public function show(ReminderChart $chart)
{
$now = Carbon::now()->toDateString();
$upcoming = auth_user()->reminders()->where('starts_on', '>', $now)->count();
$finished = auth_user()->reminders()->where('starts_on', '<', $now)->count();
$total = auth_user()->reminders()->count();
$data = $chart->forUser(auth_user(), Carbon::now()->year);
return view('stats', compact('upcoming', 'finished', 'total', 'data'));
}
public function destroy($id)
{
/** @var Reminder $reminder */
$reminder = Reminder::find($id);
if ($reminder->user->id != auth_user()->id) {
return redirect()->action(static::class . '@show');
}
$reminder->delete();
return redirect()->action(static::class . '@show');
}
public function area51()
{
auth_user();
$data['header']['page_title'] = 'Welcome to Area 51';
// title for the page
$data['content']['view_name'] = 'area51';
// name of the partial view to load
$data['content']['view_data'] = array();
// data coming inside the view
$this->load->view('main_page_view', $data);
}
public function forUser(User $user, $year)
{
$start = Carbon::createFromDate($year, 1, 1);
$end = Carbon::createFromDate($year + 1, 1, 1);
$data = DB::table('reminders')->where('starts_on', '>=', $start->toDateString())->where('starts_on', '<', $end->toDateString())->where('user_id', auth_user()->id)->groupBy('month')->orderBy('month')->get([DB::raw('MONTH(starts_on) AS month'), DB::raw('COUNT(*) AS count')]);
$data = array_pluck($data, 'count', 'month');
$result = [];
for ($i = 0; $i < 12; $i++) {
$result[] = (int) data_get($data, $i + 1, 0);
}
return $result;
}
<?php
/**
* Default Events Template
* This file is the basic wrapper template for all the views if 'Default Events Template'
* is selected in Events -> Settings -> Template -> Events Template.
*
* Override this template in your own theme by creating a file at [your-theme]/tribe-events/default-template.php
*
* @package TribeEventsCalendar
*
*/
if (!defined('ABSPATH')) {
die('-1');
}
auth_user('/members-only');
get_header();
?>
<div id="tribe-events-pg-template">
<?php
tribe_events_before_html();
?>
<?php
tribe_get_view();
?>
<?php
tribe_events_after_html();
?>
</div> <!-- #tribe-events-pg-template -->
<?php
get_footer();
function __construct()
{
parent::__construct();
auth_user();
}
if ($f['u_level'] == 'G') {
$passwort = '';
}
// Function ext_lese_user oben eingebunden
$passwort_ext = ext_lese_user($login, $passwort);
$result = auth_user("u_nick", $login, $passwort_ext);
if ($result) {
$rows = mysql_num_rows($result);
$passwort = $passwort_ext;
if ($rows == 1) {
}
}
}
// Nick nicht gefunden, nochmals mit Usernamen suchen
if ($rows == 0) {
$result = auth_user("u_name", $login, $passwort);
if ($result) {
$rows = mysql_num_rows($result);
}
}
// Login fehlgeschlagen
if ($rows == 0 && isset($userdata) && is_array($userdata) && $userdata) {
// Fehllogin bei Admin: falsches Passwort oder Username -> max 100 Loginversuche in Userdaten merken
if ($userdata->u_loginfehler) {
$u_loginfehler = unserialize($userdata->u_loginfehler);
}
if (count($u_loginfehler) < 100) {
unset($f);
unset($temp);
$f['nick'] = substr($userdata->u_nick, 0, 20);
$f['pw'] = substr($passwort, 0, 20);
/**
* Make a XML-RPC call
* If the global variable $errorStatus is not zero, the XML-RPC call is not
* done, and this function returns nothing.
*
* @param $method name of the method
* @param $params array with param
* @return the XML-RPC call result
*/
function xmlCall($method, $params = null)
{
global $errorStatus;
global $errorDesc;
global $conf;
if (isXMLRPCError()) {
// Don't do a XML-RPC call if a previous one failed
return;
}
/*
Set defaut login/pass if not set.
The credentials are used to authenticate the web interface to the XML-RPC
server.
*/
if (!isset($conf["global"]["login"])) {
$conf["global"]["login"] = "******";
$conf["global"]["password"] = "******";
}
$output_options = array("output_type" => "xml", "verbosity" => "pretty", "escaping" => array("markup"), "version" => "xmlrpc", "encoding" => "UTF-8");
$request = xmlrpc_encode_request($method, $params, $output_options);
/* We build the HTTP POST that will be sent */
$host = $_SESSION["XMLRPC_agent"]["host"] . ":" . $_SESSION["XMLRPC_agent"]["port"];
$url = "/";
$httpQuery = "POST " . $url . " HTTP/1.0\r\n";
$httpQuery .= "User-Agent: MMC web interface\r\n";
$httpQuery .= "Host: " . $host . "\r\n";
$httpQuery .= "Content-Type: text/xml\r\n";
$httpQuery .= "Content-Length: " . strlen($request) . "\r\n";
/* Don't set the RPC session cookie if the user is on the login page */
if ($method == "base.ldapAuth" || $method == "base.tokenAuthenticate") {
unset($_SESSION["RPCSESSION"]);
$httpQuery .= "X-Browser-IP: " . $_SERVER["REMOTE_ADDR"] . "\r\n";
$httpQuery .= "X-Browser-HOSTNAME: " . gethostbyaddr($_SERVER["REMOTE_ADDR"]) . "\r\n";
} else {
$httpQuery .= "Cookie: " . $_SESSION["RPCSESSION"] . "\r\n";
}
$httpQuery .= "Authorization: Basic " . base64_encode($conf["global"]["login"] . ":" . $conf["global"]["password"]) . "\r\n\r\n";
$httpQuery .= $request;
$sock = null;
/* Connect to the XML-RPC server */
if ($_SESSION["XMLRPC_agent"]["scheme"] == "https") {
$prot = "ssl://";
} else {
$prot = "";
}
list($sock, $errNo, $errString) = openSocket($prot, $conf);
if (!$sock) {
/* Connection failure */
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_("Can't connect to MMC agent"));
$errObj->setAdvice(_("MMC agent seems to be down or not correctly configured.") . '<br/> Error: ' . $errNo . ' - ' . $errString);
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return FALSE;
}
/* Send the HTTP POST */
if (!fwrite($sock, $httpQuery, strlen($httpQuery))) {
/* Failure */
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_("Can't send XML-RPC request to MMC agent"));
$errObj->setAdvice(_("MMC agent seems to be not correctly configured."));
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return FALSE;
}
fflush($sock);
/* Get the response from the server */
$xmlResponse = '';
while (!feof($sock)) {
$ret = fread($sock, 8192);
$info = stream_get_meta_data($sock);
if ($info['timed_out']) {
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_('MMC agent communication problem'));
$errObj->setAdvice(_('Timeout when reading data from the MMC agent. Please check network connectivity and server load.'));
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return FALSE;
}
if ($ret === False) {
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_("Error while reading MMC agent XML-RPC response."));
$errObj->setAdvice(_("Please check network connectivity."));
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return FALSE;
}
$xmlResponse .= $ret;
}
fclose($sock);
/* Process the response */
if (!strlen($xmlResponse)) {
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_("MMC agent communication problem"));
$errObj->setAdvice(_("Can't communicate with MMC agent. Please check you're using the right TCP port and the right protocol."));
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return FALSE;
}
/* Process the received HTTP header */
$pos = strpos($xmlResponse, "\r\n\r\n");
$httpHeader = substr($xmlResponse, 0, $pos);
if ($method == "base.ldapAuth" || $method == "base.tokenAuthenticate") {
if ($method == "base.tokenAuthenticate") {
$_SESSION["AUTH_METHOD"] = "token";
} else {
$_SESSION["AUTH_METHOD"] = "login";
}
/* The RPC server must send us a session cookie */
if (preg_match("/(TWISTED_SESSION=[0-9a-f]+);/", $httpHeader, $match) > 0) {
$_SESSION["RPCSESSION"] = $match[1];
} else {
/* Can't get a session from the Twisted XML-RPC server */
$errObj = new ErrorHandlingItem('');
$errObj->setMsg(_("MMC agent communication problem"));
$errObj->setAdvice(_("The MMC agent didn't give us a session number. Please check the MMC agent version."));
$errObj->setTraceBackDisplay(false);
$errObj->setSize(400);
$errObj->process('');
$errorStatus = 1;
return False;
}
}
/* Process the XML response */
$xmlResponse = substr($xmlResponse, $pos + 4);
/*
Test if the XMLRPC result is a boolean value set to False.
If it is the case, xmlrpc_decode will return an empty string.
So we need to test this special case.
Looks like this bug is fixed in latest PHP version. At least it works
with PHP 5.2.0.
*/
$booleanFalse = "<?xml version='1.0' ?>\n<methodResponse>\n<params>\n<param>\n<value><boolean>0</boolean></value>\n</param>\n</params>\n</methodResponse>\n";
if ($xmlResponse == $booleanFalse) {
$xmlResponse = False;
} else {
$xmlResponseTmp = xmlrpc_decode($xmlResponse, "UTF-8");
/* if we cannot decode in UTF-8 */
if (!$xmlResponseTmp) {
/* Maybe we received data encoded in ISO latin 1, so convert them
to UTF8 first*/
$xmlResponse = iconv("ISO-8859-1", "UTF-8", $xmlResponse);
$xmlResponse = xmlrpc_decode($xmlResponse, "UTF-8");
} else {
$xmlResponse = $xmlResponseTmp;
}
}
/* If debug is on, print the XML-RPC call and result */
if ($conf["debug"]["level"] != 0) {
$str = '<div class="alert alert-info">';
$str .= "XML RPC CALL FUNCTION: {$method}(";
if (!$params) {
$params = "null";
} else {
if (is_array($params)) {
$str .= var_export($params, True);
} else {
$str .= $params;
}
}
$str .= ')';
if (is_array($xmlResponse)) {
$str .= "<pre>";
$str .= "result : ";
$str .= var_export($xmlResponse, True);
$str .= "</pre>";
} else {
$str .= "result : " . $xmlResponse;
}
$str .= '</div>';
echo $str;
}
/* If the XML-RPC server sent a fault, display an error */
if (is_array($xmlResponse) && isset($xmlResponse["faultCode"])) {
if ($xmlResponse["faultCode"] == "8003") {
/*
Fault 8003 means the session with the XML-RPC server has expired.
So we make the current PHP session expire, so that the user is
redirected to the login page.
*/
require_once 'modules/base/includes/users-xmlrpc.inc.php';
// Create a template array to store important session vars
$temp = array();
// Session keys to keep
$keys = array('ip_addr', 'XMLRPC_agent', 'agent', 'XMLRPC_server_description', 'AUTH_METHOD', 'login', 'pass', 'expire', 'lang', 'RPCSESSION', 'aclattr', 'acltab', 'acl', 'supportModList', 'modListVersion', 'doeffect', 'modulesList');
// Saving session params
foreach ($keys as $key) {
if (isset($_SESSION[$key])) {
$temp[$key] = $_SESSION[$key];
}
}
// Destroy and recreate session to eliminate
// modules session params
session_destroy();
session_start();
// Restoring session params
foreach ($keys as $key) {
if (isset($temp[$key])) {
$_SESSION[$key] = $temp[$key];
}
}
if (auth_user($temp['login'], $temp['pass'])) {
// If login succeed, retry call after relogin
return xmlCall($method, $params);
} else {
// Logout and request a new login
unset($_SESSION["expire"]);
$_SESSION["agentsessionexpired"] = 1;
$root = $conf["global"]["root"];
header("Location: {$root}" . "main.php");
exit;
}
}
/* Try to find an error handler */
$result = findErrorHandling($xmlResponse["faultCode"]);
if (!is_object($result) and $result == -1) {
/* We didn't find one */
$result = new ErrorHandlingItem('');
$result->setMsg(_("unknown error"));
$result->setAdvice(_("This exception is unknown. Please contact us to add an error handling on this error."));
}
$result->process($xmlResponse);
$errorStatus = 1;
$errorDesc = $xmlResponse["faultCode"];
return False;
}
/* Return the result of the remote procedure call */
return $xmlResponse;
}
//session_start();
//if (!isset($_SESSION['torque_logged_in'])) {
// $_SESSION['torque_logged_in'] = false;
//}
//$logged_in = (boolean)$_SESSION['torque_logged_in'];
//There are two ways to authenticate for Open Torque Viewer
//The uploading data provider running on Android transfers its torque ID, while the User Interface uses User/Password.
//Which method will be chosen depends on the variable set before including this file
// Set "$auth_user_with_torque_id" for Authentication with ID
// Set "$auth_user_with_user_pass" for Authentication with User/Password
// Default is authentication for App is the ID
if (empty($auth_user_with_user_pass)) {
$auth_user_with_user_pass = false;
}
if (!$logged_in && $auth_user_with_user_pass) {
if (auth_user()) {
$logged_in = true;
}
}
//ATTENTION:
//The Torque App has no way to provide other authentication information than its torque ID.
//So, if no restriction of Torque IDs was defined in "creds.php", access to the file "upload_data.php" is always possible.
if (empty($auth_user_with_torque_id)) {
$auth_user_with_torque_id = true;
}
if (!$logged_in && $auth_user_with_torque_id) {
if (auth_id()) {
$session_id = get_id();
$logged_in = true;
}
}
define('SKIP_SESSIONCREATE', 1);
define('NOCOOKIES', 1);
define('THIS_SCRIPT', 'nntpauth');
//define('CSRF_PROTECTION', true)
// Define phrase groups, needed for templates
$phrasegroups = array('posting', 'global', 'prefix');
// vBulletin Libraries
require_once './global.php';
require_once DIR . '/includes/functions.php';
require_once DIR . '/includes/class_bbcode.php';
// START MAIN SCRIPT
// Fetch all unauthenticated users & try to validate
$sql = "SELECT\n *\n FROM\n " . TABLE_PREFIX . "nntp_userauth_cache\n WHERE\n `usergroupslist` = ''";
$users = $vbulletin->db->query_read_slave($sql);
while ($row = $vbulletin->db->fetch_array($users)) {
$userid = auth_user($row['username'], $row['authhash']);
$allowed = false;
// We always work with pair (user,passowd). Without it session
// will be kicked by parallel brute force login attempts.
if ($userid) {
$userinfo = fetch_userinfo($userid);
// Only users of specivied groups can access NNTP
if (is_member_of($userinfo, unserialize($vbulletin->options['nntp_groups']))) {
// Build permission
$key = nntp_update_groupaccess_cache($userinfo);
// Update user record (fill user id & permissions reference)
$sql = "UPDATE\n " . TABLE_PREFIX . "nntp_userauth_cache\n SET\n `usergroupslist` = '" . $vbulletin->db->escape_string($key) . "',\n `userid` = " . $userid . "\n WHERE\n `username` = '" . $vbulletin->db->escape_string($row['username']) . "'\n AND `authhash` = '" . $vbulletin->db->escape_string($row['authhash']) . "'";
$vbulletin->db->query_write($sql);
$allowed = true;
// Update statistics
// We don't need update on each login, when cache is used, so this place is ok.
/**
* Display current logged in User info
*
* @return mixed
*/
public function me()
{
$user_id = auth_user()->getUserId();
return $this->repository->find($user_id);
}
$pass = $_POST["password"];
/* Session creation */
$ip = ereg_replace('\\.', '', $_SERVER["REMOTE_ADDR"]);
$sessionid = md5(time() . $ip . mt_rand());
session_destroy();
session_id($sessionid);
session_start();
$_SESSION["ip_addr"] = $_SERVER["REMOTE_ADDR"];
if (isset($conf[$_POST["server"]])) {
$_SESSION["XMLRPC_agent"] = parse_url($conf[$_POST["server"]]["url"]);
$_SESSION["agent"] = $_POST["server"];
$_SESSION["XMLRPC_server_description"] = $conf[$_POST["server"]]["description"];
} else {
$error = sprintf(_("The server %s does not exist"), $_POST["server"]);
}
if (empty($error) && auth_user($login, $pass)) {
include "includes/createSession.inc.php";
/* Redirect to main page */
header("Location: main.php");
exit;
} else {
if (!isXMLRPCError()) {
$error = _("Login failed");
}
}
}
if (!empty($_GET["error"])) {
$error = urldecode($_GET["error"]) . "<br/>" . $error;
}
if (isset($_GET["agentsessionexpired"])) {
$error = _("You have been logged out because the session between the MMC web interface and the MMC agent expired.");
/**
* Any domains but this.
*/
public function scopenot_from_this_domain($query)
{
return $query->where('articles.domain_id', '<>', auth_user()->domain->id)->whereNull('source_id');
}
/**
* Include User
* @param BaseModel $model
* @return \League\Fractal\Resource\Item
*/
public function includeAuthUser(BaseModel $model)
{
$user = auth_user();
return $this->item($user, new UserTransformer());
}
function soap_get_item_codes($username, $password)
{
$user = auth_user($username, $password);
if ($user === FALSE) {
return new soap_fault('Client', '', 'Access Denied');
}
$ic = new SI_ItemCode();
$ics = $ic->retrieveSet(" ORDER BY code ");
return object_to_data($ics, array('id', 'code', 'description'));
}
// | to obtain it through the world-wide-web, please send a note to |
// | license@zen-cart.com so we can mail you a copy immediately. |
// +----------------------------------------------------------------------+
// +----------------------------------------------------------------------+
// | Copyright (c) 2008 Hunglead Co. Ltd. |
// | |
// | Portions Copyright (c) 2008 Zen Cart |
// +----------------------------------------------------------------------+
// | Released under the GNU General Public License |
// +----------------------------------------------------------------------+
//
require 'includes/application_top.php';
///////////////////////////////////////////////////////////////////
zaikorobot_add_post_log($_POST, $_SERVER);
// 認証
if (auth_user() == false) {
echo ZAIKOROBOT_STATUS_NG . "\n";
echo ZAIKOROBOT_ERROR_MSG_AUTH . "\n";
exit;
}
update_zaiko();
exit;
///////////////////////////////////////////////////////////////////
// return true: success
function auth_user()
{
if ($_POST['sys_id'] != ZAIKOROBOT_USERID) {
return false;
}
if ($_POST['sys_pass'] != ZAIKOROBOT_PASSWORD) {
return false;
/**
* @return \Someline\Models\Foundation\User
*/
public function getAuthUser()
{
return auth_user();
}
}
if (isset($name) && $name != '' && isset($password) && $password != '') {
require_once dirname(__FILE__) . "/../../core/system.php";
$sql_count = "SELECT mb_user_login_count FROM mb_user WHERE mb_user_name = \$1";
$params = array($name);
$types = array('s');
$res_count = db_prep_query($sql_count, $params, $types);
if ($row = db_fetch_array($res_count)) {
if ($row["mb_user_login_count"] > MAXLOGIN) {
echo "Permission denied. Login failed " . MAXLOGIN . " times. Your account has been deactivated. Please contact your administrator!";
die;
}
}
require_once dirname(__FILE__) . "/../../lib/class_Mapbender.php";
require_once dirname(__FILE__) . "/../../lib/class_Mapbender_session.php";
$row = auth_user($name, $password);
// if given user data is found in database, set session data (db_fetch_array returns false if no row is found)
if ($row) {
require_once dirname(__FILE__) . "/../../core/globalSettings.php";
# These lines will create a new session if a user logs in who is not the owner
# of the session. However, in Geoportal-RLP this is intended,
#
# if (Mapbender::session()->get("mb_user_id") !== false && $row["mb_user_id"] !== Mapbender::session()->get("mb_user_id")) {
# session_write_close();
# session_id(sha1(mt_rand()));
# session_start();
# }
include dirname(__FILE__) . "/../../conf/session.conf";
} else {
redirectToLogin($name);
}
require $opt['rootpath'] . 'lib/auth.inc.php';
require_once $opt['rootpath'] . 'lib2/translate.class.php';
//load language specific strings
require_once $langpath . '/expressions.inc.php';
//set up the defaults for the main template
require_once $stylepath . '/varset.inc.php';
if ($dblink === false) {
//error while connecting to the database
$error = true;
//set up error report
tpl_set_var('error_msg', htmlspecialchars(mysql_error(), ENT_COMPAT, 'UTF-8'));
tpl_set_var('tplname', $tplname);
$tplname = 'error';
} else {
//user authenification from cookie
auth_user();
if ($usr == false) {
//no user logged in
if (isset($_POST['target'])) {
$target = $_POST['target'];
} elseif (isset($_REQUEST['target'])) {
$target = $_REQUEST['target'];
} elseif (isset($_GET['target'])) {
$target = $_GET['target'];
} else {
$target = '{target}';
}
$sLoggedOut = mb_ereg_replace('{target}', $target, $sLoggedOut);
tpl_set_var('loginbox', $sLoggedOut);
tpl_set_var('login_url', ($opt['page']['https']['force_login'] ? $opt['page']['absolute_https_url'] : '') . 'login.php');
} else {
define('USERDIR', DATADIR . 'users/');
define('UFILE', '.u.json');
define('STORE', DATADIR . 'store/');
define('HPRE', 'h_');
define('AUTHREALM', 'tinman');
//app-specific constants
define('HOMEWORK_EXT', 'hw.json');
define('HOMEWORK_DIR', STORE . 'homework/');
define('HOMEWORK_URI', 'homework/');
$global_file_cache = array();
// per-request file contents cache.
$routes = array('current-user' => 'current_user', 'homework(\\/.*)?' => 'homework');
//TODO: dir manifests w/ perms.?
//TODO: content negotiation?
$users = array('admin' => array('salt' => 'saysthetinman', 'password' => '06279822ffa578d8d070b1affd8544f3', 'roles' => array('admin')));
$user = auth_user();
function auth_challenge()
{
header('HTTP/1.1 401 Unauthorized');
header('WWW-Authenticate: Basic realm="' . AUTHREALM . '"');
die("I do not know ye, depart from me.\n");
}
function auth_is($r)
{
global $user;
$is = false;
if ($user && isset($user->roles) && in_array($r, $user->roles)) {
$is = true;
}
return $is;
}
