function login()
{
$login = db_escape_string($_REQUEST["user"]);
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) {
$login = "******";
}
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '******'");
if (db_num_rows($result) != 0) {
$uid = db_fetch_result($result, 0, "id");
} else {
$uid = 0;
}
if (!$uid) {
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
return;
}
if (get_pref($this->link, "ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($this->link, $login, $password)) {
// try login with normal password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL));
} else {
if (authenticate_user($this->link, $login, $password_base64)) {
// else try with base64_decoded password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL));
} else {
// else we are not logged in
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
}
} else {
print $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
}
}
private function auth($username, $password)
{
global $config;
$login_ok = false;
if (!empty($username) && !empty($password)) {
$attributes = array();
$authcfg = auth_get_authserver($config['system']['webgui']['authmode']);
if (authenticate_user($username, $password, $authcfg, $attributes) || authenticate_user($username, $password)) {
$login_ok = true;
}
}
if (!$login_ok) {
log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr);
require_once "XML/RPC2/Exception.php";
throw new XML_RPC2_FaultException(gettext('Authentication failed: Invalid username or password'), -1);
}
$user_entry = getUserEntry($username);
/*
* admin (uid = 0) is allowed
* or regular user with necessary privilege
*/
if (isset($user_entry['uid']) && $user_entry['uid'] != '0' && !userHasPrivilege($user_entry, 'system-xmlrpc-ha-sync')) {
log_auth("webConfigurator authentication error for '" . $username . "' from " . $this->remote_addr . " not enough privileges");
require_once "XML/RPC2/Exception.php";
throw new XML_RPC2_FaultException(gettext('Authentication failed: not enough privileges'), -2);
}
return;
}
function before($route = array())
{
#print_r($route); exit;
#inspect the $route array, looking at various options that may have been passed in
if (@$route['options']['authenticate']) {
authenticate_user() or halt("Access denied");
}
if (@$route['options']['validation_function']) {
call_if_exists($route['options']['validation_function'], params()) or halt("Woops! Params did not pass validation");
}
}
/**
* do a basic authentication, uses $_SERVER['HTTP_AUTHORIZATION'] to validate user.
* @param $http_auth_header http_authorization header content
* @return bool
*/
function http_basic_auth($http_auth_header)
{
$tags = explode(" ", $http_auth_header);
if (count($tags) >= 2) {
$userinfo = explode(":", base64_decode($tags[1]));
if (count($userinfo) >= 2) {
return authenticate_user($userinfo[0], $userinfo[1]);
}
}
// not authenticated
return false;
}
function login()
{
@session_destroy();
@session_start();
$login = $this->dbh->escape_string($_REQUEST["user"]);
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) {
$login = "******";
}
$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '******'");
if ($this->dbh->num_rows($result) != 0) {
$uid = $this->dbh->fetch_result($result, 0, "id");
} else {
$uid = 0;
}
if (!$uid) {
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
return;
}
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($login, $password)) {
// try login with normal password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL));
} else {
if (authenticate_user($login, $password_base64)) {
// else try with base64_decoded password
$this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL));
} else {
// else we are not logged in
user_error("Failed login attempt for {$login} from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
}
} else {
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
}
}
/** function used to change the password for the customer portal
* @param array $input_array - array which contains the following values
=> int $id - customer id
int $sessionid - session id
string $username - customer name
string $password - new password to change
* return array $list - returns array with all the customer details
*/
function change_password($input_array)
{
global $adb, $log;
$log->debug("Entering customer portal function change_password");
$adb->println($input_array);
$id = (int) $input_array['id'];
$sessionid = $input_array['sessionid'];
$username = $input_array['username'];
$password = $input_array['password'];
$version = $input_array['version'];
if (!validateSession($id, $sessionid)) {
return null;
}
$list = authenticate_user($username, $password, $version, 'false');
if (!empty($list[0]['id'])) {
return array('MORE_THAN_ONE_USER');
}
$sql = "update vtiger_portalinfo set user_password=? where id=? and user_name=?";
$result = $adb->pquery($sql, array($password, $id, $username));
$log->debug("Exiting customer portal function change_password");
return $list;
}
function get_templates($r)
{
xml_start_tag("get_templates");
$app_name = (string) $r->app_name;
if ($app_name) {
$app = get_submit_app($app_name);
} else {
$job_name = (string) $r->job_name;
$wu = get_wu($job_name);
$app = BoincApp::lookup_id($wu->appid);
}
list($user, $user_submit) = authenticate_user($r, $app);
$in = file_get_contents(project_dir() . "/templates/" . $app->name . "_in");
$out = file_get_contents(project_dir() . "/templates/" . $app->name . "_out");
if ($in === false || $out === false) {
xml_error(-1, "template file missing");
}
echo "<templates>\n{$in}\n{$out}\n</templates>\n </get_templates>\n ";
}
case "delete-connection":
$ids = db_escape_string($_REQUEST["ids"]);
db_query($link, "DELETE FROM ttirc_connections WHERE\n\t\t\tid IN ({$ids}) AND status = 0 AND owner_uid = " . $_SESSION["uid"]);
print_connections($link);
break;
case "create-connection":
$title = db_escape_string(trim($_REQUEST["title"]));
if ($title) {
db_query($link, "INSERT INTO ttirc_connections (enabled, title, owner_uid)\n\t\t\t\tVALUES ('false', '{$title}', '" . $_SESSION["uid"] . "')");
}
print_connections($link);
break;
case "fetch-profiles":
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($link, $login, $password)) {
$result = db_query($link, "SELECT * FROM ttirc_settings_profiles\n\t\t\t\t\tWHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
print "<select style='width: 100%' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) {
$id = $line["id"];
$title = $line["title"];
print "<option value='{$id}'>{$title}</option>";
}
print "</select>";
$_SESSION = array();
}
break;
case "toggle-connection":
$connection_id = (int) db_escape_string($_REQUEST["connection_id"]);
$status = bool_to_sql_bool(db_escape_string($_REQUEST["set_enabled"]));
?>
</div>
<div class="button">
<p><a href ="user.php">Member Area</a></p>
</div>
<div class="button">
<p><a href ="admin.php">Admin Area</a></p>
</div>
</header>
<?php
// Authenticate user
authenticate_user(100);
?>
<article style="color:#FFFFFF;">
<p>
<!-- <center><img src="logo_big.png"></center> Insert Main Logo here -->
<hr/>
<center><h1>Member Area</h1></center>
<hr/>
<p>
<div class="box">
<p>
Hello, user! Welcome to the user area of this site.
</p>
</div>
##|-PRIV
require "guiconfig.inc";
require_once "radius.inc";
if ($_POST) {
$pconfig = $_POST;
unset($input_errors);
$authcfg = auth_get_authserver($_POST['authmode']);
if (!$authcfg) {
$input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server");
}
if (empty($_POST['username']) || empty($_POST['password'])) {
$input_errors[] = gettext("A username and password must be specified.");
}
if (!$input_errors) {
$attributes = array();
if (authenticate_user($_POST['username'], $_POST['password'], $authcfg, $attributes)) {
$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
$groups = getUserGroups($_POST['username'], $authcfg, $attributes);
$savemsg .= " " . gettext("This user is a member of groups") . ": <br />";
$savemsg .= "<ul>";
foreach ($groups as $group) {
$savemsg .= "<li>" . "{$group} " . "</li>";
}
$savemsg .= "</ul>";
} else {
$input_errors[] = gettext("Authentication failed.");
}
}
} else {
if (isset($config['system']['webgui']['authmode'])) {
$pconfig['authmode'] = $config['system']['webgui']['authmode'];
// for($i=0;$i<sizeof($options);$i++):
// echo $options[$i];
// endfor;
// die();
$d = editSingleMultipleChoiceQuest($qID, $diff, $isMultiple, $quest, $correct, $options, $correctID, $optionalID);
echo $d;
// unset($_SESSION['optIDS']);
// unset($_SESSION['corrIDS']);
}
if (isset($_POST['loginPassword'])) {
if (!isset($_POST['loginUsername'])) {
echo "Please fill out the form!";
header("Location: ../HTML/login.php");
}
//Assign values to variables
$username = $_POST['loginUsername'];
$password = $_POST['loginPassword'];
$q = authenticate_user($username, $password);
// header("Location: ../HTML/login.php");
//Create our session variables that will be used for validation, etc.
$_SESSION['user_type'] = $q['user_type'];
$_SESSION['user_ID'] = $q['user_ID'];
$_SESSION['vKey'] = $q['vKey'];
header("Location: ../HTML/login.php");
}
//Delete multiple choice question
if (isset($_POST['delete_qID'])) {
$qID = $_POST['delete_qID'];
$q = deleteMultipleChoiceQuestion($qID);
echo $q;
}
syslog(LOG_WARNING, "Username does not match certificate common name ({$username} != {$common_name}), access denied.\n");
closelog();
exit(1);
}
if (!is_array($authmodes)) {
syslog(LOG_WARNING, "No authentication server has been selected to authenticate against. Denying authentication for user {$username}");
closelog();
exit(1);
}
$attributes = array();
foreach ($authmodes as $authmode) {
$authcfg = auth_get_authserver($authmode);
if (!$authcfg && $authmode != "local") {
continue;
}
$authenticated = authenticate_user($username, $password, $authcfg);
if ($authenticated == true) {
break;
}
}
if ($authenticated == false) {
syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n");
closelog();
exit(-1);
}
if (empty($common_name)) {
$common_name = getenv("common_name");
if (empty($common_name)) {
$common_name = getenv("username");
}
}
<?php
include 'system_load.php';
//Including this file we load system.
//user Authentication.
authenticate_user('admin');
//user level object
$new_userlevel = new Userlevel();
//installation form processing when submits.
if (isset($_POST['settings_submit']) && $_POST['settings_submit'] == 'Yes') {
//validation to check if fields are empty!
if ($_POST['site_url'] == '') {
$message = $language['site_url_empty'];
} else {
if ($_POST['email_from'] == '') {
$message = $language['email_from_required'];
} else {
if ($_POST['email_to'] == '') {
$message = $language['reply_cannot_empty'];
} else {
//adding site url
set_option('site_url', $_POST['site_url']);
set_option('site_name', $_POST['site_name']);
set_option('email_from', $_POST['email_from']);
set_option('email_to', $_POST['email_to']);
set_option('public_key', $_POST['public_key']);
set_option('private_key', $_POST['private_key']);
set_option('redirect_on_logout', $_POST['redirect_on_logout']);
set_option('language', $_POST['language']);
set_option('skin', $_POST['skin']);
set_option('maximum_login_attempts', $_POST['maximum_login_attempts']);
header("Location: index.php");
exit;
} else {
if ($_REQUEST['state'] == "login_screen") {
// LOGIN SCREEN
$smarty->display('header.tpl');
require 'src/login_screen.php';
$smarty->display('footer.tpl');
exit;
} else {
if ($_REQUEST['state'] == "login") {
// LOGIN
if (!isset($_REQUEST['mode'])) {
$auth = "FALSE";
if (isset($_REQUEST['email']) && isset($_REQUEST['password'])) {
$auth = authenticate_user($_REQUEST['email'], $_REQUEST['password']);
} else {
set_msg_err("Error: You must supply a username and password");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID);
exit;
}
if ($auth == "TRUE") {
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID . "&state=logged_in");
exit;
} else {
set_msg_err("Error signing on: incorrect email address or password<p><a href=" . $_SERVER['PHP_SELF'] . "?" . SID . "&state=help>forgot your password?</a>");
header("Location: " . $_SERVER['PHP_SELF'] . "?" . SID);
exit;
}
} else {
// Make sure they are logged in
require_once "config.php";
require_once "db.php";
require_once "db-prefs.php";
no_cache_incantation();
startup_gettext();
$script_started = getmicrotime();
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!init_connection($link)) {
return;
}
header("Content-Type: text/plain; charset=utf-8");
if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) {
ob_start("ob_gzhandler");
}
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
}
$purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old"));
$update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$update_methods = array(0 => __("Default"), 1 => __("Magpie"), 2 => __("SimplePie"));
if (DEFAULT_UPDATE_METHOD == "1") {
$update_methods[0] .= ' (SimplePie)';
} else {
$update_methods[0] .= ' (Magpie)';
}
$access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator"));
#$error = sanity_check($link);
#if ($error['code'] != 0 && $op != "logout") {
# print json_encode(array("error" => $error));
# return;
function login()
{
$_SESSION["prefs_cache"] = array();
if (!SINGLE_USER_MODE) {
$login = db_escape_string($_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if (authenticate_user($this->link, $login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version($this->link, true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = db_escape_string($_POST["profile"]);
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
$_SESSION["prefs_cache"] = array();
}
}
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
}
if ($_REQUEST['return']) {
header("Location: " . $_REQUEST['return']);
} else {
header("Location: " . SELF_URL_PATH);
}
}
}
require_once "sessions.php";
require_once "functions.php";
require_once "config.php";
require_once "db.php";
require_once "db-prefs.php";
startup_gettext();
$script_started = microtime(true);
if (!init_plugins()) {
return;
}
header("Content-Type: text/json; charset=utf-8");
if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) {
ob_start("ob_gzhandler");
}
if (SINGLE_USER_MODE) {
authenticate_user("admin", null);
}
if ($_SESSION["uid"]) {
if (!validate_session()) {
header("Content-Type: text/json");
print error_json(6);
return;
}
load_user_plugins($_SESSION["uid"]);
}
$purge_intervals = array(0 => __("Use default"), -1 => __("Never purge"), 5 => __("1 week old"), 14 => __("2 weeks old"), 31 => __("1 month old"), 60 => __("2 months old"), 90 => __("3 months old"));
$update_intervals = array(0 => __("Default interval"), -1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$update_intervals_nodefault = array(-1 => __("Disable updates"), 15 => __("Each 15 minutes"), 30 => __("Each 30 minutes"), 60 => __("Hourly"), 240 => __("Each 4 hours"), 720 => __("Each 12 hours"), 1440 => __("Daily"), 10080 => __("Weekly"));
$access_level_names = array(0 => __("User"), 5 => __("Power User"), 10 => __("Administrator"));
$op = str_replace("-", "_", $op);
$override = PluginHost::getInstance()->lookup_handler($op, $method);
function upload_files($r)
{
xml_start_tag("upload_files");
list($user, $user_submit) = authenticate_user($r, null);
$fanout = parse_config(get_config(), "<uldl_dir_fanout>");
$delete_time = (int) $r->delete_time;
$batch_id = (int) $r->batch_id;
//print_r($_FILES);
$i = 0;
foreach ($r->md5 as $f) {
$md5 = (string) $f;
$name = "file_{$i}";
$tmp_name = $_FILES[$name]['tmp_name'];
if (!is_uploaded_file($tmp_name)) {
xml_error(-1, "{$tmp_name} is not an uploaded file");
}
$fname = job_file_name($md5);
$path = dir_hier_path($fname, project_dir() . "/download", $fanout);
rename($tmp_name, $path);
$now = time();
$jf_id = BoincJobFile::insert("(md5, create_time, delete_time) values ('{$md5}', {$now}, {$delete_time})");
if (!$jf_id) {
xml_error(-1, "upload_files(): BoincJobFile::insert({$md5}) failed: " . BoincDb::error());
}
if ($batch_id) {
BoincBatchFileAssoc::insert("(batch_id, job_file_id) values ({$batch_id}, {$jf_id})");
}
$i++;
}
echo "<success/>\n </upload_files>\n ";
}
/** function used to change the password for the customer portal
* @param array $input_array - array which contains the following values
=> int $id - customer id
int $sessionid - session id
string $username - customer name
string $password - new password to change
* return array $list - returns array with all the customer details
*/
function change_password($input_array)
{
$adb = PearDatabase::getInstance();
$log = vglobal('log');
$log->debug("Entering customer portal function change_password");
$adb->println($input_array);
$id = (int) $input_array['id'];
$sessionid = $input_array['sessionid'];
$userName = $input_array['username'];
$old_password = $input_array['old_password'];
$newPassword = $input_array['new_password'];
$version = $input_array['version'];
if (!validateSession($id, $sessionid)) {
return null;
}
$list = authenticate_user($userName, $old_password, $version, 'false');
if (!empty($list[0]['id'])) {
$newPassword = CustomerPortalPassword::encryptPassword($newPassword, $userName);
$sql = "update vtiger_portalinfo set user_password=? where id=? and user_name=?";
$result = $adb->pquery($sql, array($newPassword, $id, $userName));
$list = array('LBL_PASSWORD_CHANGED');
}
$log->debug("Exiting customer portal function change_password");
return $list;
}
function login()
{
if (!SINGLE_USER_MODE) {
$login = $this->dbh->escape_string($_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if ($remember_me) {
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
} else {
session_set_cookie_params(0);
}
@session_start();
if (authenticate_user($login, $password)) {
$_POST["password"] = "";
if (get_schema_version() >= 120) {
$_SESSION["language"] = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
}
$_SESSION["ref_schema_version"] = get_schema_version(true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = $this->dbh->escape_string($_POST["profile"]);
$result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if ($this->dbh->num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
}
}
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
user_error("Failed login attempt from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
if ($_REQUEST['return']) {
header("Location: " . $_REQUEST['return']);
} else {
header("Location: " . SELF_URL_PATH);
}
}
}
function login_sequence($link, $login_form = 0)
{
$_SESSION["prefs_cache"] = false;
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
} else {
if (!$_SESSION["uid"] || !validate_session($link)) {
if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
} else {
authenticate_user($link, null, null, true);
}
if (!$_SESSION["uid"]) {
render_login_form($link, $login_form);
}
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
}
if ($_SESSION["uid"] && $_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME);
}
if ($_SESSION["uid"]) {
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
}
}
}
* OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*
*/
require_once "config.inc";
require_once "auth.inc";
openlog("squid", LOG_ODELAY, LOG_AUTH);
$f = fopen("php://stdin", "r");
while ($line = fgets($f)) {
$fields = explode(' ', trim($line));
$username = rawurldecode($fields[0]);
$password = rawurldecode($fields[1]);
if (authenticate_user($username, $password)) {
$user = getUserEntry($username);
if (is_array($user) && userHasPrivilege($user, "user-proxy-auth")) {
syslog(LOG_NOTICE, "user '{$username}' authenticated\n");
fwrite(STDOUT, "OK\n");
} else {
syslog(LOG_WARNING, "user '{$username}' cannot authenticate for squid because of missing user-proxy-auth role");
fwrite(STDOUT, "ERR\n");
}
} else {
syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n");
fwrite(STDOUT, "ERR\n");
}
}
closelog();
commented - show threads ordered by when they were first
commented, giving information about the original comment.
-----------------------------------------------------------------------------*/
define('LUNA_QUIET_VISIT', 1);
if (!defined('LUNA_ROOT')) {
define('LUNA_ROOT', dirname(__FILE__) . '/');
}
require LUNA_ROOT . 'include/common.php';
// The length at which thread subjects will be truncated (for HTML output)
if (!defined('LUNA_EXTERN_MAX_SUBJECT_LENGTH')) {
define('LUNA_EXTERN_MAX_SUBJECT_LENGTH', 30);
}
// If we're a guest and we've sent a username/pass, we can try to authenticate using those details
if ($luna_user['is_guest'] && isset($_SERVER['PHP_AUTH_USER'])) {
authenticate_user($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
}
if ($luna_user['g_read_board'] == '0') {
http_authenticate_user();
exit(__('You do not have permission to view this page.', 'luna'));
}
$action = isset($_GET['action']) ? strtolower($_GET['action']) : 'feed';
// Handle a couple old formats, from FluxBB 1.2
switch ($action) {
case 'active':
$action = 'feed';
$_GET['order'] = 'last_comment';
break;
case 'new':
$action = 'feed';
$_GET['order'] = 'commented';
?>
</div>
<div class="button">
<p><a href ="user.php">Member Area</a></p>
</div>
<div class="button">
<p><a href ="admin.php">Admin Area</a></p>
</div>
</header>
<?php
// Authenticate user
authenticate_user(900);
?>
<article style="color:#FFFFFF;">
<p>
<!-- <center><img src="logo_big.png"></center> Insert Main Logo here -->
<hr/>
<center><h1>Admin Lounge</h1></center>
<hr/>
<p>
<div class="box">
<p>
Hello, admin! Welcome to the elite admin area of the site, where no user peasants may roam.
</p>
</div>
function login_sequence()
{
if (SINGLE_USER_MODE) {
@session_start();
authenticate_user("admin", null);
startup_gettext();
load_user_plugins($_SESSION["uid"]);
} else {
if (!validate_session()) {
$_SESSION["uid"] = false;
}
if (!$_SESSION["uid"]) {
if (AUTH_AUTO_LOGIN && authenticate_user(null, null)) {
$_SESSION["ref_schema_version"] = get_schema_version(true);
} else {
authenticate_user(null, null, true);
}
if (!$_SESSION["uid"]) {
@session_destroy();
setcookie(session_name(), '', time() - 42000, '/');
render_login_form();
exit;
}
} else {
/* bump login timestamp */
db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
$_SESSION["last_login_update"] = time();
}
if ($_SESSION["uid"]) {
startup_gettext();
load_user_plugins($_SESSION["uid"]);
/* cleanup ccache */
db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feeds WHERE\n\t\t\t\t\t\t\tttrss_feeds.id = feed_id) = 0");
db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = " . $_SESSION["uid"] . " AND\n\t\t\t\t\t\t(SELECT COUNT(id) FROM ttrss_feed_categories WHERE\n\t\t\t\t\t\t\tttrss_feed_categories.id = feed_id) = 0");
}
}
}
function cookie_login(&$forum_user)
{
global $forum_db, $db_type, $forum_config, $cookie_name, $cookie_path, $cookie_domain, $cookie_secure, $forum_time_formats, $forum_date_formats;
$now = time();
$expire = $now + 1209600;
// The cookie expires after 14 days
// We assume it's a guest
$cookie = array('user_id' => 1, 'password_hash' => 'Guest', 'expiration_time' => 0, 'expire_hash' => 'Guest');
$return = ($hook = get_hook('fn_cookie_login_start')) ? eval($hook) : null;
if ($return != null) {
return;
}
// If a cookie is set, we get the user_id and password hash from it
if (!empty($_COOKIE[$cookie_name])) {
$cookie_data = explode('|', base64_decode($_COOKIE[$cookie_name]));
if (!empty($cookie_data) && count($cookie_data) == 4) {
list($cookie['user_id'], $cookie['password_hash'], $cookie['expiration_time'], $cookie['expire_hash']) = $cookie_data;
}
}
($hook = get_hook('fn_cookie_login_fetch_cookie')) ? eval($hook) : null;
// If this a cookie for a logged in user and it shouldn't have already expired
if (intval($cookie['user_id']) > 1 && intval($cookie['expiration_time']) > $now) {
authenticate_user(intval($cookie['user_id']), $cookie['password_hash'], true);
// We now validate the cookie hash
if ($cookie['expire_hash'] !== sha1($forum_user['salt'] . $forum_user['password'] . forum_hash(intval($cookie['expiration_time']), $forum_user['salt']))) {
set_default_user();
}
// If we got back the default user, the login failed
if ($forum_user['id'] == '1') {
forum_setcookie($cookie_name, base64_encode('1|' . random_key(8, false, true) . '|' . $expire . '|' . random_key(8, false, true)), $expire);
return;
}
// Send a new, updated cookie with a new expiration timestamp
$expire = intval($cookie['expiration_time']) > $now + $forum_config['o_timeout_visit'] ? $now + 1209600 : $now + $forum_config['o_timeout_visit'];
forum_setcookie($cookie_name, base64_encode($forum_user['id'] . '|' . $forum_user['password'] . '|' . $expire . '|' . sha1($forum_user['salt'] . $forum_user['password'] . forum_hash($expire, $forum_user['salt']))), $expire);
// Set a default language if the user selected language no longer exists
if (!file_exists(FORUM_ROOT . 'lang/' . $forum_user['language'] . '/common.php')) {
$forum_user['language'] = $forum_config['o_default_lang'];
}
// Set a default style if the user selected style no longer exists
if (!file_exists(FORUM_ROOT . 'style/' . $forum_user['style'] . '/' . $forum_user['style'] . '.php')) {
$forum_user['style'] = $forum_config['o_default_style'];
}
if (!$forum_user['disp_topics']) {
$forum_user['disp_topics'] = $forum_config['o_disp_topics_default'];
}
if (!$forum_user['disp_posts']) {
$forum_user['disp_posts'] = $forum_config['o_disp_posts_default'];
}
// Check user has a valid date and time format
if (!isset($forum_time_formats[$forum_user['time_format']])) {
$forum_user['time_format'] = 0;
}
if (!isset($forum_date_formats[$forum_user['date_format']])) {
$forum_user['date_format'] = 0;
}
// Define this if you want this visit to affect the online list and the users last visit data
if (!defined('FORUM_QUIET_VISIT')) {
// Update the online list
if (!$forum_user['logged']) {
$forum_user['logged'] = $now;
$forum_user['csrf_token'] = random_key(40, false, true);
$forum_user['prev_url'] = get_current_url(255);
// REPLACE INTO avoids a user having two rows in the online table
$query = array('REPLACE' => 'user_id, ident, logged, csrf_token', 'INTO' => 'online', 'VALUES' => $forum_user['id'] . ', \'' . $forum_db->escape($forum_user['username']) . '\', ' . $forum_user['logged'] . ', \'' . $forum_user['csrf_token'] . '\'', 'UNIQUE' => 'user_id=' . $forum_user['id']);
if ($forum_user['prev_url'] != null) {
$query['REPLACE'] .= ', prev_url';
$query['VALUES'] .= ', \'' . $forum_db->escape($forum_user['prev_url']) . '\'';
}
($hook = get_hook('fn_cookie_login_qr_add_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Reset tracked topics
set_tracked_topics(null);
} else {
// Special case: We've timed out, but no other user has browsed the forums since we timed out
if ($forum_user['logged'] < $now - $forum_config['o_timeout_visit']) {
$query = array('UPDATE' => 'users', 'SET' => 'last_visit=' . $forum_user['logged'], 'WHERE' => 'id=' . $forum_user['id']);
($hook = get_hook('fn_cookie_login_qr_update_user_visit')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
$forum_user['last_visit'] = $forum_user['logged'];
}
// Now update the logged time and save the current URL in the online list
$query = array('UPDATE' => 'online', 'SET' => 'logged=' . $now, 'WHERE' => 'user_id=' . $forum_user['id']);
$current_url = get_current_url(255);
if ($current_url != null) {
$query['SET'] .= ', prev_url=\'' . $forum_db->escape($current_url) . '\'';
}
if ($forum_user['idle'] == '1') {
$query['SET'] .= ', idle=0';
}
($hook = get_hook('fn_cookie_login_qr_update_online_user')) ? eval($hook) : null;
$forum_db->query_build($query) or error(__FILE__, __LINE__);
// Update tracked topics with the current expire time
if (isset($_COOKIE[$cookie_name . '_track'])) {
forum_setcookie($cookie_name . '_track', $_COOKIE[$cookie_name . '_track'], $now + $forum_config['o_timeout_visit']);
}
}
}
$forum_user['is_guest'] = false;
$forum_user['is_admmod'] = $forum_user['g_id'] == FORUM_ADMIN || $forum_user['g_moderator'] == '1';
} else {
set_default_user();
}
($hook = get_hook('fn_cookie_login_end')) ? eval($hook) : null;
}
function login_sequence($link, $mobile = false)
{
if (!SINGLE_USER_MODE) {
$login_action = $_POST["login_action"];
# try to authenticate user if called from login form
if ($login_action == "do_login") {
$login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if (authenticate_user($link, $login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version($link, true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = db_escape_string($_POST["profile"]);
$result = db_query($link, "SELECT id FROM ttrss_settings_profiles\n\t\t\t\t\t\t\tWHERE id = '{$profile}' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$_SESSION["profile"] = $profile;
$_SESSION["prefs_cache"] = array();
}
}
header("Location: " . $_SERVER["REQUEST_URI"]);
exit;
return;
} else {
$_SESSION["login_error_msg"] = __("Incorrect username or password");
}
}
if (!$_SESSION["uid"] || !validate_session($link)) {
render_login_form($link, $mobile);
//header("Location: login.php");
exit;
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]);
if ($_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
setcookie("ttrss_lang", $_SESSION["language"], time() + SESSION_COOKIE_LIFETIME);
}
/* bump counters stamp since we're getting reloaded anyway */
$_SESSION["get_all_counters_stamp"] = time();
}
} else {
return authenticate_user($link, "admin", null);
}
}
<?php
include 'system_load.php';
//This loads system.
//user Authentication.
authenticate_user('all');
//Delete note.
if (isset($_POST['delete_note']) && $_POST['delete_note'] != '') {
$message = $notes_obj->delete_note($_POST['delete_note']);
}
//delete ends here.
$page_title = $language["my_notes"];
//You can edit this to change your page title.
$sub_title = "Manage your notes.";
require_once "Includes/header.php";
//including header file.
//display message if exist.
if (isset($message) && $message != '') {
echo '<div class="alert alert-success">';
echo $message;
echo '</div>';
}
?>
<p>
<a href="manage_notes.php" class="btn btn-primary btn-default"><?php
echo $language["add_new"];
?>
</a>
</p>
<?php
$notes_obj->list_notes();
if (isset($_GET['username'])) {
echo "FAILED";
closelog();
return;
} else {
closelog();
return 1;
}
}
$attributes = array();
foreach ($authmodes as $authmode) {
$authcfg = auth_get_authserver($authmode);
if (!$authcfg && $authmode != "Local Database") {
continue;
}
$authenticated = authenticate_user($username, $password, $authcfg, $attributes);
if ($authenticated == true) {
break;
}
}
if ($authenticated == false) {
syslog(LOG_WARNING, "user '{$username}' could not authenticate.\n");
if (isset($_GET['username'])) {
echo "FAILED";
closelog();
return;
} else {
closelog();
return -1;
}
}
##|-PRIV
require "guiconfig.inc";
require_once "PEAR.inc";
require_once "radius.inc";
if ($_POST) {
$pconfig = $_POST;
unset($input_errors);
$authcfg = auth_get_authserver($_POST['authmode']);
if (!$authcfg) {
$input_errors[] = $_POST['authmode'] . " " . gettext("is not a valid authentication server");
}
if (empty($_POST['username']) || empty($_POST['password'])) {
$input_errors[] = gettext("A username and password must be specified.");
}
if (!$input_errors) {
if (authenticate_user($_POST['username'], $_POST['password'], $authcfg)) {
$savemsg = gettext("User") . ": " . $_POST['username'] . " " . gettext("authenticated successfully.");
$groups = getUserGroups($_POST['username'], $authcfg);
$savemsg .= "<br />" . gettext("This user is a member of these groups") . ": <br />";
foreach ($groups as $group) {
$savemsg .= "{$group} ";
}
} else {
$input_errors[] = gettext("Authentication failed.");
}
}
}
$pgtitle = array(gettext("Diagnostics"), gettext("Authentication"));
$shortcut_section = "authentication";
include "head.inc";
?>
