<?php
//Controller for log out
require_once 'functions/session.php';
// Controller Enter point
if (!empty($_GET['lo'])) {
if ($_GET['lo'] === 'yes') {
$a = log_out();
// $a in succes is true
}
}
header('Location: index.php');
} else {
$ccar_to_treat = "go_home";
}
// Appel de la fonction associée à la demande
switch ($ccar_to_treat) {
case "go_home":
about_ppr();
break;
case "display_nouvelingenieur":
about_nouvelingenieur();
break;
case "login":
log_in();
break;
case "logout":
log_out();
break;
case "create_account":
create_account();
break;
case "confirm_subscribe":
validate_account();
break;
case "change_pass":
change_password(false);
break;
case "lost_ids":
change_password(true);
break;
case "delete_account":
if (isset($_SESSION["delete_account_state"]) && $_SESSION["delete_account_state"] == "display") {
function logged_in()
{
if (!session_id()) {
session_start();
}
$guest = \ui\config('auth_guest');
$timestamp = 0;
if (isset($_SESSION[IID . '_login_key']) && isset($_SESSION[IID . '_login_time']) && isset($_SESSION[IID . '_login_email'])) {
$timestamp = $_SESSION[IID . '_login_time'];
$email = $_SESSION[IID . '_login_email'];
$key = $_SESSION[IID . '_login_key'];
} elseif (isset($_COOKIE[IID . '_login_key']) && isset($_COOKIE[IID . '_login_time']) && isset($_COOKIE[IID . '_login_email'])) {
$timestamp = $_COOKIE[IID . '_login_time'];
$email = $_COOKIE[IID . '_login_email'];
$key = $_COOKIE[IID . '_login_key'];
} else {
log_out();
return $guest;
}
\ui\db\select(\ui\config('auth_table'), array('*'), "WHERE email='" . \ui\db\escape($email) . "' LIMIT 1");
$user = \ui\db\assoc();
if (!$user) {
//The user doesent exist. See if it is the hardcoded admin
$admin = \ui\config('auth_admin');
if ($email === $admin['email']) {
$user = $admin;
$user['password'] = pass($admin['password'], substr(\ui\config('salt'), 0, 8));
}
}
if ($user) {
$key1 = make_key($user['email'], $user['password'], $timestamp);
if ($key === $key1) {
return $user;
}
}
log_out();
return $guest;
}
function log_in($name, $pass, $remember = true)
{
$users = \ui\config('auth2_users');
if (!isset($users[$name])) {
log_out();
return false;
}
$actual_pass = $users[$name]['password'];
if ($pass !== $actual_pass) {
\ui\log('FAILED LOGIN ATTEMPT FROM ' . $_SERVER['REMOTE_ADDR']);
log_out();
return false;
}
if (!session_id()) {
session_start();
}
session_regenerate_id();
$timestamp = time();
$_SESSION[IID . '_login2_time'] = $timestamp;
$_SESSION[IID . '_login2_user'] = $name;
$_SESSION[IID . '_login2_key'] = make_key($name, $actual_pass, $timestamp);
if ($remember) {
setcookie(IID . '_login2_key', $_SESSION[IID . '_login2_key'], $timestamp + 3600 * 24 * 30, '/');
setcookie(IID . '_login2_user', $_SESSION[IID . '_login2_user'], $timestamp + 3600 * 24 * 30, '/');
setcookie(IID . '_login2_time', $timestamp, time() + 3600 * 24 * 30, '/');
}
return true;
}
}
} else {
if ($settings['temp_block_ip_after_repeated_failed_logins'] == 1) {
count_failed_logins();
}
setcookie($settings['session_prefix'] . 'auto_login', '', 0);
}
} else {
if ($settings['temp_block_ip_after_repeated_failed_logins'] == 1) {
count_failed_logins();
}
setcookie($settings['session_prefix'] . 'auto_login', '', 0);
}
break;
case "logout":
log_out($_SESSION[$settings['session_prefix'] . 'user_id']);
header("location: index.php");
exit;
break;
case "pw_forgotten_submitted":
if (trim($_POST['pwf_email']) == '') {
$error = true;
}
if (empty($error)) {
$pwf_result = @mysql_query("SELECT user_id, user_name, user_email FROM " . $db_settings['userdata_table'] . " WHERE user_email = '" . mysql_real_escape_string($_POST['pwf_email']) . "' LIMIT 1", $connid) or raise_error('database_error', mysql_error());
if (mysql_num_rows($pwf_result) != 1) {
$error = true;
} else {
$field = mysql_fetch_array($pwf_result);
}
mysql_free_result($pwf_result);
/**
* log out method
*/
public function logout()
{
log_out();
redirect(base_url());
}
include_once "script_php/pages_secondlevel/accounts.php";
include_once "script_php/pages_secondlevel/posts.php";
include_once "script_php/pages_secondlevel/comments.php";
include_once "script_php/pages_secondlevel/tool.php";
/********************************************************************************************************************************/
// Sont appelées ici toutes les fonctions qui ne sont exécutées que de manière "transitoire" avant un retour sur une autre page //
/********************************************************************************************************************************/
$treat_post = true;
if (isset($_GET["action"]) && is_string($_GET["action"])) {
$ccar_to_treat = htmlentities($_GET["action"]);
switch ($ccar_to_treat) {
case "logout":
$treat_post = false;
if (is_logged()) {
header('Location:index.php?action=logout');
log_out(1);
}
break;
case "moderation":
$treat_post = false;
moderate_post();
header('Location:index.php?action=display_post');
break;
case "anonymization":
$treat_post = false;
change_post_confidentiality_status();
header('Location:index.php?action=display_post');
break;
case "vote_post":
$treat_post = false;
vote_post();
<?php
include "../config.php";
include "../core.php";
$postdata = json_decode(file_get_contents('php://input'));
$action = $postdata->action;
switch ($action) {
case "logIn":
log_in($postdata);
break;
case "logOut":
log_out($postdata);
break;
case "changePassword":
change_password($postdata);
break;
case "remindPassword":
remind_password($postdata);
break;
}
function log_in($postdata)
{
global $db_host;
global $db_name;
global $db_user;
global $db_password;
$username = $postdata->data->username;
$password = $postdata->data->password;
$user_permissions = array();
$result = new stdClass();
/* Подключение к БД */
}
if (isset($user_agents) && trim($user_agents) != '') {
$banned_user_agents_array = explode(',', trim($user_agents));
foreach ($banned_user_agents_array as $banned_user_agent) {
if ($banned_user_agent != '' && preg_match("/" . $banned_user_agent . "/i", $_SERVER['HTTP_USER_AGENT'])) {
raise_error('403');
}
}
}
// look if user blocked:
if (isset($_SESSION[$settings['session_prefix'] . 'user_id'])) {
$block_result = mysql_query("SELECT user_lock FROM " . $db_settings['userdata_table'] . " WHERE user_id = " . intval($_SESSION[$settings['session_prefix'] . 'user_id']) . " LIMIT 1", $connid) or raise_error('database_error', mysql_error());
$data = mysql_fetch_array($block_result);
mysql_free_result($block_result);
if ($data['user_lock'] == 1) {
log_out($_SESSION[$settings['session_prefix'] . 'user_id'], 'account_locked');
}
}
// user settings:
if (isset($_COOKIE[$settings['session_prefix'] . 'usersettings'])) {
$usersettings_cookie = explode('.', $_COOKIE[$settings['session_prefix'] . 'usersettings']);
}
// visited postings:
if (isset($_COOKIE[$settings['session_prefix'] . 'visited'])) {
$visited = explode('.', $_COOKIE[$settings['session_prefix'] . 'visited']);
}
if (empty($_SESSION[$settings['session_prefix'] . 'usersettings'])) {
#$usersettings['view'] = $settings['default_view'];
if (isset($usersettings_cookie[0])) {
$usersettings['user_view'] = intval($usersettings_cookie[0]);
} else {