- pushed down to console_data_tabs.php
**/
#print_r($_REQUEST);
require_once "../libs/setup.php";
if ($_REQUEST['d'] == "demoalarms") {
// DEMO!
require_once '../libs/console_data_demoalarms.php';
exit;
}
/**
All Other Pages need Auth!
**/
authuser();
# Future feature.
#$who = "rxalarm," . $user['uid'] . "," . $user['twitter']->name; // used for rackspace audit trail.
switch ($_REQUEST['d']) {
case "alarms":
require_once '../libs/console_data_alarms.php';
// user's console alarms (Data as JSON Get)
break;
case "tab":
require_once '../libs/console_data_tabs.php';
// tabs (HTML Markup via JSON Get)
break;
case "nua":
require_once '../libs/console_data_newuser_auto.php';
// New user - AutoMagic WebHook (Ajax Post, JSON Response)
break;
if (!isset($_SERVER["HTTP_AUTH_USER"]) || !isset($_SERVER["HTTP_AUTH_PASS"])) {
fail();
}
$username = $_SERVER["HTTP_AUTH_USER"];
$userpass = $_SERVER["HTTP_AUTH_PASS"];
$protocol = $_SERVER["HTTP_AUTH_PROTOCOL"];
// Return localhost port 992 for IMAP, deny other protocols
if ($protocol == "imap") {
$server_ip = "127.0.0.1";
$backend_port = 992;
} else {
fail();
}
// Authenticate the user or fail
if (!authuser($username, $userpass)) {
fail();
exit;
}
pass($server_ip, $backend_port, $username, $userpass);
//END
function authuser($user, $pass)
{
// As for now we directly pass credentials to backend server
return true;
}
function fail()
{
header("Auth-Status: Invalid login or password");
exit;
}
<?php
require "androidLib.php";
if (debug) {
include 'logging.php';
$log = new logging();
} else {
$log = false;
}
if ($log) {
$log->write("android:" . print_r($_POST, true));
}
$db = authDB();
if ($db) {
$session = authuser($db, $_POST['mandant'], $_POST["login"], $_POST["password"], $_POST["ip"]);
if ($log) {
$log->write("androit2\n" . print_r($session, true));
}
}
if ($log) {
$log->close();
}
if ($session) {
echo "200:" . $session['sess'];
} else {
echo false;
}
function userData($db, $id, $ip, $mandant, $login, $pwd)
{
$rs = chkSession($db, $id, $ip);
if ($GLOBAS['log']) {
$GLOBALS['log']->write("chlS:{$id},{$ip},{$mandant},{$login},{$pwd}," . $rs);
}
if (!$rs) {
delSession($db, $id, $ip);
$sess = authuser($db, $mandant, $login, $pwd, $ip);
if ($GLOBAS['log']) {
$GLOBALS['log']->write("chlS2:{$sess}");
}
if (!$sess) {
return false;
}
} else {
$sess['sess'] = $id;
}
$sql = "SELECT * FROM auth.clients WHERE name = '{$mandant}'";
$rs = $db->getOne($sql);
if ($GLOBAS['log']) {
$GLOBALS['log']->write("chlS3:{$sql}");
}
if ($GLOBAS['log']) {
$GLOBALS['log']->write("chlS3:" . print_r($rs, true));
}
if ($rs) {
$sess["db"] = new myDB($rs);
if ($GLOBALS['log']) {
$sess['db']->log = true;
} else {
$sess['db']->log = false;
}
return $sess;
} else {
return false;
}
}
function anmelden()
{
ini_set("gc_maxlifetime", "3600");
global $ERPNAME;
// ! das funzt nicht mit $_SESSION[ERPNAME] weil die Session in loginok.php zerstört wird...
global $erpConfigFile;
//Konfigurationsfile der ERP einlesen
$deep = is_dir("../" . $ERPNAME) ? "../" : "../../";
// anmelden() aus einem Unterverzeichnis
if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf")) {
$lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf", "r");
} else {
if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default")) {
$lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default", "r");
} else {
return false;
}
}
$dbsec = false;
$tmp = fgets($lxo, 512);
//Parameter für die Auth-DB in der ERP-Konfiguration finden
while (!feof($lxo)) {
if (preg_match("/^[\\s]*#/", $tmp) || $tmp == "\n") {
//Kommentar, ueberlesen
$tmp = fgets($lxo, 512);
continue;
}
if ($dbsec && preg_match("!\\[.+]!", $tmp)) {
$dbsec = false;
}
if ($dbsec) {
if (preg_match("/db[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbname = $hits[1];
}
if (preg_match("/password[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbpasswd = $hits[1];
}
if (preg_match("/user[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbuser = $hits[1];
}
if (preg_match("/host[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$dbhost = $hits[1] ? $hits[1] : "localhost";
}
if (preg_match("/port[ ]*=[ ]*([0-9]+)/", $tmp, $hits)) {
$dbport = $hits[1] ? $hits[1] : "5432";
}
if (preg_match("/\\[[a-z]+/", $tmp)) {
$dbsec = false;
}
$tmp = fgets($lxo, 512);
continue;
}
if (preg_match("/cookie_name[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$cookiename = $hits[1];
}
//if ( preg_match("/dbcharset[ ]*=[ ]*(.+)/",$tmp,$hits) ) $dbcharset = $hits[1];
if (preg_match("/session_timeout[ ]*=[ ]*(.+)/", $tmp, $hits)) {
$sesstime = $hits[1];
}
if (preg_match("!\\[authentication/database\\]!", $tmp)) {
$dbsec = true;
}
$tmp = fgets($lxo, 512);
}
if (!$cookiename) {
$cookiename = $_SESSION['erpConfigFile'] . '_session_id';
}
if (!$sesstime) {
$sesstime = 480;
}
fclose($lxo);
$cookie = $_COOKIE[$cookiename];
if (!$cookie) {
header("location: ups.html");
}
// Benutzer anmelden
error_log("!{$ERPNAME}!{$dbhost},{$dbport},{$dbuser},{$dbpasswd},{$dbname},{$cookie}!", 0);
$auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie);
if (!$auth) {
return false;
}
// Anmeldung des Users fehlgeschlagen
chkdir($auth["dbname"]);
// gibt es unter dokumente ein Verzeichnis mit dem Instanznamen
chkdir($auth["dbname"] . '/tmp/');
foreach ($auth as $key => $val) {
$_SESSION[$key] = $val;
}
// Mandanten + Userdaten in Session speichern
$_SESSION["sessid"] = $cookie;
$_SESSION["cookie"] = $cookiename;
$_SESSION["sesstime"] = $sesstime;
// Mit der Mandanten-DB verbinden
$_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"]);
if (!$_SESSION["db"]) {
return false;
} else {
$_SESSION['CRMTL'] = $auth['CRMTL'];
$charset = ini_get("default_charset");
//if ( $charset == "" ) $charset = $dbcharset;
if ($charset == "") {
$charset = 'UTF8';
}
$_SESSION["charset"] = $charset;
include_once "inc/UserLib.php";
$user_data = getUserStamm(0, $_SESSION["login"]);
$BaseUrl = empty($_SERVER['HTTPS']) ? 'http://' : 'https://';
$BaseUrl .= $_SERVER['HTTP_HOST'];
$BaseUrl .= preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']);
if ($user_data) {
foreach ($user_data as $key => $val) {
$_SESSION[$key] = $val;
}
}
if (isset($_SESSION['sql_error']) && $_SESSION['sql_error']) {
$_SESSION['db']->setShowError(true);
} else {
$_SESSION['db']->setShowError(false);
}
$_SESSION['dir_mode'] = $user_data['dir_mode'] != '' ? octdec($user_data['dir_mode']) : 493;
// 0755
$_SESSION["loginCRM"] = $user_data["id"];
$_SESSION['theme'] = $user_data['theme'] == '' || $user_data['theme'] == 'base' ? '' : $user_data['theme'];
$sql = "SELECT * from schema_info where tag like 'relea%' order by itime desc limit 1";
$rs = $_SESSION["db"]->getOne($sql);
$tmp = substr($rs['tag'], 8);
$_SESSION["ERPver"] = strtr($tmp, '_', '.');
$_SESSION["menu"] = makeMenu($_SESSION["sessid"], $_SESSION["token"]);
$_SESSION["basepath"] = $BaseUrl;
$_SESSION['token'] = False;
return true;
}
}
function print_html5_head($title, $head, $nav)
{
global $www, $user;
if (isset($_COOKIE['rxalarm'])) {
authuser();
// if user "is" logged in, check it.
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="google-site-verification" content="QokEfecxpAZkKgdID7YlPMzzlCD388UWKXdRZhJi0CM" />
<link rel="stylesheet" type="text/css" href="<?php
echo $www;
?>
/bootstrap/css/bootstrap.min.css">
<style>
body {
padding-top: 60px; /* 60px to make the container go all the way to the bottom of the topbar */
}
</style>
<link rel="stylesheet" type="text/css" href="<?php
echo $www;
?>
/bootstrap/css/bootstrap-responsive.min.css">
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script>
<script src="<?php
echo $www;
?>
/bootstrap/js/bootstrap.min.js"></script>
<?php
echo $head;
?>
<title><?php
echo $title;
?>
- [rx]Alarm</title>
</head>
<body>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</a>
<a class="brand" href="#">[rx]Alarm</a>
<div class="nav-collapse">
<ul class="nav">
<li <?php
if (isset($nav['home'])) {
echo 'class="active"';
}
?>
><a href="<?php
echo $www;
?>
">Home</a></li>
<li <?php
if (isset($nav['console'])) {
echo 'class="active"';
}
?>
><a href="<?php
echo $www;
?>
/console">Console</a></li>
<li <?php
if (isset($nav['help'])) {
echo 'class="active"';
}
?>
><a href="<?php
echo $www;
?>
/help">Help</a></li>
<li <?php
if (isset($nav['contact'])) {
echo 'class="active"';
}
?>
><a href="<?php
echo $www;
?>
/contact">Contact</a></li>
</ul>
<ul class="nav pull-right">
<li class="divider-vertical"></li>
<?php
if (isset($user)) {
?>
<li class="dropdown pull-right" id="menu1">
<a class="dropdown-toggle" data-toggle="dropdown" href="#menu1">
<?php
echo $user['twitter']->name;
?>
<b class="caret"></b>
<img style="padding-left:5px" src="<?php
echo $user['twitter']->profile_image_url_https;
?>
" alt="Twitter Avatar" width="24px" height="24px" />
</a>
<ul class="dropdown-menu">
<li><a href="<?php
echo $www;
?>
/account">Account</a></li>
<li class="divider"></li>
<li><a href="<?php
echo $www;
?>
/logout">Log Out</a></li>
</ul>
</li>
<?php
} else {
?>
<li class="pull-right"><a href="<?php
echo $www;
?>
/twitter.php">Log In</a></li>
<?php
}
?>
</ul>
</div><!--/.nav-collapse -->
</div>
</div>
</div>
<div class="container-fluid">
<?php
}
function anmelden()
{
ini_set("gc_maxlifetime", "3600");
$tmp = @file_get_contents("../config/authentication.pl");
preg_match("/'db'[ ]*=> '(.+)'/", $tmp, $hits);
$dbname = $hits[1];
preg_match("/'password'[ ]*=> '(.+)'/", $tmp, $hits);
$dbpasswd = $hits[1];
preg_match("/'user'[ ]*=> '(.+)'/", $tmp, $hits);
$dbuser = $hits[1];
preg_match("/'host'[ ]*=> '(.+)'/", $tmp, $hits);
$dbhost = $hits[1] ? $hits[1] : "localhost";
preg_match("/'port'[ ]*=> '?(.+)'?/", $tmp, $hits);
$dbport = $hits[1] ? $hits[1] : "5432";
preg_match("/[ ]*\\\$self->\\{cookie_name\\}[ ]*=[ ]*'(.+)'/", $tmp, $hits);
$cookiename = $hits[1];
if (!$cookiename) {
$cookiename = 'lx_office_erp_session_id';
}
$cookie = $_COOKIE[$cookiename];
if (!$cookie) {
header("location: ups.html");
}
$auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie);
if (!$auth) {
return false;
}
$_SESSION["sessid"] = $cookie;
$_SESSION["cookie"] = $cookiename;
$_SESSION["employee"] = $auth["login"];
$_SESSION["mansel"] = $auth["dbname"];
$_SESSION["dbname"] = $auth["dbname"];
$_SESSION["dbhost"] = !$auth["dbhost"] ? "localhost" : $auth["dbhost"];
$_SESSION["dbport"] = !$auth["dbport"] ? "5432" : $auth["dbport"];
$_SESSION["dbuser"] = $auth["dbuser"];
$_SESSION["dbpasswd"] = $auth["dbpasswd"];
$_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"], $showErr);
$_SESSION["authcookie"] = $authcookie;
$sql = "select * from employee where login='******'";
$rs = $_SESSION["db"]->getAll($sql);
if (!$rs) {
return false;
} else {
if ($rs) {
$tmp = $rs[0];
$_SESSION["termbegin"] = $tmp["termbegin"] >= 0 ? $tmp["termbegin"] : 8;
$_SESSION["termend"] = $tmp["termend"] ? $tmp["termend"] : 19;
$_SESSION["Pre"] = $tmp["pre"];
$_SESSION["interv"] = $tmp["interv"] > 0 ? $tmp["interv"] : 60;
$_SESSION["loginCRM"] = $tmp["id"];
$_SESSION["lang"] = $tmp["countrycode"];
//"de";
$_SESSION["kdview"] = $tmp["kdview"];
$sql = "select * from defaults";
$rs = $_SESSION["db"]->getAll($sql);
$_SESSION["ERPver"] = $rs[0]["version"];
return true;
} else {
return false;
}
}
}
case "listalbums":
if ($authstatus) {
$mode = 'albumbrowser';
$req = "php/showmain.php";
$head = "php/head.php";
} else {
//not logged-in
$req = "php/home.php";
$head = "php/headhome.php";
}
break;
case "login":
$title = "login";
$head = "php/headhome.php";
if (isset($_POST['username'])) {
$authmsg = authuser();
}
if ($authstatus) {
header("Location: {$fscriptname}?action=listdir");
exit;
} else {
//not logged-in
$req = "php/service/login.php";
$head = "php/headhome.php";
}
break;
case "logout":
if (!empty($_SESSION['username'])) {
setUserHist($_SESSION['userid'], "logout");
}
session_destroy();
