/** * Check if a visitor is logged in * * Query "Sessions" table with supplied cookie. Determine if the cookie is valid * or not. Unset the cookie if invalid or session timeout reached. Update the * session timeout if it is still valid. * * @global array $_COOKIE User cookie values * * @return void */ function check_sid() { global $_COOKIE; if (isset($_COOKIE["AURSID"])) { $failed = 0; $timeout = config_get_int('options', 'login_timeout'); # the visitor is logged in, try and update the session # $dbh = DB::connect(); $q = "SELECT LastUpdateTS, UNIX_TIMESTAMP() FROM Sessions "; $q .= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]); $result = $dbh->query($q); $row = $result->fetch(PDO::FETCH_NUM); if (!$row[0]) { # Invalid SessionID - hacker alert! # $failed = 1; } else { $last_update = $row[0]; if ($last_update + $timeout <= $row[1]) { $failed = 2; } } if ($failed == 1) { # clear out the hacker's cookie, and send them to a naughty page # why do you have to be so harsh on these people!? # setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true); unset($_COOKIE['AURSID']); } elseif ($failed == 2) { # session id timeout was reached and they must login again. # delete_session_id($_COOKIE["AURSID"]); setcookie("AURSID", "", 1, "/", null, !empty($_SERVER['HTTPS']), true); unset($_COOKIE['AURSID']); } else { # still logged in and haven't reached the timeout, go ahead # and update the idle timestamp # Only update the timestamp if it is less than the # current time plus $timeout. # # This keeps 'remembered' sessions from being # overwritten. if ($last_update < time() + $timeout) { $q = "UPDATE Sessions SET LastUpdateTS = UNIX_TIMESTAMP() "; $q .= "WHERE SessionID = " . $dbh->quote($_COOKIE["AURSID"]); $dbh->exec($q); } } } return; }
/** * Remove sessions from the database that have exceed the timeout * * @return void */ function clear_expired_sessions() { $dbh = DB::connect(); $timeout = config_get_int('options', 'login_timeout'); $q = "DELETE FROM Sessions WHERE LastUpdateTS < (UNIX_TIMESTAMP() - " . $timeout . ")"; $dbh->query($q); return; }
if (!empty($login_error)) { ?> <ul class="errorlist"><li><?php echo $login_error; ?> </li></ul> <?php } ?> <p> <label for="id_username"><?php echo __('User name or email address') . ':'; ?> </label> <input id="id_username" type="text" name="user" size="30" maxlength="<?php echo config_get_int('options', 'username_max_len'); ?> " value="<?php if (isset($_POST['user'])) { print htmlspecialchars($_POST['user'], ENT_QUOTES); } ?> " autofocus="autofocus" /> </p> <p> <label for="id_password"><?php echo __('Password') . ':'; ?> </label> <input id="id_password" type="password" name="passwd" size="30" /> </p>
echo __("Date"); ?> </th> <th><?php echo __("Status"); ?> </th> </tr> </thead> <tbody> <?php while (list($indx, $row) = each($results)) { ?> <?php $idle_time = config_get_int('options', 'request_idle_time'); $due = $row['Open'] && time() - intval($row['RequestTS']) > $idle_time; if (!$due) { $time_left = $idle_time - (time() - intval($row['RequestTS'])); if ($time_left > 48 * 3600) { $time_left_fmt = __("~%d days left", round($time_left / (24 * 3600))); } elseif ($time_left > 3600) { $time_left_fmt = _n("~%d hour left", "~%d hours left", round($time_left / 3600)); } else { $time_left_fmt = __("<1 hour left"); } } ?> <tr class="<?php echo $indx % 2 == 0 ? 'odd' : 'even'; ?>
private function process_query($type, $where_condition) { $max_results = config_get_int('options', 'max_rpc_results'); if ($this->version == 1) { $fields = implode(',', self::$fields_v1); $query = "SELECT {$fields} " . "FROM Packages LEFT JOIN PackageBases " . "ON PackageBases.ID = Packages.PackageBaseID " . "LEFT JOIN Users " . "ON PackageBases.MaintainerUID = Users.ID " . "LEFT JOIN PackageLicenses " . "ON PackageLicenses.PackageID = Packages.ID " . "LEFT JOIN Licenses " . "ON Licenses.ID = PackageLicenses.LicenseID " . "WHERE {$where_condition} " . "AND PackageBases.PackagerUID IS NOT NULL " . "GROUP BY Packages.ID " . "LIMIT {$max_results}"; } elseif ($this->version >= 2) { if ($this->version == 2 || $this->version == 3) { $fields = implode(',', self::$fields_v2); } else { if ($this->version == 4) { $fields = implode(',', self::$fields_v4); } } $query = "SELECT {$fields} " . "FROM Packages LEFT JOIN PackageBases " . "ON PackageBases.ID = Packages.PackageBaseID " . "LEFT JOIN Users " . "ON PackageBases.MaintainerUID = Users.ID " . "WHERE {$where_condition} " . "AND PackageBases.PackagerUID IS NOT NULL " . "LIMIT {$max_results}"; } $result = $this->dbh->query($query); if ($result) { $resultcount = 0; $search_data = array(); while ($row = $result->fetch(PDO::FETCH_ASSOC)) { $resultcount++; $row['URLPath'] = sprintf(config_get('options', 'snapshot_uri'), urlencode($row['PackageBase'])); if ($this->version < 4) { $row['CategoryID'] = 1; } /* * Unfortunately, mysql_fetch_assoc() returns * all fields as strings. We need to coerce * numeric values into integers to provide * proper data types in the JSON response. */ foreach (self::$numeric_fields as $field) { if (isset($row[$field])) { $row[$field] = intval($row[$field]); } } foreach (self::$decimal_fields as $field) { if (isset($row[$field])) { $row[$field] = floatval($row[$field]); } } if ($this->version >= 2 && ($type == 'info' || $type == 'multiinfo')) { $row = array_merge($row, $this->get_extended_fields($row['ID'])); } if ($this->version < 3) { if ($type == 'info') { $search_data = $row; break; } else { array_push($search_data, $row); } } elseif ($this->version >= 3) { array_push($search_data, $row); } } if ($resultcount === $max_results) { return $this->json_error('Too many package results.'); } return $this->json_results($type, $resultcount, $search_data, NULL); } else { return $this->json_results($type, 0, array(), NULL); } }
header('Location: /'); exit; } $error = ''; if (isset($_GET['resetkey'], $_POST['email'], $_POST['password'], $_POST['confirm'])) { $resetkey = $_GET['resetkey']; $email = $_POST['email']; $password = $_POST['password']; $confirm = $_POST['confirm']; $uid = uid_from_email($email); if (empty($email) || empty($password)) { $error = __('Missing a required field.'); } elseif ($password != $confirm) { $error = __('Password fields do not match.'); } elseif (!good_passwd($password)) { $length_min = config_get_int('options', 'passwd_min_len'); $error = __("Your password must be at least %s characters.", $length_min); } elseif ($uid == null) { $error = __('Invalid e-mail.'); } if (empty($error)) { $salt = generate_salt(); $hash = salted_hash($password, $salt); $error = password_reset($hash, $salt, $resetkey, $email); } } elseif (isset($_POST['email'])) { $email = $_POST['email']; $username = username_from_id(uid_from_email($email)); if (empty($email)) { $error = __('Missing a required field.'); } else {