login process broken with bad redirect
   # Bug 430302
   if(preg_match("#^https?://.*eclipse.org/forums/index.php\?t=login#", $referer, $matches)) {
     $referer = "https://www.eclipse.org/forums/index.php/l/";
     $takemeback = $referer;
   }
   if($takemeback == "") {
     $takemeback    = $referer;
   }

   # Since we use a secure cookie, anything http should be sent back https.
   if(preg_match("#^http://(.*)#", $takemeback, $matches)) {
     $takemeback = "https://" . $matches[1];
   }

   # Bug 421097
   if(
     (!preg_match('#^https?://[\w+\.0-9-]{0,}eclipse.org/#', $takemeback)      &&
     !preg_match('#^https?://[\w+\.0-9-]{0,}planeteclipse.org/#', $takemeback)  &&
     !preg_match('#^https?://[\w+\.0-9-]{0,}locationtech.org/#', $takemeback)    &&
     !preg_match('#^https?://[\w+\.0-9-]{0,}polarsys.org/#', $takemeback))
     || (preg_match('#^https?://[\w+\.0-9-]{0,}dev.eclipse.org/site_login/#', $takemeback))
   ) {
     $takemeback = "";
   }
   # End of takemeback processing

   require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
   require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
   require_once('/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php');
   $Friend = new Friend();
   $ldapconn = new LDAPConnection();

   # bug 432822 - if someone is already logged in, send them to their account info page
   $Session = $App->useSession();
   if ($Session->getGID() != "") {
     if ($takemeback == "") {
       header("Location: myaccount.php", TRUE, 307);
     }
     else {
       header("Location: " . $takemeback, TRUE, 307);
     }
     exit;
   }

   if($submit == "Login") {
     $username = trim($username);

     $dn = $ldapconn->authenticate($username, $password);
     if($dn) {

       $email = $username;

       # If you've logged in with your uid, we need to get the email.
       if(!preg_match("/@/", $username)) {
         $email = $ldapconn->getLDAPAttribute($dn, "mail");
       }

       $Friend->getIsCommitter();

       # Look up BZ ID
       $sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $App->returnQuotedString($App->sqlSanitize($email));
       $rs = $App->bugzilla_sql($sql);
       if ($myrow = mysql_fetch_assoc($rs)) {
         $Friend->setBugzillaID($myrow['userid']);

         # Load up Friend info
         $Friend->selectFriend($Friend->selectFriendID("Bugzilla_ID", $myrow['userid']));
       }
       else {

         # Try to log into Bugzilla using these credentials
         # This will create one
         # creating one is important, since not all our sites use LDAP auth, and some rely on BZ auth
         $AccountCreator = New AccountCreator();
         $AccountCreator->setUsername($email);
         $AccountCreator->setPassword($password);
         $AccountCreator->execute();

         # create/update Gerrit account
         # Bug 421319
         # sleep(1);  # not needed if we take the time to log into Gerrit
         $AccountCreator = New AccountCreator();
         $AccountCreator->setUrl('https://git.eclipse.org/r/login/q/status:open,n,z');
         $AccountCreator->setAccountType('gerrit');
         $AccountCreator->setUsername($email);
         $AccountCreator->setPassword($password);
         $http_code = $AccountCreator->execute();
         # TODO: verify that account was created (see bugzilla SQL below)


         # Get BZ ID now that an acct should be created
         $sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $App->returnQuotedString($App->sqlSanitize($email));
         $rs = $App->bugzilla_sql($sql);
         if ($myrow = mysql_fetch_assoc($rs)) {
           $Friend->setBugzillaID($myrow['userid']);

           # Load up Friend info
           $Friend->selectFriend($Friend->selectFriendID("Bugzilla_ID", $myrow['userid']));
           # TODO: log successful creation
         }
         else {
           $EventLog = new EvtLog();
           $EventLog->setLogTable("bugs");
           $EventLog->setPK1($username);
           $EventLog->setPK2($sql);
           $EventLog->setLogAction("AUTH_BZID_NOT_FOUND");
           $EventLog->insertModLog($dn);
           $Friend->setBugzillaID(41806);  # Nobody.
         }
       }

       # Override loaded friends info with LDAP info
       $Friend->setFirstName($ldapconn->getLDAPAttribute($dn, "givenName"));
       $Friend->setLastName($ldapconn->getLDAPAttribute($dn, "sn"));
       $realname = $Friend->getFirstName() . " " . $Friend->getLastName();
       $Friend->setDn($dn);
       $Friend->setEMail($email);
       $pageTitle     = "Welcome Back, " . $Friend->getFirstName() . "!";
       $Session = new Session($remember);
       $Session->setFriend($Friend);
       $Session->create();

       # Only temporarily, re-hash the password in Bugzilla so that other services can use it
       $bzpass = &generateBugzillaSHA256Password($password);
       $App->bugzilla_sql("SET NAMES 'utf8'");
       $SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "', realname='" . $App->sqlSanitize($realname) . "' WHERE login_name = " .  $App->returnQuotedString($App->sqlSanitize($email)) . " LIMIT 1";
       $App->bugzilla_sql($SQL);

       //if the take me back cookie isn't already set, set it
       if ( !isset($_COOKIE['TAKEMEBACK']) ) {
         setcookie("TAKEMEBACK", $takemeback, 0, "/", ".eclipse.org");
       }

       # Begin: Bug 432830 - Remove the continue button in site_login

       if($takemeback != "") {
         header("Location: " . $takemeback);
         exit;
       }
       else {
         # load up values for the welcomeback form
         $oldpassword   = $password;
         $password1    = $password;
         $password2    = $password;
         $fname      = $Friend->getFirstName();
         $lname      = $Friend->getLastName();
         $githubid     = $ldapconn->getGithubIDFromMail($Friend->getEmail());

         $includefile = "content/en_welcomeback2.php";
       }
       # END: Bug 432830 - Remove the continue button in site_login
     }
     else {
       $error = "Authentication Failed. Please verify that your email address and password are correct.";
     }
   }

   include($includefile);
   # Generate the web page
   $App->setGoogleAnalyticsTrackingCode(NULL);
   $App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);
	<?php
	/*******************************************************************************
	* Copyright (c) 2012-2014 Eclipse Foundation and others.
	* All rights reserved. This program and the accompanying materials
	* are made available under the terms of the Eclipse Public License v1.0
	* which accompanies this distribution, and is available at
	* http://www.eclipse.org/legal/epl-v10.html
	*
	* Contributors:
	* Denis Roy (Eclipse Foundation)- initial API and implementation
	*******************************************************************************/

	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/app.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/nav.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/menu.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/site_login/classes/account_creator.class.php");

	$App = new App();
	$Nav = new Nav();
	$Menu = new Menu();
	include("_projectCommon.php");
	$error = "";

	$App->preventCaching();

	header("Content-type: text/html; charset=utf-8");
	$pageTitle = "Eclipse Login";
	$pageKeywords = "eclipse,friends,login,account,signon,sign-on";
	$pageAuthor = "Eclipse Foundation, Inc.";

	$username = $App->getHTTPParameter("username", "POST");
	$password = $App->getHTTPParameter("password", "POST");
	# $remember = $App->getHTTPParameter("remember", "POST") ? "checked='checked'" : "";
	$remember = $App->getHTTPParameter("remember", "POST");
	$submit = $App->getHTTPParameter("submit");
	$takemeback = urldecode($App->getHTTPParameter("takemeback", "POST"));
	$githubid = $App->getHTTPParameter("githubid", "POST");

	# Sanitize takemeback for XSS
	$takemeback = preg_replace($xss_patterns, '', $takemeback);

	# $username = preg_replace($xss_patterns, '', $username);
	if(!preg_match($email_regexp, $username) && $submit == "Login") {
	$submit = "";
	$email = "";
	$username = preg_replace($xss_patterns, '', $username);
	$error = "Your email address does not appear to be valid.";
	}
	$password = preg_replace($xss_patterns, '', $password);
	if(!is_numeric($remember)) {
	$remember = 0;
	}
	$includefile = "content/en_" . $App->getScriptName();

	if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
	$password = stripslashes($password);
	}


	# Takemeback processing
	$referer = "";
	if(isset($_SERVER['HTTP_REFERER'])) {
	$referer = $_SERVER['HTTP_REFERER'];
	}
	# Coming from the Wiki? Redirect to Special:Userlogin to finish processign
	if(preg_match("/^(http\|https):\/\/(wiki\|wikitest)\.eclipse\.org\//", $referer, $matches)) {
	$location = substr($referer, strlen($matches[0]));
	#strip 'extra' index data bug 308257
	$location = preg_replace("/index\.php\?title\=/","",$location);
	$referer = $matches[0] . "index.php?title=Special:Userlogin&action=submitlogin&type=login&returnto=" . $location ;
	}
	# Forum login process broken with bad redirect
	# Bug 430302
	if(preg_match("#^https?://.*eclipse.org/forums/index.php\?t=login#", $referer, $matches)) {
	$referer = "https://www.eclipse.org/forums/index.php/l/";
	$takemeback = $referer;
	}
	if($takemeback == "") {
	$takemeback = $referer;
	}

	# Since we use a secure cookie, anything http should be sent back https.
	if(preg_match("#^http://(.*)#", $takemeback, $matches)) {
	$takemeback = "https://" . $matches[1];
	}

	# Bug 421097
	if(
	(!preg_match('#^https?://[\w+\.0-9-]{0,}eclipse.org/#', $takemeback) &&
	!preg_match('#^https?://[\w+\.0-9-]{0,}planeteclipse.org/#', $takemeback) &&
	!preg_match('#^https?://[\w+\.0-9-]{0,}locationtech.org/#', $takemeback) &&
	!preg_match('#^https?://[\w+\.0-9-]{0,}polarsys.org/#', $takemeback))
	\|\| (preg_match('#^https?://[\w+\.0-9-]{0,}dev.eclipse.org/site_login/#', $takemeback))
	) {
	$takemeback = "";
	}
	# End of takemeback processing

	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/classes/friends/friend.class.php");
	require_once($_SERVER['DOCUMENT_ROOT'] . "/eclipse.org-common/system/session.class.php");
	require_once('/home/data/httpd/eclipse-php-classes/system/ldapconnection.class.php');
	$Friend = new Friend();
	$ldapconn = new LDAPConnection();

	# bug 432822 - if someone is already logged in, send them to their account info page
	$Session = $App->useSession();
	if ($Session->getGID() != "") {
	if ($takemeback == "") {
	header("Location: myaccount.php", TRUE, 307);
	}
	else {
	header("Location: " . $takemeback, TRUE, 307);
	}
	exit;
	}

	if($submit == "Login") {
	$username = trim($username);

	$dn = $ldapconn->authenticate($username, $password);
	if($dn) {

	$email = $username;

	# If you've logged in with your uid, we need to get the email.
	if(!preg_match("/@/", $username)) {
	$email = $ldapconn->getLDAPAttribute($dn, "mail");
	}

	$Friend->getIsCommitter();

	# Look up BZ ID
	$sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $App->returnQuotedString($App->sqlSanitize($email));
	$rs = $App->bugzilla_sql($sql);
	if ($myrow = mysql_fetch_assoc($rs)) {
	$Friend->setBugzillaID($myrow['userid']);

	# Load up Friend info
	$Friend->selectFriend($Friend->selectFriendID("Bugzilla_ID", $myrow['userid']));
	}
	else {

	# Try to log into Bugzilla using these credentials
	# This will create one
	# creating one is important, since not all our sites use LDAP auth, and some rely on BZ auth
	$AccountCreator = New AccountCreator();
	$AccountCreator->setUsername($email);
	$AccountCreator->setPassword($password);
	$AccountCreator->execute();

	# create/update Gerrit account
	# Bug 421319
	# sleep(1); # not needed if we take the time to log into Gerrit
	$AccountCreator = New AccountCreator();
	$AccountCreator->setUrl('https://git.eclipse.org/r/login/q/status:open,n,z');
	$AccountCreator->setAccountType('gerrit');
	$AccountCreator->setUsername($email);
	$AccountCreator->setPassword($password);
	$http_code = $AccountCreator->execute();
	# TODO: verify that account was created (see bugzilla SQL below)


	# Get BZ ID now that an acct should be created
	$sql = "SELECT /* USE MASTER */ userid FROM profiles where login_name = " . $App->returnQuotedString($App->sqlSanitize($email));
	$rs = $App->bugzilla_sql($sql);
	if ($myrow = mysql_fetch_assoc($rs)) {
	$Friend->setBugzillaID($myrow['userid']);

	# Load up Friend info
	$Friend->selectFriend($Friend->selectFriendID("Bugzilla_ID", $myrow['userid']));
	# TODO: log successful creation
	}
	else {
	$EventLog = new EvtLog();
	$EventLog->setLogTable("bugs");
	$EventLog->setPK1($username);
	$EventLog->setPK2($sql);
	$EventLog->setLogAction("AUTH_BZID_NOT_FOUND");
	$EventLog->insertModLog($dn);
	$Friend->setBugzillaID(41806); # Nobody.
	}
	}

	# Override loaded friends info with LDAP info
	$Friend->setFirstName($ldapconn->getLDAPAttribute($dn, "givenName"));
	$Friend->setLastName($ldapconn->getLDAPAttribute($dn, "sn"));
	$realname = $Friend->getFirstName() . " " . $Friend->getLastName();
	$Friend->setDn($dn);
	$Friend->setEMail($email);
	$pageTitle = "Welcome Back, " . $Friend->getFirstName() . "!";
	$Session = new Session($remember);
	$Session->setFriend($Friend);
	$Session->create();

	# Only temporarily, re-hash the password in Bugzilla so that other services can use it
	$bzpass = &generateBugzillaSHA256Password($password);
	$App->bugzilla_sql("SET NAMES 'utf8'");
	$SQL = "UPDATE profiles SET cryptpassword='" . $App->sqlSanitize($bzpass) . "', realname='" . $App->sqlSanitize($realname) . "' WHERE login_name = " . $App->returnQuotedString($App->sqlSanitize($email)) . " LIMIT 1";
	$App->bugzilla_sql($SQL);

	//if the take me back cookie isn't already set, set it
	if ( !isset($_COOKIE['TAKEMEBACK']) ) {
	setcookie("TAKEMEBACK", $takemeback, 0, "/", ".eclipse.org");
	}

	# Begin: Bug 432830 - Remove the continue button in site_login

	if($takemeback != "") {
	header("Location: " . $takemeback);
	exit;
	}
	else {
	# load up values for the welcomeback form
	$oldpassword = $password;
	$password1 = $password;
	$password2 = $password;
	$fname = $Friend->getFirstName();
	$lname = $Friend->getLastName();
	$githubid = $ldapconn->getGithubIDFromMail($Friend->getEmail());

	$includefile = "content/en_welcomeback2.php";
	}
	# END: Bug 432830 - Remove the continue button in site_login
	}
	else {
	$error = "Authentication Failed. Please verify that your email address and password are correct.";
	}
	}

	include($includefile);
	# Generate the web page
	$App->setGoogleAnalyticsTrackingCode(NULL);
	$App->generatePage($theme, $Menu, $Nav, $pageAuthor, $pageKeywords, $pageTitle, $html);