Ejemplo n.º 1
0
if ($parms->getParm('add') == 'stage2') {
    // gets user object based on username
    $user = $kdb->getUserUsername($parms->getParm('username'));
    // check we got a user back
    if ($user == null) {
        if ($debug) {
            print "User doesn't exist " . $parms->getParm('username') . "\n";
        }
        loginFail();
    }
    // Get username and password and check - first check shouldn't hit but additional check
    if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) {
        if ($debug) {
            print "Login failure user: "******" password: "******" \n";
        }
        loginFail();
    }
    // check we have sufficient permission - ie. admin
    if (!$user->isAdmin()) {
        noPermission();
    }
    // If we get here we are logged in so can add entry
    if ($debug) {
        print "Login successful " . $user->getUsername() . " \n";
    }
    // create rule object with defaults - populate below
    $rule = new Rule();
    $siteentry = $kdb->getSiteSitename($parms->getParm('site'));
    // Does sitename exist - if not null already have an entry
    if ($siteentry != null) {
        // we need the siteid for the rules entry
Ejemplo n.º 2
0
    }
    // gets user object based on username
    $user = $kdb->getUserUsername($username);
    // check we got a user back
    if ($user == null) {
        if ($debug) {
            print "No matching user found\n";
        }
        loginFail('usernamepassword');
    }
    // Get username and password and check - first check shouldn't hit but additional check
    if ($user->getusername() != $username || md5($password) != $user->getPassword()) {
        if ($debug) {
            print "Login fail " . $user->getUsername() . "\n";
        }
        loginFail('usernamepassword');
    }
    /* don't need to be admin / supervisor - but normal user can only change password etc.*/
    // setup session
    $session->setUsername($username);
    $redirect = $parms->getParm('redirect');
    // if redirect blank then go to dashboard
    if ($redirect == '') {
        $redirect = "dashboard.php";
    }
    // redirect to page
    header("Location: " . $redirect);
} else {
    // Reach here then login details weren't provided - perhaps come direct to login page
    // url if not supplied will be empty - which we just forward on as empty ''
    $redirect = $parms->getParm('redirect');
Ejemplo n.º 3
0
     loginFail('usernamepassword');
 }
 // check we have sufficient permission - ie. supervisor
 if (!$user->isSupervisor()) {
     noPermission();
 }
 // check permission (only tested for int - so need to check it's between 1 (no point in 0) and 9
 // we don't check this until after checking supervisor - must be valid login from admin first
 // don't allow upgrade to 10
 $permission_req = $parms->getParm('allowlevel');
 if ($permission_req < 1 || $permission_req > 9) {
     noPermission();
 }
 // duration = time to login relative time entry (eg. 2 hours) - do allow login a computer forever, but not through this page
 if ($parms->getParm('timeallowed') == '') {
     loginFail('Invalid login duration');
 }
 $loginexpirytime = strtotime($parms->getParm('timeallowed'));
 // Note that duration is set to maximum of the admin user rather than the regular user
 // We don't neccessarily know who the other user is to be able to apply specific user details in any meaningful way
 // check duration against maximum permitted for this user
 if ($user->getLoginexpiry() != 0) {
     // if login is more than this user is allowed then we set to the admin user's max
     if ($loginexpirytime > time() + $user->getLoginexpiry()) {
         $loginexpirytime = time() + $user->getLoginexpiry();
     }
 }
 // Get IP address from the server - which means they must have excluded proxy for local access
 // can't neccessarily trust user provided ip address, although perhaps in future may need to add option to get address from user in case they can't exclude proxy (eg. Midori)
 $ipaddress = $_SERVER['REMOTE_ADDR'];
 // check this isn't the local ip address on the