diff --git a/core/authentication/resources/classes/plugins/database.php b/core/authentication/resources/classes/plugins/database.php index 4e3b955d0c..6c9e1454ce 100644 --- a/core/authentication/resources/classes/plugins/database.php +++ b/core/authentication/resources/classes/plugins/database.php @@ -107,7 +107,7 @@ class plugin_database { $view->assign("login_logo_height", $settings['theme']['login_logo_height']); $view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("message_delay", $settings['theme']['message_delay']); - if (!empty($_SESSION['username'])) { + if (!empty($_SESSION['authentication']['plugin']['database']['authorized']) && $_SESSION['authentication']['plugin']['database']['authorized'] == 1 && !empty($_SESSION['username'])) { $view->assign("login_password_description", $text['label-password_description']); $view->assign("username", $_SESSION['username']); $view->assign("button_cancel", $text['button-cancel']); @@ -286,6 +286,9 @@ class plugin_database { } } + else { + unset($_SESSION['username'], $_REQUEST['username'], $_POST['username'], $this->username); + } } diff --git a/core/authentication/resources/classes/plugins/email.php b/core/authentication/resources/classes/plugins/email.php index 8735f47e96..5ded79ef34 100644 --- a/core/authentication/resources/classes/plugins/email.php +++ b/core/authentication/resources/classes/plugins/email.php @@ -100,6 +100,9 @@ class plugin_email { $view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("button_login", $text['button-login']); + //messages + $view->assign('messages', message::html(true, ' ')); + //show the views $content = $view->render('username.htm'); echo $content; @@ -145,8 +148,23 @@ class plugin_email { $_SESSION["user_email"] = $row['user_email']; $_SESSION["contact_uuid"] = $row["contact_uuid"]; + //user not found + if (empty($row) || !is_array($row) || @sizeof($row) == 0) { + //clear submitted usernames + unset($this->username, $_SESSION['username'], $_POST['username']); + + //build the result array + $result["plugin"] = "totp"; + $result["domain_uuid"] = $_SESSION["domain_uuid"]; + $result["domain_name"] = $_SESSION["domain_name"]; + $result["authorized"] = false; + + //retun the array + return $result; + } + //user email not found - if (empty($row["user_email"])) { + else if (empty($row["user_email"])) { //build the result array $result["plugin"] = "email"; $result["domain_name"] = $_SESSION["domain_name"]; @@ -284,6 +302,9 @@ class plugin_email { $view->assign("button_cancel", $text['button-cancel']); } + //messages + $view->assign('messages', message::html(true, ' ')); + //show the views $content = $view->render('email.htm'); echo $content; diff --git a/core/authentication/resources/classes/plugins/totp.php b/core/authentication/resources/classes/plugins/totp.php index b2c891970b..a3be0c2e14 100644 --- a/core/authentication/resources/classes/plugins/totp.php +++ b/core/authentication/resources/classes/plugins/totp.php @@ -56,6 +56,7 @@ class plugin_totp { $settings['theme']['logo'] = !empty($_SESSION['theme']['logo']['text']) ? $_SESSION['theme']['logo']['text'] : PROJECT_PATH.'/themes/default/images/logo_login.png'; $settings['theme']['login_logo_width'] = !empty($_SESSION['theme']['login_logo_width']['text']) ? $_SESSION['theme']['login_logo_width']['text'] : 'auto; max-width: 300px'; $settings['theme']['login_logo_height'] = !empty($_SESSION['theme']['login_logo_height']['text']) ? $_SESSION['theme']['login_logo_height']['text'] : 'auto; max-height: 300px'; + $settings['theme']['message_delay'] = isset($_SESSION['theme']['message_delay']) ? 1000 * (float) $_SESSION['theme']['message_delay'] : 3000; //get the username if (isset($_SESSION["username"])) { @@ -106,6 +107,10 @@ class plugin_totp { $view->assign("login_logo_source", $settings['theme']['logo']); $view->assign("button_login", $text['button-login']); $view->assign("favicon", $settings['theme']['favicon']); + $view->assign("message_delay", $settings['theme']['message_delay']); + + //messages + $view->assign('messages', message::html(true, ' ')); //show the views $content = $view->render('username.htm'); @@ -146,6 +151,19 @@ class plugin_totp { $parameters['username'] = $this->username; $database = new database; $row = $database->select($sql, $parameters, 'row'); + if (empty($row) || !is_array($row) || @sizeof($row) == 0) { + //clear submitted usernames + unset($this->username, $_SESSION['username'], $_POST['username']); + + //build the result array + $result["plugin"] = "totp"; + $result["domain_uuid"] = $_SESSION["domain_uuid"]; + $result["domain_name"] = $_SESSION["domain_name"]; + $result["authorized"] = false; + + //retun the array + return $result; + } unset($parameters); //set class variables @@ -261,6 +279,9 @@ class plugin_totp { $view->assign("button_next", $text['button-next']); $view->assign("favicon", $settings['theme']['favicon']); + //messages + $view->assign('messages', message::html(true, ' ')); + //render the template $content = $view->render('totp_secret.htm'); } @@ -268,6 +289,9 @@ class plugin_totp { //assign values to the template $view->assign("button_verify", $text['label-verify']); + //messages + $view->assign('messages', message::html(true, ' ')); + //render the template $content = $view->render('totp.htm'); } diff --git a/core/authentication/resources/views/email.htm b/core/authentication/resources/views/email.htm index 88a384b50b..ca20781f0f 100644 --- a/core/authentication/resources/views/email.htm +++ b/core/authentication/resources/views/email.htm @@ -7,10 +7,59 @@ + + {$login_title}
+

diff --git a/core/authentication/resources/views/login.htm b/core/authentication/resources/views/login.htm index 4f701d9af6..eba49d3d27 100644 --- a/core/authentication/resources/views/login.htm +++ b/core/authentication/resources/views/login.htm @@ -55,7 +55,6 @@ {/literal} - {$login_title} @@ -63,7 +62,7 @@

- +