admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
887c41c38f2c8f4955583fbef9f8535e44cab98a
Facilitor/APPL/AUT/login.asp
Erik Groener 3bde602cde FCLT#90146 Ontmantelen ongebruikte SMS authenticatie 
svn path=/Website/trunk/; revision=70320
2025-09-15 11:07:18 +00:00

320 lines
13 KiB
Plaintext
Raw Blame History

<%@language = "javascript" %>
<% /*
$Revision$
$Id$
File: login.asp
Description: We weten echt niet wie de gebruiker is.
Toon maar een inlogscherm
Uiteindelijk: redirect terug naar de 'aanroepende' pagina die is meegegeven.
*/
ANONYMOUS_Allowed = 1;
%>
<!-- #include file="../Shared/common.inc" -->
<!-- #include file="../Shared/iface.inc" -->
<!-- #include file="./login.inc" -->
<!-- #include file="../shared/useragent.inc" -->
<%
if (Request.QueryString.Count > 0)
{ // relaxed omdat mensen nog wel eens een bookmark naar de inlogpagina inclusief
// HMAC leggen en we daar niet al te moeilijk over willen doen.
var is_ok = protectQS.verify( { relaxed: true } ); // Voorkom Un-validated Redirects and Forwards
if (!is_ok)
{
// De hmac is fout. Dan strippen we alles van de url af zodat het toch weer veilig is.
Response.Redirect(rooturl + "/");
}
}
var prs_email = getQParam("prs_email", ""); // overrule via param
var fac_lang = getQParamSafe("fac_lang", "").toUpperCase(); // overrule via param
if (fac_lang && fac_lang in lcl.languages)
Session("user_lang") = fac_lang;
var ret_page = getQParam("ret_page", "");
var querystring = getQParam("querystring", "");
FCLTHeader.Requires({plugins: ["jQuery"], js:["jQuery-ui.js"]});
checkUserAgent(); // heeft device capability bits gezet
%>
<html id="loginhtml">
<head>
<%
FCLTHeader.Generate()
%>
<script>
var currentMode = "default";
<%
if (Application("otap_environment") == "O" && user_key > 0)
{
//Dit vervangen door een lcl? Of is dit voor development?
%>
alert("<%=safe.jsstring("Ietwat vreemd: in het inlogscherm terwijl je gewoon bekend bent als '{0}' met key {1}".format(Session("userident"), String(user_key)))%>");
<%
}
%>
window.parent.document.title = "<%=L("lcl_facilitor_ie_title")%>";
function login_callback(json)
{
if (json.success && json.otp_prompt)
{
$("[name=ifl_f]").hide(); // Ingevulde usernaam/ wachtwoord laten we bewust staan
$("[name=ifl_f_otp]").show(); // en submitten we een tweede keer maar dan met otpcode
$("[name=ifl_f_otp]").find("label").html(json.otp_prompt);
$("#otpcode").focus();
}
else if (json.success)
{
<% if (ret_page) { %>
window.location.href = "<%=safe.jsstring(ret_page + (querystring?"?" + querystring:""))%>";
<% } else { %>
window.top.location.href = "<%=rooturl + "/"%>";
<% } %>
}
}
function do_submit_otp()
{
currentMode = "OTP";
do_submit();
}
async function do_submit()
{
if (await validateForm("u2")){
switch (currentMode)
{
case "default":
$.post($("form[name=ifl_f]")[0].action, $("[name=ifl_f]").serialize(), FcltCallbackAndThen(login_callback), "json");
break;
case "OTP":
$.post($("form[name=ifl_f]")[0].action, $("[name=ifl_f], [name=ifl_f_otp]").serialize(), FcltCallbackAndThen(login_callback), "json");
break;
case "passwrd2mail":
sendpasswrd2mail();
break;
case "token2mail":
token2mail();
break;
case "selfregister":
selfregister();
break;
}
}
}
function passwrd2mobile()
{
if ($("#visname").val() == "") return false;
$("#mobile").val(1); // submit mee
$.post('<%=rooturl%>/appl/aut/sendPasswrd.asp?login='+escape($("#visname").val()));
$("#vispswd").removeAttr("readonly");
$("#mobbutton").attr("disabled", "disabled");
}
function passwrd2mail()
{
currentMode = "passwrd2mail"
$("form[name='ifl_f'").hide();
$("form[name='ifl_f_pm'").show();
}
async function sendpasswrd2mail()
{
var hasempty = false;
var email = $("#vismail").val();
var data = { mode: "A"
, email: email
};
<% protectRequest.dataToken("data"); %>
if (!await validateForm("u2"))
return false;
$.post("pass2mail_save.asp", data, FcltCallback, "json");
}
function token2mail()
{
currentMode = "token2mail"
$("form[name='ifl_f'").hide();
$("form[name='ifl_f_tm'").show();
}
async function sendtoken2mail()
{
var hasempty = false;
var email = $("#vistoken").val();
var data = { mode: "B"
, email: email
};
<% protectRequest.dataToken("data"); %>
if (!await validateForm("u2"))
return false;
$.post("pass2mail_save.asp", data, FcltCallback, "json");
}
function selfregister()
{
currentMode = "selfregister"
$("form[name='ifl_f'").hide();
$("form[name='ifl_f_sr'").show();
}
async function sendselfregister()
{
var hasempty = false;
var prs_email = $('input[name="prs_email"]').val();
var password1 = $('input[name="password1"]').val();
var password2 = $('input[name="password2"]').val();
var prs_naam = $('input[name="prs_naam"]').val();
var prs_vrnaam = $('input[name="prs_vrnaam"]').val();
var prs_telnr = $('input[name="prs_telnr"]').val();
var data = { prs_email: prs_email
, password1: password1
, password2: password2
, prs_naam: prs_naam
, prs_vrnaam: prs_vrnaam
, prs_telnr: prs_telnr
};
<% protectRequest.dataToken("data"); %>
if (!await validateForm("u2"))
return;
$.post($("form[name=ifl_f_sr]")[0].action, data, FcltCallback, "json");
}
function toHome()
{
var url = "<%=rooturl + "/appl/aut/login.asp?"%>"
window.location.href = url;
}
</script>
</head>
<body id="loginbody">
<div id="myportalteaser">
<%=L("lcl_logon_teaser")%>
</div>
<div id="logindiv" class="loginbox">
<form name="ifl_f" action="<%=rooturl%>/appl/aut/login_save.asp" method="post" onsubmit="do_submit();return false;" autocomplete="off">
<input type="hidden" id="mobile" name="mobile" value="0">
<h2 class="sr-only">Login Form</h2>
<div class="illustration"><%=I("fa-user-lock", { fastyle: "fas"})%></div>
<%
if (S("language_toggles").length > 1)
{
if (fac_lang && fac_lang in lcl.languages)
{ %>
<input type="hidden" id="fac_lang" name="fac_lang" value="<%=fac_lang%>">
<% } %>
<div class="form-group" id="langtoggle"><%
var qs = buildTransitParam(["ret_page", "querystring"]);
for (lang in S("language_toggles"))
{
var code = S("language_toggles")[lang];
var desc = lcl.languages[code];
%><a class="col-form-control" href="<%=protectQS.create(rooturl+"/appl/aut/login.asp?fac_lang="+code+qs)%>"><img title="<%=safe.htmlattr(desc)%>" src="<%=rooturl%>/appl/pictures/<%=code%>.png"></a><%
}
%></div>
<% } %>
<div class="form-floating loginname">
<input class="form-control required" type="text" maxlength="256" id="visname" name="vis_name" autocomplete="off" value="<%=safe.jsstring(prs_email)%>" placeholder="<%=L("lcl_vis_log_name")%>">
<label for="visname"><%=L("lcl_vis_log_name")%></label>
</div>
<div class="form-floating loginpass">
<input class="form-control" type="password" maxlength="50" id="vispswd" autocomplete="off" name="vis_pswd" placeholder="<%=L("lcl_vis_log_psw")%>">
<label for="vispswd"><%=L("lcl_vis_log_psw")%></label>
</div>
<%
if (S("login_remember_days") > 0)
{
%><div class="form-group remember m-3">
<input type="checkbox" id="remember" name="remember"><label class="rememberme" for="remember"><%=L("lcl_login_remember")%></label>
</div><%
}
var buttons = [ { title: L("lcl_logon"), action: "do_submit()", importance: 1, icon: "fa-sign-in" } ];
if (S("fac_emailtoken_auth_expire") > 0 && device.test(device.isMobile))
{
buttons.push ({ title: L("lcl_token2email"), action: "token2mail()", importance: 1, icon: "fa-envelope" });
}
else if (S("email_password") > 0)
{
buttons.push ({ title: L("lcl_password_to_email"), action: "passwrd2mail()", importance: 3, icon: "fa-envelope" });
}
if (S("self_register") == 1)
{
buttons.push ({ title: L("lcl_self_register"), action: "selfregister()", importance: 3, icon: "fa-handshake" });
}
CreateButtons(buttons, { entersubmit: true, vertical: true, showIcons: true, display: "flex" });
%>
<%IFACE.FORM_END();%>
</form>
<form name="ifl_f_pm" action="<%=rooturl%>/appl/aut/pass2mail_save.asp" method="post" onsubmit="do_submit();return false;" autocomplete="off" style="display: none;">
<div class="form-group passtomail">
<input class="form-control required" type="text" maxlength="200" id="vismail" name="vis_mail" placeholder="<%=L("lcl_noti_sendbymail")%>">
</div>
<%
var buttons = [ {title: L("lcl_mes_send"), action: "sendpasswrd2mail()", importance: 1, icon: "fa-envelope", id: "sendpasswrd2mail" }];
buttons.push ({ title: L("lcl_back"), action: "toHome()", importance: 1, icon: "fa-home", id: "btnreturn" });
CreateButtons(buttons, { entersubmit: true, vertical: true, showIcons: true, display: "flex" });
%>
</form>
<form name="ifl_f_tm" action="<%=rooturl%>/appl/aut/pass2mail_save.asp" method="post" onsubmit="do_submit();return false;" autocomplete="off" style="display: none;">
<div class="form-group tokentomail">
<input class="form-control required" type="text" maxlength="200" id="vistoken" name="vis_token" placeholder="<%=L("lcl_token2email")%>">
</div>
<%
var buttons = [{ title: L("lcl_mes_send"), action: "sendtoken2mail()", importance: 3, icon: "fa-envelope", id: "sendtoken2mail" }];
buttons.push ({ title: L("lcl_back"), action: "toHome()", importance: 1, icon: "fa-home", id: "btnreturn" });
CreateButtons(buttons, { entersubmit: true, vertical: true, showIcons: true, display: "flex" });
%>
</form>
<form name="ifl_f_sr" action="<%=rooturl%>/appl/prs/self_register_save.asp?" method="post" onsubmit="do_submit();return false;" autocomplete="off" style="display: none;">
<div class="form-group selfregister">
<input class="form-control required visselfregister" type="text" maxlength="200" autocomplete="off" name="prs_naam" placeholder="<%=L("lcl_prs_person_name")%>">
<input class="form-control required visselfregister" type="text" maxlength="200" name="prs_vrnaam" placeholder="<%=L("lcl_prs_person_voornaam")%>">
<input class="form-control required visselfregister" type="text" maxlength="200" name="prs_email" placeholder="<%=L("lcl_prs_person_email")%>">
<input class="form-control required visselfregister" type="text" maxlength="200" autocomplete="off" name="prs_telnr" placeholder="<%=L("lcl_prs_person_phone")%>">
<input class="form-control required visselfregister" type="password" maxlength="200" autocomplete="off" name="password1" placeholder="<%=L("lcl_ch_password_new")%>">
<input class="form-control required visselfregister" type="password" maxlength="200" autocomplete="off" name="password2" placeholder="<%=L("lcl_ch_password_con")%>">
</div>
<%
var buttons = [ { title: L("lcl_self_register"), action: "sendselfregister()", importance: 1, icon: "fa-envelope", id: "sendselfregister" } ];
buttons.push ({ title: L("lcl_back"), action: "toHome()", importance: 1, icon: "fa-home", id: "btnreturn" });
CreateButtons(buttons, { entersubmit: true, vertical: true, showIcons: true, display: "flex" });
%>
</form>
<form name="ifl_f_otp" action="<%=rooturl%>/appl/aut/login_save.asp" method="post" onsubmit="do_submit_otp();return false;" autocomplete="off" style="display: none;">
<div class="form-group otp">
<label for="otpcode"></label>
<input class="form-control" type="text" maxlength="6" id="otpcode" name="otpcode">
</div>
<%
var buttons = [{ title: L("lcl_logon"), action: "do_submit_otp()", importance: 1, icon: "fa-sign-in" },
{ title: L("lcl_back"), action: "toHome()", importance: 1, icon: "fa-home", id: "btnreturn" }];
CreateButtons(buttons, { entersubmit: true, vertical: true, showIcons: true, display: "flex" });
%>
</form>
</div>
<div id="loginfooter"><%=L("lcl_facilitor_footer")%></div>
</body>
</html>
<% ASPPAGE_END(); %>
View Git Blame Copy Permalink