function session_save_messages() { if (!isset($GLOBALS['wfpl_messages'])) { return; } if (!is_array($GLOBALS['wfpl_messages'])) { return; } init_session(); session_set('wfpl_messages', array_to_string($GLOBALS['wfpl_messages'])); }
function check_session() { global $messages; if ($_GET && isset($_GET['clear'])) { session_destroy(); $_SESSION = array(); init_session(); return false; } $bad_path = false; if (isset($_GET['generate'])) { if (!$_SESSION['server_url']) { $messages[] = "Please enter a server URL."; } if (!isset($_SESSION['store_type'])) { $messages[] = "No store type chosen."; } else { switch ($_SESSION['store_type']) { case "Filesystem": if (!@$_SESSION['store_data']['fs_path']) { $messages[] = "Please specify a filesystem store path."; } else { if (!check_open_basedir($_SESSION['store_data']['fs_path'])) { $messages[] = "The filesystem store path violates PHP's <code>open_basedir</code> setting."; $bad_path = true; } } break; case "SQLite": if (!@$_SESSION['store_data']['sqlite_path']) { $messages[] = "Please specify a SQLite database path."; } else { if (!check_open_basedir($_SESSION['store_data']['sqlite_path'])) { $messages[] = "The SQLite store path violates PHP's <code>open_basedir</code> setting."; $bad_path = true; } } break; default: if (!($_SESSION['store_data']['host'] && $_SESSION['store_data']['database'] && $_SESSION['store_data']['username'] && $_SESSION['store_data']['password'])) { $messages[] = "Please specify database connection details."; } } } } if ($_SESSION['store_type'] && $_SESSION['server_url'] && parse_url($_SESSION['server_url']) !== false && ($_SESSION['store_type'] == 'Filesystem' && $_SESSION['store_data']['fs_path'] || $_SESSION['store_type'] == 'SQLite' && $_SESSION['store_data']['sqlite_path'] || $_SESSION['store_data']['host'] && $_SESSION['store_data']['username'] && $_SESSION['store_data']['database'] && $_SESSION['store_data']['password']) && !$bad_path) { return true; } return false; }
function login() { // // $db = login(); // // Tries to connect to database using session vars. // Sends user to login script if the session has not been initialized // or if the current session values are not valid. // init_session(); if (isset($_SESSION['dbname']) && isset($_SESSION['username']) && isset($_SESSION['password'])) { list($db, $msg) = dbConnect($_SESSION['username'], $_SESSION['password'], $_SESSION['dbname'], 'localhost'); if (!$db) { destroy_session(); header("Location: login.php?continueURL=" . urlencode(hostURL() . "/" . $_SERVER["REQUEST_URI"]) . "&msg=" . urlencode($msg)); exit; } else { return $db; } } else { destroy_session(); header("Location: login.php?continueURL=" . urlencode(hostURL() . "/" . $_SERVER["REQUEST_URI"])); exit; } if (!isset($_SESSION['username'])) { // Session not started OK trigger_error("Session failed to initialize- problem with cookies?"); exit; } // $db = FALSE; // // Force basic auth // $realm = "mrData"; // if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) // list($db,$msg) = dbConnect($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], 'mrDataDB'); // if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !$db){ // header('WWW-Authenticate: Basic realm="'.$realm.'"'); // header('HTTP/1.0 401 Unauthorized'); // // We only get here if the user cancels the basic auth dialog. // echo 'Sorry- you must log in.'; // exit; // } else { // //echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>"; // //echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>"; // } // return($db); }
/** * Use this if login is required to view page * @param string $to - set page to jump to after login */ function set_need_login($to = '/') { if (!isset($_COOKIE[COOKIE_NAME])) { //redirect to "must log in" page header("location: {$to}"); return false; } else { init_session(); if (!isset($_SESSION['timeout']) or $_SESSION['timeout'] - time() <= 0) { //redirect to "must log in" page header("location: {$to}"); return false; } else { init_my_cookie(); extend_timeout(); return true; } } }
* This program is free software; you can redistribute it and/or * modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 * of the License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ require_once 'geograph/global.inc.php'; init_session(); $USER->mustHavePerm("ticketmod"); $smarty = new GeographPage(); $db = NewADOConnection($GLOBALS['DSN']); if (!empty($_GET['relinqush'])) { $db->Execute("UPDATE user SET rights = REPLACE(rights,'ticketmod','') WHERE user_id = {$USER->user_id}"); //reload the user object $_SESSION['user'] = new GeographUser($USER->user_id); header("Location: /profile.php?edit=1"); } if (isset($_GET['gridimage_ticket_id'])) { require_once 'geograph/gridimage.class.php'; require_once 'geograph/gridsquare.class.php'; require_once 'geograph/gridimagetroubleticket.class.php'; //user may have an expired session, or playing silly buggers, //either way, we want to check for admin status on the session
function user_login_openid($token) { $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, "http://loginza.ru/api/authinfo?token={$token}"); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); $arr = json_decode(curl_exec($ch), true); if (isset($arr['error_type'])) { print $arr['error_message']; return 0; } $id = trim($arr['identity']); if (!$id) { throw new Exception(); } //check if the user exists $res = sql_pe("SELECT user_id FROM `users` WHERE user_name=? LIMIT 1", array($id)); sql_begin(); $user_id = sizeof($res) ? $res[0]['user_id'] : make_new_user($id, 'notagreed', '', $id); $alias_uid = check_for_user_alias($user_id); if ($alias_uid) { $user_id = $alias_uid; } $token = remember_user($user_id, false); $row = sql_fetch_array(sql_query("SELECT user_shown_name, user_passwd, user_level FROM users WHERE user_id = {$user_id} LIMIT 1")); init_session($user_id, $row['user_shown_name'], get_user_options($user_id), get_user_permissions($user_id), $token, $row['user_level']); sql_commit(); user_award_for_signup($user_id); if ($row['user_passwd'] == 'notagreed') { $_SESSION['user_pending'] = 1; return 2; } return 1; }
if ($require_otp) { //error if no otp's have been generated $otp_ready = check_otplist_generated($uid); if (!$otp_ready) { print "<H1>OTP authentication cannot be enabled!</h1>"; print "No otp password list has been generated for this user\n<br/>"; print "Please login without OTP and generate a list from the 'account settings' page\n<br/><br/>"; print_login_page(); exit(); } enable_otp_on_demo_account(); } else { disable_otp_on_demo_account(); } */ init_session($uid); //redirect to requested page header("Location: index.php"); exit; } else { print "<H1>LOGIN FAILED!</H1>\n<br/>"; print_login_page(); exit; } } else { print_login_page(); exit; } function print_login_page() { print "Please login with <b>user 'demo'</b> and <b>password 'demopass'</b>.";
<?php chdir('..'); date_default_timezone_set('Asia/Manila'); require_once 'includes/functions.php'; init_session() or die('Error: session has expired. Please log in again.'); init_my_cookie(); refresh_session() or die('Error: could not connect to server. Please log in again if the error persists.'); extend_timeout(); print_r($_POST); //die('sample'); if ($_SERVER['REQUEST_METHOD'] == 'POST') { $db = new DBObject(CURRENT_DB); $set = array(); $id = ''; $col = ''; // (!empty($_POST['sid']) && ctype_digit($_POST['sid']))or die('Error: record does not exist.'); $numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester'); $bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're'); foreach ($_POST as $key => $value) { if ($key == 'sid' || $key == 'onid' || $key == 'offid') { ctype_digit($value) or die('Error: record does not exist.'); $id = $value; $col = $db->escape($key); } else { $key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key); $value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value); if (strstr($key, '-') === false) { $value = in_array($key, $numbers) ? $value : "'{$value}'"; $sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}"; } else {
<?php date_default_timezone_set('Asia/Manila'); require_once 'includes/functions.php'; //classDB included $cooking = init_session(); ?> <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <base href="http://cdc.spumanila.edu.dev" /> <title>Community Development Center</title> <link rel="stylesheet" href="/css/jquery-ui.min.css"> <link rel="stylesheet" href="/css/cdc.css"> <script src="/script/jquery-1.11.1.min.js"></script> <script src="/script/jquery-ui.min.js"></script> <script src="/script/jquery.tablesorter.min.js"></script> <!--<script src="/script/prescript.js"></script>--> <script src="/script/prescript.min.js"></script> </head> <body class="cdc-student"> <header class="noselect"> <nav> <div class="constrain"> <ul id="top-nav"> <li class="other-nav"><a href="http://cdc.spumanila.edu.dev"><span>Faculty</span></a> </li><li class="current-nav"><a href="http://cdc.spumanila.edu.dev/student/"><span>Student</span></a></li> </ul> <ul id="login">
function gestion_session($TAB_PROFILS_AUTORISES) { if(!isset($_COOKIE[SESSION_NOM])) { // 1. Aucune session transmise open_new_session(); init_session(); if(!$TAB_PROFILS_AUTORISES['public']) { // 1.1. Demande d'accès à une page réservée, donc besoin d'identification if(isset($_GET['verif_cookie'])) { // 1.1.1. En fait l'utilisateur vient déjà de s'identifier : c'est donc anormal, le cookie de session n'a pas été trouvé car le navigateur client n'enregistre pas les cookies affich_message_exit($titre='Problème de cookies',$contenu='Session non retrouvée !<br />Configurez votre navigateur pour qu\'il accepte les cookies.'); } else { // 1.1.2. Session perdue ou expirée, ou demande d'accès direct (lien profond) : redirection pour une nouvelle identification redirection_SSO_ou_message_exit(); // Si SSO au prochain coup on ne passera plus par là. } } else { // 1.2 Accès à une page publique : RAS } } else { // 2. id de session transmis open_old_session(); if(!isset($_SESSION['USER_PROFIL'])) { // 2.1. Pas de session retrouvée (sinon cette variable serait renseignée) if(!$TAB_PROFILS_AUTORISES['public']) { // 2.1.1. Session perdue ou expirée et demande d'accès à une page réservée : redirection pour une nouvelle identification close_session(); open_new_session(); init_session(); redirection_SSO_ou_message_exit(); // On peut initialiser la session avant car si SSO au prochain coup on ne passera plus par là. } else { // 2.1.2. Session perdue ou expirée et page publique : création d'une nouvelle session, pas de message d'alerte pour indiquer que la session perdue close_session();open_new_session();init_session(); } } elseif($_SESSION['USER_PROFIL'] == 'public') { // 2.2. Session retrouvée, utilisateur non identifié if(!$TAB_PROFILS_AUTORISES['public']) { // 2.2.1. Espace non identifié => Espace identifié : redirection pour identification redirection_SSO_ou_message_exit(); // Pas d'initialisation de session sinon la redirection avec le SSO tourne en boucle. } else { // 2.2.2. Espace non identifié => Espace non identifié : RAS } } else { // 2.3. Session retrouvée, utilisateur identifié if($TAB_PROFILS_AUTORISES[$_SESSION['USER_PROFIL']]) { // 2.3.1. Espace identifié => Espace identifié identique : RAS } elseif($TAB_PROFILS_AUTORISES['public']) { // 2.3.2. Espace identifié => Espace non identifié : création d'une nouvelle session vierge, pas de message d'alerte pour indiquer que la session perdue // A un moment il fallait tester que ce n'était pas un appel ajax,pour éviter une déconnexion si appel au calendrier qui était dans l'espace public, mais ce n'est plus le cas... // Par contre il faut conserver la session de SimpleSAMLphp pour laisser à l'utilisateur la choix de se déconnecter ou non de son SSO. $SimpleSAMLphp_SESSION = ( ($_SESSION['CONNEXION_MODE']=='gepi') && (isset($_SESSION['SimpleSAMLphp_SESSION'])) ) ? $_SESSION['SimpleSAMLphp_SESSION'] : FALSE ; // isset() pour le cas où l'admin vient de cocher le mode Gepi mais c'est connecté sans juste avant close_session();open_new_session();init_session(); if($SimpleSAMLphp_SESSION) { $_SESSION['SimpleSAMLphp_SESSION'] = $SimpleSAMLphp_SESSION; } } elseif(!$TAB_PROFILS_AUTORISES['public']) // (forcément) { // 2.3.3. Espace identifié => Autre espace identifié incompatible : redirection pour une nouvelle identification // Pas de redirection SSO sinon on tourne en boucle (il faudrait faire une déconnexion SSO préalable). affich_message_exit($titre='Page interdite avec votre profil',$contenu='Vous avez appelé une page inaccessible avec votre identification actuelle !<br />Déconnectez-vous ou retournez à la page précédente.'); } } } }
* GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ $db = NewADOConnection($GLOBALS['DSN']); if ((empty($_GET['key']) || preg_match("/[^\\w\\.@]/", $_GET['key'])) && empty($_GET['u'])) { die("ERROR: no api key or email address"); } $sql = "SELECT * FROM `apikeys` WHERE `apikey` = " . $db->Quote($_GET['key']) . " AND (`ip` = INET_ATON('{$_SERVER['REMOTE_ADDR']}') OR `ip` = 0) AND `enabled` = 'Y'"; $profile = $db->GetRow($sql); if ($profile['apikey']) { $hardlimit = 2500; $sql_hardlimit = " LIMIT {$hardlimit}"; } elseif (!empty($_GET['u']) && preg_match("/^\\d+\$/", $_GET['u']) && (init_session() || true) && $USER->hasPerm('basic')) { $sql_hardlimit = $hardlimit = ''; } else { #die("ERROR: invalid api key. contact support at geograph dot co dot uk"); $hardlimit = 250; $sql_hardlimit = " LIMIT {$hardlimit}"; } # # # # # # # # # # # # # # # $sql_from = $sql_crit = ''; $csvhead = "Id,Name,Grid Ref,Submitter,Image Class"; if (!empty($_GET['thumb'])) { require_once 'geograph/gridimage.class.php'; $gridimage = new GridImage(); $csvhead .= ",Thumb URL"; $sql_from = ',gi.user_id,x,y,reference_index'; }
function username() { init_session(); return $_SESSION['user']; }