function can_upload($session) { if ($session['authenticator']) { $auth = $session['authenticator']; $reason_session =& get_reason_session(); $username = $reason_session->get("username"); if (isset($_REQUEST['user_id']) && !empty($_REQUEST['user_id'])) { $username = $reason_session->get('username'); $param_cleanup_rules = array('user_id' => array('function' => 'turn_into_int', 'extra_args' => array('zero_to_null' => 'true'))); $cleanRequest = array_merge($_REQUEST, carl_clean_vars($_REQUEST, $param_cleanup_rules)); $nametag = $cleanRequest['user_id']; $id = get_user_id($username); if (reason_user_has_privs($id, 'pose_as_other_user')) { $user = new Entity($nametag); $username = $user->get_value("name"); } } if ($auth['file']) { require_once $auth['file']; } $args = array_merge(array($username), $auth['arguments']); if (!call_user_func_array($auth['callback'], $args)) { return false; } } return true; }
/** * Returns the current user's netID from the session, or false if the user is not logged in. * @return string user_netID * @access private */ function get_authentication_from_session() { $this->session =& get_reason_session(); if ($this->session->exists()) { force_secure_if_available(); if (!$this->session->has_started()) { $this->session->start(); } $this->user_netID = $this->session->get('username'); return $this->user_netID; } else { return false; } }
function get_popup_alert_pref() { $sess =& get_reason_session(); $popup_alert = 'false'; if (DEFAULT_TO_POPUP_ALERT) { $popup_alert = 'true'; } if ($sess->exists()) { if (!$sess->has_started()) { $sess->start(); } if ($sess->get('_user_popup_alert_pref') == 'yes') { $popup_alert = 'true'; } elseif ($sess->get('_user_popup_alert_pref') == 'no') { $popup_alert = 'false'; } } return $popup_alert; }
/** * Returns the current user's netID, or false if the user does not have an active reason session. * @return string user's netID. */ function get_authentication_from_session() { $session =& get_reason_session(); if($session->exists()) { if( !$session->has_started() ) { $session->start(); } $username = $session->get( 'username' ); return $username; } else { return false; } }
/** * Set up the template * * @var integer $site_id * @var integer $page_id * @todo page_id should not have a default value -- this makes it seem like you could initialize * the template without providing a page_id, but that would result in a 404. */ function initialize( $site_id, $page_id = '' ) // {{{ { $this->sess =& get_reason_session(); if( $this->sess->exists() ) { // if a session exists and the server supports https, pop over to the secure // site so we have access to the secure session information force_secure_if_available(); if(!$this->sess->has_started()) $this->sess->start(); } $this->site_id = $site_id; $this->page_id = $page_id; $this->site_info = new entity( $site_id ); $this->page_info = new entity( $page_id ); $this->head_items = new HeadItems(); // make sure that the page exists or that the page's state is Live // if not, redirect to the 404 if( !$this->page_info->get_values() OR $this->page_info->get_value( 'state' ) != 'Live' ) { //trigger_error( 'page does not exist', WARNING ); $this->display_404_page(); die(); } if ($this->use_navigation_cache) { $cache = new ReasonObjectCache($this->site_id . '_navigation_cache', 3600); // lifetime of 1 hour $page_object_cache =& $cache->fetch(); if ($page_object_cache && is_array($page_object_cache) && isset($page_object_cache[$this->nav_class])) { $this->pages = $page_object_cache[$this->nav_class]; } elseif ($page_object_cache && is_object($page_object_cache)) // old format { // lets use our cache and also update it $this->pages = $page_object_cache; $new_page_object_cache[$this->nav_class] = $this->pages; $cache->set($new_page_object_cache); // replace with our array keyed cache } } // lets check the persistent cache if (empty($this->pages) || !isset($this->pages->values[$this->page_info->id()])) { // lets setup $this->pages and place in the persistent cache $this->pages = new $this->nav_class; // small kludge - just give the tree view access to the site info. used in the show_item function to show the root node of the navigation $this->pages->site_info =& $this->site_info; $this->pages->order_by = 'sortable.sort_order'; $this->pages->init( $this->site_id, id_of('minisite_page') ); if ($this->use_navigation_cache) { $page_object_cache[$this->nav_class] = $this->pages; $cache->set($page_object_cache); } } else // if pages came from cache refresh the request variables and set site_info and order_by { $this->pages->grab_request(); $this->pages->site_info =& $this->site_info; $this->pages->order_by = 'sortable.sort_order'; // in case it was changed in the request } $this->_handle_access_auth_check(); $this->textonly = ''; if( $this->pages->values ) { if( !$this->page_id ) $this->page_id = $this->pages->root_node(); $this->pages->cur_page_id = $this->page_id; $this->pages->force_open( $this->page_id ); $this->cur_page = new entity($this->page_id); $this->title = $this->cur_page->get_value('name'); $this->get_css_files(); $this->get_meta_information(); if( $this->sess->exists() ) { if (USE_JS_LOGOUT_TIMER) { $this->head_items->add_stylesheet(REASON_HTTP_BASE_PATH.'css/timer.css'); $this->head_items->add_javascript(JQUERY_URL, true); $this->head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'timer/timer.js'); } // we know that someone is logged in if the session exists $this->logged_in = true; } // hook for any actions to take prior to loading modules $this->pre_load_modules(); // load the modules $this->load_modules(); } else { trigger_error('Page requested not able to be displayed... no pages on site'); $this->_display_403_page(); die(); } } // }}}
/** @access private */ function _get_disco_async_upload_hidden_fields($upload_sid) { if ($GLOBALS['_disco_upload_session_sent']) { return ''; } $session =& get_reason_session(); $user_id = isset($_REQUEST['user_id']) ? $_REQUEST['user_id'] : 0; // IMPORTANT NOTE: Keep this list of fields in sync with the list in // _get_disco_async_upload_internal_field_names() above. $fields = array('user_session' => $session->get_id(), 'transfer_session' => $upload_sid, 'receiver' => reason_get_async_upload_script_uri('receive'), 'remover' => reason_get_async_upload_script_uri('destroy'), 'user_id' => turn_into_int($user_id)); $html = array(); foreach ($fields as $name => $value) { $html[] = '<input type="hidden" name="_reason_upload_' . $name . '" ' . 'value="' . $value . '" />'; } $GLOBALS['_disco_upload_session_sent'] = true; return implode("\n", $html); }
$cache->set_site_id($site_id); $cache->set_page_id($page_id); if ($cache->is_cached(get_current_url()) || ($site = get_validated_site($site_id, $page_id)) && $site->get_value('use_page_caching')) { $use_cache = true; } else { $use_cache = false; $no_cache_reasons[] = 'unsupported site'; } //----------------------------------------------------------- // CONDITION UNDER WHICH WE SHOULD NOT USE PAGE CACHING // - if visitor is a listed developer who is not testing the cache // - if something was _POSTed // - if there is an active reason session // - ** future ** if a module tells us not to use caching //----------------------------------------------------------- $sess = get_reason_session(); $requested_api = !empty($_REQUEST['module_api']) && check_against_regexp($_REQUEST['module_api'], array('safechars')) ? $_REQUEST['module_api'] : false; $requested_identifier = !empty($_REQUEST['module_identifier']) && check_against_regexp($_REQUEST['module_identifier'], array('safechars')) ? $_REQUEST['module_identifier'] : false; if (is_developer() && empty($_REQUEST['test_cache'])) { $use_cache = false; $no_cache_reasons[] = 'developer'; } if (!empty($_POST)) { $use_cache = false; $no_cache_reasons[] = '_POST'; } if ($requested_api) { $use_cache = false; $no_cache_reasons[] = 'api_request'; } if ($sess->exists()) {
public function init($args = array()) { $head_items =& $this->parent->head_items; $head_items->add_javascript(JQUERY_URL, true); // do we need to do this? $head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'login/focus.js'); // Search engines should not be indexing versions of the index page with specific destinations if (isset($this->request['dest_page'])) { $head_items->add_head_item('meta', array('name' => 'robots', 'content' => 'none')); } $this->current_url = get_current_url(); $this->on_secure_page_if_available = !HTTPS_AVAILABLE || on_secure_page(); $this->set_dest_page(); if (isset($this->request['redir_link_text'])) { $this->redir_link_text = $this->request['redir_link_text']; } $this->dest_page = $this->localize_destination_page(); $this->sess =& get_reason_session(); $this->logged_in = false; // A session exists if ($this->sess->exists()) { if ($this->verbose_logging) { error_log('LOGIN: Session exists'); } if (!$this->sess->has_started()) { $this->sess->start(); if ($this->verbose_logging) { error_log('LOGIN: Session started'); } } // user is logging out if (isset($this->request['logout'])) { if ($this->verbose_logging) { error_log('LOGIN: do_logout'); } // Set the test cookie here, so they can log back in again $this->set_test_cookie(); $this->do_logout(); } elseif (!$this->sess->get('username')) { if ($this->verbose_logging) { error_log('LOGIN: Destroying bad session'); } $this->sess->destroy(); header('Location: ' . get_current_url()); exit; } else { if ($this->verbose_logging) { error_log('LOGIN: do_logged_in'); } $this->do_logged_in(); } } else { if ($this->verbose_logging) { error_log('LOGIN: No Session'); } // In the process of logging in if ($this->login_in_progress()) { if ($this->verbose_logging) { error_log('LOGIN: Login in progress'); } if ($this->test_cookie_exists()) { if ($this->verbose_logging) { error_log('LOGIN: Test cookie exists'); } $this->do_login(); } else { if ($this->verbose_logging) { error_log('LOGIN: NO test cookie'); } $this->status_msg = 'It appears that you do not have cookies enabled. Please enable cookies and try logging in again'; } } else { if ($this->verbose_logging) { error_log('LOGIN: No login in progress'); } $this->set_test_cookie(); if (isset($this->request['code'])) { $s =& get_reason_session(); $this->msg = $s->get_error_msg($this->request['code']); } if (isset($this->request['msg_uname'])) { $this->set_message_from_unique_name($this->request['msg_uname']); } } } }
function save_submitted_data_to_session() { $values =& $this->get_values_for_submitter_view(); $session =& get_reason_session(); if (!$session->has_started()) $session->start(); $session->set('form_confirm', $values); }
function init($args = array()) { $head_items =& $this->parent->head_items; $head_items->add_javascript(JQUERY_URL, true); $head_items->add_javascript(WEB_JAVASCRIPT_PATH . 'login/focus.js'); $this->current_url = get_current_url(); $this->on_secure_page_if_available = !HTTPS_AVAILABLE || on_secure_page(); if (empty($this->request['dest_page'])) { // in standalone mode, once the user has successfully logged in, they will be bounced back to the page // they came from if there was one. otherwise, they will see a successful login message if ($this->params['login_mode'] == 'standalone') { if (empty($this->request['popup'])) { // we have a referer. remember for later. if (isset($_SERVER['HTTP_REFERER']) && !empty($_SERVER['HTTP_REFERER'])) { $this->dest_page = $_SERVER['HTTP_REFERER']; } else { // we have no valid information on where to go back to. this will happen if a user goes // directly to the login page without clicking on a link. in this case, there will be no // jumping and a message saying you are logged in will appear along side the logout link. } } } else { $this->dest_page = $this->current_url; } } else { // Search engines should not be indexing versions of the index page with specific destinations $head_items->add_head_item('meta', array('name' => 'robots', 'content' => 'none')); $this->dest_page = $this->request['dest_page']; } if (!empty($this->request['redir_link_text'])) { $this->redir_link_text = $this->request['redir_link_text']; } $this->dest_page = $this->localize_destination_page(); $this->sess =& get_reason_session(); $this->logged_in = false; // A session exists if ($this->sess->exists()) { if (!$this->sess->has_started()) { $this->sess->start(); } // user is logging out if (!empty($this->request['logout'])) { $username = $this->sess->get('username'); $this->sess->destroy(); $this->msg = 'You are now logged out'; $this->log_authentication_event('logout succeeded', $username); if (empty($this->request['noredirect'])) { $parts = parse_url($this->dest_page); $port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : ''; $query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : ''; $fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : ''; $loc = 'http://' . $parts['host'] . $port . $parts['path'] . $query . $fragment; header('Location: ' . $loc); exit; } } elseif (!$this->sess->get('username')) { $this->sess->destroy(); header('Location: ' . get_current_url()); exit; } else { $this->logged_in = true; $this->msg = 'You are logged in as ' . $this->sess->get('username') . '.'; if (!empty($this->dest_page)) { if ($this->dest_page != get_current_url()) { $dest_txt = $this->_get_dest_page_text(); $cleaned_dest_page = htmlspecialchars($this->dest_page); $this->msg_extra = '<p>Proceed to <a href="' . $cleaned_dest_page . '" title="' . $cleaned_dest_page . '">' . htmlspecialchars($dest_txt) . '</a></p>'; } } } } else { // trying to login if (!empty($this->request['username']) and !empty($this->request['password'])) { if ($this->test_cookie_exists()) { $auth = new directory_service($this->params['auth_service']); // succesful login if ($auth->authenticate($this->request['username'], $this->request['password'])) { $this->sess->start(); $this->logged_in = true; $this->sess->set('username', trim($this->request['username'])); $this->log_authentication_event('login succeeded', $this->request['username']); // pop user back to the top of the page. this makes sure that the session // info is available to all modules if (!empty($this->dest_page)) { $parts = parse_url($this->dest_page); $port = isset($parts['port']) && !empty($parts['port']) ? ":" . $parts['port'] : ''; $query = isset($parts['query']) && !empty($parts['query']) ? '?' . $parts['query'] : ''; $fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : ''; $loc = securest_available_protocol() . '://' . $parts['host'] . $port . $parts['path'] . $query . $fragment; header('Location: ' . $loc); exit; } if (!empty($this->request['popup'])) { $this->close_window = true; $this->msg = 'You are now logged in. Please close this window.'; } } else { $this->log_authentication_event('login failed', $this->request['username']); $this->msg = 'The username and password you provided do not match. Please try again.'; } } else { $this->msg = 'It appears that you do not have cookies enabled. Please enable cookies and try logging in again'; } } else { $this->set_test_cookie(); if (!empty($this->request['code'])) { $s =& get_reason_session(); $this->msg = $s->get_error_msg($this->request['code']); } if (!empty($this->request['msg_uname'])) { $msg_id = id_of($this->request['msg_uname'], true, false); if (!empty($msg_id)) { $msg_ent = new entity($msg_id); if ($msg_ent->get_value('type') == id_of('text_blurb')) { $this->msg .= $msg_ent->get_value('content'); } } } } } }
/** * Gets information about a specific file, whether it was uploaded in the POST * body of the current request or in the asynchronous upload session identified * by the given ID. * * If no such file was received, if an empty file was received, or if there was * an error in receiving or storing the file or if it was rejected by PHP, * <code>null</code> will be returned. * * If an asynchronous upload session ID is given, but no session with that ID * actually exists, a notice is triggered. * * @param string $name the form field name under which the file was submitted * @param string $async_session_id the ID for the asynchronous upload session * @param boolean $clear if true, and the uploaded file is found in the * asynchronous session, the file's record will be removed from the * session * @return UploadedFile information about the uploaded file, or * <code>null</code> if no such file was uploaded or if there was an * error in uploading it */ function reason_get_uploaded_file($name, $async_session_id = null, $clear = false) { if ($async_session_id) { $async_session = _get_async_upload_session($async_session_id); if ($async_session) { if (isset($async_session['files'][$name])) { $records = $async_session['files'][$name]; if (is_array($records) && count($records) > 0) { $keys = array_keys($records); $key = $keys[count($keys) - 1]; $async_file = $records[$key]; $file = _uploaded_file_from_async($async_file); if (!$file || $clear) { unset($async_session['files'][$name][$key]); $session =& get_reason_session(); $id = $async_session_id; $session->set(_async_upload_session_key($id), $async_session); } if ($file) { return $file; } } } } else { trigger_warning("tried to get the file {$name} from asynchronous " . 'upload session ' . var_export($async_session_id, true) . ', but ' . 'no such session exists'); } } return isset($_FILES[$name]) ? _uploaded_file_from_php($_FILES[$name]) : null; }
/** * Disable inline editing - sets session value inline_editing to disabled. * * @return boolean success or failure */ function disable() { if (!$this->reason_allows_inline_editing()) { return false; } $session =& get_reason_session(); if ($session->exists() && $session->has_started()) { $session->set('inline_editing', "disabled"); return true; } return false; }