/** * Check if user is authorized * * * @return boolean true if access granted, false if no access */ function auth() { global $_CONF, $REMOTE_ADDR; $urlfor = 'advancededitor'; if (COM_isAnonUser()) { $urlfor = 'advancededitor' . md5($REMOTE_ADDR); } $cookiename = $_CONF['cookie_name'] . 'adveditor'; if (isset($_COOKIE[$cookiename])) { $token = $_COOKIE[$cookiename]; } else { $token = ''; } if (SEC_checkTokenGeneral($token, $urlfor)) { return true; } else { return false; } return false; }
COM_errorLog('received aid=' . $aid, 1); } // let's try to set the $_USER array $_USER = SESS_getUserDataFromId($uid); if (isset($_USER['error']) && $_USER['error'] == '1') { COM_errorLog('HTML5Upload: User identified by uid=' . $uid . ' not found.', 1); echo $LANG_MG01['swfupload_err_session']; exit(0); } elseif (!isset($_USER['uid']) || $_USER['uid'] < 2) { COM_errorLog('HTML5Upload: Anonymous upload rejection.', 1); echo 'Anonymous upload rejected'; exit(0); } // ok, we have a valid uid, but now check the token. if it is invalid, then // return the user to the swfupload page. if (!SEC_checkTokenGeneral($sid, 'html5upload')) { COM_errorLog('HTML5Upload: Invalid token=' . $sid . ' for uid=' . $uid, 1); echo "Session has expired, please reload the page"; exit(0); } // the upload is authenticated if ($_MG_CONF['verbose']) { COM_errorLog('The upload is authentic', 1); COM_errorLog('Retrieved ' . count($_USER) . ' user data values', 1); COM_errorLog('***Leaving HTML5Upload main()***', 1); } $_GROUPS = SEC_getUserGroups($_USER['uid']); $_RIGHTS = explode(',', SEC_getUserPermissions()); MG_initAlbums(); // now that we're sure we have the right user require_once $_CONF['path'] . 'plugins/mediagallery/include/lib-upload.php';
/** * Check remember me cookie * * Checks the long term cookie to determine if user can auto login. * * @return string userid or 0 if none found * */ function SESS_checkRememberMe() { global $_CONF, $_TABLES, $_USER, $_SYSTEM; $userid = 0; $request_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; if (isset($_COOKIE[$_CONF['cookie_name']])) { $userid = COM_applyFilter($_COOKIE[$_CONF['cookie_name']]); if (empty($userid) || $userid == 'deleted') { $userid = 0; } else { $userid = (int) COM_applyFilter($userid, true); $cookie_token = ''; if ($userid > 1) { $remote_ip = !empty($_SERVER['REMOTE_ADDR']) ? htmlspecialchars($_SERVER['REMOTE_ADDR']) : ''; $result = DB_query("SELECT remote_ip FROM {$_TABLES['users']} WHERE uid=" . (int) $userid, 1); $rip = DB_fetchArray($result); $server_ip = $rip['remote_ip']; $cookie_token = isset($_COOKIE[$_CONF['cookie_password']]) ? COM_applyFilter($_COOKIE[$_CONF['cookie_password']]) : ''; $remote_ip_array = explode('.', $remote_ip); $server_ip_array = explode('.', $request_ip); $ipmatch = false; $ipmatch = _ipCheck($server_ip, $remote_ip); } if (empty($cookie_token) || $ipmatch == false || !SEC_checkTokenGeneral($cookie_token, 'ltc', $userid)) { // Invalid remember settings - clear all the cookies $userid = 0; SEC_setcookie($_CONF['cookie_name'], '', time() - 3600, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); SEC_setcookie($_CONF['cookie_password'], '', time() - 3600, $_CONF['cookie_path'], $_CONF['cookiedomain'], $_CONF['cookiesecure'], true); } } } return $userid; }
function checkAccess($action) { global $_CONF, $_CK_CONF, $_USER, $REMOTE_ADDR; if (COM_isAnonUser()) { $uid = 1; } else { $uid = $_USER['uid']; } $urlfor = 'advancededitor'; if (COM_isAnonUser()) { $urlfor = 'advancededitor' . md5($REMOTE_ADDR); } $cookiename = $_CONF['cookie_name'] . 'adveditor'; if (isset($_COOKIE[$cookiename])) { $token = $_COOKIE[$cookiename]; } else { $token = ''; } if (!SEC_checkTokenGeneral($token, $urlfor)) { exit; } $urlparts = parse_url($_CONF['site_url']); if (isset($urlparts['path'])) { $relRoot = $urlparts['path']; $relRoot = trim($relRoot); if ($relRoot[strlen($relRoot) - 1] != '/') { $relRoot = $relRoot . '/'; } } else { $relRoot = '/'; } // removes the leading '/' $imagePath = substr($_CONF['path_images'], strlen($_CONF['path_html'])); $imagePath = rtrim($imagePath, '/\\'); if (SEC_inGroup('Root')) { $_SESSION['fileman_files_root'] = $relRoot . $imagePath; return true; } $userImagePath = $imagePath . '/library/Image'; $_SESSION['fileman_files_root'] = $relRoot . $userImagePath; if ($_CK_CONF['filemanager_per_user_dir']) { $filePath = $relRoot . $imagePath . '/library/userfiles/' . $uid; $_SESSION['fileman_files_root'] = $filePath; if (!is_dir($_CONF['path_html'] . $imagePath . '/library/userfiles/' . $uid)) { $rc = @mkdir($_CONF['path_html'] . $imagePath . '/library/userfiles/' . $uid, 0755, true); if ($rc === false) { $_CK_CONF['filemanager_per_user_dir'] = false; $_SESSION['fileman_files_root'] = $relRoot . $userImagePath; } } } // final security check on action if ($_CK_CONF['filemanager_per_user_dir'] == false) { switch ($action) { case 'DELETEDIR': case 'CREATEDIR': case 'RENAMEDIR': case 'RENAMEFILE': case 'DELETEFILE': exit; } } return true; }
if (isset($_COOKIE['token'])) { $token = COM_applyFilter($_COOKIE['token']); if ($message == '') { $message = $LANG20[8]; } } else { if ($message == '') { $message = $LANG20[9]; } $token = ''; } } } if ($_SYSTEM['admin_session'] != 0) { // validate admin token if (!SEC_checkTokenGeneral($token, 'administration')) { $method = ''; if (isset($_POST['token_requestmethod'])) { $method = COM_applyFilter($_POST['token_requestmethod']); } else { $method = strtoupper($_SERVER['REQUEST_METHOD']) == 'GET' ? 'GET' : 'POST'; } $postdata = ''; if (isset($_POST['token_postdata'])) { $postdata = urldecode($_POST['token_postdata']); } else { $postdata = serialize($_POST); } $getdata = ''; if (isset($_POST['token_getdata'])) { $getdata = urldecode($_POST['token_getdata']);