public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
default:
break;
}
return "";
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
switch ($action) {
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
default:
break;
}
return "";
}
/**
* Log the user from its credentials
* @static
* @param string $user_id The user id
* @param string $pwd The password
* @param bool $bypass_pwd Ignore password or not
* @param bool $cookieLogin Is it a logging from the remember me cookie?
* @param string $returnSeed The unique seed
* @return int
*/
static function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$user_id = self::filterUserSensitivity($user_id);
if ($cookieLogin && !isset($_COOKIE["AjaXplorer-remember"])) {
return -5;
// SILENT IGNORE
}
if ($cookieLogin) {
list($user_id, $pwd) = explode(":", $_COOKIE["AjaXplorer-remember"]);
}
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ConfService::getCoreConf("ALLOW_GUEST_BROWSING", "auth")) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save("superuser");
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if (!$authDriver->userExists($user_id)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
return 0;
}
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
if ($bruteForceLogin === FALSE) {
return -4;
} else {
if ($cookieLogin) {
return -5;
}
return -1;
}
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
// Setting session credentials if asked in config
if (ConfService::getCoreConf("SESSION_SET_CREDENTIALS", "auth")) {
list($authId, $authPwd) = $authDriver->filterCredentials($user_id, $pwd);
AJXP_Safe::storeCredentials($authId, $authPwd);
}
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
} else {
if (!$user->hasParent() && $user_id != "guest") {
//$user->setRight("ajxp_shared", "rw");
}
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save("superuser");
// make sure update rights now
}
AJXP_Logger::logAction("Log In");
return 1;
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$xmlBuffer = "";
foreach ($httpVars as $getName => $getValue) {
${$getName} = Utils::securePath($getValue);
}
if (isset($dir) && $action != "upload") {
$dir = SystemTextEncoding::fromUTF8($dir);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// SWITCH THE ROOT REPOSITORY
//------------------------------------
case "switch_root_dir":
if (!isset($root_dir_index)) {
break;
}
$dirList = ConfService::getRootDirsList();
if (!isset($dirList[$root_dir_index])) {
$errorMessage = "Trying to switch to an unkown folder!";
break;
}
ConfService::switchRootDir($root_dir_index);
$logMessage = "Successfully Switched!";
AJXP_Logger::logAction("Switch Repository", array("rep. id" => $root_dir_index));
break;
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
case "get_template":
header("Content-type:text/html; charset:UTF-8");
if (isset($template_name) && is_file(CLIENT_RESOURCES_FOLDER . "/html/" . $template_name)) {
if ($template_name == "gui_tpl.html") {
include CLIENT_RESOURCES_FOLDER . "/html/usertemplate_top.html";
}
include CLIENT_RESOURCES_FOLDER . "/html/" . $template_name;
if ($template_name == "gui_tpl.html") {
include CLIENT_RESOURCES_FOLDER . "/html/usertemplate_bottom.html";
}
}
exit(0);
break;
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
case "get_i18n_messages":
header("Content-type:text/javascript");
HTMLWriter::writeI18nMessagesClass(ConfService::getMessages());
exit(0);
break;
//------------------------------------
// BOOKMARK BAR
//------------------------------------
//------------------------------------
// BOOKMARK BAR
//------------------------------------
case "get_bookmarks":
$bmUser = null;
if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$bmUser = AuthService::getLoggedUser();
} else {
if (!AuthService::usersEnabled()) {
$confStorage = ConfService::getConfStorageImpl();
$bmUser = $confStorage->createUserObject("shared");
}
}
if ($bmUser == null) {
exit(1);
}
if (isset($_GET["bm_action"]) && isset($_GET["bm_path"])) {
if ($_GET["bm_action"] == "add_bookmark") {
$title = "";
if (isset($_GET["title"])) {
$title = $_GET["title"];
}
if ($title == "" && $_GET["bm_path"] == "/") {
$title = ConfService::getCurrentRootDirDisplay();
}
$bmUser->addBookMark($_GET["bm_path"], $title);
} else {
if ($_GET["bm_action"] == "delete_bookmark") {
$bmUser->removeBookmark($_GET["bm_path"]);
} else {
if ($_GET["bm_action"] == "rename_bookmark" && isset($_GET["bm_title"])) {
$bmUser->renameBookmark($_GET["bm_path"], $_GET["bm_title"]);
}
}
}
}
if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$bmUser->save();
AuthService::updateUser($bmUser);
} else {
if (!AuthService::usersEnabled()) {
$bmUser->save();
}
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::writeBookmarks($bmUser->getBookmarks());
AJXP_XMLWriter::close();
exit(1);
break;
//------------------------------------
// SAVE USER PREFERENCE
//------------------------------------
//------------------------------------
// SAVE USER PREFERENCE
//------------------------------------
case "save_user_pref":
$userObject = AuthService::getLoggedUser();
if ($userObject == null) {
exit(1);
}
$i = 0;
while (isset($_GET["pref_name_" . $i]) && isset($_GET["pref_value_" . $i])) {
$prefName = $_GET["pref_name_" . $i];
$prefValue = $_GET["pref_value_" . $i];
if ($prefName != "password") {
$userObject->setPref($prefName, $prefValue);
$userObject->save();
AuthService::updateUser($userObject);
setcookie("AJXP_{$prefName}", $prefValue);
} else {
if (isset($_GET["crt"]) && AuthService::checkPassword($userObject->getId(), $_GET["crt"], false, $_GET["pass_seed"])) {
AuthService::updatePassword($userObject->getId(), $prefValue);
} else {
//$errorMessage = "Wrong password!";
header("Content-Type:text/plain");
print "PASS_ERROR";
exit(1);
}
}
$i++;
}
header("Content-Type:text/plain");
print "SUCCESS";
exit(1);
break;
//------------------------------------
// DISPLAY DOC
//------------------------------------
//------------------------------------
// DISPLAY DOC
//------------------------------------
case "display_doc":
header("Content-type:text/html; charset:UTF-8");
echo HTMLWriter::getDocFile(htmlentities($_GET["doc_file"]));
exit(1);
break;
default:
break;
}
if (isset($logMessage) || isset($errorMessage)) {
$xmlBuffer .= AJXP_XMLWriter::sendMessage(isset($logMessage) ? $logMessage : null, isset($errorMessage) ? $errorMessage : null, false);
}
if (isset($requireAuth)) {
$xmlBuffer .= AJXP_XMLWriter::requireAuth(false);
}
if (isset($reload_current_node) && $reload_current_node == "true") {
$xmlBuffer .= AJXP_XMLWriter::reloadCurrentNode(false);
}
if (isset($reload_dest_node) && $reload_dest_node != "") {
$xmlBuffer .= AJXP_XMLWriter::reloadNode($reload_dest_node, false);
}
if (isset($reload_file_list)) {
$xmlBuffer .= AJXP_XMLWriter::reloadFileList($reload_file_list, false);
}
return $xmlBuffer;
}
function logUser($user_id, $pwd, $bypass_pwd = false, $cookieLogin = false, $returnSeed = "")
{
$confDriver = ConfService::getConfStorageImpl();
if ($user_id == null) {
if (isset($_SESSION["AJXP_USER"]) && is_object($_SESSION["AJXP_USER"])) {
return 1;
}
if (ALLOW_GUEST_BROWSING) {
$authDriver = ConfService::getAuthDriverImpl();
if (!$authDriver->userExists("guest")) {
AuthService::createUser("guest", "");
$guest = $confDriver->createUserObject("guest");
$guest->save();
}
AuthService::logUser("guest", null);
return 1;
}
return 0;
}
$authDriver = ConfService::getAuthDriverImpl();
// CHECK USER PASSWORD HERE!
$loginAttempt = AuthService::getBruteForceLoginArray();
$bruteForceLogin = AuthService::checkBruteForceLogin($loginAttempt);
AuthService::setBruteForceLoginArray($loginAttempt);
if ($bruteForceLogin === FALSE) {
return -1;
}
if (!$authDriver->userExists($user_id)) {
return 0;
}
if (!$bypass_pwd) {
if (!AuthService::checkPassword($user_id, $pwd, $cookieLogin, $returnSeed)) {
return -1;
}
}
// Successful login attempt
unset($loginAttempt[$_SERVER["REMOTE_ADDR"]]);
AuthService::setBruteForceLoginArray($loginAttempt);
$user = $confDriver->createUserObject($user_id);
if ($authDriver->isAjxpAdmin($user_id)) {
$user->setAdmin(true);
}
if ($user->isAdmin()) {
$user = AuthService::updateAdminRights($user);
}
$_SESSION["AJXP_USER"] = $user;
if ($authDriver->autoCreateUser() && !$user->storageExists()) {
$user->save();
}
AJXP_Logger::logAction("Log In");
return 1;
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$mess = ConfService::getMessages();
switch ($action) {
case "login":
if (!AuthService::usersEnabled()) {
return;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
$loggedUser = AuthService::getLoggedUser();
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
case "logout":
AuthService::disconnect();
$loggingResult = 2;
session_destroy();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
AJXP_XMLWriter::close();
break;
case "get_seed":
$seed = AuthService::generateSeed();
if (AuthService::suspectBruteForceLogin()) {
HTMLWriter::charsetHeader('application/json');
print json_encode(array("seed" => $seed, "captcha" => true));
} else {
HTMLWriter::charsetHeader("text/plain");
print $seed;
}
//exit(0);
break;
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
case "get_captcha":
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
CaptchaProvider::sendCaptcha();
//exit(0) ;
break;
case "back":
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
//exit(1);
break;
default:
break;
}
return "";
}
protected function validateUserPass($username, $password)
{
// Warning, this can only work if TRANSMIT_CLEAR_PASS is true;
return AuthService::checkPassword($username, $password, false, -1);
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$xmlBuffer = "";
foreach ($httpVars as $getName => $getValue) {
${$getName} = AJXP_Utils::securePath($getValue);
}
if (isset($dir) && $action != "upload") {
$dir = SystemTextEncoding::fromUTF8($dir);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// SWITCH THE ROOT REPOSITORY
//------------------------------------
case "switch_repository":
if (!isset($repository_id)) {
break;
}
$dirList = ConfService::getRootDirsList();
if (!isset($dirList[$repository_id])) {
$errorMessage = "Trying to switch to an unkown repository!";
break;
}
ConfService::switchRootDir($repository_id);
// Load try to init the driver now, to trigger an exception
// if it's not loading right.
ConfService::loadRepositoryDriver();
if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$user = AuthService::getLoggedUser();
$activeRepId = ConfService::getCurrentRootDirIndex();
$user->setArrayPref("history", "last_repository", $activeRepId);
$user->save();
}
//$logMessage = "Successfully Switched!";
AJXP_Logger::logAction("Switch Repository", array("rep. id" => $repository_id));
break;
//------------------------------------
// BOOKMARK BAR
//------------------------------------
//------------------------------------
// BOOKMARK BAR
//------------------------------------
case "get_bookmarks":
$bmUser = null;
if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$bmUser = AuthService::getLoggedUser();
} else {
if (!AuthService::usersEnabled()) {
$confStorage = ConfService::getConfStorageImpl();
$bmUser = $confStorage->createUserObject("shared");
}
}
if ($bmUser == null) {
exit(1);
}
if (isset($_GET["bm_action"]) && isset($_GET["bm_path"])) {
if ($_GET["bm_action"] == "add_bookmark") {
$title = "";
if (isset($_GET["title"])) {
$title = $_GET["title"];
}
if ($title == "" && $_GET["bm_path"] == "/") {
$title = ConfService::getCurrentRootDirDisplay();
}
$bmUser->addBookMark($_GET["bm_path"], $title);
} else {
if ($_GET["bm_action"] == "delete_bookmark") {
$bmUser->removeBookmark($_GET["bm_path"]);
} else {
if ($_GET["bm_action"] == "rename_bookmark" && isset($_GET["bm_title"])) {
$bmUser->renameBookmark($_GET["bm_path"], $_GET["bm_title"]);
}
}
}
}
if (AuthService::usersEnabled() && AuthService::getLoggedUser() != null) {
$bmUser->save();
AuthService::updateUser($bmUser);
} else {
if (!AuthService::usersEnabled()) {
$bmUser->save();
}
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::writeBookmarks($bmUser->getBookmarks());
AJXP_XMLWriter::close();
exit(1);
break;
//------------------------------------
// SAVE USER PREFERENCE
//------------------------------------
//------------------------------------
// SAVE USER PREFERENCE
//------------------------------------
case "save_user_pref":
$userObject = AuthService::getLoggedUser();
if ($userObject == null) {
exit(1);
}
$i = 0;
while (isset($_GET["pref_name_" . $i]) && isset($_GET["pref_value_" . $i])) {
$prefName = $_GET["pref_name_" . $i];
$prefValue = stripslashes($_GET["pref_value_" . $i]);
if ($prefName != "password") {
$userObject->setPref($prefName, $prefValue);
$userObject->save();
AuthService::updateUser($userObject);
setcookie("AJXP_{$prefName}", $prefValue);
} else {
if (isset($_GET["crt"]) && AuthService::checkPassword($userObject->getId(), $_GET["crt"], false, $_GET["pass_seed"])) {
AuthService::updatePassword($userObject->getId(), $prefValue);
} else {
//$errorMessage = "Wrong password!";
header("Content-Type:text/plain");
print "PASS_ERROR";
exit(1);
}
}
$i++;
}
header("Content-Type:text/plain");
print "SUCCESS";
exit(1);
break;
default:
break;
}
if (isset($logMessage) || isset($errorMessage)) {
$xmlBuffer .= AJXP_XMLWriter::sendMessage(isset($logMessage) ? $logMessage : null, isset($errorMessage) ? $errorMessage : null, false);
}
if (isset($requireAuth)) {
$xmlBuffer .= AJXP_XMLWriter::requireAuth(false);
}
return $xmlBuffer;
}
