Odyssey
admLogin.prg
1 <?php
2 // vim: tabstop=2 expandtab syn=php
3 /**
4  * @package cu_admuniv.prg -- the script to log into admin, expertly named.
5  */
6 
7 // Globals
8 /**
9  * @var string $self -- refers to which url this script resides.
10  * @var string $main_url -- the main URL.
11  */
12 $self = "$menu_link?ft=$ft";
13 $main_url = $menu_link;
14 
15 $creditUnionKey = GetCreditUnionKey();
16 $creditUnionCookie = GetCreditUnionCookie();
17 
18 $string = array("filter" => FILTER_SANITIZE_STRING);
19 $array = array("filter" => FILTER_DEFAULT);
20 
21 HCU_ImportVars($SYSENV, "LOGIN", array("mode" => $string, "cu" => $string, "username" => $string, "confidence" => $string, "challengeQuests" => $array, "chksecure" => $string,
22  "password" => $string, "email" => $string, "clearCuCookie" => $string));
23 extract($SYSENV["LOGIN"]);
24 $cu= isset($cu) ? strtoupper(trim($cu)) : "";
25 $clearCuCookie = isset($clearCuCookie) ? trim($clearCuCookie) : "";
26 
27 $cuMode= $cu != "" ? "inRequest" : "doesntExist";
28 
29 // Unset cookie. 1 is a while ago.
30 if ($clearCuCookie == "Y")
31 {
32  HCU_setcookie_env($SYSENV, $creditUnionCookie, "", 1, "/");
33  HCU_setcookie_env($SYSENV, "${creditUnionCookie}Hash", "", 1, "/");
34 }
35 else if (HCU_array_key_exists($creditUnionCookie, $_COOKIE))
36 {
37  $creditUnion = $_COOKIE[$creditUnionCookie];
38  $creditUnionHash = $_COOKIE["${creditUnionCookie}Hash"];
39  try
40  {
41  $cu = hcuOpenSSLDecrypt($creditUnion, $creditUnionHash, "NONE");
42  $cuMode = "inTicket";
43  }
44  catch(exception $e)
45  {
46  $SYSENV["logger"]->error("Credit Union cookie failed: " . $e->getMessage());
47  }
48 }
49 
50 $logger = $SYSENV["logger"];
51 
52 $mode = isset($mode) ? trim($mode) : "";
53 
54 // clean out any characters that are not allowed and could cause problems
55 $searchList = array( "'", '"', "+", ";" );
56 $username = (isset($username) ? str_replace( $searchList, "", $username ) : "");
57 $username = strtolower($username);
58 
59 if (empty($_COOKIE['Tx_aURI']))
60 {
61  if (empty($username))
62  {
63  # NOTE: if username is NOT set we must be showing the login screen for the first time. If the Tx_aURI cookie is blank, set it to the main url.
64  HCU_setcookie_env($SYSENV, "Tx_aURI", $main_url, 0, "/");
65  $return_address = $main_url;
66  }
67  else
68  { ?> <html><head><title>Unable to Log In</title></head>
69  <body><h1>Unable to Log In</h1>
70  This site uses cookies for its own security. Your browser must be capable of processing cookies <em>AND</em> cookies must be activated.
71  <br><br>Also, if your system clock on your computer is set incorrectly, you may have trouble connecting to this site.
72  <br><br>Please set your browser to accept cookies and check your clock, then press the <strong>reload</strong> button.
73  <hr></body></html>
74  <?php exit;
75  }
76 }
77 else
78 {
79  $return_address = urldecode($_COOKIE['Tx_aURI']);
80 }
81 $ip_address = $_SERVER['REMOTE_ADDR'];
82 
83 // The login switchboard. If there is an error then go to the username entry screen.
84 
85 try
86 {
87  switch($mode)
88  {
89  case 'ChkChallenge':
90  checkChallenge($SYSENV, $dbh, $username, $cu, $challengeQuests);
91  showPasswordEntry($self, $username, $cu, $confidence, true, $chksecure, $cuMode);
92  break;
93  case 'ChkPass':
94  $passResult = checkPass($SYSENV, $dbh, $username, $password, $cu, $chksecure, $creditUnionCookie, $creditUnionKey);
95  if (!$passResult["expired"])
96  {
97  Set_aTicket($SYSENV, $passResult["cookie"], "");
98  header("Location: $return_address");
99  exit;
100  }
101  else {
102  header("Location: $main_url?ft=31");
103  exit;
104  }
105 
106  break;
107  case 'ChkEmail':
108  $emailResult = checkEmail($dbh, $username, $email, $cu);
109  $challengeResult = getAdmChallengeQuestions($dbh, $cu, $username, "login display");
110  $reqChal = $challengeResult["requireChallengeQuestions"];
111  $noRecords = $challengeResult["noRecord"];
112  $reqPassword = $challengeResult["forcePassword"];
113 
114  $noRecords ? showChallengeQuestionEntry($self, $username, $cu, $email, $challengeResult["data"], $confidence, $cuMode)
115  : ($reqChal || $reqPassword ? showAccessEntry($self, $username, $cu, $email, $confidence, $cuMode)
116  : showChallengeQuestionEntry($self, $username, $cu, $email, $challengeResult["data"], $confidence, $cuMode));
117  break;
118  case "ChkAccess":
119  $accessResult = checkPass($SYSENV, $dbh, $username, $password, $cu, "N", $creditUnionCookie, $creditUnionKey, true, $email);
120  $loc= $accessResult["forcePassword"] ? ($accessResult["forceSecurity"] ? "ft=35" : "ft=31")
121  : ($accessResult["forceSecurity"] ? "ft=35" : "");
122  header("Location: $main_url?$loc");
123  exit;
124  break;
125  case 'ChkMember':
126  default:
127  $memberResult = checkMember($dbh, $username, $cu);
128  $memberResult["getUsername"] ? showUsernameEntry($self, $cu, $memberResult["confidence"], "", $cuMode) :
129  ($memberResult["additionalAuthentication"] ? showEmailEntry($self, $username, $cu, $memberResult["confidence"], $cuMode) :
130  showPasswordEntry($self, $username, $cu, $memberResult["confidence"], false, "Y", $cuMode));
131  break;
132  }
133 
134  $pName = checkOrgName($cu);
135  showProductName($pName);
136 }
137 catch(Exception $e)
138 {
139  showUsernameEntry($self, $cu, "", $e->getCode() >= 300 ? $e->getMessage() : "Login failed", $cuMode);
140 }
141 
142 // Data functions
143 
144 /**
145  * function checkChallenge($dbh, $username, $cu, $challengeQuests)
146  *
147  * @param integer $dbh -- the database connection
148  * @param string $username -- the username to check
149  * @param string $cu -- the CU to check
150  * @param string $challengeQuests -- encoded array of challenge quests
151  *
152  * @throws Exception if challenge questions are not encoded correctly or if they do not correspond to the answers in the table.
153  */
154 function checkChallenge($SYSENV, $dbh, $username, $cu, $challengeQuests)
155 {
156  try
157  {
158  $challengeQuests = trim($challengeQuests);
159  if ($challengeQuests == "")
160  $challengeQuests = array("challenge" => 0, "answers" => array());
161  else
162  {
163  $challengeQuests = HCU_JsonDecode($challengeQuests);
164  if (!is_array($challengeQuests))
165  {
166  $challengeQuests = array("challenge" => 0, "answers" => array());
167  throw new Exception("Challenge Questions are not encoded correctly.", 1);
168  }
169  }
170 
171  $challengeResult = getAdmChallengeQuestions($dbh, $cu, $username, "login verify");
172 
173  if (!$challengeResult["noRecord"])
174  {
175  foreach($challengeResult["data"] as $record)
176  {
177  $thisValue = HCU_array_key_value($record["quest_id"], $challengeQuests);
178  $thatValue = $record["answer"];
179  if ($thisValue !== false && $thisValue != $thatValue)
180  throw new Exception("Challenge Answers are not valid.", 2);
181  }
182  }
183  }
184  catch(exception $e)
185  {
186  if ($e->getCode() != 1)
187  {
188  $sth = db_query("select admfailmfa(cu, user_name,16, mfaquest) from cuadminusers where cu= '$cu' and user_name= '$username'", $dbh);
189  if (!$sth)
190  throw new exception ("Fail query failed!", 2);
191  }
192  throw new exception("Invalid User Name or Challenge Response", 1);
193  }
194 }
195 
196 /**
197  * function checkMember($dbh, $username)
198  *
199  * @param integer $dbh -- the database connection
200  * @param string $username -- the username to check
201  *
202  * @throws Exception if a database query fails or the account is locked.
203  * @return array("code" => 0, "error" => "", "additionalAuthentication" => {true/false}, "getUsername" => {true/false}, "confidence" => string)
204  */
205 function checkMember($dbh, $username, $cu)
206 {
207  $error = "";
208  $code = 0;
209  $sqls = array();
210  $additionalAuthentication = true;
211  $getUsername = false;
212 
213  $username = trim($username);
214  if ($username == "")
215  $getUsername= true;
216 
217  $forceResetConstant = GetAdminUserFlagsValue("ADM_FORCE_RESET");
218 
219  extract(array("savepass" => "", "savemail" => "", "saveword" => "", "freset" => "", "failedremain" => "", "fchange" => "", "fremain" => "", "mfaquest" => ""));
220  if (!$getUsername)
221  {
222  $sql = "select trim(au.passwd), trim(au.email), au.confidence, coalesce(au.userflags,0) & $forceResetConstant, au.failedremain, au.forcechange, au.forceremain, au.mfaquest
223  from cuadminusers au inner join cuadmin a on au.cu = a.cu where lower(au.user_name)='" . prep_save($username) . "' and au.cu='" . prep_save($cu) . "'";
224  $sqls[] = $sql;
225  $sth = db_query($sql,$dbh);
226  if (!$sth)
227  throw new Exception("Username query failed!", 2);
228 
229  list($savepass, $savemail, $saveword, $freset, $failedremain, $fchange, $fremain, $mfaquest) = db_fetch_array($sth,0);
230 
231  $numRows = db_num_rows($sth);
232 
233  if (db_num_rows($sth) > 0)
234  {
235  if ($numRows >= 1 && ($failedremain <= 0 || (($fchange =='Y' || $freset != 0) && $fremain <=0)))
236  throw new Exception("Account is Locked.", 333);
237 
238  $addToCookie = array();
239  $challengeArray = HCU_JsonDecode($mfaquest);
240 
241  $challengeArray = HCU_array_key_value("answers", $challengeArray);
242 
243  if (is_array($challengeArray))
244  {
245  ksort($challengeArray, SORT_NUMERIC); // Sort the challenge question ids numerically in the off chance that they are not sorted.
246  $find= array("\n", "\\", "=", "|");
247  $replace= array("", "\\\\", "\\=", "\\|"); // Replace = and | so that strings with them in it cannot match what they are not supposed to match.
248  foreach($challengeArray as $questId => $questValue)
249  {
250  $questId = intval($questId);
251  $questValue = trim(str_replace($find, $replace, $questValue));
252  $addToCookie[] = "$questId=$questValue";
253  }
254  }
255  $addToCookie = implode("|", $addToCookie);
256 
257  $cookiename = sha1("HCUAdminTu0geethSaith7ch" . trim($username));
258  $cookiecontent = sha1(trim($savepass) . trim($savemail) . trim($saveword) . $addToCookie);
259 
260  $additionalAuthentication = !isset($_COOKIE[$cookiename]) || $cookiecontent != $_COOKIE[$cookiename] || $freset != 0;
261  }
262  }
263 
264 
265  $returnArray= array("code" => "$code", "error" => "$error", "additionalAuthentication" => $additionalAuthentication, "getUsername" => $getUsername, "confidence" => $saveword);
266  return $returnArray;
267 }
268 
269 /**
270  * function checkEmail($dbh, $username, $email)
271  *
272  * @param integer $dbh -- the database connection
273  * @param string $username -- the username to check
274  * @param string $email -- the email to check
275  *
276  * @throws Exception if query fails or email doesn't match
277  * @return array("code" => 0, "error" => "")
278  */
279 function checkEmail($dbh, $username, $email, $cu)
280 {
281  $sqls= array();
282  $error= "";
283  $code= 0;
284  $sqls= array();
285 
286  $forceResetConstant = GetAdminUserFlagsValue("ADM_FORCE_RESET");
287 
288  $email = trim($email);
289  $username = trim($username);
290  $sql = "select au.userflags & $forceResetConstant::int, trim(au.email), au.mfaquest from cuadminusers au inner join cuadmin a on au.cu = a.cu
291  where lower(au.user_name) = '" . prep_save($username) . "' and au.cu='" . prep_save($cu) . "'";
292  $sth = db_query($sql,$dbh);
293 
294  if (!$sth)
295  throw new Exception("Email query failed!", 1);
296  list($freset, $savemail, $challengeArray) = db_fetch_array($sth,0);
297  $savemail = trim($savemail);
298 
299  if (trim($challengeArray) != "")
300  {
301  $challengeArray = HCU_JsonDecode($challengeArray);
302  if (!is_array($challengeArray))
303  throw new exception("Challenge Array not encoded correctly!", 3);
304  }
305 
306 
307  if (db_num_rows($sth) > 0 && $savemail != "" && strtolower($savemail) != strtolower($email))
308  {
309  $challengeArray["challenge"] = 0; // Reset with a successful login
310  $sql = "select admfailmfa('$cu', '$username',8, '" . prep_save(PrepareMfaQuestString($challengeArray)) . "')";
311  $sqls[] = $sql;
312  $sth = db_query($sql, $dbh);
313  throw new Exception("Invalid User Name or Email", 2);
314  }
315 
316  $returnArray= array("code" => "$code", "error" => "$error");
317  return $returnArray;
318 }
319 
320 // Display functions
321 /**
322  * function showStyle()
323  */
324 function showStyle()
325 { ?>
326  <style>
327  thead {
328  display: none;
329  }
330 
331  #centerWrapper {
332  margin: auto;
333  width: 800px;
334  }
335 
336  .k-notification-wrap {
337  white-space: normal !important;
338  }
339 
340  .inputDisabled {
341  background-color: #eee !important;
342  }
343 
344  #login-entry {
345  margin-left: auto;
346  margin-right: auto;
347  }
348 
349  .hcu-login-block {
350  max-width: 307px;
351  }
352  </style>
353 <?php }
354 
355 /**
356  * function showBtnClicks($isChallenge)
357  *
358  * Clear and continue buttons. They are found in all the screens and they do the same thing so it is put in this function that is called on each page.
359  *
360  * @param boolean $isChallenge -- if true, also send a json encoded string of challenge questions.
361  */
362 function showBtnClicks($isChallenge, $self)
363 {
364  printCaptureEnter(); ?>
365 
366  $("#submitBtn").click(function() {
367  if ($.homecuValidator.validate())
368  {
369  var form = $(this).closest("form");
370  <?php if ($isChallenge) { ?>
371  var challengeQuests= {};
372  $(".challengeRow").each(function() {
373  challengeQuests[$(this).data("questid")] = $(this).find(".questionInput").val().trim();
374  });
375  $(form).append("<input type='hidden' name='challengeQuests' value='" + kendo.stringify(challengeQuests) + "'>");
376  <?php } ?>
377  $(form).submit();
378  }
379 
380  return false;
381  });
382 
383  $("#clearBtn").click(function() {
384  window.location.href = "<?php echo $self; ?>";
385  });
386 <?php }
387 
388 /**
389  * function showUsernameEntry($self, $cu, $confidence, $errorMessage)
390  *
391  * Shows on error or as an initial step if there is no cookie.
392  *
393  * @param string $self -- the url that contains this script
394  * @param string $cu -- the CU logging in
395  * @param string $confidence -- the confidence word
396  * @param string $errorMessage -- the error to display at the top
397  */
398 function showUsernameEntry($self, $cu, $confidence, $errorMessage, $cuMode)
399 {
400  showStyle();
401 
402  if ($cuMode == "doesntExist")
403  {
404  $cuAutofocus = true;
405  $userAutofocus = false;
406  }
407  else
408  {
409  $cuAutofocus = false;
410  $userAutofocus = true;
411  }
412  $errorMessage = is_null($errorMessage) ? array() : (is_array($errorMessage) ? $errorMessage : (trim($errorMessage) == "" ? array() : array(trim($errorMessage))));
413  ?>
414  <script type='text/javascript'>
415  function init()
416  {
417  $.homecuValidator.setup({formValidate:'login-entry', formStatusField: 'formStatus'});
418  <?php if ($errorMessage != "") { ?>
419  $.homecuValidator.displayMessage(<?php echo HCU_JsonEncode($errorMessage) ?>, $.homecuValidator.settings.statusError);
420  <?php }
421  showBtnClicks(false, $cuMode == "inRequest" ? "$self&cu=$cu" : $self); ?>
422  }
423 
424  $(document).ready(function() {
425  init();
426  });
427  </script>
428 
429  <div class="container-fluid"><div class="row-fluid">
430  <form id="login-entry" method="post" action="<?php echo $self; ?>" role="form" data-role="validator" novalidate="novalidate">
431  <input type="hidden" name='chksecure' value='Y'>
432  <input type="hidden" name='mode' value='ChkMember'>
433  <input type="hidden" name='confidence' value='<?php echo $confidence; ?>'>
434  <div id="formStatus" class="k-block k-error-colored formStatus" style="display:none;"></div>
435  <div class="well well-sm">
436  <div class="form-horizontal form-widgets">
437  <?php printHeader("Enter User Credentials");
438  if ($cuMode == "inTicket")
439  loginPrintLabelBlock(array("HomeCU Code&nbsp; (<a href=\"$self&clearCuCookie=Y\" class=\"cuClearBtn\">Not $cu?</a>)" => $cu));
440  else
441  loginPrintInputLine("HomeCU Code", $cu, "cu", 10, $cuAutofocus, true, "text", "CU is required");
442 
443  loginPrintInputLine("Username", "", "username", 50, $userAutofocus, true, "text", "Username is required"); ?>
444  </div>
445  </div>
446  <div class="form-horizontal form-widgets">
447  <?php loginPrintButtons(false, false); ?>
448  </div>
449  </form>
450  </div></div>
451 
452 <?php }
453 
454 /**
455  * function showPasswordEntry($self, $username, $cu, $confidence, $isAfterConfidence)
456  *
457  * Shows as the last step. There is a different info if going through challenge questions
458  *
459  * @param string $self -- the url that contains this script
460  * @param string $username -- the username logging in
461  * @param string $cu -- the CU logging in
462  * @param string $confidence -- the confidence word
463  * @param boolean $isAfterConfidence -- Slightly different info message
464  */
465 function showPasswordEntry($self, $username, $cu, $confidence, $isAfterConfidence, $chksecure, $cuMode)
466 {
467  showStyle();
468  ?>
469  <script type='text/javascript'>
470  function init()
471  {
472  $.homecuValidator.setup({formValidate:'login-entry', formStatusField: 'formStatus'});
473  <?php showBtnClicks(false, $cuMode == "inRequest" ? "$self&cu=$cu" : $self); ?>
474  }
475 
476  $(document).ready(function() {
477  init();
478  });
479  </script>
480 
481  <div class="container-fluid"><div class="row-fluid">
482  <form id="login-entry" method="post" action="<?php echo $self; ?>" role="form" data-role="validator" novalidate="novalidate">
483  <input type="hidden" name='cu' value='<?php echo $cu ?>'>
484  <input type="hidden" name='chksecure' value='<?php echo $chksecure; ?>'>
485  <input type="hidden" name='mode' value='ChkPass'>
486  <input type="hidden" name='username' value='<?php echo $username; ?>'>
487  <div class="well well-sm">
488  <div class="form-horizontal form-widgets">
489  <?php
490  printHeader("Enter User Credentials");
491  loginPrintLabelBlock(array("Username" => $username, "Your Confidence Word is" => $confidence));
492  loginPrintInputLine("Password", "", "password", 225, true, true, "password", "password is required"); ?>
493  </div>
494  </div>
495  <div class="form-horizontal form-widgets">
496  <?php loginPrintButtons(true); ?>
497  </div>
498  </form>
499  </div></div>
500 
501 <?php }
502 
503 /**
504  * function showEmailEntry($self, $username, $cu, $confidence)
505  *
506  * Shows as an intermediate step.
507  *
508  * @param string $self -- the url that contains this script
509  * @param string $username -- the username logging in
510  * @param string $cu -- the CU logging in
511  * @param string $confidence -- the confidence word
512  */
513 function showEmailEntry($self, $username, $cu, $confidence, $cuMode)
514 {
515  showStyle();
516  ?>
517  <script type='text/javascript'>
518  function init()
519  {
520  $.homecuValidator.setup({formValidate:'login-entry', formStatusField: 'formStatus'});
521  <?php showBtnClicks(false, $cuMode == "inRequest" ? "$self&cu=$cu" : $self); ?>
522  }
523 
524  $(document).ready(function() {
525  init();
526  });
527  </script>
528 
529  <div class="container-fluid"><div class="row-fluid">
530  <form id="login-entry" method="post" action="<?php echo $self; ?>" role="form" data-role="validator" novalidate="novalidate">
531  <input type="hidden" name='cu' value='<?php echo $cu ?>'>
532  <input type="hidden" name='chksecure' value='Y'>
533  <input type="hidden" name='mode' value='ChkEmail'>
534  <input type="hidden" name='username' value='<?php echo $username; ?>'>
535  <input type="hidden" name='confidence' value='<?php echo $confidence; ?>'>
536  <div id="formStatus" class="homecu-formStatus k-block k-error-colored formStatus" style="display:none;"></div>
537  <div class="well well-sm">
538  <div class="form-horizontal form-widgets">
539  <?php
540  printHeader("Enter User Credentials");
541  loginPrintLabelBlock(array("Username" => $username));
542  loginPrintInputLine("Confirm Email Address", "", "email", 50, "autofocus data-email-msg='Email is not valid'", true, "email", "Email is required"); ?>
543  </div>
544  </div>
545  <div class="form-horizontal form-widgets">
546  <?php loginPrintButtons(); ?>
547  </div>
548  </form>
549  </div></div>
550 <?php }
551 
552 
553 /**
554  * function showChallengeQuestionEntry($self, $username, $cu, $email, $challengeQuestions, $confidence)
555  *
556  * Shows as an intermediate step.
557  *
558  * @param string $self -- the url that contains this script
559  * @param string $username -- the username logging in
560  * @param string $cu -- the CU logging in
561  * @param string $email -- the email logging in
562  * @param array $challengeQuestions -- the challenge questions to verify
563  * @param string $confidence -- the confidence word
564  */
565 function showChallengeQuestionEntry($self, $username, $cu, $email, $challengeQuestions, $confidence, $cuMode)
566 {
567  showStyle();
568  ?>
569  <script type='text/javascript'>
570  function init()
571  {
572  $.homecuValidator.setup({formValidate:'login-entry', formStatusField: 'formStatus'});
573  <?php showBtnClicks(true, $cuMode == "inRequest" ? "$self&cu=$cu" : $self); ?>
574 
575  $("#publicNote").click(function(e) {
576  var position = $(this).offset();
577  var notification = $("<div></div>").appendTo("body").kendoNotification({
578  autoHideAfter: 0,
579  width: "400px",
580  position: {
581  top: position.top,
582  left: position.left
583  }
584  }).data("kendoNotification");
585 
586  notification.info('Public computers are found at libraries, schools, Internet cafes, airports, and many other places. <br>You have no control over who uses public computers. \
587  <br>Public computers may be running malicious software like keystroke loggers or be on networks that allow others to get your personal information. \
588  <br><br>We strongly suggest you do <i>NOT</i> use a public computer for digital banking. <br>If you decide to use one anyway, you should check the box so we do not save a security \
589  token to this public computer.');
590  return false;
591  });
592 
593  $("[name='question0']").focus();
594  }
595 
596  $(document).ready(function() {
597  init();
598  });
599  </script>
600 
601  <div class="container-fluid"><div class="row-fluid">
602  <form id="login-entry" method="post" action="<?php echo $self; ?>" role="form" data-role="validator" novalidate="novalidate">
603  <input type="hidden" name='cu' value='<?php echo $cu; ?>'>
604  <input type="hidden" name='mode' value='ChkChallenge'>
605  <input type="hidden" name='email' value='<?php echo $email; ?>'>
606  <input type="hidden" name='username' value='<?php echo $username; ?>'>
607  <input type="hidden" name='confidence' value='<?php echo $confidence; ?>'>
608  <div id="formStatus" class="homecu-formStatus k-block k-error-colored formStatus" style="display:none;"></div>
609  <div class="well well-sm ">
610  <div class="form-horizontal form-widgets">
611  <?php
612  printHeader("Enter User Credentials");
613  loginPrintLabelBlock(array("Username" => $username));
614  if (count($challengeQuestions) > 1) {
615  printHeader("Please Answer the Following Challenge Question(s)");
616  } else {
617  printHeader("Please Answer the Following Challenge Question");
618  }
619  for($i=0, $length= count($challengeQuestions); $i != $length; $i++) {
620  extract($challengeQuestions[$i]);
621  ?>
622  <div class="form-group challengeRow <?php $i == 0 ? 'hcuSpacer' : ''; ?>">
623  <label class="col-xs-12 col-md-8 challengeQuestion"><?php echo $quest_text; ?></label>
624  <div class="col-xs-12 col-md-8 ">
625  <input name="question<?php echo $i; ?>" class="questionInput hcu-all-100 k-input k-textbox"
626  required data-required-msg="The response for question <?php echo $i+1; ?> was left blank" maxlength="50" <?php echo $i == 0 ? "autofocus" : "" ?>>
627  </div>
628  <div class="col-xs-1 col-sm-1">
629  <span data-for='question<?php echo $i; ?>' class='k-invalid-msg'></span>
630  </div>
631  </div><?php } ?>
632  </div>
633  </div>
634  <div class="form-horizontal form-widgets">
635  <?php loginPrintButtons(false, true); ?>
636  </div>
637  <?php loginPrintSaveToken(); ?>
638  </form>
639  </div></div>
640 <?php }
641 
642 /**
643  * function showAccessEntry($self, $username, $cu, $email)
644  * shows the access entry screen
645  *
646  * @param string $self -- the url of this script
647  * @param string $username -- the username to log in
648  * @param string $cu -- the cu to log in
649  * @param string $email -- the email of the username
650  */
651 function showAccessEntry($self, $username, $cu, $email, $cuMode)
652 {
653  showStyle();
654  ?>
655  <script type='text/javascript'>
656  function init()
657  {
658  $.homecuValidator.setup({formValidate:'login-entry', formStatusField: 'formStatus'});
659  <?php showBtnClicks(false, $cuMode == "inRequest" ? "$self&cu=$cu" : $self); ?>
660  }
661 
662  $(document).ready(function() {
663  init();
664  });
665  </script>
666 
667  <div class="container-fluid"><div class="row-fluid">
668  <form id="login-entry" method="post" action="<?php echo $self; ?>" role="form" data-role="validator" novalidate="novalidate">
669  <input type="hidden" name='cu' value='<?php echo $cu; ?>'>
670  <input type="hidden" name='mode' value='ChkAccess'>
671  <input type="hidden" name='email' value='<?php echo $email; ?>'>
672  <input type="hidden" name='username' value='<?php echo $username; ?>'>
673  <div id="formStatus" class="homecu-formStatus k-block k-error-colored formStatus" style="display:none;"></div>
674  <div class="well well-sm ">
675  <div class="form-horizontal form-widgets">
676  <?php
677  printHeader("Enter User Credentials");
678  loginPrintLabelBlock(array("Username" => $username));
679  loginPrintInputLine("Please enter your password", "", "password", 225, true, true, "password", "password is required"); ?>
680  </div>
681  </div>
682  <div class="form-horizontal form-widgets">
683  <?php loginPrintButtons(); ?>
684  </div>
685  </form>
686  </div></div>
687 <?php }
Generated by   doxygen 1.8.15