Beispiel #1
0
    exit;
}
if (!$APP['db']->connected) {
    echo "ERROR: Not connected to database.";
    exit;
}
$u = false;
global $u;
$GLOBALS['u'] = $u;
$APP['u'] = $u;
if (isset($_COOKIE["hisdata"])) {
    $cookie_data = $_COOKIE['hisdata'];
    $cookie_data = explode(":", $cookie_data);
    $cookie_user = $cookie_data[0];
    $cookie_pass = $cookie_data[1];
    $u = new user_user_name();
    $u->get_from_hashrange($cookie_user);
    if ($u->user_name != "undefined") {
        if ($u->pw != $cookie_pass) {
            $u = false;
        }
    }
} else {
    if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
        // UID + Secret
        $u = new user_id_user();
        $u->get_from_hashrange($_SERVER['PHP_AUTH_USER']);
        if ($u->user_name != "undefined") {
            if ($u->secret != $_SERVER['PHP_AUTH_PW']) {
                $u = false;
            }
Beispiel #2
0
 // open settings file
 $settings_file = $BIN_DIR . $PATH_SEPERATOR . "his-config.php";
 if (!file_exists($settings_file)) {
     include "existsmessage.php";
     exit;
 } else {
     include_once $settings_file;
 }
 if (!$APP['db']->connected) {
     include "existsmessage.php";
     exit;
 }
 $pre_hash = $settings['salt1']['@attributes']['value'] . $_POST['pwd'] . $_POST['log'] . $settings['salt2']['@attributes']['value'];
 $login_hash = sha1($pre_hash);
 $_POST['log'] = str_replace(":", "", $_POST['log']);
 $user_login = new user_user_name();
 //$user_login->obj_debug=true;
 $user_login->get_from_hashrange($_POST['log']);
 $db_user_pw_hash = "";
 if ($user_login->id_user != "undefined") {
     $db_user_pw_hash = $user_login->pw;
 }
 //echo ($login_hash ."    ===    ".$db_user_pw_hash);
 if ($login_hash == $db_user_pw_hash && strlen($db_user_pw_hash) > 0) {
     $expire = time() + 60 * 60 * 2;
     // 2 hrs
     if (isset($_POST['rememberme'])) {
         if ($_POST['rememberme'] == "forever") {
             $expire = time() + 60 * 60 * 24 * 7;
             // 1 week
         }
Beispiel #3
0
                $PAGE->body = $PAGE->body . "<input type='hidden' name='" . htmlspecialchars($PK, ENT_NOQUOTES) . "' value='" . htmlspecialchars($PV, ENT_NOQUOTES) . "'/>";
            }
        }
        $PAGE->body = $PAGE->body . "</p>";
        $content = "";
        //$content=ob_get_clean();
        //ob_end_flush();
        $PAGE->hide_back = true;
        echo $PAGE->content();
        echo "<script>\nfunction WindowLoad(event) {\n    document.getElementById('btnSubmit').disabled=true;\n    setTimeout('document.forms[0].submit()',1000);\n}\n\nif (window.addEventListener) { // Mozilla, Netscape, Firefox\n    window.addEventListener('load', WindowLoad, false);\n} else if (window.attachEvent) { // IE\n    window.attachEvent('onload', WindowLoad);\n}\n\n</script>";
        exit;
    }
}
if (isset($_GET['page'])) {
    if ($_GET['page'] == $last_step_of_library_installation + 1 && $DB_CONNECT && $FS_CONNECT && file_exists($BIN_DIR . $PATH_SEPERATOR . "his-config.php")) {
        $check_user = new user_user_name();
        $check_user->get_from_hashrange($_POST['user_name']);
        $pw = sha1($settings['salt1']['@attributes']['value'] . $_POST['admin_password'] . $_POST['user_name'] . $settings['salt2']['@attributes']['value']);
        if ($check_user->pw != $pw) {
            exit;
        }
        $PAGE = new SetupPage($_GET['page']);
        $PAGE->title = "<p>";
        $PAGE->title = $PAGE->title . getTranslation("Setup complete.", $settings);
        $PAGE->body = $PAGE->body . "</p>";
        $PAGE->body = $PAGE->body . "<table width='100%'><tr><td width='50%' valign='top'><p>";
        $PAGE->body = $PAGE->body . getTranslation("Setup was successful.  Click ", $settings);
        $PAGE->body = $PAGE->body . " <a href='index.php?v=login'>";
        $PAGE->body = $PAGE->body . getTranslation("here", $settings);
        $PAGE->body = $PAGE->body . "</a> ";
        $PAGE->body = $PAGE->body . getTranslation(" to login to HIS.", $settings);