public function __construct()
{
parent::__construct();
init_painel();
user_logout();
$this->load->model('auditoria_model', 'auditoria');
}
public function __construct()
{
parent::__construct();
init_painel();
user_logout();
$this->load->model('settings_model', 'settings');
}
public function __construct()
{
parent::__construct();
init_painel();
user_logout();
$this->load->model('pagina_model', 'paginas');
}
/**
* Determine whether the page is configured to be offline.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$request = $event->getRequest();
$route_match = RouteMatch::createFromRequest($request);
$path = $request->attributes->get('_system_path');
if ($this->maintenanceMode->applies($route_match)) {
// If the site is offline, log out unprivileged users.
if ($this->account->isAuthenticated() && !$this->maintenanceMode->exempt($this->account)) {
user_logout();
// Redirect to homepage.
$event->setResponse(new RedirectResponse($this->url('<front>', [], ['absolute' => TRUE])));
return;
}
if ($this->account->isAnonymous() && $path == 'user') {
// Forward anonymous user to login page.
$event->setResponse(new RedirectResponse($this->url('user.login', [], ['absolute' => TRUE])));
return;
}
}
if ($this->account->isAuthenticated()) {
if ($path == 'user/login') {
// If user is logged in, redirect to 'user' instead of giving 403.
$event->setResponse(new RedirectResponse($this->url('user.page', [], ['absolute' => TRUE])));
return;
}
if ($path == 'user/register') {
// Authenticated user should be redirected to user edit page.
$event->setResponse(new RedirectResponse($this->url('entity.user.edit_form', ['user' => $this->account->id()], ['absolute' => TRUE])));
return;
}
}
}
/**
* Determine whether the page is configured to be offline.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$request = $event->getRequest();
$route_match = RouteMatch::createFromRequest($request);
$path = $request->attributes->get('_system_path');
if ($this->maintenanceMode->applies($route_match)) {
// If the site is offline, log out unprivileged users.
if ($this->account->isAuthenticated() && !$this->maintenanceMode->exempt($this->account)) {
user_logout();
// Redirect to homepage.
$event->setResponse(new RedirectResponse($this->url('<front>', [], ['absolute' => TRUE])));
return;
}
}
if ($this->account->isAuthenticated()) {
if ($path == 'user/login') {
// If the user is already logged in, redirect to their profile page.
$event->setResponse($this->redirect('entity.user.canonical', ['user' => $this->account->id()]));
return;
}
if ($path == 'user/register') {
// If the user is already registered, redirect to their edit page.
$event->setResponse(new RedirectResponse($this->url('entity.user.edit_form', ['user' => $this->account->id()], ['absolute' => TRUE])));
return;
}
}
}
function logout_page()
{
user_logout();
header("Location: " . BASE_URL);
/* Redirect browser */
exit;
}
public function cosign_cosignlogout()
{
$logout = CosignSharedFunctions::cosign_logout_url();
user_logout();
$response = new TrustedRedirectResponse($logout);
//this had to be done of user was logged into cosign/drupal for several minutes after logging out
//for ref - Cookie($name, $value, $minutes, $path, $domain, $secure, $httpOnly)
//set value to nonsense and domain to blank so it becomes a host cookie.
$response->headers->setCookie(new Cookie('cosign-' . $_SERVER['HTTP_HOST'], 'jibberish', 0, '/', '', -1, 0));
return $response;
}
function ActionHandler()
{
global $action;
if ($action == 'login') {
header('Location: ' . config_get('document-root') . '/login');
}
if ($action == 'logout') {
user_logout();
redirect();
}
}
public function inicio()
{
if (user_logout(FALSE)) {
set_tema('titulo', 'HOME');
set_tema('conteudo', '<div class="lager-12 columns"><p>Escolha um menu para iniciar</p></div>');
load_template();
} else {
set_msg('errologin', 'Acesso restrito, faça login antes de prosseguir', 'error');
redirect('usuarios/login');
}
}
function config_log_request()
{
if (!user_is_authenticated()) {
return;
}
$allowed_users = file('invite.php');
if (!in_array(strtolower(user_current_username()) . "\n", $allowed_users)) {
user_logout();
die("对不起,您不是受邀用户,无法登录。");
}
}
/**
* Logout users if site is in maintenance mode.
*
* @param \Symfony\Component\HttpKernel\Event\GetResponseEvent $event
* The event to process.
*/
public function onKernelRequestMaintenance(GetResponseEvent $event)
{
$request = $event->getRequest();
$route_match = RouteMatch::createFromRequest($request);
if ($this->maintenanceMode->applies($route_match)) {
// If the site is offline, log out unprivileged users.
if ($this->account->isAuthenticated() && !$this->maintenanceMode->exempt($this->account)) {
user_logout();
// Redirect to homepage.
$event->setResponse($this->redirect($this->url('<front>')));
}
}
}
function main()
{
global $lang, $smarty;
if (user_loggedin()) {
if (isset($_GET['do']) && $_GET['do'] == 'logout') {
user_logout();
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} elseif (user_loggedin()) {
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} else {
utils_redirect();
}
} elseif (sess_remove('logout_done')) {
function myredirect()
{
login_redirect('index.php');
}
add_filter('wp_head', 'myredirect');
$content = SHARED_TPLS . 'login_success.tpl';
} elseif (empty($_POST)) {
$content = SHARED_TPLS . 'login.tpl';
} else {
// validate after a POST
if (login_validate()) {
utils_redirect('login.php');
} else {
$smarty->assign($_POST);
$content = SHARED_TPLS . 'login.tpl';
}
}
// Set page title and content
// first parameter is Title, second is content.
// Content can be both a shared tpl or raw html content; in this last case
// you have to set the third optional parameter to true
$smarty->assign('subject', $lang['login']['head']);
$smarty->assign('content', $content);
}
function auth_start()
{
if (!isset($_SESSION)) {
set_time_limit(60);
session_cache_limiter('private');
session_start();
set_time_limit(30);
}
if (isset($_SESSION['REMOTE_ADDR']) && $_SESSION['REMOTE_ADDR'] != $_SERVER['REMOTE_ADDR']) {
session_regenerate_id();
$_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
}
if (!isset($_SESSION['REMOTE_ADDR'])) {
$_SESSION['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
}
if (isset($_SESSION['site_key']) && $_SESSION['site_key'] != SITE_KEY) {
user_logout();
}
}
function auditoria($operacao, $observacao, $query = TRUE)
{
$CI =& get_instance();
$CI->load->library('session');
$CI->load->model('auditoria_model', 'auditoria');
if (user_logout(FALSE)) {
$user_id = $CI->session->userdata('user_id');
$user_login = $CI->usuarios->get_by_id($user_id)->row()->login;
} else {
$user_login = '******';
}
if ($query) {
$last_query = $CI->db->last_query();
} else {
$last_query = '';
}
$dados = array('usuario' => $user_login, 'operacao' => $operacao, 'query' => $last_query, 'observacao' => $observacao);
$CI->auditoria->do_insert($dados, FALSE);
}
/**
* Logs the current user out.
*
* @return \Symfony\Component\HttpFoundation\RedirectResponse
* A redirection to home page.
*/
public function logout()
{
user_logout();
return $this->redirect('<front>');
}
break;
}
if (isset($_POST['username']) && isset($_POST['password'])) {
$username = mysql_real_escape_string(trim($_POST['username']));
$password = mysql_real_escape_string(trim($_POST['password']));
if (empty($username) or empty($password)) {
break;
}
$success = user_login($username, $password);
}
break;
case 'logout':
if (!user_isloggedin()) {
break;
}
$success = user_logout();
break;
default:
break;
}
}
if ($success) {
echo 'success';
} else {
echo 'failed';
}
exit;
}
?>
<!DOCTYPE html>
<html>
function synlogout($get, $post)
{
if (!API_SYNLOGOUT) {
return API_RETURN_FORBIDDEN;
}
// drupal user logout
chdir(DRUPAL_ROOT_PATH);
require_once './includes/bootstrap.inc';
drupal_bootstrap(DRUPAL_BOOTSTRAP_FULL);
$path = drupal_get_path('module', 'user');
include_once $path . '/user.pages.inc';
watchdog(t('user'), t('synlogout:@username /' . $GLOBALS['user']->name . '/' . $GLOBALS['user']->uid, array('@username' => 'SYN-star')));
user_logout();
watchdog(t('user'), t('synlogout:@username /' . $GLOBALS['user']->name . '/' . $GLOBALS['user']->uid, array('@username' => 'SYN-end')));
return API_RETURN_SUCCEED;
}
function twitter_process($url, $post_data = false)
{
if ($post_data === true) {
$post_data = array();
}
if (user_type() == 'oauth' && (strpos($url, '/twitter.com') !== false || strpos($url, 'api.twitter.com') !== false)) {
user_oauth_sign($url, $post_data);
} elseif (strpos($url, 'api.twitter.com') !== false && is_array($post_data)) {
// Passing $post_data as an array to twitter.com (non-oauth) causes an error :(
$s = array();
foreach ($post_data as $name => $value) {
$s[] = $name . '=' . urlencode($value);
}
$post_data = implode('&', $s);
}
$api_start = microtime(1);
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $url);
if ($post_data !== false && !$_GET['page']) {
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
}
if (user_type() != 'oauth' && user_is_authenticated()) {
curl_setopt($ch, CURLOPT_USERPWD, user_current_username() . ':' . $GLOBALS['user']['password']);
}
//from http://github.com/abraham/twitteroauth/blob/master/twitteroauth/twitteroauth.php
curl_setopt($ch, CURLOPT_RETURNTRANSFER, TRUE);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
curl_setopt($ch, CURLOPT_HEADER, FALSE);
$response = curl_exec($ch);
$response_info = curl_getinfo($ch);
$erno = curl_errno($ch);
$er = curl_error($ch);
curl_close($ch);
global $api_time;
$api_time += microtime(1) - $api_start;
switch (intval($response_info['http_code'])) {
case 200:
case 201:
$json = json_decode($response);
if ($json) {
return $json;
}
return $response;
case 401:
user_logout();
theme('error', "<p>Error: Login credentials incorrect.</p><p>{$response_info['http_code']}: {$result}</p><hr><p>{$url}</p>");
case 0:
$result = $erno . ":" . $er . "<br />";
/*
foreach ($response_info as $key => $value)
{
$result .= "Key: $key; Value: $value<br />";
}
*/
theme('error', '<h2>Twitter timed out</h2><p>Dabr gave up on waiting for Twitter to respond. They\'re probably overloaded right now, try again in a minute. <br />' . $result . ' </p>');
default:
$result = json_decode($response);
$result = $result->error ? $result->error : $response;
if (strlen($result) > 500) {
$result = 'Something broke on Twitter\'s end.';
/*
$result .= $erno . ":" . $er . "<br />" ;
foreach ($response_info as $key => $value)
{
$result .= "Key: $key; Value: $value<br />";
}
*/
}
theme('error', "<h2>An error occured while calling the Twitter API</h2><p>{$response_info['http_code']}: {$result}</p><hr><p>{$url}</p>");
}
}
/**
* @inheritDoc
*/
public function logout()
{
module_load_include('inc', 'user', 'user.pages');
user_logout();
}
// Grab the action (login or logout).
$action = '';
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
if (isset($_POST['action'])) {
$action = $_POST['action'];
}
}
// Login and/or logout.
list($username, $password, $invalid_login) = user_login();
if ($action != 'login') {
$invalid_login = false;
}
if ($action == 'logout' || $invalid_login) {
list($username, $password) = user_logout();
}
if (ini_get('max_execution_time') < 60) {
@ini_set('max_execution_time', '60');
}
// Pull the calendars off the GET line if provided. The $cal_filename
// is always an array, because this makes it easier to deal with below.
$cal_filenames = array();
if (isset($_GET['cal']) && $_GET['cal'] != '') {
// If the cal value is not an array, split it into an array on
// commas.
if (!is_array($_GET['cal'])) {
$_GET['cal'] = explode(',', $_GET['cal']);
}
// Grab the calendar filenames off the cal value array.
$cal_filenames = $_GET['cal'];
/**
* Used to load the requested page from POST or GET
* @global type $input
*/
function load_page()
{
global $input;
$action = $input['action'];
$redraw = false;
//
// Actions
//
// Controller goes here
switch ($action) {
// The user clicked on an album, we display its content to them
// Display the help page
case 'view_help':
view_help();
break;
case 'view_settings':
view_settings();
break;
// In case we want to log out
// In case we want to log out
case 'logout':
user_logout();
break;
// The only case when we could possibly arrive here with a session created
// and a "login" action is when the user refreshed the page. In that case,
// we redraw the page with the last information saved in the session variables.
// The only case when we could possibly arrive here with a session created
// and a "login" action is when the user refreshed the page. In that case,
// we redraw the page with the last information saved in the session variables.
case 'login':
redraw_page();
break;
case 'anonymous_login':
anonymous_login();
break;
case 'admin_mode_update':
admin_mode_update();
break;
case 'view_album_assets':
view_album_assets();
break;
case 'view_asset_details':
view_asset_details();
break;
case 'view_asset_bookmark':
view_asset_bookmark();
break;
case 'search_bookmark':
bookmarks_search();
break;
case 'sort_asset_bookmark':
bookmarks_sort();
break;
case 'add_asset_bookmark':
bookmark_add();
break;
case 'add_asset_thread':
thread_add();
break;
case 'add_thread_comment':
comment_add();
break;
case 'add_thread_comment_answer':
comment_add_reply();
break;
case 'update_thread_comment':
comment_edit();
break;
case 'update_asset_thread':
thread_edit();
break;
case 'thread_details_view':
thread_details_update();
break;
case 'delete_asset_thread':
thread_delete();
break;
case 'delete_thread_comment':
comment_delete();
break;
case 'edit_settings':
preferences_update();
break;
case 'edit_asset_meta':
asset_edit_meta();
break;
case 'vote':
vote_add();
break;
case 'approve':
comment_edit_approval();
break;
case 'threads_list_view':
threads_list_update();
break;
case 'copy_bookmark':
bookmark_copy();
break;
case 'share_popup':
share_popup();
break;
case 'bookmark_popup':
bookmark_popup();
break;
case 'bookmarks_popup':
bookmarks_popup();
break;
case 'remove_asset_bookmark':
bookmark_delete();
break;
case 'remove_asset_bookmarks':
bookmarks_delete_all();
break;
case 'view_import':
view_import();
break;
case 'upload_bookmarks':
bookmarks_upload();
break;
case 'import_bookmarks':
bookmarks_import();
break;
case 'export_bookmarks':
bookmarks_export();
break;
case 'export_album_bookmarks':
bookmarks_export_all();
break;
case 'export_asset_bookmarks':
bookmarks_export_all(true);
break;
case 'delete_bookmarks':
bookmarks_delete();
break;
case 'move_album_token':
album_token_move();
break;
case 'delete_album_token':
album_token_delete();
break;
case 'client_trace':
client_trace();
break;
// No action selected: we choose to display the homepage again
// No action selected: we choose to display the homepage again
default:
// TODO: check session var here
view_main();
}
}
/**
* 退出处理
*/
public function logout()
{
session_start();
user_logout();
}
function check_online()
{
log_debug("user_auth", "Executing user_online()");
if (empty($_SESSION["user"]["authkey"])) {
// if user has no login data, don't bother trying to check
return 0;
}
if (!preg_match("/^[a-zA-Z0-9]*\$/", $_SESSION["user"]["authkey"])) {
// make sure the key is valid info, NOT AN SQL INJECTION.
return 0;
}
if (isset($GLOBALS["cache"]["user"]["online"])) {
// we have already checked if the user is online, so don't bother checking again
return 1;
} else {
// determine timeout
if (empty($GLOBALS["config"]["SESSION_TIMEOUT"])) {
// default == two hours (in seconds)
$session_timeout = 7200;
} else {
// use configured setting
$session_timeout = $GLOBALS["config"]["SESSION_TIMEOUT"];
}
// get user session data
$sql_session_obj = new sql_query();
$sql_session_obj->string = "SELECT id, time, ipv4, ipv6 FROM `users_sessions` WHERE authkey='" . $_SESSION["user"]["authkey"] . "' LIMIT 1";
$sql_session_obj->execute();
if ($sql_session_obj->num_rows()) {
$sql_session_obj->fetch_array();
// Verify the IP address
//
// This check is designed to reduce the risk of any theft of session information, by forcing the session
// to be linked to the user's IP - stealing session data and connecting from another location will
// be denied.
//
// There is some trickiness to support IPv4/IPv6 mixed environments, as sometimes browers will swap between
// IPv4 and IPv6 addressing in a session, so we trust the first IPv4 and the first IPv6 addresses that the
// host identifies with, then deny all future ones.
//
if (ip_type_detect($_SERVER["REMOTE_ADDR"]) == 6) {
if (!empty($sql_session_obj->data[0]["ipv6"])) {
if ($_SERVER["REMOTE_ADDR"] != $sql_session_obj->data[0]["ipv6"]) {
// the current IPv6 address does not match the one for this session
// denied
return 0;
}
} else {
// this session hasn't connected via IPv6 before, add it to the session info.
$sql_obj = new sql_query();
$sql_obj->string = "UPDATE `users_sessions` SET ipv6='" . $_SERVER["REMOTE_ADDR"] . "' WHERE authkey='" . $_SESSION["user"]["authkey"] . "' LIMIT 1";
$sql_obj->execute();
}
} else {
if (!empty($sql_session_obj->data[0]["ipv4"])) {
if ($_SERVER["REMOTE_ADDR"] != $sql_session_obj->data[0]["ipv4"]) {
// the current IPv4 address does not match the one for this session
// denied
return 0;
}
} else {
// this session hasn't connected via IPv4 before, add it to the session info.
$sql_obj = new sql_query();
$sql_obj->string = "UPDATE `users_sessions` SET ipv4='" . $_SERVER["REMOTE_ADDR"] . "' WHERE authkey='" . $_SESSION["user"]["authkey"] . "' LIMIT 1";
$sql_obj->execute();
}
}
$time = time();
if ($time < $sql_session_obj->data[0]["time"] + $session_timeout) {
// we want to update the time value in the database, but we don't want to do this
// on every single page load - no need, and a waste of performance.
//
// therefore, we only update the time record in the DB if it's older than 30 minutes. We use
// this time to see if the user has been inactive for long periods of time, to log them out.
if ($time - $sql_session_obj->data[0]["time"] > 1800) {
// update time field
$sql_obj = new sql_query();
$sql_obj = $this->getSessionDatabase($sql_obj);
$sql_obj->string = "UPDATE `users_sessions` SET time='{$time}' WHERE authkey='" . $_SESSION["user"]["authkey"] . "' LIMIT 1";
$sql_obj->execute();
}
// save to cache
$GLOBALS["cache"]["user"]["online"] = 1;
// user is logged in.
return 1;
} else {
// The user hasn't accessed a page for 2 hours, we log em' out for security reasons.
// We save the query string, so they can easily log back in to where they were.
$_SESSION["login"]["previouspage"] = $_SERVER["QUERY_STRING"];
// log user out
user_logout();
// set the timeout flag. (so the login message is different)
$_SESSION["user"]["timeout"] = "flagged";
}
}
}
return 0;
}
function check_post_many()
{
$check_time = 4;
$maxt_num = 40;
//The maximum number of times a request within 5 seconds. More than the automatic withdrawal
$total_time = 60;
//10nmin
$total_time_num = 500;
//Unrestricted administrator
if (isset($_SESSION['kod_user']) && $_SESSION['kod_user']['role'] == 'root') {
return;
}
//Upload unlimited
$URI = $GLOBALS['in']['URLremote'];
if (isset($URI[1]) && $URI[1] == 'fileUpload') {
return;
}
$session_key = 'check_post_many';
$_SESSION['check_session_has'] = 'kodexplorer';
if (!isset($_SESSION[$session_key])) {
$_SESSION[$session_key] = array('last_time' => time(), 'total_num' => 0, 'max_time' => time(), 'max_num' => 0);
} else {
$info = $_SESSION[$session_key];
//---- Short term concurrency control
if (time() - $info['last_time'] >= $check_time) {
//Greater than the length s Empty
$info = array('last_time' => time(), 'total_num' => 0, 'max_time' => time(), 'max_num' => 0);
} else {
if ($info['total_num'] >= $maxt_num) {
//100 times greater than the exit
user_logout();
} else {
$info['total_num'] += 1;
}
}
//----Total control
if (time() - $info['max_time'] >= $total_time) {
//Greater than the length s Empty
$info = array('last_time' => time(), 'total_num' => 0, 'max_time' => time(), 'max_num' => 0);
} else {
if ($info['total_num'] >= $total_time_num) {
//100 times greater than the exit
user_logout();
} else {
$info['max_num'] += 1;
}
}
$_SESSION[$session_key] = $info;
}
}
function logout_page()
{
user_logout();
$content = theme('logged_out');
theme('page', 'Logged out', $content);
}
function logout()
{
module_load_include('inc', 'user', 'user.pages');
return user_logout();
}
<?php
require_once 'includes/db.inc.php';
include 'includes/user.inc.php';
if (isset($_GET["logout"]) && $_GET["logout"] == "true") {
user_logout($db_connexion);
header("Location:index.php");
}
if (!isset($_SESSION["user_session"])) {
header("location:index.php");
}
function user_is_authenticated()
{
if (!isset($GLOBALS['user'])) {
if (array_key_exists('USER_AUTH', $_COOKIE)) {
_user_decrypt_cookie($_COOKIE['USER_AUTH']);
} else {
$GLOBALS['user'] = array();
}
}
if (user_current_username() && user_type() !== 'oauth') {
user_logout();
twitter_refresh('logout');
}
if (!user_current_username()) {
return false;
}
return true;
}
<?php
# Copyright by: Manuel
# Support: www.ilch.de
defined('main') or die('no direct access');
$title = $allgAr['title'] . ' :: Logout';
$hmenu = $extented_forum_menu . 'Logout' . $extented_forum_menu_sufix;
$design = new design($title, $hmenu, 0);
# ausloggen
user_logout();
$design->header();
wd('?' . $allgAr['smodul'], $lang['logoutsuccessful']);
$design->footer();
/**
* Выход из системы
*
*/
function loginUserLogout()
{
user_logout();
$referer_link = get_referer_link();
if (false === strstr($referer_link, 'module=login')) {
header('Location:' . $referer_link);
} else {
header('Location:' . get_home_link());
}
exit;
}
