Odyssey
lnapphbuser.i
1 <?php
2 /*
3  * Ability to log in using home banking credentials
4 
5  * The user will login using Home Banking (<cucode>user.user_id). The user_id
6  * from the <cucode>user table will be saved to the column banking_user_id.
7  * Email from the cuusers table will also be saved to the lnappuser.email field.
8  * This email will update each time the user authenticates with their current email address.
9  * For the Loan App user
10  * -1 will be saved in the banking_user_id field for all entries..
11  *
12  * A new unique key will be added (email, cu, userlogintype, banking_user_id)
13  * It is unique to ensure data integrity.
14  *
15  *
16  * RULES FOR AUTHENTICATING HOME BANKING USER
17  *
18  * There will be a challenge question cookie (machine cookie)
19  * There will be an authentciated user cookie (user cookie)
20  *
21  * Too many failed attempts need to be added to the code, with admin able to
22  * unlock
23  *
24  * ** MWS 4/2/2018 START
25  * ** The following sections may change when we get to them. The banking user will
26  * ** be verified, but the information should always be refer to main <cucode>user
27  * ** table instead of keeping a copy here.
28  * ** The lnappuser table will store the user_id in the banking_user_id column.
29  *
30  * 1. Get cu code for current session, this must be known
31  *
32  * 2. Get user login id: user_name/user_alias (in future)
33  *
34  * 3. Check the existence for cu/user_name/userlogintype='H' in lnappuser
35  * a. If FOUND --
36  * 1. Verify the user exists in cuusers table
37  * cu - cucode AND user_name = user loginid
38  * A. If found, insert lnappuser record, with cu,user_name, email, userlogintype='H'
39  * B. if NOT found -- return to main screen --- user NOT found
40  * b. if NOT found
41  * 1. Check the user exists in the cuusers table. On the following fields:
42  * cu - cucode AND user_name = user loginid
43  * A. If found, insert lnappuser record, with cu,user_name, email, userlogintype='H'
44  * B. if NOT found -- return to main screen --- user NOT found
45  *
46  * 4. Machine Cookie Validation
47  * a. If machine cookie is found.. Validate that it is correct
48  * b. If machine cookie is NOT found OR is NOT correct
49  * 1. Set a random value from the users challenge questsions in the
50  * challenge_quest_id. This will can be done similar to how it is done
51  * already for loans
52  * 2. Show the user the question and force them to answer.
53  * A. On a correct answer, save the Machine Cookie
54  * B. On an incorrect answer, set the failedloginattempts and keep showing
55  * the same challenge question.
56  *
57  * 5. Password Validation -- after a machine cookie is set the password cookie
58  * will now need to be set
59  * a. Show a screen displaying their 'confidence' word and field to enter password
60  * 1. Upon submit validate the password.
61  * A. If SUCCESSFUL
62  * I. Create the user cookie and redirect to the Loan Application Main Screen
63  * B. If NOT Successful
64  * I. Increment the failedloginattempts by 1 for this user record in lnappuser
65  * II. Send the user back to the main entry screen with the message:
66  * 'Unable to login, password incorrect.'
67  *
68  * ** MWS 4/2/2018 END
69  *
70  * Validation
71  *
72  * Pieces of the User Cookie
73  *
74  *
75  *
76  *
77  *
78  *
79  * FORM VARIABLES
80  * $FORM_SHOW -- What option will this form show
81  * challenge -- show the challenge question
82  * passwd -- show the confidence/password screen
83  *
84 */
85 
86  /*
87  * LOAD GET/POST values
88  */
89  $loadedValues['lnapphbuser'] = Array();
90  HCU_ImportVars($loadedValues, "lnapphbuser", array("acct" => HCUFILTER_INPUT_STRING, "applogin" => HCUFILTER_INPUT_STRING, "hbusername" => HCUFILTER_INPUT_STRING, "chksecure" => HCUFILTER_INPUT_STRING));
91 
92  $FORM_SHOW = "";
93 
94  $banking_user_id = -1;
95  $setUserAcct = '';
96  /*
97  * hbssouser - This code is used WHEN initially logging in from home banking.
98  * the member must have a valid session
99  */
100  if (hcu_array_key_exists('applogin', $loadedValues['lnapphbuser']) || ($hbuser_cookie_user && $DMSAPP_CURRENTUSERID > 0) || $form_code == 'hbssouser') {
101 
102  // * we are posting from the intro screen
103  // * validate the user_name is entered
104  if (trim(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser'])) != '' || $DMSAPP_CURRENTUSERID > 0 || $form_code == 'hbssouser') {
105  /* MWS 4/2/2018 - PREVENT THIS OPTION */
106  if (trim(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser'])) != '' && FALSE) {
107 
108  if (preg_match("/\D/", hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']))) {
109  // username contains non-digits
110  $userQueryField = "user_alias ilike '" . save_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']), 50) . "' ";
111  } else {
112  // ** do NOT allow login if the user_alias is set and they are using member number to login
113  $userQueryField = "user_name = '" . save_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']), 12) . "' AND rtrim(coalesce(user_alias, '')) = '' ";
114  }
115 
116  // ** Look up the user in the cuusers table -- from POSTED hbusername
117  $sql = "SELECT cu, user_name, email, failedremain, passwd, confidence,
118  user_alias
119  FROM cuusers
120  WHERE cu = '$DMSAPP_CURRENTCUCODE'
121  AND {$userQueryField} ";
122 
123  } elseif ($form_code == 'hbssouser') {
124 
125  /*
126  * hbssouser
127  *
128  * This section is used to allow a currently authenticated member log in to the
129  * online loan app without having to reenter password information
130  *
131  */
132 
133  /*
134  * First - AUTHENTICATE HOME BANKING TOKEN
135  * This is done in cu_credentials
136  * ALWAYS USE CAUTH as the logged in member
137  */
138 
139  $mbrStatus = Check_Member_Credentials($HB_ENV, HCU_array_key_value("Ticket", $_COOKIE));
140 
141  /*
142  * mbrStatus
143  * ['result'] {0, 1}
144  * 0 - Something is wrong and the member is NOT allowed to continue.
145  * Put them back to the login screen
146  * 1 - The home banking credentials were valid (continue)
147  *
148  */
149 
150  if (!$mbrStatus['result']) {
151 
152  header("Location: {$self}status=10");
153  exit;
154 
155  } else {
156  $banking_user_id = intval($HB_ENV['Uid']);
157  /*
158  * Home banking credentials authenticated.. CONTINUE
159  */
160  // ** Look up the user in the cuusers table
161  $sql = "SELECT user_id, group_id, user_name, email, failedremain, passwd, confidence
162  FROM {$DMSAPP_CURRENTCUCODE}user
163  WHERE user_id = {$banking_user_id}; ";
164 
165  }
166 
167  if (isset($loadedValues['lnapphbuser']['acct'])) {
168  $setUserAcct = hcu_decrypturl($loadedValues['lnapphbuser']['acct'], $HB_ENV['historyHash']);
169  }
170 
171 
172  /*
173  * Second - check lnappuser for existence of a record for this member
174  */
175 
176  /*
177  * Third - Create session cookie for online loan app
178  */
179  } else {
180  $sql = '';
181  /* PREVENT THIS OPTION MWS 4/2/2018
182  // ** Look up the user in the cuusers JOIN lnappuser, from COOKIE userid
183  $sql = "SELECT cuusers.cu, cuusers.user_name, cuusers.email, cuusers.failedremain,
184  cuusers.passwd, cuusers.confidence, cuusers.user_alias
185  FROM cuusers
186  JOIN {$DB_TABLE_PREFIX}user as lnuser on lnuser.user_name = cuusers.user_name
187  AND lnuser.cu = cuusers.cu
188  WHERE lnuser.userid = " . intval($DMSAPP_CURRENTUSERID) . "
189  AND lnuser.userlogintype ='" . DMSAPP_CONST_HB_LOGIN . "' ";
190 
191  $FORM_VALIDATION_ERROR .= "<li>Your session has expired. Please confirm your password.</li>";
192  */
193  }
194 
195 
196  $hb_rs = db_query($sql, $dbh);
197  $hb_row = db_fetch_assoc($hb_rs);
198  if ($hb_row) {
199 
200  /**
201  * SUCCESSFUL USER
202  *
203  * * Check how many accounts this user can access
204  * * Use a speed bump to select an account if there is more than one.
205  * * Save the selected account to the column sessin_account in lnappuser table.
206  */
207 
208 
209  // * have the user row
210  // * NOW check to see if in lnappuser
211  $sql = "SELECT *
212  FROM {$DB_TABLE_PREFIX}user
213  WHERE cu = '$DMSAPP_CURRENTCUCODE'
214  AND userlogintype in ('H', 'N')
215  AND banking_user_id = {$banking_user_id};";
216 
217  $user_rs = db_query($sql, $dbh);
218 
219  // ** Banking User ID is set,
220  // If the setUserAcct is set, then verify the user has access to the specified account for the purpose of a Loan
221  if (!VerifyUserAccountAccessForLoan($HB_ENV, $banking_user_id, $setUserAcct)) {
222  $setUserAcct = '';
223  }
224 
225  if ($user_row = db_fetch_assoc($user_rs)) {
226 
227  // ** USER RECORD FOUND..
228  // ** CHECK THE LOAN APP FAILED ATTEMPTS
229  // * This value increments from ZERO with each failed login
230  // * Always respect the failedloginattempts. If this is maxed out.
231  // * then they should not be allowed to continue and will need to use the
232  // online loan app admin tool to unlock
233  if (intval($user_row['failedloginattempts']) >= $DMSAPP_FAILEDLOGINATTEMPTS) {
234  if (intval($select_questid) == 0) {
235  header("Location: {$self}f=intro&status=8");
236  exit;
237  }
238  }
239 
240 
241 
242  // * IN FACT, update the lnappuser.email and lnappuser.confidenceword
243  // AND force login type to be type "H" even if was type "N" (meaning now a homebanking user)
244  $sql = "UPDATE {$DB_TABLE_PREFIX}user
245  SET
246  email = '" . save_text($hb_row['email'], 50) . "',
247  userlogintype = 'H',
248  confidenceword = '" . save_text($hb_row['confidence'], 30) . "',
249  session_account = '" . save_text($setUserAcct, 12) . "'
250  WHERE userid = " . intval($user_row['userid']);
251 
252  if (!$exec_rs = db_query($sql, $dbh)) {
253 
254  // * PROBLEM -- Force back to login screen -- UNKNOWN why can't update
255  header("Location: {$self}status=999");
256  exit;
257  }
258  } else {
259  // ** lnappuser NOT FOUND -- INSERT IT
260  $sql = "INSERT INTO {$DB_TABLE_PREFIX}user
261  (email, cu, failedloginattempts, challenge_quest_id, userlogintype, banking_user_id, confidenceword, session_account)
262  VALUES
263  ('" . save_text($hb_row['email'], 50) . "', '$DMSAPP_CURRENTCUCODE', 0, -1,
264  'H', {$banking_user_id},
265  '" . save_text($hb_row['confidence'], 30) . "',
266  '" . save_text($setUserAcct, 12) . "');";
267 
268  if (!$exec_rs = db_query($sql, $dbh)) {
269 
270  // * PROBLEM -- Force back to login screen -- UNKNOWN why can't insert
271  header("Location: {$self}status=999");
272  exit;
273  }
274  // * FETCH THE ROW WE JUST INSERTED
275  $sql = "SELECT *
276  FROM {$DB_TABLE_PREFIX}user
277  WHERE cu = '$DMSAPP_CURRENTCUCODE'
278  AND userlogintype = 'H'
279  AND banking_user_id = {$banking_user_id}; ";
280  $user_rs = db_query($sql, $dbh);
281 
282  if (!$user_row = db_fetch_assoc($user_rs)) {
283 
284  header("Location: {$self}status=999");
285  exit;
286  }
287  }
288 
289 
290  // ** IF WE ARE HERE -- then we have successfully verified cuusers table
291  // ** AND we have updated/inserted information into lnappuser
292  // ** now we need to determine where to go
293 
294  $l_device_cookie_name = ReturnDeviceCookieName($DMSAPP_CURRENTCUCODE, DMSAPP_CONST_HB_LOGIN, trim($hb_row['email']), $user_row['userid']);
295  $l_CookieVal = sha1($DMSAPP_SECRET_KEY . trim($user_row['pwd']) . trim($hb_row['email']) . trim($hb_row['confidence']) . trim($hb_row['user_id']));
296 
297  if ($form_code != 'hbssouser') {
298  if ($l_CookieVal == $_COOKIE[$l_device_cookie_name]) {
299  // ** Send to Password form, the Challenge was successful
300  $FORM_SHOW = "passwd";
301  } else {
302  //** They must first pass the Challenge question
303  $FORM_SHOW = "challenge";
304  // Determine if we have already selected a challenge question
305 
306  if ($user_row['challenge_quest_id'] > 0) {
307  $select_questid = $user_row['challenge_quest_id'];
308  } else {
309 
310  // ** NO PREVIOUS CHALLENGE PICK A RANDOM
311  // * First pick ONE of the multiple security questions this user
312  // * may have
313  $sql = "SELECT *
314  FROM cuquestselect as u_qs
315  JOIN {$DB_TABLE_PREFIX}user as u on u.cu = u_qs.cu AND u.user_name = u_qs.accountnumber
316  WHERE u.userid = " . intval($user_row['userid']) . "
317  ORDER BY RANDOM() LIMIT 1";
318 
319  $qst_rs = db_query($sql, $dbh);
320  $qst_row = db_fetch_array($qst_rs);
321 
322  $select_questid = $qst_row['quest_id'];
323  // ** INSERT THE QuestID as the question that must be answered
324  $sql = "UPDATE {$DB_TABLE_PREFIX}user
325  SET challenge_quest_id = " . intval($select_questid) . "
326  WHERE userid = " . intval($user_row['userid']);
327 
328  if (!$upd_rs = db_query($sql, $dbh)) {
329  // ** UNKNOWN ERROR BACK TO INTRO
330 
331  header("Location: {$self}f=intro&status=999");
332  exit;
333  }
334 
335  if (intval($select_questid) == 0) {
336  header("Location: {$self}f=intro&status=7");
337  exit;
338  }
339  }
340  }
341  } else {
342 
343  /*
344  * Member is logging in from Home Banking..
345  * In THIS CASE we will be setting the cookies for challenge questions and password
346  */
347  // ** Update the user table -- be sure the loginattempts are cleared
348  $sql = "UPDATE {$DB_TABLE_PREFIX}user
349  SET failedloginattempts = 0
350  WHERE userid = " . intval($user_row['userid']) . " ";
351  $exec_rs = db_query($sql, $dbh);
352 
353  // ** SET DEVICE COOKIE
354  $pSessionCookie = hcu_array_key_value('chksecure', $loadedValues['lnapphbuser']) != "Y";
355  SetLnappDeviceCookie($HB_ENV, $l_device_cookie_name, $l_CookieVal, $pSessionCookie);
356 
357  // ** SET THE PASSWORD COOKIE
358  DMSAppSetCookie($HB_ENV, $user_row['userid'], DMSAPP_CONST_HB_LOGIN);
359 
360  // if changed from logintype "N" need to let user know to log in with home banking credentials in the future
361  $showHBMessage = ( $user_row["userlogintype"] == "N" ) ? "&msg=You are now configured as a Home Banking user so use your Home Banking credentials when logging into the Loan App system in the future." : "";
362  header("Location: {$self}f=portal$showHBMessage");
363  exit;
364 
365  }
366  } else {
367 
368  // * PROBLEM -- Force back to login screen
369  header("Location: {$self}status=4&o=1");
370  exit;
371  }
372  } else {
373  // * PROBLEM -- Force back to login screen
374  header("Location: {$self}status=4&o=2");
375  exit;
376  }
377  } elseif (isset($_POST['hbconfchallenge'])) {
378 
379  /*
380  * User Alias Changes
381  * IF the member is using a user alias, the string hbusername will actually
382  * contain the alias, however, the user_name saved in all tables is the
383  * actual member number
384  * So I will first check to see if the hbusername being posted is useralias
385  * then I will lookup in the cuuers table and return the user_name for
386  * processing in the other tables
387  *
388  */
389  if (preg_match("/\D/", hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']))) {
390  // Perform a lookup in the cuusers table
391 
392  // ** Look up the user in the cuusers table -- from POSTED hbusername
393  $sql = "SELECT cu, user_name, email, failedremain, passwd, confidence,
394  user_alias
395  FROM cuusers
396  WHERE cu = '$DMSAPP_CURRENTCUCODE'
397  AND user_alias ilike '" . save_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']), 50) . "' ";
398 
399  $hb_rs = db_query($sql, $dbh);
400  $hb_row = db_fetch_assoc($hb_rs);
401 
402  if ($hb_row) {
403  // * Have a value
404  $postUsername = $hb_row['user_name'];
405  }
406 
407  $dbFieldLen = 50;
408  } else {
409  // ** NOT USER ALIAS -- SET TO THE POSTED VALUE
410  $postUsername = hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']);
411  $dbFieldLen = 12;
412  }
413 
414 
415 
416  // ** They are on the challenge question and they just pressed
417  // * submit.. need to confirm if the answer is correct.
418  // * First get the challenge question
419  $sql = "SELECT *
420  FROM {$DB_TABLE_PREFIX}user
421  WHERE cu = '{$DMSAPP_CURRENTCUCODE}'
422  AND userlogintype = 'H'
423  AND user_name = '" . save_text($postUsername, $dbFieldLen) . "' ";
424  $user_rs = db_query($sql, $dbh);
425 
426  if ($user_row = db_fetch_assoc($user_rs)) {
427 
428  // * The challenge question
429  $sql = "SELECT *
430  FROM cuquestselect
431  WHERE cu = '{$DMSAPP_CURRENTCUCODE}'
432  AND accountnumber = '" . save_text($postUsername, $dbFieldLen) . "'
433  AND quest_id = " . intval($user_row['challenge_quest_id']) . " ";
434 
435  $qst_rs = db_query($sql, $dbh);
436  $qst_row = db_fetch_assoc($qst_rs);
437  // ** NOW VALIDATE if the two options are the same
438 
439  if (strtolower(trim($_POST['chg_resp'])) == strtolower(trim($qst_row['answer'])) && strtolower(trim($qst_row['answer'])) != '') {
440  // ** SUCCESS -- we next need to pass them on to the password phase
441 
442  // ** RESET THE challenge_quest_id
443  $sql = "UPDATE {$DB_TABLE_PREFIX}user
444  SET challenge_quest_id = -1
445  WHERE userid = " . intval($user_row['userid']) . " ";
446  $exec_rs = db_query($sql, $dbh);
447 
448  // ** SET COOKIE
449 
450  $user_device_cookiename = ReturnDeviceCookieName($DMSAPP_CURRENTCUCODE, DMSAPP_CONST_HB_LOGIN, trim($user_row['email']), $user_row['userid']);
451  $setCookieVal = sha1($DMSAPP_SECRET_KEY . trim($user_row['pwd']) . trim($user_row['email']) . trim($user_row['confidenceword']) . trim($user_row['user_id']));
452 
453  $pSessionCookie = $_POST["chksecure"] != "Y";
454 
455  SetLnappDeviceCookie($HB_ENV, $user_device_cookiename, $setCookieVal, $pSessionCookie);
456 
457  // ** Show password screen
458  $FORM_SHOW = "passwd";
459  } else {
460  // * PROBLEM -- Force WRONG ANSWER TO CHALLENGE questions -- back to login screen
461  $sql = "UPDATE {$DB_TABLE_PREFIX}user
462  SET failedloginattempts = failedloginattempts + 1
463  WHERE
464  cu = '{$DMSAPP_CURRENTCUCODE}'
465  AND userlogintype = '" . DMSAPP_CONST_HB_LOGIN . "'
466  AND user_name = '" . save_text($postUsername, $dbFieldLen) . "' ";
467 
468  if (!$exec_rs = db_query($sql, $dbh)) {
469  // * PROBLEM -- Force back to login screen -- UNKNOWN why can't insert
470  header("Location: {$self}status=999");
471  exit;
472  }
473 
474  header("Location: {$self}status=5");
475  exit;
476  }
477  } else {
478 
479  // * PROBLEM -- Force back to login screen
480  header("Location: {$self}status=999");
481  exit;
482  }
483  } elseif (isset($_POST['hbconfpassword'])) {
484 
485  if (preg_match("/\D/", hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']))) {
486  // username contains non-digits
487  $userQueryField = "user_alias ilike '" . save_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']), 50) . "' ";
488  } else {
489  $userQueryField = "user_name = '" . save_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']), 12) . "' ";
490  }
491 
492  // ** AUTHENTICATE THE PASSWORD
493  $sql = "SELECT cu, user_name, email, failedremain, passwd, confidence
494  FROM cuusers
495  WHERE cu = '$DMSAPP_CURRENTCUCODE'
496  AND {$userQueryField} ";
497 
498  $hb_rs = db_query($sql, $dbh);
499  $hb_row = db_fetch_assoc($hb_rs);
500 
501  if ($hb_row) {
502 
503  $password = trim($_POST['hbloginpassword']);
504  $savepass = $hb_row['passwd'];
505 
506  if ($savepass == crypt($password, $savepass)) {
507  // ** successful login
508 
509  // * Fetch the UserId
510  $sql = "SELECT *
511  FROM {$DB_TABLE_PREFIX}user
512  WHERE cu = '{$DMSAPP_CURRENTCUCODE}'
513  AND userlogintype = '" . DMSAPP_CONST_HB_LOGIN . "'
514  AND user_name = '" . save_text($hb_row['user_name'], 12) . "' ";
515  $user_rs = db_query($sql, $dbh);
516  if ($user_row = db_fetch_assoc($user_rs)) {
517 
518  // ** Update the user table
519  $sql = "UPDATE {$DB_TABLE_PREFIX}user
520  SET failedloginattempts = 0
521  WHERE userid = " . intval($user_row['userid']) . " ";
522  $exec_rs = db_query($sql, $dbh);
523 
524  // ** Create the user cookie
525  DMSAppSetCookie($HB_ENV, $user_row['userid'], DMSAPP_CONST_HB_LOGIN);
526 
527  header("Location: {$self}f=portal");
528  exit;
529 
530  } else {
531  // ** Unable to find the user
532  header("Location: {$self}status=4&o=3");
533  exit;
534  }
535  } else {
536  // ** ERROR WRONG PASSWORD
537  // ** Increment failed login attempts
538 
539  $sql = "UPDATE {$DB_TABLE_PREFIX}user
540  SET failedloginattempts = failedloginattempts + 1
541  WHERE
542  cu = '{$DMSAPP_CURRENTCUCODE}'
543  AND userlogintype = '" . DMSAPP_CONST_HB_LOGIN . "'
544  AND user_name = '" . save_text($hb_row['user_name'], 12) . "' ";
545 
546  if (!$exec_rs = db_query($sql, $dbh)) {
547  // * PROBLEM -- Force back to login screen -- UNKNOWN why can't insert
548  header("Location: {$self}status=999");
549  exit;
550  }
551 
552  header("Location: {$self}status=6");
553  exit;
554  }
555  } else {
556  header("Location: {$self}status=4&o=4");
557  exit;
558  }
559  }
560 
561  if (hcu_array_key_exists('hbusername', $loadedValues['lnapphbuser'])) {
562  $form_hbuser = disp_text(hcu_array_key_value('hbusername', $loadedValues['lnapphbuser']));
563  } elseif (isset($hb_row)) {
564  // ** if using the values from hb_row,
565  // ** use user_alias IF set, otherwise default to user_name
566  // ** this is because we need to keep the check consistent
567 
568  $form_hbuser = disp_text(($hb_row['user_alias'] != '' ? $hb_row['user_alias'] : $hb_row['user_name']));
569 
570  }
571 
572  switch ($FORM_SHOW):
573  case "challenge":
574 
575 
576  $sql = "SELECT *
577  FROM cuquestmaster
578  WHERE quest_lang = 'en_US'
579  AND quest_id = " . intval($select_questid) . "; ";
580  $quest_rs = db_query($sql, $dbh);
581  $quest_row = db_fetch_assoc($quest_rs);
582 
583 
584  $challenge_quest_text = trim($quest_row['quest_text']);
585 
586  print <<< challenge_form
587  <div id="summary-container" class="validity-summary-container errors" >
588  <p><em>You may not continue. the following errors were encountered:</em></p>
589  <ul>
590  $FORM_VALIDATION_ERROR
591  </ul>
592  </div>
593  <script language='javascript'>
594  <!--
595  function whatpub() {
596  window.alert('Public computers are found at libraries, schools, Internet cafes, airports, and many other places. You have no control over who uses public computers. Public computers may be running malicious software like keystroke loggers or be on networks that allow others to get your personal information. We strongly suggest you do NOT use a public computer for home banking. If you decide to use one anyway, you should check the box so we do not save a security token to this public computer.');
597  }
598  // -->
599  </script>
600  <form id="app_settings" name="app_settings" action="{$self}f=hbuser" method="post">
601  <input type="hidden" name="form_set" value="$form_code">
602  <input type="hidden" name="loginemail" value="$l_email">
603  <div id="">
604 
605  <div class='errors'>
606  We do not recognize the device you are using.<br>
607  Please confirm your identity.<br>Please answer the question below to confirm
608  your identity.
609  </div>
610 
611  <div class="expandedform">
612  <fieldset class='clearfix'>
613  <legend>Challenge Question</legend>
614  <div class='row'><label class='wide' for="chg_resp">$challenge_quest_text</label>
615  <input id="chg_resp" name="chg_resp" type="text" size="30" maxlength="100" class="text-input"/></div>
616 
617  <div class='row'><label for='chksecureY'>This is my Personal or Business Computer<br>&nbsp;(Save security token on this computer)</label>
618  <input type='radio' id='chksecureY' name='chksecure' value='Y' checked/></div>
619  <div class='row'><label for='chksecureN'>This is a <a onClick='whatpub();'>Public Computer</a><br>&nbsp;(DO NOT Save security token on this computer)</label>
620  <input type='radio' id='chksecureN' name='chksecure' value='N' /></div>
621  </fieldset>
622  </div>
623  <label class="submit">
624  <input type="hidden" name="hbconfchallenge" value="Confirm Answer">
625  <input type="hidden" name="hbusername" value="$form_hbuser">
626  <a class="ovalbutton_blue navleft" href="#" style="margin-left: 6px" id='linkFormPost' label='Submit'><span>Confirm Answer</span></a>
627 
628  </label>
629  </div>
630  $form_pwd_script
631  <script type="text/javascript">
632  $(document).ready(function() {
633 
634  \$('#app_settings').bind("keydown", function(event) {
635  // track enter key
636  var keycode = (event.keyCode ? event.keyCode : (event.which ? event.which : event.charCode));
637  if (keycode == 13) { // keycode for enter key
638  // force the 'Enter Key' to implicitly click the Update button
639  \$('#app_settings').submit();
640  return false;
641  } else {
642  return true;
643  }
644  }); // end of function
645 
646  \$('#linkFormPost').click(function() {
647  \$("#app_settings").submit();
648  });
649  $('#chg_resp').focus();
650  }); // end of document ready
651  </script>
652 
653  </form>
654 
655 challenge_form;
656 
657 
658  break;
659  case "passwd":
660 
661  $print_confword = "<label class='wide' for='chg_resp'>Confidence Word:</label><span class='bold'>" . disp_text($user_row['confidenceword']) . "</span></div>";
662  print <<< password_form
663  <div id="summary-container" class="validity-summary-container errors" >
664  <p><em>You may not continue. the following errors were encountered:</em></p>
665  <ul>
666  $FORM_VALIDATION_ERROR
667  </ul>
668  </div>
669  <form id="app_settings" name="app_settings" action="{$self}f=hbuser" method="post">
670  <input type="hidden" name="form_set" value="$form_code">
671  <input type="hidden" name="loginemail" value="$l_email">
672 
673 
674  <div>
675  <div class="expandedform">
676  <fieldset class='clearfix'>
677  <legend>Enter Password</legend>
678  <div class='row'>$print_confword
679  <label class='wide' for="hbloginpassword">Password:</label>
680  <input id="hbloginpassword" name="hbloginpassword" type="password" size="10" maxlength="15" class="text-input"/></div>
681  </fieldset>
682  </div>
683  <label class="submit">
684  <input type="hidden" name="hbconfpassword" value="Login">
685  <input type="hidden" name="hbusername" value="$form_hbuser">
686  <a class="ovalbutton_blue navleft" href="#" style="margin-left: 6px" id='linkFormPost' label='Submit'><span>Login</span></a>
687  </label>
688  </div>
689  $form_pwd_script
690  <script type="text/javascript">
691  $(document).ready(function() {
692 
693  \$('#app_settings').bind("keydown", function(event) {
694  // track enter key
695  var keycode = (event.keyCode ? event.keyCode : (event.which ? event.which : event.charCode));
696  if (keycode == 13) { // keycode for enter key
697  // force the 'Enter Key' to implicitly click the Update button
698  \$('#app_settings').submit();
699  return false;
700  } else {
701  return true;
702  }
703  }); // end of function
704 
705  \$('#linkFormPost').click(function() {
706  \$("#app_settings").submit();
707  });
708 
709  $('#hbloginpassword').focus();
710  }); // end of document ready
711  </script>
712  </form>
713 
714 password_form;
715  if ($FORM_VALIDATION_ERROR != '') {
716  print "<script language='javascript'>$('#summary-container').css('display', 'inline-block');</script>";
717  }
718 
719 
720  break;
721  endswitch;
Generated by   doxygen 1.8.15