- pushed down to console_data_tabs.php **/ #print_r($_REQUEST); require_once "../libs/setup.php"; if ($_REQUEST['d'] == "demoalarms") { // DEMO! require_once '../libs/console_data_demoalarms.php'; exit; } /** All Other Pages need Auth! **/ authuser(); # Future feature. #$who = "rxalarm," . $user['uid'] . "," . $user['twitter']->name; // used for rackspace audit trail. switch ($_REQUEST['d']) { case "alarms": require_once '../libs/console_data_alarms.php'; // user's console alarms (Data as JSON Get) break; case "tab": require_once '../libs/console_data_tabs.php'; // tabs (HTML Markup via JSON Get) break; case "nua": require_once '../libs/console_data_newuser_auto.php'; // New user - AutoMagic WebHook (Ajax Post, JSON Response) break;
if (!isset($_SERVER["HTTP_AUTH_USER"]) || !isset($_SERVER["HTTP_AUTH_PASS"])) { fail(); } $username = $_SERVER["HTTP_AUTH_USER"]; $userpass = $_SERVER["HTTP_AUTH_PASS"]; $protocol = $_SERVER["HTTP_AUTH_PROTOCOL"]; // Return localhost port 992 for IMAP, deny other protocols if ($protocol == "imap") { $server_ip = "127.0.0.1"; $backend_port = 992; } else { fail(); } // Authenticate the user or fail if (!authuser($username, $userpass)) { fail(); exit; } pass($server_ip, $backend_port, $username, $userpass); //END function authuser($user, $pass) { // As for now we directly pass credentials to backend server return true; } function fail() { header("Auth-Status: Invalid login or password"); exit; }
<?php require "androidLib.php"; if (debug) { include 'logging.php'; $log = new logging(); } else { $log = false; } if ($log) { $log->write("android:" . print_r($_POST, true)); } $db = authDB(); if ($db) { $session = authuser($db, $_POST['mandant'], $_POST["login"], $_POST["password"], $_POST["ip"]); if ($log) { $log->write("androit2\n" . print_r($session, true)); } } if ($log) { $log->close(); } if ($session) { echo "200:" . $session['sess']; } else { echo false; }
function userData($db, $id, $ip, $mandant, $login, $pwd) { $rs = chkSession($db, $id, $ip); if ($GLOBAS['log']) { $GLOBALS['log']->write("chlS:{$id},{$ip},{$mandant},{$login},{$pwd}," . $rs); } if (!$rs) { delSession($db, $id, $ip); $sess = authuser($db, $mandant, $login, $pwd, $ip); if ($GLOBAS['log']) { $GLOBALS['log']->write("chlS2:{$sess}"); } if (!$sess) { return false; } } else { $sess['sess'] = $id; } $sql = "SELECT * FROM auth.clients WHERE name = '{$mandant}'"; $rs = $db->getOne($sql); if ($GLOBAS['log']) { $GLOBALS['log']->write("chlS3:{$sql}"); } if ($GLOBAS['log']) { $GLOBALS['log']->write("chlS3:" . print_r($rs, true)); } if ($rs) { $sess["db"] = new myDB($rs); if ($GLOBALS['log']) { $sess['db']->log = true; } else { $sess['db']->log = false; } return $sess; } else { return false; } }
function anmelden() { ini_set("gc_maxlifetime", "3600"); global $ERPNAME; // ! das funzt nicht mit $_SESSION[ERPNAME] weil die Session in loginok.php zerstört wird... global $erpConfigFile; //Konfigurationsfile der ERP einlesen $deep = is_dir("../" . $ERPNAME) ? "../" : "../../"; // anmelden() aus einem Unterverzeichnis if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf")) { $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf", "r"); } else { if (file_exists($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default")) { $lxo = fopen($deep . $ERPNAME . "/config/" . $erpConfigFile . ".conf.default", "r"); } else { return false; } } $dbsec = false; $tmp = fgets($lxo, 512); //Parameter für die Auth-DB in der ERP-Konfiguration finden while (!feof($lxo)) { if (preg_match("/^[\\s]*#/", $tmp) || $tmp == "\n") { //Kommentar, ueberlesen $tmp = fgets($lxo, 512); continue; } if ($dbsec && preg_match("!\\[.+]!", $tmp)) { $dbsec = false; } if ($dbsec) { if (preg_match("/db[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbname = $hits[1]; } if (preg_match("/password[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbpasswd = $hits[1]; } if (preg_match("/user[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbuser = $hits[1]; } if (preg_match("/host[ ]*=[ ]*(.+)/", $tmp, $hits)) { $dbhost = $hits[1] ? $hits[1] : "localhost"; } if (preg_match("/port[ ]*=[ ]*([0-9]+)/", $tmp, $hits)) { $dbport = $hits[1] ? $hits[1] : "5432"; } if (preg_match("/\\[[a-z]+/", $tmp)) { $dbsec = false; } $tmp = fgets($lxo, 512); continue; } if (preg_match("/cookie_name[ ]*=[ ]*(.+)/", $tmp, $hits)) { $cookiename = $hits[1]; } //if ( preg_match("/dbcharset[ ]*=[ ]*(.+)/",$tmp,$hits) ) $dbcharset = $hits[1]; if (preg_match("/session_timeout[ ]*=[ ]*(.+)/", $tmp, $hits)) { $sesstime = $hits[1]; } if (preg_match("!\\[authentication/database\\]!", $tmp)) { $dbsec = true; } $tmp = fgets($lxo, 512); } if (!$cookiename) { $cookiename = $_SESSION['erpConfigFile'] . '_session_id'; } if (!$sesstime) { $sesstime = 480; } fclose($lxo); $cookie = $_COOKIE[$cookiename]; if (!$cookie) { header("location: ups.html"); } // Benutzer anmelden error_log("!{$ERPNAME}!{$dbhost},{$dbport},{$dbuser},{$dbpasswd},{$dbname},{$cookie}!", 0); $auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie); if (!$auth) { return false; } // Anmeldung des Users fehlgeschlagen chkdir($auth["dbname"]); // gibt es unter dokumente ein Verzeichnis mit dem Instanznamen chkdir($auth["dbname"] . '/tmp/'); foreach ($auth as $key => $val) { $_SESSION[$key] = $val; } // Mandanten + Userdaten in Session speichern $_SESSION["sessid"] = $cookie; $_SESSION["cookie"] = $cookiename; $_SESSION["sesstime"] = $sesstime; // Mit der Mandanten-DB verbinden $_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"]); if (!$_SESSION["db"]) { return false; } else { $_SESSION['CRMTL'] = $auth['CRMTL']; $charset = ini_get("default_charset"); //if ( $charset == "" ) $charset = $dbcharset; if ($charset == "") { $charset = 'UTF8'; } $_SESSION["charset"] = $charset; include_once "inc/UserLib.php"; $user_data = getUserStamm(0, $_SESSION["login"]); $BaseUrl = empty($_SERVER['HTTPS']) ? 'http://' : 'https://'; $BaseUrl .= $_SERVER['HTTP_HOST']; $BaseUrl .= preg_replace("^crm/.*^", "", $_SERVER['REQUEST_URI']); if ($user_data) { foreach ($user_data as $key => $val) { $_SESSION[$key] = $val; } } if (isset($_SESSION['sql_error']) && $_SESSION['sql_error']) { $_SESSION['db']->setShowError(true); } else { $_SESSION['db']->setShowError(false); } $_SESSION['dir_mode'] = $user_data['dir_mode'] != '' ? octdec($user_data['dir_mode']) : 493; // 0755 $_SESSION["loginCRM"] = $user_data["id"]; $_SESSION['theme'] = $user_data['theme'] == '' || $user_data['theme'] == 'base' ? '' : $user_data['theme']; $sql = "SELECT * from schema_info where tag like 'relea%' order by itime desc limit 1"; $rs = $_SESSION["db"]->getOne($sql); $tmp = substr($rs['tag'], 8); $_SESSION["ERPver"] = strtr($tmp, '_', '.'); $_SESSION["menu"] = makeMenu($_SESSION["sessid"], $_SESSION["token"]); $_SESSION["basepath"] = $BaseUrl; $_SESSION['token'] = False; return true; } }
function print_html5_head($title, $head, $nav) { global $www, $user; if (isset($_COOKIE['rxalarm'])) { authuser(); // if user "is" logged in, check it. } ?> <!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="google-site-verification" content="QokEfecxpAZkKgdID7YlPMzzlCD388UWKXdRZhJi0CM" /> <link rel="stylesheet" type="text/css" href="<?php echo $www; ?> /bootstrap/css/bootstrap.min.css"> <style> body { padding-top: 60px; /* 60px to make the container go all the way to the bottom of the topbar */ } </style> <link rel="stylesheet" type="text/css" href="<?php echo $www; ?> /bootstrap/css/bootstrap-responsive.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js"></script> <script src="<?php echo $www; ?> /bootstrap/js/bootstrap.min.js"></script> <?php echo $head; ?> <title><?php echo $title; ?> - [rx]Alarm</title> </head> <body> <div class="navbar navbar-fixed-top"> <div class="navbar-inner"> <div class="container"> <a class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse"> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </a> <a class="brand" href="#">[rx]Alarm</a> <div class="nav-collapse"> <ul class="nav"> <li <?php if (isset($nav['home'])) { echo 'class="active"'; } ?> ><a href="<?php echo $www; ?> ">Home</a></li> <li <?php if (isset($nav['console'])) { echo 'class="active"'; } ?> ><a href="<?php echo $www; ?> /console">Console</a></li> <li <?php if (isset($nav['help'])) { echo 'class="active"'; } ?> ><a href="<?php echo $www; ?> /help">Help</a></li> <li <?php if (isset($nav['contact'])) { echo 'class="active"'; } ?> ><a href="<?php echo $www; ?> /contact">Contact</a></li> </ul> <ul class="nav pull-right"> <li class="divider-vertical"></li> <?php if (isset($user)) { ?> <li class="dropdown pull-right" id="menu1"> <a class="dropdown-toggle" data-toggle="dropdown" href="#menu1"> <?php echo $user['twitter']->name; ?> <b class="caret"></b> <img style="padding-left:5px" src="<?php echo $user['twitter']->profile_image_url_https; ?> " alt="Twitter Avatar" width="24px" height="24px" /> </a> <ul class="dropdown-menu"> <li><a href="<?php echo $www; ?> /account">Account</a></li> <li class="divider"></li> <li><a href="<?php echo $www; ?> /logout">Log Out</a></li> </ul> </li> <?php } else { ?> <li class="pull-right"><a href="<?php echo $www; ?> /twitter.php">Log In</a></li> <?php } ?> </ul> </div><!--/.nav-collapse --> </div> </div> </div> <div class="container-fluid"> <?php }
function anmelden() { ini_set("gc_maxlifetime", "3600"); $tmp = @file_get_contents("../config/authentication.pl"); preg_match("/'db'[ ]*=> '(.+)'/", $tmp, $hits); $dbname = $hits[1]; preg_match("/'password'[ ]*=> '(.+)'/", $tmp, $hits); $dbpasswd = $hits[1]; preg_match("/'user'[ ]*=> '(.+)'/", $tmp, $hits); $dbuser = $hits[1]; preg_match("/'host'[ ]*=> '(.+)'/", $tmp, $hits); $dbhost = $hits[1] ? $hits[1] : "localhost"; preg_match("/'port'[ ]*=> '?(.+)'?/", $tmp, $hits); $dbport = $hits[1] ? $hits[1] : "5432"; preg_match("/[ ]*\\\$self->\\{cookie_name\\}[ ]*=[ ]*'(.+)'/", $tmp, $hits); $cookiename = $hits[1]; if (!$cookiename) { $cookiename = 'lx_office_erp_session_id'; } $cookie = $_COOKIE[$cookiename]; if (!$cookie) { header("location: ups.html"); } $auth = authuser($dbhost, $dbport, $dbuser, $dbpasswd, $dbname, $cookie); if (!$auth) { return false; } $_SESSION["sessid"] = $cookie; $_SESSION["cookie"] = $cookiename; $_SESSION["employee"] = $auth["login"]; $_SESSION["mansel"] = $auth["dbname"]; $_SESSION["dbname"] = $auth["dbname"]; $_SESSION["dbhost"] = !$auth["dbhost"] ? "localhost" : $auth["dbhost"]; $_SESSION["dbport"] = !$auth["dbport"] ? "5432" : $auth["dbport"]; $_SESSION["dbuser"] = $auth["dbuser"]; $_SESSION["dbpasswd"] = $auth["dbpasswd"]; $_SESSION["db"] = new myDB($_SESSION["dbhost"], $_SESSION["dbuser"], $_SESSION["dbpasswd"], $_SESSION["dbname"], $_SESSION["dbport"], $showErr); $_SESSION["authcookie"] = $authcookie; $sql = "select * from employee where login='******'"; $rs = $_SESSION["db"]->getAll($sql); if (!$rs) { return false; } else { if ($rs) { $tmp = $rs[0]; $_SESSION["termbegin"] = $tmp["termbegin"] >= 0 ? $tmp["termbegin"] : 8; $_SESSION["termend"] = $tmp["termend"] ? $tmp["termend"] : 19; $_SESSION["Pre"] = $tmp["pre"]; $_SESSION["interv"] = $tmp["interv"] > 0 ? $tmp["interv"] : 60; $_SESSION["loginCRM"] = $tmp["id"]; $_SESSION["lang"] = $tmp["countrycode"]; //"de"; $_SESSION["kdview"] = $tmp["kdview"]; $sql = "select * from defaults"; $rs = $_SESSION["db"]->getAll($sql); $_SESSION["ERPver"] = $rs[0]["version"]; return true; } else { return false; } } }
case "listalbums": if ($authstatus) { $mode = 'albumbrowser'; $req = "php/showmain.php"; $head = "php/head.php"; } else { //not logged-in $req = "php/home.php"; $head = "php/headhome.php"; } break; case "login": $title = "login"; $head = "php/headhome.php"; if (isset($_POST['username'])) { $authmsg = authuser(); } if ($authstatus) { header("Location: {$fscriptname}?action=listdir"); exit; } else { //not logged-in $req = "php/service/login.php"; $head = "php/headhome.php"; } break; case "logout": if (!empty($_SESSION['username'])) { setUserHist($_SESSION['userid'], "logout"); } session_destroy();