$cookie = 'Ji911kMeuw4='; cookieTime($cookie); $user = simple_decrypt($cookie); } if ($authName) { // user name submitted $ref = $_SERVER['HTTP_REFERER']; $users = $groups->xpath("//user/auth"); foreach ($users as $user0) { $userauth[simple_decrypt($user0->attributes()->cis)] = simple_decrypt($user0->attributes()->eml); } $eml = $userauth[$authName]; if (!$eml) { // no email decoded, valid user does not exist. setcookie('pageuser', ''); noauth('Error', 'No user found'); logger($authName . ' attempted, failed.'); exit; } // user found, send authCode require './lib/PHPMailerAutoload.php'; $key = substr(str_shuffle('ABCDEFGHJKLMNOPQRSTUVWXYZabcdefghijkmnopqrstuvwyxz'), 0, 4); // no upper "I" or lower "l" to avoid confusion. $mail = new PHPMailer(); $mail->isSendmail(); $mail->setFrom('*****@*****.**', 'Heart Center Paging'); $mail->addAddress($eml); $mail->Subject = 'Heart Center Paging [' . $key . ']'; $mail->isHTML(true); $mail->Body = 'On ' . date(DATE_RFC2822) . '<br>' . 'someone (hopefully you) requested access to edit user information.<br><br>' . 'The access token is: <h2><b>"' . $key . '"</b></h2><br>' . 'The code will self-destruct in 20 minutes.<br><br>' . 'Please act responsibly.<br><br>' . '<i>- The Management</i>'; if (!$mail->send()) {
$parts = pathinfo(urldecode($fn)); $pwd = $parts['dirname']; $file = $parts['basename']; $user = $_SERVER['PHP_AUTH_USER']; $passwd = $_SERVER['PHP_AUTH_PW']; // Create vfs object - also connects $wvfs = eval('return new oliver_vfs_' . $conf['vfstype'] . '($conf);'); $conn_id = $wvfs->cid; // Try a login if (!($user && $passwd) || !$pwd || !$file) { noauth('Please supply a username and password'); } $login_result = $wvfs->login($user, $passwd); // Could we connect ? if (!$conn_id || !$login_result) { noauth("That username/password did not allow access. Please try again."); } $pwd = $pwd; $wvfs->chdir($pwd); $local_file = tempnam('ftp_cache', 'TMPODL'); $mimetype = 'application/force-download'; $wvfs->showFile($file, $mimetype, $local_file); exit; function noauth($reason) { global $conf; header('WWW-authenticate: basic realm="' . $conf['app_title'] . '"'); header('HTTP/1.0 401 Unauthorized'); ?> <html> <head>