static function process_login($username, $password = "") { $id = session_id(); if (!APC_SESSION and $id and (empty($_SESSION["username"]) or $_SESSION["username"] != $username)) { $row = db_select_first("simple_sys_session", array("id", "data", "expiry"), "username=@username@", "lastmodified desc", array("username" => $username)); if (!empty($row["id"])) { $_SESSION = array(); session_decode(rawurldecode($row["data"])); if ($row["expiry"] < NOW) { db_delete("simple_sys_session", array("id=@id@"), array("id" => $row["id"])); } } if (!db_count("simple_sys_session", array("id=@id@"), array("id" => $id))) { db_insert("simple_sys_session", array("expiry" => NOW + LOGIN_TIMEOUT, "id" => $id)); } } $_SESSION["username"] = $username; if ($password != "") { $_SESSION["password"] = sys_encrypt($password, $id); } if (!isset($_SESSION["history"])) { $_SESSION["history"] = array(); } $_SESSION["groups"] = array(); $_SESSION["folder_states"] = array(); $base = dirname($_SERVER["SCRIPT_FILENAME"]) . "/"; if (sys_is_super_admin($_SESSION["username"])) { $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/", $base . SIMPLE_CACHE . "/debug/", $base . SIMPLE_STORE . "/trash/", $base . SIMPLE_CACHE . "/preview/", $base . SIMPLE_STORE . "/backup/"); } else { $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/" . $_SESSION["username"] . "/", $base . SIMPLE_CACHE . "/preview/"); } foreach (explode(",", SIMPLE_IMPORT) as $folder) { if ($folder == "" or !is_dir($folder)) { continue; } if ($folder[0] != "/" and !strpos($folder, ":")) { $folder = $base . $folder; } $_SESSION["ALLOWED_PATH"][] = rtrim(str_replace("\\", "/", $folder), "/") . "/"; } // TODO2 put in extra function and configure it with setup to fetch groups from somewhere else if (sys_is_super_admin($_SESSION["username"])) { $_SESSION["permission_sql"] = "1=1"; $_SESSION["permission_sql_exception"] = "1=0"; $_SESSION["disabled_modules"] = array(); } else { $_SESSION["permission_sql"] = sql_regexp("r@right@_users", array($username, "anonymous")); $_SESSION["permission_sql_exception"] = "(rexception_users!='' and " . sql_regexp("rexception_users", array($username, "anonymous"), "|@view@:@right@:%s|") . ")"; $_SESSION["disabled_modules"] = array_flip(explode("|", DISABLED_MODULES)); $rows = db_select("simple_sys_groups", "groupname", array("activated=1", "members like @username_sql@"), "", "", array("username_sql" => "%|" . $username . "|%")); if (is_array($rows) and count($rows) > 0) { foreach ($rows as $val) { $_SESSION["groups"][] = $val["groupname"]; } $_SESSION["permission_sql"] = "(" . $_SESSION["permission_sql"] . " or " . sql_regexp("r@right@_groups", $_SESSION["groups"]) . ")"; $_SESSION["permission_sql_exception"] = "(" . $_SESSION["permission_sql_exception"] . " or (rexception_groups!='' and " . sql_regexp("rexception_groups", $_SESSION["groups"], "|@view@:@right@:%s|") . "))"; } } $_SESSION["permission_sql_read"] = str_replace("@right@", "read", $_SESSION["permission_sql"]); $_SESSION["permission_sql_write"] = str_replace("@right@", "write", $_SESSION["permission_sql"]); $_SESSION["ip"] = _login_get_remoteaddr(); $_SESSION["tickets"] = array("templates" => array("dbselect", "simple_templates", array("tplcontent", "tplname"), array("tplname like @search@"), "tplname asc")); $_SESSION["treevisible"] = true; $row = db_select_first("simple_sys_users", "*", "username=@username@", "", array("username" => $username)); if (!empty($row["cal_day_begin"])) { $_SESSION["day_begin"] = sys_date("G", $row["cal_day_begin"] - 1) * 3600; $_SESSION["day_end"] = sys_date("G", $row["cal_day_end"]) * 3600; } else { $_SESSION["day_begin"] = 25200; // 7:00 = 7*3600 $_SESSION["day_end"] = 64800; // 18:00 = 18*3600 } if (!empty($row["enabled_modules"])) { $row["enabled_modules"] = array_flip(explode("|", trim($row["enabled_modules"], "|"))); $_SESSION["disabled_modules"] = array_diff_key($_SESSION["disabled_modules"], $row["enabled_modules"]); } if (!empty($row["timezone"])) { $_SESSION["timezone"] = $row["timezone"]; } else { $_SESSION["timezone"] = ""; } if (!empty($row["theme"])) { $_SESSION["theme"] = $row["theme"]; } else { $_SESSION["theme"] = "core"; } if (!empty($row["home_folder"])) { $_SESSION["home_folder"] = "index.php?folder=" . rawurlencode($row["home_folder"]); } else { if (sys_is_super_admin($username)) { $anchor = "system"; } else { $anchor = "home_" . $username; } $_SESSION["home_folder"] = "index.php?folder=^" . $anchor; } if ($id or isset($_REQUEST["login"])) { sys_log_stat("logins", 1); sys_log_message_log("login", sprintf("{t}login %s from %s with %s{/t}", $_SESSION["username"], $_SESSION["ip"], sys::$browser)); } trigger::login(); if (!empty($row["pwdexpires"]) and $row["pwdexpires"] < NOW) { sys_warning(sprintf("{t}Password expired. (password of %s has expired){/t}", $username)); self::_redirect("index.php?view=changepwd&find=asset|simple_sys_users|1|username="******"username"]); } else { if (!empty($_REQUEST["page"])) { if (CMS_REAL_URL) { self::_redirect(CMS_REAL_URL . $_REQUEST["page"]); } self::_redirect("cms.php/" . $_REQUEST["page"]); } else { if (!empty($_REQUEST["redirect"])) { self::_redirect($_SESSION["home_folder"]); } } } }
function login_handle_login($save_session = true) { session_set_cookie_params(2592000); // 1 month session_name(SESSION_NAME); if (empty($_REQUEST["iframe"]) and empty($_REQUEST["export"]) and empty($_REQUEST["import"]) and !isset($_REQUEST["plain"]) and $save_session) { session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_write", "_login_session_destroy", "_login_session_none"); register_shutdown_function("session_write_close"); } else { session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_none", "_login_session_none", "_login_session_none"); } session_start(); header("Cache-Control: private, max-age=1, must-revalidate"); header("Pragma: private"); if (!empty($_COOKIE[SESSION_NAME]) and empty($_SESSION)) { session_regenerate_id(); } if (!empty($_SESSION["timezone"])) { date_default_timezone_set($_SESSION["timezone"]); } if (file_exists(SIMPLE_STORE . "/maintenance.lck")) { $maintenance = true; } else { $maintenance = false; } if (!DISABLE_BASIC_AUTH and empty($_SESSION["username"]) and !empty($_SERVER["PHP_AUTH_USER"]) and !empty($_SERVER["PHP_AUTH_PW"])) { $_REQUEST["username"] = modify::strip_ntdomain($_SERVER["PHP_AUTH_USER"]); $_REQUEST["password"] = $_SERVER["PHP_AUTH_PW"]; } $ip = _login_get_remoteaddr(); if (!empty($_REQUEST["username"]) and !empty($_REQUEST["password"]) and (!$maintenance or sys_is_super_admin($_REQUEST["username"]))) { if (!isset($_COOKIE[SESSION_NAME]) and !empty($_REQUEST["loginform"])) { sys_die('{t}Please activate cookies.{/t} <a href="index.php?logout">{t}Back{/t}</a>'); } $file = SIMPLE_CACHE . "/ip/" . str_replace(array(".", ":"), "-", $ip); if (file_exists($file . "_3") and $trials = file_get_contents($file . "_3") and strlen($trials) > 3 and filemtime($file . "_3") > time() - 900) { $_REQUEST["logout"] = true; sys_alert("{t}Too many wrong logins. Please wait 15 minutes.{/t}"); } else { if (login::validate_login($_REQUEST["username"], $_REQUEST["password"])) { login::process_login($_REQUEST["username"], $_REQUEST["password"]); } else { touch($file, time() + 3); $_REQUEST["logout"] = true; if (file_exists($file . "_3") and filemtime($file . "_3") < time() - 1800) { unlink($file . "_3"); } sys_file_append($file . "_3", "1"); sys_log_stat("wrong_login", 1); } } } if (!isset($_REQUEST["logout"]) and empty($_SESSION["username"]) and SETUP_AUTH == "htaccess" and !empty($_SERVER["REMOTE_USER"])) { $_SERVER["REMOTE_USER"] = modify::strip_ntdomain($_SERVER["REMOTE_USER"]); if (login::validate_login($_SERVER["REMOTE_USER"], "")) { login::process_login($_SERVER["REMOTE_USER"]); } } if ($maintenance and (empty($_SESSION["username"]) or !sys_is_super_admin($_SESSION["username"]))) { $_REQUEST["logout"] = true; sys_alert("{t}Maintenance mode{/t}: {t}Active{/t}."); } if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS) { login_anonymous_session(); } if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS_CMS and MAIN_SCRIPT == "download.php") { login_anonymous_session(); } if (isset($_REQUEST["logout"]) or empty($_SESSION["username"]) and !ENABLE_ANONYMOUS or isset($_SESSION["ip"]) and $_SESSION["ip"] != $ip and $ip != $_SERVER["SERVER_ADDR"]) { login::show_login(); } }
private static function _connect($mfolder) { static $cache = array(); if (empty($cache[$mfolder])) { $creds = sys_credentials($mfolder); if ($creds["server"] == "") { return false; } $basedn = $creds["options"]; if (!$creds["port"]) { $creds["port"] = 389; } if ($creds["ssl"] and !extension_loaded("openssl")) { sys_warning(sprintf("{t}%s is not compiled / loaded into PHP.{/t}", "OpenSSL")); return false; } if (!function_exists("ldap_connect")) { sys_warning(sprintf("{t}%s is not compiled / loaded into PHP.{/t}", "LDAP")); return false; } if (!($ds = ldap_connect($creds["server"]))) { sys_die(sprintf("{t}LDAP connection to host %s failed.{/t}", $creds["server"])); } ldap_set_option($ds, LDAP_OPT_PROTOCOL_VERSION, 3); ldap_set_option($ds, LDAP_OPT_REFERRALS, 0); if (!@ldap_bind($ds, $creds["username"], $creds["password"])) { if (!@ldap_bind($ds)) { sys_warning("{t}LDAP anonymous connection failed.{/t}"); return false; } if ($basedn == "") { $result_id = @ldap_read($ds, "", "(objectclass=*)", array("namingContexts")); $attrs = ldap_get_attributes($ds, ldap_first_entry($ds, $result_id)); if (isset($attrs["namingContexts"]) and is_array($attrs["namingContexts"])) { $basedn = $attrs["namingContexts"][0]; } } $creds["username"] = preg_replace("/[\\\\*()#!|&=<>~ ]/", "", $creds["username"]); $res = ldap_search($ds, $basedn, "uid=" . $creds["username"]); if (ldap_count_entries($ds, $res) == 1) { $dn = ldap_get_dn($ds, ldap_first_entry($ds, $res)); if (@ldap_bind($ds, $dn, $creds["password"])) { sys_warning(sprintf("{t}Login failed from %s.{/t} (ldap) (%s)\n{t}(for active directory username must be: username@domain){/t}", _login_get_remoteaddr(), ldap_error($ds))); return false; } } } $cache[$mfolder] = $ds; } return $cache[$mfolder]; }