/**
* Loads plugins
*
* @throws Exception Throws exception if plugin not found
*/
public function __construct()
{
$dirs = getdir(PLUGINS_DIR, '^[0-9a-zA-Z]+$');
if (empty($dirs)) {
return;
}
asort($dirs);
$plugins_config = ConfigHelper::getConfig('phpui.plugins');
$plugins_tuples = empty($plugins_config) ? array() : preg_split('/[;,\\s\\t\\n]+/', $plugins_config, -1, PREG_SPLIT_NO_EMPTY);
$plugin_priorities = array();
foreach ($plugins_tuples as $idx => $plugin_tuple) {
$plugin_props = explode(':', $plugin_tuple);
$plugin_priorities[$plugin_props[0]] = count($plugin_props) == 2 ? intval($plugin_props[1]) : SubjectInterface::LAST_PRIORITY;
$plugins_tuples[$idx] = $plugin_props[0];
}
foreach ($dirs as $plugin_name) {
if (class_exists($plugin_name)) {
$plugin_name::loadLocales();
$plugin_info = array('name' => $plugin_name, 'enabled' => false, 'new_style' => true, 'dbcurrschversion' => null, 'dbschversion' => defined($plugin_name . '::PLUGIN_DBVERSION') ? constant($plugin_name . '::PLUGIN_DBVERSION') : null, 'fullname' => defined($plugin_name . '::PLUGIN_NAME') ? trans(constant($plugin_name . '::PLUGIN_NAME')) : null, 'description' => defined($plugin_name . '::PLUGIN_DESCRIPTION') ? trans(constant($plugin_name . '::PLUGIN_DESCRIPTION')) : null, 'author' => defined($plugin_name . '::PLUGIN_AUTHOR') ? constant($plugin_name . '::PLUGIN_AUTHOR') : null);
if (array_key_exists($plugin_name, $plugin_priorities)) {
$plugin = new $plugin_name();
if (!$plugin instanceof LMSPlugin) {
throw new Exception("Plugin object must be instance of LMSPlugin class");
}
$plugin_info = array_merge($plugin_info, array('enabled' => true, 'priority' => $plugin_priorities[$plugin_name], 'dbcurrschversion' => $plugin->getDbSchemaVersion()));
$this->registerObserver($plugin, $plugin_info['priority']);
}
$this->new_style_plugins[$plugin_name] = $plugin_info;
} else {
writesyslog("Unknown plugin {$plugin_name} at position {$position}", LOG_ERR);
continue;
}
}
$files = getdir(LIB_DIR . DIRECTORY_SEPARATOR . 'plugins', '^[0-9a-zA-Z_\\-]+\\.php$');
if (empty($files)) {
return;
}
asort($files);
$old_plugins = array_diff($plugins_tuples, array_keys($this->new_style_plugins));
foreach ($files as $plugin_name) {
if (!is_readable(LIB_DIR . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR . $plugin_name)) {
continue;
}
$plugin_name = str_replace('.php', '', $plugin_name);
$plugin_info = array('name' => $plugin_name, 'enabled' => false, 'new_style' => false);
if (array_key_exists($plugin_name, $plugin_priorities)) {
$plugin_info['enabled'] = true;
}
$this->old_style_plugins[$plugin_name] = $plugin_info;
}
}
function Session(&$DB, $timeout = 600)
{
global $LMS;
session_start();
$this->DB =& $DB;
$this->_revision = preg_replace('/^.Revision: ([0-9.]+).*/i', '\\1', $this->_revision);
$this->ip = str_replace('::ffff:', '', $_SERVER['REMOTE_ADDR']);
if (isset($_GET['override'])) {
$loginform = $_GET['loginform'];
} elseif (isset($_POST['loginform'])) {
$loginform = $_POST['loginform'];
} elseif (isset($_POST['remindform'])) {
$remindform = $_POST['remindform'];
}
if (isset($remindform)) {
$ten = preg_replace('/-/', '', $remindform['ten']);
$params = array($ten, $ten);
switch ($remindform['type']) {
case 1:
if (!check_email($remindform['email'])) {
return;
}
$join = '';
$where = ' AND email = ?';
$params[] = $remindform['email'];
break;
case 2:
if (!preg_match('/^[0-9]+$/', $remindform['phone'])) {
return;
}
$join = 'JOIN customercontacts cc ON cc.customerid = c.id';
$where = ' AND phone = ? AND cc.type & ? = ?';
$params = array_merge($params, array(preg_replace('/ -/', '', $remindform['phone']), CONTACT_MOBILE, CONTACT_MOBILE));
break;
default:
return;
}
$customer = $this->DB->GetRow("SELECT c.id, pin FROM customers c {$join} WHERE (REPLACE(ten, '-', '') = ? OR ssn = ?)" . $where, $params);
if (!$customer) {
$this->error = trans('Credential reminder couldn\'t be sent!');
return;
}
if ($remindform['type'] == 1) {
$subject = ConfigHelper::getConfig('userpanel.reminder_mail_subject');
$body = ConfigHelper::getConfig('userpanel.reminder_mail_body');
} else {
$body = ConfigHelper::getConfig('userpanel.reminder_sms_body');
}
$body = str_replace('%id', $customer['id'], $body);
$body = str_replace('%pin', $customer['pin'], $body);
if ($remindform['type'] == 1) {
$LMS->SendMail($remindform['email'], array('From' => '<' . ConfigHelper::getConfig('userpanel.reminder_mail_sender') . '>', 'To' => '<' . $remindform['email'] . '>', 'Subject' => $subject), $body);
} else {
$LMS->SendSMS($remindform['phone'], $body);
}
$this->error = trans('Credential reminder has been sent!');
return;
}
if (isset($loginform)) {
$this->login = trim($loginform['login']);
$this->passwd = trim($loginform['pwd']);
$_SESSION['session_timestamp'] = time();
} else {
$this->login = isset($_SESSION['session_login']) ? $_SESSION['session_login'] : NULL;
$this->passwd = isset($_SESSION['session_passwd']) ? $_SESSION['session_passwd'] : NULL;
$this->id = isset($_SESSION['session_id']) ? $_SESSION['session_id'] : 0;
}
$authdata = $this->VerifyPassword();
if ($authdata != NULL) {
$authinfo = GetCustomerAuthInfo($authdata['id']);
if ($authinfo != NULL && isset($authinfo['enabled']) && $authinfo['enabled'] == 0 && time() - $authinfo['failedlogindate'] < 600) {
$authdata['passwd'] = NULL;
}
}
if ($authdata != NULL && $authdata['passwd'] != NULL && $this->TimeOut($timeout)) {
$this->islogged = TRUE;
$this->id = $authdata['id'];
$_SESSION['session_login'] = $this->login;
$_SESSION['session_passwd'] = $this->passwd;
$_SESSION['session_id'] = $this->id;
if ($this->id) {
$authinfo = GetCustomerAuthInfo($this->id);
if ($authinfo == NULL || $authinfo['failedlogindate'] == NULL) {
$authinfo['failedlogindate'] = 0;
$authinfo['failedloginip'] = '';
}
$authinfo['id'] = $this->id;
$authinfo['lastlogindate'] = time();
$authinfo['lastloginip'] = $this->ip;
$authinfo['enabled'] = 3;
SetCustomerAuthInfo($authinfo);
}
} else {
$this->islogged = FALSE;
if (isset($loginform)) {
writesyslog("Bad password for customer ID:" . $this->login, LOG_WARNING);
if ($authdata != NULL && $authdata['passwd'] == NULL) {
$authinfo = GetCustomerAuthInfo($authdata['id']);
if ($authinfo == NULL) {
$authinfo['lastlogindate'] = 0;
$authinfo['lastloginip'] = '';
$authinfo['failedlogindate'] = 0;
}
if (time() - $authinfo['failedlogindate'] < 600) {
if (isset($authinfo['enabled']) && $authinfo['enabled'] > 0) {
$authinfo['enabled'] -= 1;
}
} else {
$authinfo['enabled'] = 2;
}
$authinfo['id'] = $authdata['id'];
$authinfo['failedlogindate'] = time();
$authinfo['failedloginip'] = $this->ip;
SetCustomerAuthInfo($authinfo);
}
$this->error = trans('Access denied!');
}
$this->LogOut();
}
}
function LogOut()
{
if ($this->islogged) {
writesyslog('User ' . $this->login . ' logged out.', LOG_INFO);
}
$this->SESSION->finish();
}
public function LogOut()
{
if ($this->islogged) {
writesyslog('User ' . $this->login . ' logged out.', LOG_INFO);
if ($this->SYSLOG) {
$this->SYSLOG->NewTransaction('auth', $this->id);
$this->SYSLOG->AddMessage(SYSLOG_RES_USER, SYSLOG_OPER_USERLOGOUT, array('userid' => $this->id, 'ip' => $this->ip, 'useragent' => $_SERVER['HTTP_USER_AGENT']), array('userid'));
}
}
$this->SESSION->finish();
}
function Session(&$DB, $timeout = 600)
{
session_start();
$this->DB =& $DB;
$this->_revision = preg_replace('/^.Revision: ([0-9.]+).*/i', '\\1', $this->_revision);
$this->ip = str_replace('::ffff:', '', $_SERVER['REMOTE_ADDR']);
if (isset($_GET['override'])) {
$loginform = $_GET['loginform'];
} elseif (isset($_POST['loginform'])) {
$loginform = $_POST['loginform'];
}
if (isset($loginform)) {
$this->login = trim($loginform['login']);
$this->passwd = trim($loginform['pwd']);
$_SESSION['session_timestamp'] = time();
} else {
$this->login = isset($_SESSION['session_login']) ? $_SESSION['session_login'] : NULL;
$this->passwd = isset($_SESSION['session_passwd']) ? $_SESSION['session_passwd'] : NULL;
$this->id = isset($_SESSION['session_id']) ? $_SESSION['session_id'] : 0;
}
$authdata = $this->VerifyPassword();
if ($authdata != NULL) {
$authinfo = GetCustomerAuthInfo($authdata['id']);
if ($authinfo != NULL && isset($authinfo['enabled']) && $authinfo['enabled'] == 0 && time() - $authinfo['failedlogindate'] < 600) {
$authdata['passwd'] = NULL;
}
}
if ($authdata != NULL && $authdata['passwd'] != NULL && $this->TimeOut($timeout)) {
$this->islogged = TRUE;
$this->id = $authdata['id'];
$_SESSION['session_login'] = $this->login;
$_SESSION['session_passwd'] = $this->passwd;
$_SESSION['session_id'] = $this->id;
if ($this->id) {
$authinfo = GetCustomerAuthInfo($this->id);
if ($authinfo == NULL || $authinfo['failedlogindate'] == NULL) {
$authinfo['failedlogindate'] = 0;
$authinfo['failedloginip'] = '';
}
$authinfo['id'] = $this->id;
$authinfo['lastlogindate'] = time();
$authinfo['lastloginip'] = $this->ip;
$authinfo['enabled'] = 3;
SetCustomerAuthInfo($authinfo);
}
} else {
$this->islogged = FALSE;
if (isset($loginform)) {
writesyslog("Bad password for customer ID:" . $this->login, LOG_WARNING);
if ($authdata != NULL && $authdata['passwd'] == NULL) {
$authinfo = GetCustomerAuthInfo($authdata['id']);
if ($authinfo == NULL) {
$authinfo['lastlogindate'] = 0;
$authinfo['lastloginip'] = '';
$authinfo['failedlogindate'] = 0;
}
if (time() - $authinfo['failedlogindate'] < 600) {
if (isset($authinfo['enabled']) && $authinfo['enabled'] > 0) {
$authinfo['enabled'] -= 1;
}
} else {
$authinfo['enabled'] = 2;
}
$authinfo['failedlogindate'] = time();
$authinfo['failedloginip'] = $this->ip;
SetCustomerAuthInfo($authinfo);
}
$this->error = trans('Access denied!');
}
$this->LogOut();
}
}
