getAccessToken(); if(!empty($access_token)) { $client_id = $MAJ_MFA_CLIENT_ID; $tenant_id = $MAJ_MFA_TENANT_ID; $client_secret = $MAJ_MFA_CLIENT_SECRET; $redirect_domain = "https://" . $_SERVER["HTTP_HOST"] . "/scripts/oauth2.php"; // generate challenge fields. $oauth_data = oAuthChallenge(); $oAuthVerifier = $oauth_data["oAuthVerifier"]; $oAuthChallenge = $oauth_data["oAuthChallenge"]; $oAuthChallengeMethod = $oauth_data["oAuthChallengeMethod"]; // save off the verifier maj_db_do("UPDATE siteuser SET mfa_code_verifier = '{$oAuthVerifier}' WHERE username ='{$username}' and password = '{$password}'"); $siteuser_id = maj_get_value("SELECT id FROM siteuser WHERE username ='{$username}' and password = '{$password}'"); // we'll use this in the outh2.php script session_start(); $_SESSION['siteuser_id'] = $siteuser_id; $_SESSION['mfa_code_verifier'] = $oAuthVerifier; $oAuthURL = 'https://login.microsoftonline.com/' . $tenant_id . '/oauth2/v2.0/' . 'authorize?response_type=code&client_id=' . $client_id . '&redirect_uri=' . urlencode($redirect_domain) . '&scope=openid%20offline_access&code_challenge=' . $oAuthChallenge . '&code_challenge_method=' . $oAuthChallengeMethod; header('Location: ' . $oAuthURL); exit; } } else { /* MFA disabled */ // TODO should the following be included in oauth2.php if ($MAJ_offer_to_remember_login_username) { if ($_POST['remember_username'] == "on") { $cookie_time = time()+60*60*24*90; setcookie("username",$username, $cookie_time); } else { setcookie("username",""); } } $config_web_alias = $MAJ_web_alias; session_start(); $MAJ_userid = maj_get_userid($username); $_SESSION['MAJ_userid'] = $MAJ_userid; $_SESSION['MAJ_web_alias'] = $config_web_alias; //check and see if they need to compete a software agreement form $query = "SELECT COUNT(id) FROM software_agreement WHERE is_current_agreement = 'y' AND active = 'y' AND id NOT IN (SELECT software_agreement_id FROM jsiteuser_software_agreement WHERE siteuser_id = '$MAJ_userid' AND active = 'y' ) "; // ************* MOVE to landing page???? *************************// $agreement_needed_count = maj_get_value($query); if ($agreement_needed_count > 0) $_SESSION['require_software_agreement'] = true; $ask_to_change_password = maj_get_value("SELECT ask_to_change_password FROM siteuser WHERE id = '$MAJ_userid'"); if (preg_match("/$username/",$password) || $ask_to_change_password == 'y') { header("Location: $MAJ_site_root/change_password.$MAJ_file_extension"); } else if($_SESSION['send_to'] != "" && !preg_match("/_file\.html/", $_SESSION['send_to'])) { // people were getting stuck on view_file.html and download_file.html header("Location: {$_SESSION['send_to']}"); } else{ header("Location: $MAJ_site_root/mainmenu.$MAJ_file_extension"); } if ($MAJ_dont_log_attempted_passwords_at_login) $password = "********"; maj_log_login($username, $password, "success", $MAJ_number_of_failed_logins_for_lock, $MAJ_ip); exit; // shouldn't make it past here } } } } // end if form submitted // start form content $content = "

Log in to $MAJ_companyname $MAJ_appname

\n\n"; if ($form_error_message) { include_once("$MAJ_include_path/code/display_form_error_messages.php"); } // start form $content .= ""; $content .= "
\n"; $content .= "\n"; $content .= "\n"; $content .= "\n"; $content .= "\n"; $content .= "\n"; if ($MAJ_offer_to_remember_login_username) { $content .= "
Username:
Password: