djpbessems
/
lucidAuth
1
1
Fork 0
Code Issues Pull Requests Releases 2 Wiki Activity

Migrated IDE platform; accepting nonexisting diffs to make IDE happy

This commit is contained in:
Danny Bessems 2019-02-27 21:39:31 +01:00
parent 1ffa164160
commit c8fe81d222
17 changed files with 1701 additions and 1665 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1348
LICENSE.md
View File

File diff suppressed because it is too large Load Diff

62
README.md
View File

@ -1,32 +1,32 @@
# lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik
Add the following lines (change to reflect your existing configuration):
```
[frontends.server1]
entrypoints = ["https"]
backend = "server1"
[frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes]
[frontends.server1.routes.ext]
rule = "Host:<fqdn>"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs
# lucidAuth
[![](https://img.shields.io/badge/status-in%20production-%23003399.svg)](#) [![](https://img.shields.io/badge/contributors-1-green.svg) ](#)
Forward Authentication for use with proxies (caddy, nginx, traefik, etc)
## Usage
- Create a new folder, navigate to it in a commandprompt and run the following command:
`git clone https://code.spamasaurus.com/djpbessems/lucidAuth.git`
- Edit `include/lucidAuth.config.php.example` to reflect your configuration and save as `include/lucidAuth.config.php`
- Create a new website (within any php-capable webserver) and make sure that the documentroot points to the `public` folder
- Check if you are able to browse to `https://<fqdn>/lucidAuth.login.php` (where `<fqdn>` is the actual domain -or IP address- your webserver is listening on)
- Edit your proxy's configuration to use the new website as forward proxy:
- #### ~~in Caddy/nginx~~ <small>(planned for a later stage)</small>
- #### in Traefik
Add the following lines (change to reflect your existing configuration):
```
[frontends.server1]
entrypoints = ["https"]
backend = "server1"
[frontends.server1.auth.forward]
address = "https://<fqdn>/lucidAuth.validateRequest.php"
[frontends.server1.routes]
[frontends.server1.routes.ext]
rule = "Host:<fqdn>"
```
- #### Important!
The domainname of the website made in step 3, needs to match the domainname (*ignoring subdomains, if any*) of the resource utilizing this authentication proxy.
## Questions or bugs
Feel free to open issues in this repository.

295
include/lucidAuth.functions.php
View File

@ -1,147 +1,150 @@
<?php
$configurationFile = '../lucidAuth.config.php';
if (!file_exists($configurationFile)) {
throw new Exception(sprintf('Missing config file. Please rename \'%1$s.example\' to \'%1$s\' and edit it to reflect your setup.', explode('../', $configurationFile)[1]));
}
$settings = include_once($configurationFile);
try {
# switch ($settings->Database['Driver']) {
# case 'sqlite':
# $database = new PDO('sqlite:' . $settings->Database['Path']);
if (is_writable($settings->Sqlite['Path'])) {
$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
} else {
throw new Exception(sprintf('Database file \'%1$s\' is not writable', $settings->Sqlite['Path']));
}
# }
}
catch (Exception $e) {
throw new Exception(sprintf('Unable to connect to database \'%1$s\'', $settings->Sqlite['Path']));
}
function authenticateLDAP (string $username, string $password) {
global $settings;
if (!empty($username) && !empty($password)) {
// Handle login requests
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
// Strict namingconvention: only allow alphabetic characters
$sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
$qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername;
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName // Common name (as retrieved from AD)
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
return ['status' => 'Success', 'token' => $secureToken];
} else {
// LDAP authentication failed!
return ['status' => 'Fail', 'reason' => '1'];
}
} else {
// Empty username or passwords not allowed!
return ['status' => 'Fail', 'reason' => '1'];
}
}
function storeToken (string $secureToken, string $qualifiedUsername, string $httpHost) {
global $settings, $pdoDB;
// Save authentication token in database serverside
try {
$pdoQuery = $pdoDB->prepare('
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE User.Username = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $secureToken,
':qualifiedusername' => $qualifiedUsername
]);
}
catch (Exception $e) {
return ['status' => 'Fail', 'reason' => $e];
}
// Save authentication token in cookie clientside
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
// Check if $_SERVER['HTTP_HOST'] matches any of the configured domains (either explicitly or as a subdomain)
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
return ['status' => 'Success'];
} else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
}
}
function validateToken (string $secureToken) {
global $settings, $pdoDB;
// Decode provided authentication token
try {
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
// Invalid token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token could not be decoded' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '1'];
}
if ((int)$jwtPayload->iat < (time() - (int)$settings->Session['Duration'])) {
// Expired token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token has expired' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '3'];
}
// Retrieve all authentication tokens from database matching username
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Value
FROM SecureToken
LEFT JOIN User
ON (User.Id=SecureToken.UserId)
WHERE User.Username = :username
');
$pdoQuery->execute([
':username' => (string)$jwtPayload->sub
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
continue;
}
}
// Compare provided authentication token to all stored tokens in database
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
return $value->iat === $jwtPayload->iat;
})) === 1) {
return ['status' => 'Success'];
} else {
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- No matching token in database' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '2'];
}
}
<?php
$configurationFile = '../lucidAuth.config.php';
if (!file_exists($configurationFile)) {
throw new Exception(sprintf('Missing config file. Please rename \'%1$s.example\' to \'%1$s\' and edit it to reflect your setup.', explode('../', $configurationFile)[1]));
}
$settings = include_once($configurationFile);
try {
# switch ($settings->Database['Driver']) {
# case 'sqlite':
# $database = new PDO('sqlite:' . $settings->Database['Path']);
if (is_writable($settings->Sqlite['Path'])) {
$pdoDB = new PDO('sqlite:' . $settings->Sqlite['Path']);
} else {
throw new Exception(sprintf('Database file \'%1$s\' is not writable', $settings->Sqlite['Path']));
}
# }
}
catch (Exception $e) {
throw new Exception(sprintf('Unable to connect to database \'%1$s\'', $settings->Sqlite['Path']));
}
function authenticateLDAP (string $username, string $password) {
global $settings;
if (!empty($username) && !empty($password)) {
// Handle login requests
$ds = ldap_connect($settings->LDAP['Server'], $settings->LDAP['Port']);
// Strict namingconvention: only allow alphabetic characters
$sanitizedUsername = preg_replace('([^a-zA-Z]*)', '', $_POST['username']);
$qualifiedUsername = $settings->LDAP['Domain'] . '\\' . $sanitizedUsername;
if (@ldap_bind($ds, $qualifiedUsername, utf8_encode($_POST['password']))) {
// Successful authentication; get additional userdetails from authenticationsource
$ldapSearchResults = ldap_search($ds, $settings->LDAP['BaseDN'], "sAMAccountName=$sanitizedUsername");
$commonName = ldap_get_entries($ds, $ldapSearchResults)[0]['cn'][0];
// Create JWT-payload
$jwtPayload = [
'iat' => time(), // Issued at: time when the token was generated
'iss' => $_SERVER['SERVER_NAME'], // Issuer
'sub' => $qualifiedUsername, // Subject (ie. username)
'name' => $commonName // Common name (as retrieved from AD)
];
$secureToken = JWT::encode($jwtPayload, base64_decode($settings->JWT['PrivateKey_base64']));
return ['status' => 'Success', 'token' => $secureToken];
} else {
// LDAP authentication failed!
return ['status' => 'Fail', 'reason' => '1'];
}
} else {
// Empty username or passwords not allowed!
return ['status' => 'Fail', 'reason' => '1'];
}
}
function storeToken (string $secureToken, string $qualifiedUsername, string $httpHost) {
global $settings, $pdoDB;
// Save authentication token in database serverside
try {
$pdoQuery = $pdoDB->prepare('
INSERT INTO SecureToken (UserId, Value)
SELECT User.Id, :securetoken
FROM User
WHERE User.Username = :qualifiedusername
');
$pdoQuery->execute([
':securetoken' => $secureToken,
':qualifiedusername' => $qualifiedUsername
]);
}
catch (Exception $e) {
return ['status' => 'Fail', 'reason' => $e];
}
// Save authentication token in cookie clientside
$cookieDomain = array_values(array_filter($settings->Session['CookieDomains'], function ($value) use ($httpHost) {
// Check if $_SERVER['HTTP_HOST'] matches any of the configured domains (either explicitly or as a subdomain)
// This might seem backwards, but relying on $_SERVER directly allows spoofed values with potential security risks
return (strlen($value) > strlen($httpHost)) ? false : (0 === substr_compare($httpHost, $value, -strlen($value)));
}))[0];
if ($cookieDomain && setcookie('JWT', $secureToken, (time() + $settings->Session['Duration']), '/', '.' . $cookieDomain)) {
return ['status' => 'Success'];
} else {
return ['status' => 'Fail', 'reason' => 'Unable to store cookie(s)'];
}
}
function validateToken (string $secureToken) {
global $settings, $pdoDB;
// Decode provided authentication token
try {
$jwtPayload = JWT::decode($secureToken, base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
// Invalid token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token could not be decoded' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '1'];
}
if ((int)$jwtPayload->iat < (time() - (int)$settings->Session['Duration'])) {
// Expired token
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Provided token has expired' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '3'];
}
// Retrieve all authentication tokens from database matching username
$pdoQuery = $pdoDB->prepare('
SELECT SecureToken.Value
FROM SecureToken
LEFT JOIN User
ON (User.Id=SecureToken.UserId)
WHERE User.Username = :username
');
$pdoQuery->execute([
':username' => (string)$jwtPayload->sub
]);
foreach($pdoQuery->fetchAll(PDO::FETCH_ASSOC) as $row) {
try {
$storedTokens[] = JWT::decode($row['Value'], base64_decode($settings->JWT['PrivateKey_base64']), $settings->JWT['Algorithm']);
} catch (Exception $e) {
continue;
}
}
// Compare provided authentication token to all stored tokens in database
if (!empty($storedTokens) && sizeof(array_filter($storedTokens, function ($value) use ($jwtPayload) {
return $value->iat === $jwtPayload->iat;
})) === 1) {
return [
'status' => 'Success',
'name' => $jwtPayload->name
];
} else {
if ($settings->Debug['LogToFile']) {
file_put_contents('../validateToken.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- Either no matching token or multiple matching tokens found in database' . PHP_EOL, FILE_APPEND);
}
return ['status' => 'Fail', 'reason' => '2'];
}
}
?>

230
include/lucidAuth.template.php
View File

@ -1,122 +1,110 @@
<?php
error_reporting(E_ALL & ~E_NOTICE);
$pageLayout['full'] = <<<'FULL'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#B50000" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/manifest.json" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.theme.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div id="horizon">
<div id="content">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
<div class="main">
%1$s
</div>
</div>
</div>
</body>
</html>
FULL;
$pageLayout['bare'] = <<<'BARE'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script>
</head>
<body>
%1$s
</body>
</html>
BARE;
$contentLayout['login'] = <<<LOGIN
<script src="misc/script.index.js"></script>
<fieldset>
<legend>Login Details</legend>
<ul>
<li>
<label class="pre" for="username" data-translation="label_username">Gebruikersnaam:</label>
<input type="text" id="username" name="username" tabindex="100" />
<label for="username">@lucidAuth</label>
</li>
<li>
<label class="pre" for="password" data-translation="label_password">Wachtwoord:</label>
<input type="password" id="password" name="password" tabindex="200" />
</li>
<li>
<input type="hidden" id="ref" name="ref" value="{$_GET['ref']}" />
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
</li>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li class="misc">
<span class="indent" data-translation="span_credentialsavailable">Inloggegevens verkrijgbaar op aanvraag!</span>
</li>
</ul>
</fieldset>
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN;
$contentLayout['manage'] = <<<'MANAGE'
<script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;{$_SESSION['fullname']}&nbsp;---&nbsp;[<a id="linkplugindialog" tabindex="600" data-translation="link_plugin">Browser plugin</a><div id="pluginlogos"><span data-translation="label_selectbrowser" style="float: left; margin-left: 5px;">Select browser:</span><span style="font-size: 8px; float: right; margin-right: 5px; margin-top: 2px;">[v0.2.122.4]</span><br /><img id="linkpluginchrome" src="images/chrome_256x256.png" /><img id="linkpluginfirefox" src="images/firefox_256x256.png" /><img id="linkpluginopera" src="images/opera_256x256.png" /></div>]&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="index.php?do=logout" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
<!-- <fieldset style="clear: both;">
<legend>Beheer Account</legend>
<ul>
<li>
</li>
<li>
<button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
</li>
<li>
<label id="labelallaliases" class="pre" for="allaliases" data-translation="label_allaliases">Alle aliassen:</label><output id="aliasstats">[--]</output>
<select id="allaliases" size="10" multiple="multiple" tabindex="300">
</select>
</li>
<li>
<button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
</li>
<li>
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" style="background-position: center;" tabindex="500" data-translation="button_sync">synchroniseer</button>
</li>
</ul>
</fieldset>
-->
MANAGE;
$contentLayout['dialog'] = <<<DIALOG
<ul class="dialog">
<li>
<!--REPL_DIALOGDESC-->
</li>
<li>
<button id="btnhome" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_home">ga naar startpagina</button>
</li>
</ul>
DIALOG;
<?php
error_reporting(E_ALL & ~E_NOTICE);
$pageLayout['full'] = <<<'FULL'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<meta name="theme-color" content="#003399" />
<link rel="icon" type="image/png" sizes="32x32" href="/favicon-32x32.png" />
<link rel="icon" type="image/png" sizes="16x16" href="/favicon-16x16.png" />
<link rel="manifest" href="/manifest.json" />
<link href="misc/style.css" rel="stylesheet" />
<link href="misc/style.theme.css" rel="stylesheet" />
<link href="misc/style.button.css" rel="stylesheet" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.theme.js"></script>
<script src="misc/script.translation.js"></script>
</head>
<body>
<div id="horizon">
<div id="content">
<div class="logo">
<div class="left"><div class="middle">lucidAuth</div></div><div class="right"></div>
<div class="sub"><em>Respect</em> the unexpected; mitigate your risks</div>
</div>
<div class="main">
%1$s
</div>
</div>
</div>
</body>
</html>
FULL;
$pageLayout['bare'] = <<<'BARE'
<!DOCTYPE html>
<html lang="nl">
<head>
<meta charset="utf-8" />
<title>lucidAuth</title>
<meta name="application-name" content="lucidAuth" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.js"></script>
<script src="misc/script.iframe.js"></script>
</head>
<body>
%1$s
</body>
</html>
BARE;
$contentLayout['login'] = <<<'LOGIN'
<script src="misc/script.index.js"></script>
<fieldset>
<legend>Login Details</legend>
<ul>
<li>
<label class="pre" for="username" data-translation="label_username">Gebruikersnaam:</label>
<input type="text" id="username" name="username" tabindex="100" />
<label for="username">@lucidAuth</label>
</li>
<li>
<label class="pre" for="password" data-translation="label_password">Wachtwoord:</label>
<input type="password" id="password" name="password" tabindex="200" />
</li>
<li>
<input type="hidden" id="ref" name="ref" value="%1$s" />
<button id="btnlogin" class="bttn-simple bttn-xs bttn-primary" tabindex="300" data-translation="button_login">login</button>
</li>
<li class="misc">
<span class="indent">&nbsp;</span>
</li>
<li class="misc">
<span class="indent" data-translation="span_credentialsavailable">Inloggegevens verkrijgbaar op aanvraag!</span>
</li>
</ul>
</fieldset>
<img src="/images/tag_lock.png" style="position: absolute; top: 175px; left: 20px;" alt="Secure!" />
LOGIN;
$contentLayout['manage'] = <<<'MANAGE'
<script src="misc/script.manage.js"></script>
<span id="user"><span data-translation="span_loggedinas">Ingelogd als</span>&nbsp;%1$s&nbsp;---&nbsp;[<a id="linklanguage-en" href="#" tabindex="700">EN</a>&nbsp;<a id="linklanguage-nl" class="current" href="#" tabindex="700">NL</a>]&nbsp;[<a href="#" tabindex="800" data-translation="link_logout">Log uit</a>]</span>
<fieldset style="clear: both;">
<legend>Beheer Gebruikers</legend>
<ul>
<li>
</li>
<li>
<button id="btnaliasadd" class="bttn-simple bttn-xs bttn-primary" tabindex="200" data-translation="button_add">voeg toe</button>
</li>
<li>
<label id="labelallaliases" class="pre" for="allaliases" data-translation="label_allaliases">Alle aliassen:</label><output id="aliasstats">[--]</output>
<select id="allaliases" size="10" multiple="multiple" tabindex="300">
</select>
</li>
<li>
<button id="btnaliasdelete" class="bttn-simple bttn-xs bttn-primary" tabindex="400" data-translation="button_delete">verwijder</button>
</li>
<li>
<button id="btnsync" class="bttn-simple bttn-xs bttn-primary" style="background-position: center;" tabindex="500" data-translation="button_sync">synchroniseer</button>
</li>
</ul>
</fieldset>
MANAGE;
?>

104
lucidAuth.config.php.example
View File

@ -1,53 +1,53 @@
<?php
error_reporting(E_ALL & ~E_NOTICE);
include_once('include/JWT/JWT.php');
return (object) array(
'LDAP' => [
'Server' => 'server.domain.tld',
// FQDN of the LDAP-server
'Port' => 389,
// Port of the LDAP-server; default port is 389
'BaseDN' => 'OU=Users,DC=domain,DC=tld',
// Location of your useraccounts
// Syntax:
// 'OU=container,DC=domain,DC=tld'
'Domain' => 'domain'
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
],
'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored
],
'JWT' => [
'PrivateKey_base64' => '',
// A base64-encoded random (preferably long) string (see https://www.base64encode.org/)
'Algorithm' => [
'HS256',
]
],
'Session' => [
'Duration' => 2592000,
// In seconds (2592000 is equivalent to 30 days)
'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
]
// Domain(s) that will be used to set cookie-domains to
// (multiple domains are allowed; remove the '#' above)
],
'Debug' => [
'Verbose' => False,
'LogToFile' => False
]
);
<?php
error_reporting(E_ALL & ~E_NOTICE);
include_once('include/JWT/JWT.php');
return (object) array(
'LDAP' => [
'Server' => 'server.domain.tld',
// FQDN of the LDAP-server
'Port' => 389,
// Port of the LDAP-server; default port is 389
'BaseDN' => 'OU=Users,DC=domain,DC=tld',
// Location of your useraccounts
// Syntax:
// 'OU=container,DC=domain,DC=tld'
'Domain' => 'domain'
// Specify the NetBios name of the domain; to allow users to log on with just their usernames.
],
'Sqlite' => [
'Path' => '../data/lucidAuth.sqlite.db'
// Relative path to the location where the database should be stored
],
'JWT' => [
'PrivateKey_base64' => '',
// A base64-encoded random (preferably long) string (see https://www.base64encode.org/)
'Algorithm' => [
'HS256',
]
],
'Session' => [
'Duration' => 2592000,
// In seconds (2592000 is equivalent to 30 days)
'CrossDomainLogin' => False,
// Set this to True if SingleSignOn (albeit rudementary) is desired
// (cookies are inheritently unaware of each other; clearing cookies for one domain does not affect other domains)
'CookieDomains' => [
'domain1.tld' #, 'domain2.tld', 'subdomain.domain3.tld'
]
// Domain(s) that will be used to set cookie-domains to
// (multiple domains are allowed; remove the '#' above)
],
'Debug' => [
'Verbose' => False,
'LogToFile' => False
]
);
?>

27
public/example.php Normal file
View File

@ -0,0 +1,27 @@
<?php
// Basic example of PHP script to handle with jQuery-Tabledit plug-in.
// Note that is just an example. Should take precautions such as filtering the input data.
header('Content-Type: application/json');
$input = filter_input_array(INPUT_POST);
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
if (mysqli_connect_errno()) {
echo json_encode(array('mysqli' => 'Failed to connect to MySQL: ' . mysqli_connect_error()));
exit;
}
if ($input['action'] === 'edit') {
$mysqli->query("UPDATE users SET username='" . $input['username'] . "', email='" . $input['email'] . "', avatar='" . $input['avatar'] . "' WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'delete') {
$mysqli->query("UPDATE users SET deleted=1 WHERE id='" . $input['id'] . "'");
} else if ($input['action'] === 'restore') {
$mysqli->query("UPDATE users SET deleted=0 WHERE id='" . $input['id'] . "'");
}
mysqli_close($mysqli);
echo json_encode($input);

132
public/lucidAuth.login.php
View File

@ -1,61 +1,73 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if ($_POST['do'] == 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] === 'Success') {
// Store authentication token; in database serverside & in cookie clientside
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
// Since this action is only ever called through an AJAX-request; return JSON object
echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
exit;
}
// Convert base64 encoded string back from JSON;
// forcing it into an associative array (instead of javascript's default StdClass object)
try {
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Since this action is only ever called through an AJAX-request; return JSON object
echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
exit;
}
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
// Since this request is only ever called through an AJAX-request; return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
]);
} else {
switch ($result['reason']) {
case '1':
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Invalid username and/or password"
]);
# echo '{"Result":"Fail","Reason":"Invalid username and/or password"}' . PHP_EOL;
break;
default:
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Uncaught error"
]);
# echo '{"Result":"Fail","Reason":"Uncaught error"}' . PHP_EOL;
break;
}
}
} else {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'], $contentLayout['login']);
}
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if ($_POST['do'] == 'login') {
$result = authenticateLDAP($_POST['username'], $_POST['password']);
if ($result['status'] === 'Success') {
// Store authentication token; in database serverside & in cookie clientside
if (storeToken($result['token'], $settings->LDAP['Domain'] . '\\' . $_POST['username'], $_SERVER['HTTP_HOST'])['status'] !== 'Success') {
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Failed storing authentication token in database and/or cookie"
]);
# echo '{"Result":"Fail","Reason":"Failed storing authentication token in database and/or cookie"}' . PHP_EOL;
exit;
}
// Convert base64 encoded string back from JSON;
// forcing it into an associative array (instead of javascript's default StdClass object)
try {
$proxyHeaders = json_decode(base64_decode($_POST['ref']), JSON_OBJECT_AS_ARRAY);
}
catch (Exception $e) {
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Original request-URI lost in transition"
]);
# echo '{"Result":"Fail","Reason":"Original request URI lost in transition"}' . PHP_EOL;
exit;
}
$originalUri = !empty($proxyHeaders) ? $proxyHeaders['XForwardedProto'] . '://' . $proxyHeaders['XForwardedHost'] . $proxyHeaders['XForwardedUri'] : 'lucidAuth.manage.php';
// Return JSON object
header('Content-Type: application/json');
echo json_encode([
"Result" => "Success",
"Location" => $originalUri,
"CrossDomainLogin" => $settings->Session['CrossDomainLogin']
]);
} else {
switch ($result['reason']) {
case '1':
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Invalid username and/or password"
]);
break;
default:
header('Content-Type: application/json');
echo json_encode([
"Result" => "Failure",
"Reason" => "Uncaught error"
]);
break;
}
}
} else {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'],
sprintf($contentLayout['login'],
$_GET['ref']
)
);
}
?>

44
public/lucidAuth.manage.php
View File

@ -1,19 +1,27 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'], $contentLayout['manage']);
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php");
}
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
if (!empty($_COOKIE['JWT'])) {
$validateTokenResult = validateToken($_COOKIE['JWT']);
}
if ($validateTokenResult['status'] === "Success") {
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['full'],
sprintf($contentLayout['manage'],
$validateTokenResult['name']
)
);
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php");
}
?>

46
public/lucidAuth.setXDomainCookie.php
View File

@ -1,24 +1,24 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
// approach 1:
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
// this might be slower because it means one additional roundtrip between client and server
// approach 2:
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare',
'// iFrames go here'
);
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
// Start with checking $_REQUEST['ref']
// What do we need?
// token again?
// approach 1:
// origin domain, so we can intersect with $settings->Session['CookieDomains'] and iterate through the remaining domains, serving them in one page (which contains iframes already)
// this might be slower because it means one additional roundtrip between client and server
// approach 2:
// let the client setup multiple iframes for all domains other than origin domains
// this requires passing an array of domains to the client in asynchronous reply; which feels insecure
include_once('../include/lucidAuth.template.php');
echo sprintf($pageLayout['bare'],
'// iFrames go here'
);
?>

82
public/lucidAuth.validateRequest.php
View File

@ -1,42 +1,42 @@
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
$proxyHeaders = array();
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
// Trim and then convert all headers to camelCase
$proxyHeaders[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
}
}
// Keep only headers relevant for proxying
$proxyHeaders = array_filter($proxyHeaders, function ($key) {
return substr($key, 0, 10) === 'XForwarded';
}, ARRAY_FILTER_USE_KEY);
// For debugging purposes - enable it in ../lucidAuth.config.php
if ($settings->Debug['LogToFile']) {
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
}
if (sizeof($proxyHeaders) === 0) {
// Non-proxied request; this is senseless, go fetch!
header("HTTP/1.1 403 Forbidden");
exit;
}
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
// Valid authentication token found
header("HTTP/1.1 202 Accepted");
exit;
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
}
<?php
error_reporting(E_ALL ^ E_NOTICE);
include_once('../include/lucidAuth.functions.php');
$proxyHeaders = array();
foreach ($_SERVER as $key => $value) {
if (strpos($key, 'HTTP_') === 0) {
// Trim and then convert all headers to camelCase
$proxyHeaders[str_replace(' ', '', ucwords(str_replace('_', ' ', strtolower(substr($key, 5)))))] = $value;
}
}
// Keep only headers relevant for proxying
$proxyHeaders = array_filter($proxyHeaders, function ($key) {
return substr($key, 0, 10) === 'XForwarded';
}, ARRAY_FILTER_USE_KEY);
// For debugging purposes - enable it in ../lucidAuth.config.php
if ($settings->Debug['LogToFile']) {
file_put_contents('../requestHeaders.log', (new DateTime())->format('Y-m-d\TH:i:s.u') . ' --- ' . (json_encode($proxyHeaders, JSON_FORCE_OBJECT)) . PHP_EOL, FILE_APPEND);
}
if (sizeof($proxyHeaders) === 0) {
// Non-proxied request; this is senseless, go fetch!
header("HTTP/1.1 403 Forbidden");
exit;
}
if (!empty($_COOKIE['JWT']) && validateToken($_COOKIE['JWT'])['status'] === "Success") {
// Valid authentication token found
header("HTTP/1.1 202 Accepted");
exit;
} else {
// No cookie containing valid authentication token found;
// explicitly deleting any remaining cookie, then redirecting to loginpage
setcookie('JWT', FALSE);
header("HTTP/1.1 401 Unauthorized");
header("Location: lucidAuth.login.php?ref=" . base64_encode(json_encode($proxyHeaders)));
}
?>

112
public/misc/script.index.js
View File

@ -1,57 +1,57 @@
$(document).ready(function(){
// Allow user to press enter to submit credentials
$('#username, #password').keypress(function(event) {
if (event.which === 13) {
$('#btnlogin').trigger('click');
}
});
$('#btnlogin').click(function() {
// Give feedback that request has been submitted (and prevent repeated requests)
$('#btnlogin').prop('disabled', true).css({
'background': '#999 url(data:image/gif;base64,R0lGODlhEAAQAPIAAJmZmf///7CwsOPj4////9fX18rKysPDwyH+GkNyZWF0ZWQgd2l0aCBhamF4bG9hZC5pbmZvACH5BAAKAAAAIf8LTkVUU0NBUEUyLjADAQAAACwAAAAAEAAQAAADMwi63P4wyklrE2MIOggZnAdOmGYJRbExwroUmcG2LmDEwnHQLVsYOd2mBzkYDAdKa+dIAAAh+QQACgABACwAAAAAEAAQAAADNAi63P5OjCEgG4QMu7DmikRxQlFUYDEZIGBMRVsaqHwctXXf7WEYB4Ag1xjihkMZsiUkKhIAIfkEAAoAAgAsAAAAABAAEAAAAzYIujIjK8pByJDMlFYvBoVjHA70GU7xSUJhmKtwHPAKzLO9HMaoKwJZ7Rf8AYPDDzKpZBqfvwQAIfkEAAoAAwAsAAAAABAAEAAAAzMIumIlK8oyhpHsnFZfhYumCYUhDAQxRIdhHBGqRoKw0R8DYlJd8z0fMDgsGo/IpHI5TAAAIfkEAAoABAAsAAAAABAAEAAAAzIIunInK0rnZBTwGPNMgQwmdsNgXGJUlIWEuR5oWUIpz8pAEAMe6TwfwyYsGo/IpFKSAAAh+QQACgAFACwAAAAAEAAQAAADMwi6IMKQORfjdOe82p4wGccc4CEuQradylesojEMBgsUc2G7sDX3lQGBMLAJibufbSlKAAAh+QQACgAGACwAAAAAEAAQAAADMgi63P7wCRHZnFVdmgHu2nFwlWCI3WGc3TSWhUFGxTAUkGCbtgENBMJAEJsxgMLWzpEAACH5BAAKAAcALAAAAAAQABAAAAMyCLrc/jDKSatlQtScKdceCAjDII7HcQ4EMTCpyrCuUBjCYRgHVtqlAiB1YhiCnlsRkAAAOwAAAAAAAAAAAA==) no-repeat center',
'color': 'transparent',
'transform': 'rotateX(180deg)'
});
$.post("lucidAuth.login.php", {
do: "login",
username: $('#username').val(),
password: $('#password').val(),
ref: $('#ref').val()
})
.done(function(data,status) {
if (data.Result === 'Success') {
$('#btnlogin').css({
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
if (data.CrossDomainLogin) {
// Create iframes for other domains
console.log('CrossDomainLogin initiated');
}
console.log("Navigating to :" + data.Location);
window.location.replace(data.Location);
}, 2250);
} else {
$('#btnlogin').css({
'background': 'red url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAv0lEQVQ4jaWT0Q3CMAxELwh1BEag87AJ6hcLlE/KBLABrNEV2h26QaXHj4NMGgpS7sfJJXd24kQqRMiRQC3pIKk2apD0DCEMq25ABZyBmSVmW6vWxH1GmKLPmph7xJQReq5dnNmVPQE7oHOCzrhoMts9vQ1OSbYOCBb92OPkDe6ZkqMwJwa4SdJmtS1/YGsx7e9VUiPpYvPG4tHtGUsvcf+RkpI2mkHZQ3ImLd+fcpuKf32meM5R0iOEMOb2F+EF33vgCePVr8UAAAAASUVORK5CYII=) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
// TODO: Add feedback (based on data.Reason)
// Is the redirect needed?
window.location.replace('lucidAuth.login.php'/*+ '?reason=' + data.Reason*/);
}, 2250);
}
});
});
$(document).ready(function(){
// Allow user to press enter to submit credentials
$('#username, #password').keypress(function(event) {
if (event.which === 13) {
$('#btnlogin').trigger('click');
}
});
$('#btnlogin').click(function() {
// Give feedback that request has been submitted (and prevent repeated requests)
$('#btnlogin').prop('disabled', true).css({
'background': '#999 url(data:image/gif;base64,R0lGODlhEAAQAPIAAJmZmf///7CwsOPj4////9fX18rKysPDwyH+GkNyZWF0ZWQgd2l0aCBhamF4bG9hZC5pbmZvACH5BAAKAAAAIf8LTkVUU0NBUEUyLjADAQAAACwAAAAAEAAQAAADMwi63P4wyklrE2MIOggZnAdOmGYJRbExwroUmcG2LmDEwnHQLVsYOd2mBzkYDAdKa+dIAAAh+QQACgABACwAAAAAEAAQAAADNAi63P5OjCEgG4QMu7DmikRxQlFUYDEZIGBMRVsaqHwctXXf7WEYB4Ag1xjihkMZsiUkKhIAIfkEAAoAAgAsAAAAABAAEAAAAzYIujIjK8pByJDMlFYvBoVjHA70GU7xSUJhmKtwHPAKzLO9HMaoKwJZ7Rf8AYPDDzKpZBqfvwQAIfkEAAoAAwAsAAAAABAAEAAAAzMIumIlK8oyhpHsnFZfhYumCYUhDAQxRIdhHBGqRoKw0R8DYlJd8z0fMDgsGo/IpHI5TAAAIfkEAAoABAAsAAAAABAAEAAAAzIIunInK0rnZBTwGPNMgQwmdsNgXGJUlIWEuR5oWUIpz8pAEAMe6TwfwyYsGo/IpFKSAAAh+QQACgAFACwAAAAAEAAQAAADMwi6IMKQORfjdOe82p4wGccc4CEuQradylesojEMBgsUc2G7sDX3lQGBMLAJibufbSlKAAAh+QQACgAGACwAAAAAEAAQAAADMgi63P7wCRHZnFVdmgHu2nFwlWCI3WGc3TSWhUFGxTAUkGCbtgENBMJAEJsxgMLWzpEAACH5BAAKAAcALAAAAAAQABAAAAMyCLrc/jDKSatlQtScKdceCAjDII7HcQ4EMTCpyrCuUBjCYRgHVtqlAiB1YhiCnlsRkAAAOwAAAAAAAAAAAA==) no-repeat center',
'color': 'transparent',
'transform': 'rotateX(180deg)'
});
$.post("lucidAuth.login.php", {
do: "login",
username: $('#username').val(),
password: $('#password').val(),
ref: $('#ref').val()
})
.done(function(data,status) {
if (data.Result === 'Success') {
$('#btnlogin').css({
'background': 'green url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAaklEQVQ4jeXOMQ5AQBBG4T2BC4i76EWich7ncAKbqCRuodTqnMNTkFgJs3ZU4tXz/Rlj/hUQv8EpMAClFk9sjUAiHVcCnoFMwhZYgPYG575Xe46aIOyMdJx7ji9GwrEzUgOFCu8DkRp/qxU2BKCUyZR6ygAAAABJRU5ErkJggg==) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
if (data.CrossDomainLogin) {
// Create iframes for other domains
console.log('CrossDomainLogin initiated');
}
console.log("Navigating to :" + data.Location);
window.location.replace(data.Location);
}, 2250);
} else {
$('#btnlogin').css({
'background': 'red url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAACXBIWXMAAAsTAAALEwEAmpwYAAAAv0lEQVQ4jaWT0Q3CMAxELwh1BEag87AJ6hcLlE/KBLABrNEV2h26QaXHj4NMGgpS7sfJJXd24kQqRMiRQC3pIKk2apD0DCEMq25ABZyBmSVmW6vWxH1GmKLPmph7xJQReq5dnNmVPQE7oHOCzrhoMts9vQ1OSbYOCBb92OPkDe6ZkqMwJwa4SdJmtS1/YGsx7e9VUiPpYvPG4tHtGUsvcf+RkpI2mkHZQ3ImLd+fcpuKf32meM5R0iOEMOb2F+EF33vgCePVr8UAAAAASUVORK5CYII=) no-repeat center',
'transform': 'rotateX(0deg)'
});
setTimeout(function() {
$('#btnlogin').prop('disabled', false).css({
'background': '#003399 linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%) no-repeat center',
'color': '#FFF'
});
// TODO: Add feedback (based on data.Reason)
// Is the redirect needed?
window.location.replace('lucidAuth.login.php'/*+ '?reason=' + data.Reason*/);
}, 2250);
}
});
});
});

6
public/misc/script.table.min.js vendored Normal file
View File

File diff suppressed because one or more lines are too long

36
public/misc/script.theme.js
View File

@ -1,19 +1,19 @@
$(document).ready(function() {
if (localStorage.getItem('theme') != '') {
$('html').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').on('click', function(event) {
if (event.ctrlKey) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('html').removeClass().addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('html').removeClass();
localStorage.removeItem('theme');
}
});
$(document).ready(function() {
if (localStorage.getItem('theme') != '') {
$('html').addClass(localStorage.getItem('theme'));
}
$('.logo .sub').on('click', function(event) {
if (event.ctrlKey) {
var classes = ["tablecloth", "weave", "madras", "tartan", "seigaiha"];
var selectedTheme = classes[~~(Math.random()*classes.length)];
$('html').removeClass().addClass(selectedTheme);
localStorage.setItem('theme', selectedTheme);
}
if (event.altKey) {
$('html').removeClass();
localStorage.removeItem('theme');
}
});
});

12
public/misc/script.translation.js
View File

@ -8,13 +8,9 @@ var locales = {
heading_error: "ERROR!",
label_password: "Password:",
label_username: "Username:",
label_selectbrowser: "Select browser:",
link_install: "Install!",
link_logout: "Logout",
link_plugin: "Browser plugin",
span_credentialsavailable: "Login credentials available upon request!",
span_loggedinas: "Logged in as",
span_plugin: "Browser plugin?"
span_loggedinas: "Logged in as"
},
nl: {
button_add: "voeg toe",
@ -25,13 +21,9 @@ var locales = {
heading_error: "FOUT!",
label_password: "Wachtwoord:",
label_username: "Gebruikersnaam:",
label_selectbrowser: "Selecteer browser:",
link_install: "Installeer!",
link_logout: "Log uit",
link_plugin: "Browser plugin",
span_credentialsavailable: "Inloggegevens verkrijgbaar op aanvraag!",
span_loggedinas: "Ingelogd als",
span_plugin: "Browser plugin?"
span_loggedinas: "Ingelogd als"
} // ... etc.
};

278
public/misc/style.button.css
View File

@ -1,139 +1,139 @@
@charset "UTF-8";
/*!
*
* bttn.css - https://ganapativs.github.io/bttn.css
* Version - 0.2.4
* Demo: https://bttn.surge.sh
*
* Licensed under the MIT license - http://opensource.org/licenses/MIT
*
* Copyright (c) 2016 Ganapati V S (@ganapativs)
*
*/
/* standalone - .bttn-simple */
.bttn-default {
color: #fff;
}
.bttn-primary,
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
color: #1d89ff;
}
.bttn-warning {
color: #feab3a;
}
.bttn-danger {
color: #ff5964;
}
.bttn-success {
color: #28b78d;
}
.bttn-royal {
color: #bd2df5;
}
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
}
.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
border-radius: 4px;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
overflow: hidden;
background: rgba(255,255,255,0.4);
color: #fff;
-webkit-transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
}
.bttn-simple:hover,
.bttn-simple:focus {
opacity: 0.75;
}
.bttn-simple.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-simple.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-simple.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-simple.bttn-default {
background: rgba(255,255,255,0.4);
}
.bttn-simple.bttn-primary {
background: #003399;
background-image: linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%);
}
.bttn-simple.bttn-warning {
background: #feab3a;
}
.bttn-simple.bttn-danger {
background: #ff5964;
}
.bttn-simple.bttn-success {
background: #28b78d;
}
.bttn-simple.bttn-royal {
background: #bd2df5;
}
.bttn-simple.disabled {
background: #999 !important;
color: rgba(255,255,255,0.625);
cursor: default;
text-shadow: 0.375px 0.375px 0 rgba(140,140,140,0.6), -0.375px -0.375px 0.375px rgba(0,0,0,0.67);
opacity: 1;
}
@charset "UTF-8";
/*!
*
* bttn.css - https://ganapativs.github.io/bttn.css
* Version - 0.2.4
* Demo: https://bttn.surge.sh
*
* Licensed under the MIT license - http://opensource.org/licenses/MIT
*
* Copyright (c) 2016 Ganapati V S (@ganapativs)
*
*/
/* standalone - .bttn-simple */
.bttn-default {
color: #fff;
}
.bttn-primary,
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
color: #1d89ff;
}
.bttn-warning {
color: #feab3a;
}
.bttn-danger {
color: #ff5964;
}
.bttn-success {
color: #28b78d;
}
.bttn-royal {
color: #bd2df5;
}
.bttn,
.bttn-lg,
.bttn-md,
.bttn-sm,
.bttn-xs {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
}
.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple {
margin: 0;
padding: 0;
border-width: 0;
border-color: transparent;
border-radius: 4px;
background: transparent;
font-weight: 400;
cursor: pointer;
position: relative;
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
overflow: hidden;
background: rgba(255,255,255,0.4);
color: #fff;
-webkit-transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
transition: all 0.3s cubic-bezier(0.02, 0.01, 0.47, 1);
}
.bttn-simple:hover,
.bttn-simple:focus {
opacity: 0.75;
}
.bttn-simple.bttn-xs {
padding: 3px 8px;
font-size: 12px;
font-family: inherit;
}
.bttn-simple.bttn-sm {
padding: 4px 10px;
font-size: 16px;
font-family: inherit;
}
.bttn-simple.bttn-md {
font-size: 20px;
font-family: inherit;
padding: 5px 12px;
}
.bttn-simple.bttn-lg {
padding: 8px 15px;
font-size: 24px;
font-family: inherit;
}
.bttn-simple.bttn-default {
background: rgba(255,255,255,0.4);
}
.bttn-simple.bttn-primary {
background: #003399;
background-image: linear-gradient(0deg, rgba(255,255,255,0) 0%, rgba(255,255,255,0) 50%, rgba(255,255,255,0.25) 51%);
}
.bttn-simple.bttn-warning {
background: #feab3a;
}
.bttn-simple.bttn-danger {
background: #ff5964;
}
.bttn-simple.bttn-success {
background: #28b78d;
}
.bttn-simple.bttn-royal {
background: #bd2df5;
}
.bttn-simple.disabled {
background: #999 !important;
color: rgba(255,255,255,0.625);
cursor: default;
text-shadow: 0.375px 0.375px 0 rgba(140,140,140,0.6), -0.375px -0.375px 0.375px rgba(0,0,0,0.67);
opacity: 1;
}

476
public/misc/style.css
View File

@ -1,238 +1,238 @@
* {
font-family: Tahoma, sans-serif;
font-size: 16px;
margin: 0;
padding: 0;
}
body {
color: #000000;
background-color: #333333;
margin: 0px;
}
#horizon {
text-align: center;
position: absolute;
top: 50%;
left: 0px;
width: 100%;
height: 1px;
overflow: visible;
visibility: visible;
display: block;
}
#content {
background: url(/images/bg_main_bottom.gif) repeat-x bottom left;
font-family: Tahoma, sans-serif;
border: 3px solid #CCCCCC;
background-color: #FFFFFF;
position: absolute;
left: 50%;
visibility: visible;
border-radius: 5px;
top: -125px;
margin-left: -225px;
height: 220px;
width: 450px;
}
#error .main {
padding: 0 10px;
}
#error ol {
margin: 10px 0;
}
#error span {
margin: 0;
}
#error button {
text-transform: uppercase;
}
.logo {
background: url(/images/bg_header.gif) repeat-x top left;
height: 45px;
z-index: 50;
border-radius: 5px 5px 0 0;
}
.logo .left {
background: url(/images/bg_header_l.gif) no-repeat top left;
position: relative;
top: 4px;
left: 5px;
height: 49px;
float: left;
z-index: 48;
}
.logo .middle {
background: url(/images/bg_header_m.gif) no-repeat 25px 0;
margin: 0 5px;
padding: 5px 10px 0;
height: 49px;
float: left;
z-index: 49;
display: inline;
font-size: 18px;
font-weight: bold;
color: #FFFFFF;
}
.logo .right {
background: url(/images/bg_header_r.gif) no-repeat top left;
position: relative;
top: 4px;
height: 49px;
width: 5px;
float: left;
}
.logo .sub {
margin-top: 12px;
margin-left: 20px;
float: left;
display: inline;
font-size: 13px;
font-weight: bold;
color: #FFFFFF;
}
.logo .sub em {
font-size: 13px;
}
.main {
clear: both;
}
.main fieldset {
border: 0;
}
.main fieldset legend {
visibility: hidden;
}
.main fieldset label.pre {
display: inline-block;
width: 155px;
text-align: right;
vertical-align: top;
margin-top: 3px;
}
.main fieldset label#labelallaliases {
float: left;
}
.main fieldset output#aliasstats {
float: left;
clear: left;
width: 160px;
text-align: right;
font-size: 12px;
}
.main fieldset output#aliasstats:after {
margin-left: 7px;
content: ' ';
}
.main fieldset input {
border: 1px solid #003399;
padding: 2px;
width: 100px;
}
.main fieldset input[type=radio] {
border: none;
margin-top: 7px;
width: 20px;
}
.main fieldset button {
margin-left: 160px;
text-transform: uppercase;
}
.main fieldset select {
border: 1px solid #003399;
padding: 2px;
width: 375px;
}
.main fieldset select .new {
font-weight: bold;
}
.main fieldset select .deleted {
text-decoration: line-through;
}
.main fieldset#signup label.pre {
width: 205px;
}
.main fieldset#signup span.indent, .main fieldset#signup input.button {
margin-left: 210px;
}
.main li {
list-style: none;
padding: 5px;
text-align: left;
}
.main li.misc {
padding: 0 5px;
}
.main span,
.main strong,
.main a {
font-size: 12px;
}
.main span.indent {
color: #666666;
margin-left: 160px;
}
.main span.dialogdesc {
margin-left: 10px;
}
.main a:link, .main a:visited {
color: #003399;
text-decoration: none;
}
.main a:hover, .main a:active {
text-decoration: underline;
}
.main span#user {
color: #666666;
float: right;
margin: 0 5px 0 0;
}
.main span#user,
.main span#user a {
font-size: 12px;
}
.main span#user a:link, .main span#user a:visited {
color: #001177;
text-decoration: none;
}
.main span#user a:hover, .main span#user a:active {
text-decoration: underline;
}
.main span#user a.current {
text-decoration: none;
font-weight: 900;
cursor: default;
color: #666666;
}
.main span#user a.current:before {
content: '\00bb';
font-weight: 100;
}
.main span#user a.current:after {
content: '\00ab';
font-weight: 100;
}
.main span#user nav {
display: inline;
}
.main span#user #pluginlogos {
display: none;
position: absolute;
top: 72px;
right: 10px;
height: 112px;
width: 250px;
border: 1px solid rgb(0, 51, 153);
box-shadow: black 0px 0px 20px;
box-sizing: border-box;
padding-top: 5px;
background: white;
font-size: inherit;
font-weight: bold;
}
.main span#user #pluginlogos img {
width: 75px;
height: 75px;
filter: saturate(500%) contrast(200%) grayscale(100%) opacity(50%);
transition: all 375ms;
cursor: pointer;
}
* {
font-family: Tahoma, sans-serif;
font-size: 16px;
margin: 0;
padding: 0;
}
body {
color: #000000;
background-color: #333333;
margin: 0px;
}
#horizon {
text-align: center;
position: absolute;
top: 50%;
left: 0px;
width: 100%;
height: 1px;
overflow: visible;
visibility: visible;
display: block;
}
#content {
background: url(/images/bg_main_bottom.gif) repeat-x bottom left;
font-family: Tahoma, sans-serif;
border: 3px solid #CCCCCC;
background-color: #FFFFFF;
position: absolute;
left: 50%;
visibility: visible;
border-radius: 5px;
top: -125px;
margin-left: -225px;
height: 220px;
width: 450px;
}
#error .main {
padding: 0 10px;
}
#error ol {
margin: 10px 0;
}
#error span {
margin: 0;
}
#error button {
text-transform: uppercase;
}
.logo {
background: url(/images/bg_header.gif) repeat-x top left;
height: 45px;
z-index: 50;
border-radius: 5px 5px 0 0;
}
.logo .left {
background: url(/images/bg_header_l.gif) no-repeat top left;
position: relative;
top: 4px;
left: 5px;
height: 49px;
float: left;
z-index: 48;
}
.logo .middle {
background: url(/images/bg_header_m.gif) no-repeat 25px 0;
margin: 0 5px;
padding: 5px 10px 0;
height: 49px;
float: left;
z-index: 49;
display: inline;
font-size: 18px;
font-weight: bold;
color: #FFFFFF;
}
.logo .right {
background: url(/images/bg_header_r.gif) no-repeat top left;
position: relative;
top: 4px;
height: 49px;
width: 5px;
float: left;
}
.logo .sub {
margin-top: 12px;
margin-left: 20px;
float: left;
display: inline;
font-size: 13px;
font-weight: bold;
color: #FFFFFF;
}
.logo .sub em {
font-size: 13px;
}
.main {
clear: both;
}
.main fieldset {
border: 0;
}
.main fieldset legend {
visibility: hidden;
}
.main fieldset label.pre {
display: inline-block;
width: 155px;
text-align: right;
vertical-align: top;
margin-top: 3px;
}
.main fieldset label#labelallaliases {
float: left;
}
.main fieldset output#aliasstats {
float: left;
clear: left;
width: 160px;
text-align: right;
font-size: 12px;
}
.main fieldset output#aliasstats:after {
margin-left: 7px;
content: ' ';
}
.main fieldset input {
border: 1px solid #003399;
padding: 2px;
width: 100px;
}
.main fieldset input[type=radio] {
border: none;
margin-top: 7px;
width: 20px;
}
.main fieldset button {
margin-left: 160px;
text-transform: uppercase;
}
.main fieldset select {
border: 1px solid #003399;
padding: 2px;
width: 375px;
}
.main fieldset select .new {
font-weight: bold;
}
.main fieldset select .deleted {
text-decoration: line-through;
}
.main fieldset#signup label.pre {
width: 205px;
}
.main fieldset#signup span.indent, .main fieldset#signup input.button {
margin-left: 210px;
}
.main li {
list-style: none;
padding: 5px;
text-align: left;
}
.main li.misc {
padding: 0 5px;
}
.main span,
.main strong,
.main a {
font-size: 12px;
}
.main span.indent {
color: #666666;
margin-left: 160px;
}
.main span.dialogdesc {
margin-left: 10px;
}
.main a:link, .main a:visited {
color: #003399;
text-decoration: none;
}
.main a:hover, .main a:active {
text-decoration: underline;
}
.main span#user {
color: #666666;
float: right;
margin: 0 5px 0 0;
}
.main span#user,
.main span#user a {
font-size: 12px;
}
.main span#user a:link, .main span#user a:visited {
color: #001177;
text-decoration: none;
}
.main span#user a:hover, .main span#user a:active {
text-decoration: underline;
}
.main span#user a.current {
text-decoration: none;
font-weight: 900;
cursor: default;
color: #666666;
}
.main span#user a.current:before {
content: '\00bb';
font-weight: 100;
}
.main span#user a.current:after {
content: '\00ab';
font-weight: 100;
}
.main span#user nav {
display: inline;
}
.main span#user #pluginlogos {
display: none;
position: absolute;
top: 72px;
right: 10px;
height: 112px;
width: 250px;
border: 1px solid rgb(0, 51, 153);
box-shadow: black 0px 0px 20px;
box-sizing: border-box;
padding-top: 5px;
background: white;
font-size: inherit;
font-weight: bold;
}
.main span#user #pluginlogos img {
width: 75px;
height: 75px;
filter: saturate(500%) contrast(200%) grayscale(100%) opacity(50%);
transition: all 375ms;
cursor: pointer;
}

76
public/misc/style.theme.css
View File

@ -1,39 +1,39 @@
html.tablecloth {
height: 100%;
background: repeating-linear-gradient(-45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.6) 0, rgba(68, 68, 68, 0.2) 2em),
repeating-linear-gradient(45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.4) 0, rgba(68, 68, 68, 0.1) 2em), #666;
background-blend-mode: multiply;
}
html.weave {
background: linear-gradient(45deg, #666 12%, transparent 0, transparent 88%, #666 0),
linear-gradient(135deg, transparent 37%, #888 0, #888 63%, transparent 0),
linear-gradient(45deg, transparent 37%, #666 0, #666 63%, transparent 0),
#444;
background-size: 40px 40px;
}
html.madras {
height: 100%;
background-color: #e9d4b9;
background-image: repeating-linear-gradient(45deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 120px, rgba(11, 36, 45, 0.5) 120px, rgba(11, 36, 45, 0.5) 140px),
repeating-linear-gradient(135deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 140px, rgba(11, 36, 45, 0.5) 140px, rgba(11, 36, 45, 0.5) 160px);
}
html.tartan {
height: 100%;
background-color: #a0302c;
background-image: repeating-linear-gradient(20deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
repeating-linear-gradient(290deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
repeating-linear-gradient(145deg, transparent, transparent 2px, rgba(0, 0, 0, 0.2) 2px, rgba(0, 0, 0, 0.2) 3px, transparent 3px, transparent 5px, rgba(0, 0, 0, 0.2) 5px);
}
html.seigaiha {
background-color: grey;
background-image: radial-gradient(circle at 100% 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 50% 100%, silver 10%, grey 11%, grey 23%, silver 24%, silver 30%, grey 31%, grey 43%, silver 44%, silver 50%, grey 51%, grey 63%, silver 64%, silver 71%, rgba(0, 0, 0, 0) 71%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 100% 50%, silver 5%, grey 6%, grey 15%, silver 16%, silver 20%, grey 21%, grey 30%, silver 31%, silver 35%, grey 36%, grey 45%, silver 46%, silver 49%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 50%, silver 5%, grey 6%, grey 15%, silver 16%, silver 20%, grey 21%, grey 30%, silver 31%, silver 35%, grey 36%, grey 45%, silver 46%, silver 49%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0));
background-size: 100px 50px;
html.tablecloth {
height: 100%;
background: repeating-linear-gradient(-45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.6) 0, rgba(68, 68, 68, 0.2) 2em),
repeating-linear-gradient(45deg, transparent, transparent 1em, rgba(136, 136, 136, 0.4) 0, rgba(136, 136, 136, 0.1) 2em, transparent 0, transparent 1em, rgba(136, 136, 136, 0.3) 0, rgba(136, 136, 136, 0.2) 4em, transparent 0, transparent 1em, rgba(68, 68, 68, 0.4) 0, rgba(68, 68, 68, 0.1) 2em), #666;
background-blend-mode: multiply;
}
html.weave {
background: linear-gradient(45deg, #666 12%, transparent 0, transparent 88%, #666 0),
linear-gradient(135deg, transparent 37%, #888 0, #888 63%, transparent 0),
linear-gradient(45deg, transparent 37%, #666 0, #666 63%, transparent 0),
#444;
background-size: 40px 40px;
}
html.madras {
height: 100%;
background-color: #e9d4b9;
background-image: repeating-linear-gradient(45deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 120px, rgba(11, 36, 45, 0.5) 120px, rgba(11, 36, 45, 0.5) 140px),
repeating-linear-gradient(135deg, transparent 5px, rgba(11, 36, 45, 0.5) 5px, rgba(11, 36, 45, 0.5) 10px, rgba(211, 119, 111, 0) 10px, rgba(211, 119, 111, 0) 35px, rgba(211, 119, 111, 0.5) 35px, rgba(211, 119, 111, 0.5) 40px, rgba(11, 36, 45, 0.5) 40px, rgba(11, 36, 45, 0.5) 50px, rgba(11, 36, 45, 0) 50px, rgba(11, 36, 45, 0) 60px, rgba(211, 119, 111, 0.5) 60px, rgba(211, 119, 111, 0.5) 70px, rgba(247, 179, 85, 0.5) 70px, rgba(247, 179, 85, 0.5) 80px, rgba(247, 179, 85, 0) 80px, rgba(247, 179, 85, 0) 90px, rgba(211, 119, 111, 0.5) 90px, rgba(211, 119, 111, 0.5) 110px, rgba(211, 119, 111, 0) 110px, rgba(211, 119, 111, 0) 140px, rgba(11, 36, 45, 0.5) 140px, rgba(11, 36, 45, 0.5) 160px);
}
html.tartan {
height: 100%;
background-color: #a0302c;
background-image: repeating-linear-gradient(20deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
repeating-linear-gradient(290deg, transparent, transparent 50px, rgba(0, 0, 0, 0.4) 50px, rgba(0, 0, 0, 0.4) 53px, transparent 53px, transparent 63px, rgba(0, 0, 0, 0.4) 63px, rgba(0, 0, 0, 0.4) 66px, transparent 66px, transparent 116px, rgba(0, 0, 0, 0.5) 116px, rgba(0, 0, 0, 0.5) 166px, rgba(255, 255, 255, 0.2) 166px, rgba(255, 255, 255, 0.2) 169px, rgba(0, 0, 0, 0.5) 169px, rgba(0, 0, 0, 0.5) 179px, rgba(255, 255, 255, 0.2) 179px, rgba(255, 255, 255, 0.2) 182px, rgba(0, 0, 0, 0.5) 182px, rgba(0, 0, 0, 0.5) 232px, transparent 232px),
repeating-linear-gradient(145deg, transparent, transparent 2px, rgba(0, 0, 0, 0.2) 2px, rgba(0, 0, 0, 0.2) 3px, transparent 3px, transparent 5px, rgba(0, 0, 0, 0.2) 5px);
}
html.seigaiha {
background-color: grey;
background-image: radial-gradient(circle at 100% 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 150%, grey 24%, silver 25%, silver 28%, grey 29%, grey 36%, silver 36%, silver 40%, rgba(0, 0, 0, 0) 40%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 50% 100%, silver 10%, grey 11%, grey 23%, silver 24%, silver 30%, grey 31%, grey 43%, silver 44%, silver 50%, grey 51%, grey 63%, silver 64%, silver 71%, rgba(0, 0, 0, 0) 71%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 100% 50%, silver 5%, grey 6%, grey 15%, silver 16%, silver 20%, grey 21%, grey 30%, silver 31%, silver 35%, grey 36%, grey 45%, silver 46%, silver 49%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0)),
radial-gradient(circle at 0 50%, silver 5%, grey 6%, grey 15%, silver 16%, silver 20%, grey 21%, grey 30%, silver 31%, silver 35%, grey 36%, grey 45%, silver 46%, silver 49%, rgba(0, 0, 0, 0) 50%, rgba(0, 0, 0, 0));
background-size: 100px 50px;
}