<% if _SESSION["username"] == nil then %> <% include("language.html") local username = _GET["username"] or _POST["username"] or "" local password = _GET["password"] or _POST["password"] or "" local remember = _GET["remember"] or _POST["remember"] or "" local redir = _GET["redir"] or _POST["redir"] or "" local lang = _GET["lang"] or _POST["lang"] or "" username = string.gsub(username,"+"," ") username = string.gsub(username,"\t","+") password = string.gsub(password,"+"," ") password = string.gsub(password,"\t","+") local result = c_CheckUser(username,password) if result ~= OK_CHECK_CONNECTION then c_AddWebLog("User '"..string.sub(username, 1, 64).."' login failed! (IP:".._REMOTE_IP..")","0",DOMAIN_LOG_WEB_RESPOND) print("") else if _COOKIE["UID"] ~= nil then _SESSION_ID = _COOKIE["UID"] local retval = SessionModule.load(_SESSION_ID) if retval == false then _SESSION_ID = SessionModule.new() if _UseSSL == true then _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UID=".._SESSION_ID.."; HttpOnly; Secure\r\n" else _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UID=".._SESSION_ID.."; HttpOnly\r\n" end rawset(_COOKIE,"UID",_SESSION_ID) end else _SESSION_ID = SessionModule.new() if _UseSSL == true then _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UID=".._SESSION_ID.."; HttpOnly; Secure\r\n" else _SETCOOKIE = _SETCOOKIE.."Set-Cookie: UID=".._SESSION_ID.."; HttpOnly\r\n" end rawset(_COOKIE,"UID",_SESSION_ID) end if package.config:sub(1,1) == "\\" then username = string.lower(username) end rawset(_SESSION,"username",username) rawset(_SESSION,"ipaddress",_REMOTE_IP) SessionModule.save(_SESSION_ID) if remember ~= "" then setcookie("client_login_name",username,2101702507) end if lang ~= "" then setcookie("client_lang",lang,2101702507) end local isSmartPhone = false local strUserAgent = string.match(strHead,"User%-Agent:%s?(%s[^\r\n]*)") if strUserAgent ~= nil then strUserAgent = string.lower(strUserAgent) if string.find(strUserAgent, "android") or string.find(strUserAgent, "iphone") then isSmartPhone = true end end local strWelcomeMessage = specialhtml_encode(c_GetWelcomeMessage()) %> <% local enableTwoFactor, twoFactorCode = c_GetSecretCode(username) if enableTwoFactor ~= nil and enableTwoFactor == true then c_AddConnection(username,"/",_REMOTE_IP,_SESSION_ID,"TOTP AUTH") c_AddWebLog("User '"..username.."' passed password authentication, need TOTP authentication. (IP:".._REMOTE_IP..")",_SESSION_ID,DOMAIN_LOG_WEB_RESPOND) if strWelcomeMessage == "" then print("") end else rawset(_SESSION,"currentpath","/") SessionModule.save(_SESSION_ID) c_AddConnection(username,"/",_REMOTE_IP,_SESSION_ID,"LOGIN OK") c_AddWebLog("User '"..username.."' logged in ok! (IP:".._REMOTE_IP..")",_SESSION_ID,DOMAIN_LOG_WEB_RESPOND) c_DoWebEvent(WEB_USER_LOGIN_EVENT,_SESSION_ID) end end %> <% else print("") print("") print("") end %>