Ejemplo n.º 1
0
 /**
  * @ignore
  * @ajax
  */
 public function POST()
 {
     if (isset($_SESSION["USR"])) {
         return "OK";
     }
     $Qa = "Authorization failed";
     $_USR = null;
     $USR_ = array("U" => true, "S" => true, "R" => true);
     $_PWD = null;
     $PWD_ = array("P" => true, "W" => true, "D" => true);
     $CRC = null;
     foreach ($_POST as $key => $val) {
         $sp = str_split($key);
         if ($this->match($sp, $USR_)) {
             if (strlen($val) == 32 && strlen($key) >= 5) {
                 $CRC = $key;
                 $_USR = $val;
             }
         }
         if ($this->match($sp, $PWD_)) {
             if (strlen($val) == 32 && !is_null($CRC)) {
                 $CRC .= $key;
                 $CRC = md5($CRC);
                 $_PWD = $val;
             }
         }
     }
     if (is_null($_USR) || is_null($_PWD) || sizeof($_COOKIE) == 0) {
         return $Qa;
     }
     if ($_COOKIE["CRC"] != $CRC) {
         return "Invalid CRC";
     }
     $c0 = DB::lookup("vfs", true);
     $r0 = $c0->executeQuery("SELECT v.*, p.NAME POSITION FROM vfs_users v LEFT JOIN vfs_positions p ON (v.ID_POSITION=p.ID_POSITION) WHERE v.BEGDA<=CURRENT_DATE AND v.BEGDA IS NOT NULL AND (v.ENDDA>=CURRENT_DATE OR v.ENDDA IS NULL) AND MD5(v.USR)='%s' AND v.PWD='%s'", $_USR, $_PWD);
     if ($r0->next()) {
         $SHR = $r0->getInt("SHR");
         if ($SHR >= 1) {
             $rc = ssn()->ch($r0->get("USR"));
             if ($rc > $SHR) {
                 die("This account already have a SESSION");
             }
         }
         $CHK = $r0->getInt("CHK");
         if ($CHK >= 1) {
             //
             // CHECK ADDR FROM CLIENTS TABLE
             //
         }
         $_SESSION["MOBILE"] = self::mobile();
         /*$_SESSION["BUS_AREA"] = $r0->get("BUS_AREA");
           $_SESSION["COST_CTR"] = $r0->get("COST_CTR");
           $_SESSION["PRFT_CTR"] = $r0->get("PRFT_CTR");*/
         $_SESSION["EXP"] = false;
         if ($r0->get("EXP")) {
             $time = strtotime($r0->get("EXP"));
             $_now = time();
             if ($time <= $_now) {
                 $_SESSION["EXP"] = true;
             }
             $_SESSION["ELAPSED"] = ceil(($time - $_now) / (60 * 60 * 24));
         }
         $this->createNamespace($r0->get("USR"), $r0->get("NAME"), $r0->get("AREA"), $r0->get("AREA_SUB"), $r0->get("POSITION"));
         if ($r0->get("DEF")) {
             if ($_SESSION["EXP"]) {
                 req()->context = $_SESSION["CTX"] = "vfs";
             } else {
                 if (isset($_SESSION["context"][$r0->get("DEF")])) {
                     req()->context = $_SESSION["CTX"] = $r0->get("DEF");
                 }
             }
         }
         session_regenerate_id();
         $Qa = "OK";
     }
     return $Qa;
 }
Ejemplo n.º 2
0
 function sync_user()
 {
     $rb_mod_list = !($this->users_opt & 524288) && ($is_mod = q_singleval("SELECT id FROM phpgw_fud_mod WHERE user_id={$this->id}")) && q_singleval("SELECT alias FROM phpgw_fud_users WHERE id={$this->id}") == $this->alias;
     q("UPDATE phpgw_fud_users SET " . $passwd . "\n\t\t\ticq=" . in($this->icq) . ",\n\t\t\taim=" . ssn(urlencode($this->aim)) . ",\n\t\t\tyahoo=" . ssn(urlencode($this->yahoo)) . ",\n\t\t\tmsnm=" . ssn(urlencode($this->msnm)) . ",\n\t\t\tjabber=" . ssn(htmlspecialchars($this->jabber)) . ",\n\t\t\taffero=" . ssn(urlencode($this->affero)) . ",\n\t\t\tposts_ppg='" . iz($this->posts_ppg) . "',\n\t\t\ttime_zone='" . addslashes($this->time_zone) . "',\n\t\t\tbday=" . iz($this->bday) . ",\n\t\t\tuser_image=" . ssn(htmlspecialchars($this->user_image)) . ",\n\t\t\tlocation=" . ssn(htmlspecialchars($this->location)) . ",\n\t\t\toccupation=" . ssn(htmlspecialchars($this->occupation)) . ",\n\t\t\tinterests=" . ssn(htmlspecialchars($this->interests)) . ",\n\t\t\tavatar=" . iz($this->avatar) . ",\n\t\t\ttheme=" . iz($this->theme) . ",\n\t\t\tavatar_loc=" . ssn($this->avatar_loc) . ",\n\t\t\tsig=" . ssn($this->sig) . ",\n\t\t\thome_page=" . ssn(htmlspecialchars($this->home_page)) . ",\n\t\t\tbio=" . ssn($this->bio) . ",\n\t\t\tusers_opt=" . $this->users_opt . "\n\t\tWHERE id=" . $this->id);
     if ($rb_mod_list) {
         rebuildmodlist();
     }
 }
Ejemplo n.º 3
0
$p = strpos(REQUEST_URI, "?");
$q = $p > 0 ? substr(REQUEST_URI, 0, $p) : REQUEST_URI;
$u = trim($q, FILE_SEPARATOR);
if (!empty($u)) {
    if (substr($q, -1) == FILE_SEPARATOR || strpos($u, FILE_SEPARATOR) === false) {
        $u .= "/HEAD";
    }
    $p = strrpos($u, FILE_SEPARATOR);
    $methodName = substr($u, $p + 1);
    $className = substr($u, 0, $p);
}
$req = req();
$chk = $req->ajax() ? false : REQUEST_METHOD == "POST";
$inc = false;
try {
    ssn()->initialize();
    if (isset($_SESSION["EXP"]) && $_SESSION["EXP"] === true) {
        $req->context = $_SESSION["CTX"];
    } else {
        if (empty($req->context)) {
            $req->context = isset($_SESSION["CTX"]) ? $_SESSION["CTX"] : "vfs";
        } else {
            if (!ctype_alnum($req->context)) {
                throw new Exception($inf->resourceNotFound($req->context));
            }
        }
    }
    $serv = Service::get($className, $methodName);
    if (!$serv->noted($inf->service) && !$serv->noted($inf->secure_service)) {
        throw new Exception($inf->resourceNotFound($className));
    }