/usr/share/gforge/plugins/authcas/www/post-login.php is in fusionforge-plugin-authcas 5.3.2+20141104-3+deb8u3.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 | <?php
/**
* FusionForge AuthCas login page
*
* This is main login page. It takes care of different account states
* (by disallowing logging in with non-active account, with appropriate
* notice).
*
* Copyright 1999-2001 (c) VA Linux Systems
* Copyright 2011, Roland Mas
*
* This file is part of FusionForge. FusionForge is free software;
* you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software
* Foundation; either version 2 of the Licence, or (at your option)
* any later version.
*
* FusionForge is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with FusionForge; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
// FIXME : WTF ?!?!?!?
Header( "Expires: Wed, 11 Nov 1998 11:11:11 GMT");
Header( "Cache-Control: no-cache");
Header( "Cache-Control: must-revalidate");
require_once '../../../www/env.inc.php';
require_once $gfcommon.'include/pre.php';
require_once '../../../www/include/login-form.php';
$plugin = plugin_get_object('authcas');
$return_to = getStringFromRequest('return_to');
$login = getStringFromRequest('login');
$postcas = getStringFromRequest('postcas');
$triggered = getIntFromRequest('triggered');
if (forge_get_config('use_ssl') && !session_issecure()) {
//force use of SSL for login
// redirect
session_redirect_external('https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
//header('Location: https://'.getStringFromServer('HTTP_HOST').getStringFromServer('REQUEST_URI'));
}
// Here comes CAS standard magic (which will redirect to the CAS server, etc.)
$plugin->initCAS();
if (phpCAS::isAuthenticated()) {
$success = false;
$cas_username = '';
if ($plugin->isSufficient()) {
$cas_username = phpCAS::getUser();
$success = $plugin->startSession($cas_username);
}
if($success) {
if ($return_to) {
validate_return_to($return_to);
session_redirect($return_to);
//header ("Location: " . util_make_url($return_to));
//exit;
} else {
session_redirect("/my");
//header ("Location: " . util_make_url("/my"));
//exit;
}
}
else {
$warning_msg .= '<br /><p>'. _('Your account '.$cas_username.' does not exist.').'</p>';
}
} else {
if ($login) { // The user just clicked the Login button
// Let's send them to CAS
phpCAS::forceAuthentication();
}
}
// Otherwise, display the login form again
display_login_page($return_to, $triggered);
// Local Variables:
// mode: php
// c-file-style: "bsd"
// End:
|