function session_save_messages()
{
if (!isset($GLOBALS['wfpl_messages'])) {
return;
}
if (!is_array($GLOBALS['wfpl_messages'])) {
return;
}
init_session();
session_set('wfpl_messages', array_to_string($GLOBALS['wfpl_messages']));
}
function check_session()
{
global $messages;
if ($_GET && isset($_GET['clear'])) {
session_destroy();
$_SESSION = array();
init_session();
return false;
}
$bad_path = false;
if (isset($_GET['generate'])) {
if (!$_SESSION['server_url']) {
$messages[] = "Please enter a server URL.";
}
if (!isset($_SESSION['store_type'])) {
$messages[] = "No store type chosen.";
} else {
switch ($_SESSION['store_type']) {
case "Filesystem":
if (!@$_SESSION['store_data']['fs_path']) {
$messages[] = "Please specify a filesystem store path.";
} else {
if (!check_open_basedir($_SESSION['store_data']['fs_path'])) {
$messages[] = "The filesystem store path violates PHP's <code>open_basedir</code> setting.";
$bad_path = true;
}
}
break;
case "SQLite":
if (!@$_SESSION['store_data']['sqlite_path']) {
$messages[] = "Please specify a SQLite database path.";
} else {
if (!check_open_basedir($_SESSION['store_data']['sqlite_path'])) {
$messages[] = "The SQLite store path violates PHP's <code>open_basedir</code> setting.";
$bad_path = true;
}
}
break;
default:
if (!($_SESSION['store_data']['host'] && $_SESSION['store_data']['database'] && $_SESSION['store_data']['username'] && $_SESSION['store_data']['password'])) {
$messages[] = "Please specify database connection details.";
}
}
}
}
if ($_SESSION['store_type'] && $_SESSION['server_url'] && parse_url($_SESSION['server_url']) !== false && ($_SESSION['store_type'] == 'Filesystem' && $_SESSION['store_data']['fs_path'] || $_SESSION['store_type'] == 'SQLite' && $_SESSION['store_data']['sqlite_path'] || $_SESSION['store_data']['host'] && $_SESSION['store_data']['username'] && $_SESSION['store_data']['database'] && $_SESSION['store_data']['password']) && !$bad_path) {
return true;
}
return false;
}
function login()
{
//
// $db = login();
//
// Tries to connect to database using session vars.
// Sends user to login script if the session has not been initialized
// or if the current session values are not valid.
//
init_session();
if (isset($_SESSION['dbname']) && isset($_SESSION['username']) && isset($_SESSION['password'])) {
list($db, $msg) = dbConnect($_SESSION['username'], $_SESSION['password'], $_SESSION['dbname'], 'localhost');
if (!$db) {
destroy_session();
header("Location: login.php?continueURL=" . urlencode(hostURL() . "/" . $_SERVER["REQUEST_URI"]) . "&msg=" . urlencode($msg));
exit;
} else {
return $db;
}
} else {
destroy_session();
header("Location: login.php?continueURL=" . urlencode(hostURL() . "/" . $_SERVER["REQUEST_URI"]));
exit;
}
if (!isset($_SESSION['username'])) {
// Session not started OK
trigger_error("Session failed to initialize- problem with cookies?");
exit;
}
// $db = FALSE;
// // Force basic auth
// $realm = "mrData";
// if (isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW']))
// list($db,$msg) = dbConnect($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'], 'mrDataDB');
// if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || !$db){
// header('WWW-Authenticate: Basic realm="'.$realm.'"');
// header('HTTP/1.0 401 Unauthorized');
// // We only get here if the user cancels the basic auth dialog.
// echo 'Sorry- you must log in.';
// exit;
// } else {
// //echo "<p>Hello {$_SERVER['PHP_AUTH_USER']}.</p>";
// //echo "<p>You entered {$_SERVER['PHP_AUTH_PW']} as your password.</p>";
// }
// return($db);
}
/**
* Use this if login is required to view page
* @param string $to - set page to jump to after login
*/
function set_need_login($to = '/')
{
if (!isset($_COOKIE[COOKIE_NAME])) {
//redirect to "must log in" page
header("location: {$to}");
return false;
} else {
init_session();
if (!isset($_SESSION['timeout']) or $_SESSION['timeout'] - time() <= 0) {
//redirect to "must log in" page
header("location: {$to}");
return false;
} else {
init_my_cookie();
extend_timeout();
return true;
}
}
}
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
require_once 'geograph/global.inc.php';
init_session();
$USER->mustHavePerm("ticketmod");
$smarty = new GeographPage();
$db = NewADOConnection($GLOBALS['DSN']);
if (!empty($_GET['relinqush'])) {
$db->Execute("UPDATE user SET rights = REPLACE(rights,'ticketmod','') WHERE user_id = {$USER->user_id}");
//reload the user object
$_SESSION['user'] = new GeographUser($USER->user_id);
header("Location: /profile.php?edit=1");
}
if (isset($_GET['gridimage_ticket_id'])) {
require_once 'geograph/gridimage.class.php';
require_once 'geograph/gridsquare.class.php';
require_once 'geograph/gridimagetroubleticket.class.php';
//user may have an expired session, or playing silly buggers,
//either way, we want to check for admin status on the session
function user_login_openid($token)
{
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "http://loginza.ru/api/authinfo?token={$token}");
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$arr = json_decode(curl_exec($ch), true);
if (isset($arr['error_type'])) {
print $arr['error_message'];
return 0;
}
$id = trim($arr['identity']);
if (!$id) {
throw new Exception();
}
//check if the user exists
$res = sql_pe("SELECT user_id FROM `users` WHERE user_name=? LIMIT 1", array($id));
sql_begin();
$user_id = sizeof($res) ? $res[0]['user_id'] : make_new_user($id, 'notagreed', '', $id);
$alias_uid = check_for_user_alias($user_id);
if ($alias_uid) {
$user_id = $alias_uid;
}
$token = remember_user($user_id, false);
$row = sql_fetch_array(sql_query("SELECT user_shown_name, user_passwd, user_level FROM users WHERE user_id = {$user_id} LIMIT 1"));
init_session($user_id, $row['user_shown_name'], get_user_options($user_id), get_user_permissions($user_id), $token, $row['user_level']);
sql_commit();
user_award_for_signup($user_id);
if ($row['user_passwd'] == 'notagreed') {
$_SESSION['user_pending'] = 1;
return 2;
}
return 1;
}
if ($require_otp) {
//error if no otp's have been generated
$otp_ready = check_otplist_generated($uid);
if (!$otp_ready) {
print "<H1>OTP authentication cannot be enabled!</h1>";
print "No otp password list has been generated for this user\n<br/>";
print "Please login without OTP and generate a list from the 'account settings' page\n<br/><br/>";
print_login_page();
exit();
}
enable_otp_on_demo_account();
} else {
disable_otp_on_demo_account();
}
*/
init_session($uid);
//redirect to requested page
header("Location: index.php");
exit;
} else {
print "<H1>LOGIN FAILED!</H1>\n<br/>";
print_login_page();
exit;
}
} else {
print_login_page();
exit;
}
function print_login_page()
{
print "Please login with <b>user 'demo'</b> and <b>password 'demopass'</b>.";
<?php
chdir('..');
date_default_timezone_set('Asia/Manila');
require_once 'includes/functions.php';
init_session() or die('Error: session has expired. Please log in again.');
init_my_cookie();
refresh_session() or die('Error: could not connect to server. Please log in again if the error persists.');
extend_timeout();
print_r($_POST);
//die('sample');
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
$db = new DBObject(CURRENT_DB);
$set = array();
$id = '';
$col = '';
// (!empty($_POST['sid']) && ctype_digit($_POST['sid']))or die('Error: record does not exist.');
$numbers = array('Age', 'offhours', 'onhours', 'HasPhoto', 'HasCert', 'HasEvalForm', 'schoolyear', 'semester');
$bools = array('HasPhoto' => 'rp', 'HasCert' => 'rc', 'HasEvalForm' => 're');
foreach ($_POST as $key => $value) {
if ($key == 'sid' || $key == 'onid' || $key == 'offid') {
ctype_digit($value) or die('Error: record does not exist.');
$id = $value;
$col = $db->escape($key);
} else {
$key = in_array($key, $bools) ? array_search($key, $bools) : $db->escape($key);
$value = $key === 'Bday' ? date('Y-m-d', strtotime(trim($value))) : $db->escape($value);
if (strstr($key, '-') === false) {
$value = in_array($key, $numbers) ? $value : "'{$value}'";
$sql = "UPDATE students SET {$key} = {$value} WHERE {$col} = {$id}";
} else {
<?php
date_default_timezone_set('Asia/Manila');
require_once 'includes/functions.php';
//classDB included
$cooking = init_session();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<base href="http://cdc.spumanila.edu.dev" />
<title>Community Development Center</title>
<link rel="stylesheet" href="/css/jquery-ui.min.css">
<link rel="stylesheet" href="/css/cdc.css">
<script src="/script/jquery-1.11.1.min.js"></script>
<script src="/script/jquery-ui.min.js"></script>
<script src="/script/jquery.tablesorter.min.js"></script>
<!--<script src="/script/prescript.js"></script>-->
<script src="/script/prescript.min.js"></script>
</head>
<body class="cdc-student">
<header class="noselect">
<nav>
<div class="constrain">
<ul id="top-nav">
<li class="other-nav"><a href="http://cdc.spumanila.edu.dev"><span>Faculty</span></a>
</li><li class="current-nav"><a href="http://cdc.spumanila.edu.dev/student/"><span>Student</span></a></li>
</ul>
<ul id="login">
function gestion_session($TAB_PROFILS_AUTORISES)
{
if(!isset($_COOKIE[SESSION_NOM]))
{
// 1. Aucune session transmise
open_new_session(); init_session();
if(!$TAB_PROFILS_AUTORISES['public'])
{
// 1.1. Demande d'accès à une page réservée, donc besoin d'identification
if(isset($_GET['verif_cookie']))
{
// 1.1.1. En fait l'utilisateur vient déjà de s'identifier : c'est donc anormal, le cookie de session n'a pas été trouvé car le navigateur client n'enregistre pas les cookies
affich_message_exit($titre='Problème de cookies',$contenu='Session non retrouvée !<br />Configurez votre navigateur pour qu\'il accepte les cookies.');
}
else
{
// 1.1.2. Session perdue ou expirée, ou demande d'accès direct (lien profond) : redirection pour une nouvelle identification
redirection_SSO_ou_message_exit(); // Si SSO au prochain coup on ne passera plus par là.
}
}
else
{
// 1.2 Accès à une page publique : RAS
}
}
else
{
// 2. id de session transmis
open_old_session();
if(!isset($_SESSION['USER_PROFIL']))
{
// 2.1. Pas de session retrouvée (sinon cette variable serait renseignée)
if(!$TAB_PROFILS_AUTORISES['public'])
{
// 2.1.1. Session perdue ou expirée et demande d'accès à une page réservée : redirection pour une nouvelle identification
close_session(); open_new_session(); init_session();
redirection_SSO_ou_message_exit(); // On peut initialiser la session avant car si SSO au prochain coup on ne passera plus par là.
}
else
{
// 2.1.2. Session perdue ou expirée et page publique : création d'une nouvelle session, pas de message d'alerte pour indiquer que la session perdue
close_session();open_new_session();init_session();
}
}
elseif($_SESSION['USER_PROFIL'] == 'public')
{
// 2.2. Session retrouvée, utilisateur non identifié
if(!$TAB_PROFILS_AUTORISES['public'])
{
// 2.2.1. Espace non identifié => Espace identifié : redirection pour identification
redirection_SSO_ou_message_exit(); // Pas d'initialisation de session sinon la redirection avec le SSO tourne en boucle.
}
else
{
// 2.2.2. Espace non identifié => Espace non identifié : RAS
}
}
else
{
// 2.3. Session retrouvée, utilisateur identifié
if($TAB_PROFILS_AUTORISES[$_SESSION['USER_PROFIL']])
{
// 2.3.1. Espace identifié => Espace identifié identique : RAS
}
elseif($TAB_PROFILS_AUTORISES['public'])
{
// 2.3.2. Espace identifié => Espace non identifié : création d'une nouvelle session vierge, pas de message d'alerte pour indiquer que la session perdue
// A un moment il fallait tester que ce n'était pas un appel ajax,pour éviter une déconnexion si appel au calendrier qui était dans l'espace public, mais ce n'est plus le cas...
// Par contre il faut conserver la session de SimpleSAMLphp pour laisser à l'utilisateur la choix de se déconnecter ou non de son SSO.
$SimpleSAMLphp_SESSION = ( ($_SESSION['CONNEXION_MODE']=='gepi') && (isset($_SESSION['SimpleSAMLphp_SESSION'])) ) ? $_SESSION['SimpleSAMLphp_SESSION'] : FALSE ; // isset() pour le cas où l'admin vient de cocher le mode Gepi mais c'est connecté sans juste avant
close_session();open_new_session();init_session();
if($SimpleSAMLphp_SESSION) { $_SESSION['SimpleSAMLphp_SESSION'] = $SimpleSAMLphp_SESSION; }
}
elseif(!$TAB_PROFILS_AUTORISES['public']) // (forcément)
{
// 2.3.3. Espace identifié => Autre espace identifié incompatible : redirection pour une nouvelle identification
// Pas de redirection SSO sinon on tourne en boucle (il faudrait faire une déconnexion SSO préalable).
affich_message_exit($titre='Page interdite avec votre profil',$contenu='Vous avez appelé une page inaccessible avec votre identification actuelle !<br />Déconnectez-vous ou retournez à la page précédente.');
}
}
}
}
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
$db = NewADOConnection($GLOBALS['DSN']);
if ((empty($_GET['key']) || preg_match("/[^\\w\\.@]/", $_GET['key'])) && empty($_GET['u'])) {
die("ERROR: no api key or email address");
}
$sql = "SELECT * FROM `apikeys` WHERE `apikey` = " . $db->Quote($_GET['key']) . " AND (`ip` = INET_ATON('{$_SERVER['REMOTE_ADDR']}') OR `ip` = 0) AND `enabled` = 'Y'";
$profile = $db->GetRow($sql);
if ($profile['apikey']) {
$hardlimit = 2500;
$sql_hardlimit = " LIMIT {$hardlimit}";
} elseif (!empty($_GET['u']) && preg_match("/^\\d+\$/", $_GET['u']) && (init_session() || true) && $USER->hasPerm('basic')) {
$sql_hardlimit = $hardlimit = '';
} else {
#die("ERROR: invalid api key. contact support at geograph dot co dot uk");
$hardlimit = 250;
$sql_hardlimit = " LIMIT {$hardlimit}";
}
# # # # # # # # # # # # # # #
$sql_from = $sql_crit = '';
$csvhead = "Id,Name,Grid Ref,Submitter,Image Class";
if (!empty($_GET['thumb'])) {
require_once 'geograph/gridimage.class.php';
$gridimage = new GridImage();
$csvhead .= ",Thumb URL";
$sql_from = ',gi.user_id,x,y,reference_index';
}
function username()
{
init_session();
return $_SESSION['user'];
}
