Beispiel #1
0
    // Trying to log in with a POST
    $login = $_POST['login'];
    $pass = $_POST['pwd'];
    unset($_POST['pwd']);
    // password will be hashed below
} elseif (isset($_GET['login'])) {
    // Trying to log in with a GET; we might only provide a user here.
    $login = $_GET['login'];
    $pass = isset($_GET['pwd']) ? $_GET['pwd'] : '';
    unset($_GET['pwd']);
    // password will be hashed below
}
$Debuglog->add('login: '******'login');
$Debuglog->add('pass: '******'' : 'not') . ' empty', 'login');
// either 'login' (normal) or 'redirect_to_backoffice' may be set here. This also helps to display the login form again, if either login or pass were empty.
$login_action = param_arrayindex('login_action');
$UserCache =& get_Cache('UserCache');
if (!empty($login_action) || !empty($login) && !empty($pass)) {
    // User is trying to login right now
    $Debuglog->add('User is trying to log in.', 'login');
    header_nocache();
    // Note: login and password cannot include '<' !
    $login = strtolower(strip_tags(remove_magic_quotes($login)));
    $pass = strip_tags(remove_magic_quotes($pass));
    $pass_md5 = md5($pass);
    /*
     * Handle javascript-hashed password:
     * If possible, the login form will hash the entered password with a salt that changes everytime.
     */
    param('pwd_salt', 'string', '');
    // just for comparison with the one from Session
Beispiel #2
0
/**
 * Get the action from params.
 *
 * If we got no "action" param, we'll check for an "actionArray" param
 * ( <input type="submit" name="actionArray[real_action]" ...> ).
 * And the real $action will be found in the first key...
 * When there are multiple submit buttons, this is smarter than checking the value which is a translated string.
 * When there is an image button, this allows to work around IE not sending the value (it only sends X & Y coords of the click).
 *
 * @param mixed Default to use.
 * @return string
 */
function param_action($default = '', $memorize = false)
{
    $action = param('action', 'string', NULL, $memorize);
    if (is_null($action)) {
        // Check $actionArray
        $action = param_arrayindex('actionArray', $default);
        set_param('action', $action);
        // always set "action"
    }
    return $action;
}
Beispiel #3
0
 */
require_once dirname(__FILE__) . '/../conf/_config.php';
require_once $inc_path . '_main.inc.php';
// Stop a request from the blocked IP addresses or Domains
antispam_block_request();
// Check if the request exceed the post max size. If it does then the function will a call header_redirect.
check_post_max_size_exceeded();
// Getting GET or POST parameters:
param('comment_item_ID', 'integer', true);
// required
param('comment_type', 'string', 'feedback');
param('redirect_to', 'url', '');
param('reply_ID', 'integer', 0);
// Only logged in users can post the meta comments
$comment_type = is_logged_in() ? $comment_type : 'feedback';
$action = param_arrayindex('submit_comment_post_' . $comment_item_ID, 'save');
$ItemCache =& get_ItemCache();
$commented_Item =& $ItemCache->get_by_ID($comment_item_ID);
// Make sure Blog is loaded
$commented_Item->load_Blog();
$blog = $commented_Item->Blog->ID;
// Initialize global $Blog to avoid restriction of redirect to external URL, for example, when collection URL is subdomain:
$Blog = $commented_Item->Blog;
// Re-Init charset handling, in case current_charset has changed:
locale_activate($commented_Item->Blog->get('locale'));
if (init_charsets($current_charset)) {
    // Reload Blog(s) (for encoding of name, tagline etc):
    $BlogCache->clear();
    $commented_Item->load_Blog();
}
header('Content-Type: text/html; charset=' . $io_charset);
Beispiel #4
0
/**
 * Get the action from params.
 *
 * If we got no "action" param, we'll check for an "actionArray" param
 * ( <input type="submit" name="actionArray[real_action]" ...> ).
 * And the real $action will be found in the first key...
 * When there are multiple submit buttons, this is smarter than checking the value which is a translated string.
 * When there is an image button, this allows to work around IE not sending the value (it only sends X & Y coords of the click).
 *
 * @param mixed Default to use.
 * @return string
 */
function param_action($default = '', $memorize = false)
{
    if (!isset($_POST['actionArray'])) {
        // if actionArray is POSTed, use this instead of any "action" (which might come via GET)
        $action = param('action', 'string', $default, $memorize);
    }
    if (!isset($action)) {
        // Check $actionArray
        $action = param_arrayindex('actionArray', $default);
        set_param('action', $action);
        // always set "action"
    }
    return $action;
}