function content($page, $count = 0)
{
global $langmessage, $menu, $message, $prefix, $out;
$out = "";
if ($message != "") {
$out .= "<div class=\"LNE_message\">" . $message . "</div>\n";
}
switch ($_GET['do']) {
case "search":
$out .= "<h2 class=\"LNE_title\">{$langmessage['66']}</h2>\n";
search(true);
break;
case "profile":
$out .= profile();
break;
case "sitemap":
$out .= showsitemap($langmessage, 1);
break;
case "login":
$out .= loginform();
break;
default:
$result = dbquery('SELECT * FROM ' . $prefix . 'paginas WHERE page="' . $page . '"');
$row = fetch_array($result);
if ($row['restricted'] != 0 && $row['restricted'] > $_SESSION['adminlevel']) {
$out .= restrictedpage($row['restricted']);
} else {
$out .= markers(stripslashes(html_entity_decode($row['content'])));
}
}
print $out;
}
function getgroupdevice($login,$pass,$typedata)
{
if (($login!='') and ($pass!='') and ($typedata!=''))
{
include("support.php");
$id_user = loginform($login,$pass);
if ($id_user!='')
{
switch ($typedata)
{
case 'all': //get all user group
$sql = "SELECT * FROM groupdevice WHERE id_user_group='$id_user_group'";
$result = mysql_query($sql,$db);
break;
case 'one': //get user group by id
if ($id_group!='')
{
$sql = "SELECT * FROM groupdevice WHERE id_user_group='$id_user_group' and id_group='$id_group'";
$result = mysql_query($sql,$db);
}
break;
}
}
}
return $result;
}
function getuserdevice($login,$pass,$typedata)
{
if (($login!='') and ($pass!='') and ($typedata!=''))
{
include("support.php");
$id_user = loginform($login,$pass);
if ($id_user!='')
{
switch ($typedata)
{
case 'all': //get all user device
$sql = "SELECT * FROM lightpoint_device WHERE id_user='******'";
$result = mysql_query($sql,$db);
break;
case 'group': //get user device by group
if ($id_group!='')
{
$sql = "SELECT * FROM lightpoint_device WHERE id_user="******" and id_group_device=".$id_group."";
$result = mysql_query($sql,$db);
}
break;
case 'bygroup': //get all group by user
$sql = "SELECT * FROM lightpoint_device WHERE id_user="******" ORDER BY id_group_device";
$result = mysql_query($sql,$db);
break;
}
}
}
return $result;
}
function senddata($data, $loginform = false)
{
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../style.css">
<title>YaCE 3 - User Control Panel</title>
</head>
<body>
<div id="login">
<?php
echo $data;
if ($loginform) {
echo loginform();
}
?>
</div></body></html>
<?php
flush();
}
<?
include("bd.php");
$login = trim(htmlspecialchars(stripslashes($_GET['log'])));
$pass = trim(htmlspecialchars(stripslashes($_GET['pass'])));
$id_group = trim(htmlspecialchars(stripslashes($_GET['id_group'])));
$typedata = trim(htmlspecialchars(stripslashes($_GET['typedata'])));
$data = trim(htmlspecialchars(stripslashes($_GET['data'])));
if (($login!='') and ($pass!='') and ($typedata!='') and ($data!='') and ($id_group!=''))
{
include("support.php");
$id_user_group = loginform($login,$pass);
if ($id_user_group !='')
{
$sql = "";
switch($typedata)
{
case 'azimut':
$sql = "UPDATE groupdevice SET azimut='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'";
break;
case 'photosensor':
$sql = "UPDATE groupdevice SET photosensor='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'";
break;
case 'bright_white':
$sql = "UPDATE groupdevice SET bright_white='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'";
break;
case 'bright_red':
$sql = "UPDATE groupdevice SET bright_red='$data' WHERE id_user_group='$id_user_group' AND id_group='$id_group'";
function handle_auth()
{
if (isset($_REQUEST['rtcsdp'])) {
webrtc_handle_auth();
exit;
}
$state = isset($_REQUEST['state']) ? $_REQUEST['state'] : NULL;
$error_page = OP_INDEX_PAGE;
$response_mode = 'query';
try {
if (!isset($_REQUEST['client_id'])) {
throw new OidcException('invalid_request', 'no client');
}
// check client id
$client = db_get_client($_REQUEST['client_id']);
if (!$client) {
throw new OidcException('unauthorized_client', 'Client ID not found');
}
if (isset($_REQUEST['redirect_uri'])) {
if (!is_valid_registered_redirect_uri($client['redirect_uris'], $_REQUEST['redirect_uri'])) {
throw new OidcException('invalid_request', 'no matching redirect_uri');
}
} else {
throw new OidcException('invalid_request', 'no redirect_uri in request');
}
$error_page = $_REQUEST['redirect_uri'];
$response_mode = get_response_mode($_REQUEST);
if (!isset($_REQUEST['response_type'])) {
throw new OidcException('invalid_request', 'no response_type');
}
$response_types = explode(' ', $_REQUEST['response_type']);
$known_response_types = array('code', 'token', 'id_token');
if (count(array_diff($response_types, $known_response_types))) {
throw new OidcException('invalid_response_type', "Unknown response_type {$_REQUEST['response_type']}");
}
if (ENABLE_PKCE) {
if (in_array('code', $response_types)) {
if (!isset($_REQUEST['code_challenge'])) {
throw new OidcException('invalid_request', 'code challenge required');
}
if (isset($_REQUEST['code_challenge_method'])) {
if (!in_array($_REQUEST['code_challenge_method'], array('plain', 'S256'))) {
throw new OidcException('invalid_request', "unsupported code challenge method {$_REQUEST['code_challenge_method']}");
}
}
}
}
if (!isset($_REQUEST['scope'])) {
throw new OidcException('invalid_request', 'no scope');
}
$scopes = explode(' ', $_REQUEST['scope']);
if (!in_array('openid', $scopes)) {
throw new OidcException('invalid_scope', 'no openid scope');
}
if (in_array('token', $response_types) || in_array('id_token', $response_types)) {
if (!isset($_REQUEST['nonce'])) {
throw new OidcException('invalid_request', 'no nonce');
}
}
$_SESSION['get'] = $_GET;
$request_uri = isset($_REQUEST['request_uri']) ? $_REQUEST['request_uri'] : NULL;
$requested_userid = NULL;
$requested_userid_display = NULL;
$request_object = NULL;
if ($request_uri) {
$request_object = get_url($request_uri);
if (!$request_object) {
throw new OidcException('invalid_request', "Unable to fetch request file {$request_uri}");
}
} elseif (isset($_REQUEST['request'])) {
$request_object = $_REQUEST['request'];
}
if (isset($_GET['claims'])) {
$_GET['claims'] = json_decode($_GET['claims'], true);
$_REQUEST['claims'] = $_GET['claims'];
}
if (isset($request_object)) {
$cryptoError = '';
$payload = decrypt_verify_jwt($request_object, $client, $cryptoError);
if (!isset($payload)) {
if ($cryptoError == 'error_decrypt') {
throw new OidcException('invalid_request', 'Unable to decrypt request object');
} elseif ($cryptoError == 'error_sig') {
throw new OidcException('invalid_request', 'Unable to verify request object signature');
}
} else {
if (isset($payload['claims']['id_token'])) {
if (array_key_exists('sub', $payload['claims']['id_token']) && isset($payload['claims']['id_token']['sub']['value'])) {
$requested_userid_display = $payload['claims']['id_token']['sub']['value'];
$requested_userid = unwrap_userid($payload['claims']['id_token']['sub']['value']);
if (!db_get_user($requested_userid)) {
throw new OidcException('invalid_request', 'Unrecognized userid in request');
}
}
}
$merged_req = array_merge($_GET, $payload);
if (!array_key_exists('max_age', $merged_req) && $client['default_max_age']) {
$merged_req['max_age'] = $client['default_max_age'];
}
if ($merged_req['max_age']) {
$merged_req['claims']['id_token']['auth_time'] = array('essential' => true);
}
if ((!$merged_req['claims']['id_token'] || !array_key_exists('auth_time', $merged_req['claims']['id_token'])) && $client['require_auth_time']) {
$merged_req['claims']['id_token']['auth_time'] = array('essential' => true);
}
if (!$merged_req['claims']['id_token'] || !array_key_exists('acr', $merged_req['claims']['id_token'])) {
if ($merged_req['acr_values']) {
$merged_req['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode(' ', $merged_req['acr_values']));
} elseif ($client['default_acr_values']) {
$merged_req['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode('|', $client['default_acr_values']));
}
}
$_SESSION['rpfA'] = $merged_req;
log_debug("rpfA = %s", print_r($_SESSION['rpfA'], true));
foreach (array('client_id', 'response_type', 'scope', 'nonce', 'redirect_uri') as $key) {
if (!isset($payload[$key])) {
log_error("missing %s in payload => %s", $key, print_r($payload, true));
}
// throw new OidcException('invalid_request', 'Request Object missing required parameters');
}
log_debug("payload => %s", print_r($payload, true));
foreach ($payload as $key => $value) {
if (isset($_REQUEST[$key]) && strcmp($_REQUEST[$key], $value)) {
log_debug("key : %s value:%s", $key, print_r($value, true));
throw new OidcException('invalid_request', "Request Object Param Values do not match request '{$key}' '{$_REQUEST[$key]}' != '{$value}'");
}
}
}
} else {
if (isset($_GET['id_token_hint'])) {
$cryptoError = '';
$payload = decrypt_verify_jwt($_REQUEST['id_token_hint'], $client, $cryptoError);
if (!isset($payload)) {
if ($cryptoError == 'error_decrypt') {
throw new OidcException('invalid_request', 'Unable to decrypt request object');
} elseif ($cryptoError == 'error_sig') {
throw new OidcException('invalid_request', 'Unable to verify request object signature');
}
} else {
$requested_userid_display = $payload['sub'];
$requested_userid = unwrap_userid($payload['sub']);
if (!db_get_user($requested_userid)) {
throw new OidcException('invalid_request', 'Unrecognized userid in ID Token');
}
}
} else {
if (isset($_GET['claims']['id_token']['sub']['value'])) {
$requested_userid_display = $_GET['claims']['id_token']['sub']['value'];
$requested_userid = unwrap_userid($_GET['claims']['id_token']['sub']['value']);
if (!db_get_user($requested_userid)) {
throw new OidcException('invalid_request', "Unrecognized userid in ID Token");
}
} else {
if (isset($_GET['login_hint'])) {
$principal = $_GET['login_hint'];
$at = strpos($principal, '@');
if ($at !== false) {
error_log("EMAIL\n");
if ($at != 0) {
// XRI
// process email address
list($principal, $domain) = explode('@', $principal);
error_log("==> principal = {$principal} domain = {$domain}");
$port_pos = strpos($domain, ':');
if ($port_pos !== false) {
$domain = substr($domain, 0, $port_pos);
}
$domain_parts = explode('.', $domain);
$server_parts = explode('.', OP_SERVER_NAME);
// check to see domain matches
$domain_start = count($domain_parts) - 1;
$server_start = count($server_parts) - 1;
$domain_match = true;
for ($i = $domain_start, $j = $server_start; $i >= 0 && $j >= 0; $i--, $j--) {
if (strcasecmp($domain_parts[$i], $server_parts[$j]) != 0) {
$domain_match = false;
}
}
if ($domain_match) {
$requested_userid_display = $principal;
$requested_userid = unwrap_userid($requested_userid_display);
if (!db_get_user($requested_userid)) {
$requested_userid_display = NULL;
$requested_userid = NULL;
}
} else {
throw new OidcException('invalid_request', 'Unrecognized email domain');
}
}
} else {
// name only
$requested_userid_display = $_GET['login_hint'];
$requested_userid = unwrap_userid($requested_userid_display);
if (!db_get_user($requested_userid)) {
$requested_userid_display = NULL;
$requested_userid = NULL;
}
}
}
}
}
if (!array_key_exists('max_age', $_REQUEST) && $client['default_max_age']) {
$_REQUEST['max_age'] = $client['default_max_age'];
}
if ($_REQUEST['max_age']) {
$_REQUEST['claims']['id_token']['auth_time'] = array('essential' => true);
}
if ((!$_REQUEST['claims']['id_token'] || !array_key_exists('auth_time', $_REQUEST['claims']['id_token'])) && $client['require_auth_time']) {
$_REQUEST['claims']['id_token']['auth_time'] = array('essential' => true);
}
if (!$_REQUEST['claims']['id_token'] || !array_key_exists('acr', $_REQUEST['claims']['id_token'])) {
if ($_REQUEST['acr_values']) {
$_REQUEST['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode(' ', $_REQUEST['acr_values']));
} elseif ($client['default_acr_values']) {
$_REQUEST['claims']['id_token']['acr'] = array('essential' => true, 'values' => explode('|', $client['default_acr_values']));
}
}
$_SESSION['rpfA'] = $_REQUEST;
}
log_debug("prompt = %s", $_SESSION['rpfA']['prompt']);
$prompt = $_SESSION['rpfA']['prompt'] ? explode(' ', $_SESSION['rpfA']['prompt']) : array();
$num_prompts = count($prompt);
if ($num_prompts > 1 && in_array('none', $prompt)) {
throw new OidcException('interaction_required', "conflicting prompt parameters {$_SESSION['rpfA']['prompt']}");
}
if (in_array('none', $prompt)) {
$showUI = false;
} else {
$showUI = true;
}
log_debug("num prompt = %d %s", $num_prompts, print_r($prompt, true));
if ($_SESSION['username']) {
if (in_array('login', $prompt)) {
echo loginform($requested_userid_display, $requested_userid, $client);
exit;
}
if (isset($_SESSION['rpfA']['max_age'])) {
if (time() - $_SESSION['auth_time'] > $_SESSION['rpfA']['max_age']) {
if (!$showUI) {
throw new OidcException('interaction_required', 'max_age exceeded and prompt set to none');
}
echo loginform($requested_userid_display, $requested_userid, $client);
exit;
}
}
if ($requested_userid) {
if ($_SESSION['username'] != $requested_userid) {
if (!$showUI) {
throw new OidcException('interaction_required', 'requested account is different from logged in account, no UI requested');
} else {
echo loginform($requested_userid_display, $requested_userid, $client);
exit;
}
}
}
if (in_array('consent', $prompt)) {
echo confirm_userinfo();
exit;
}
if (!db_get_user_trusted_client($_SESSION['username'], $_REQUEST['client_id'])) {
if (!$showUI) {
throw new OidcException('interaction_required', 'consent needed and prompt set to none');
}
echo confirm_userinfo();
} else {
send_response($_SESSION['username'], true);
}
} else {
if (!$showUI) {
throw new OidcException('interaction_required', 'unauthenticated and prompt set to none');
}
echo custom_loginform($requested_userid_display, $requested_userid, $client);
}
} catch (OidcException $e) {
log_debug("handle_auth exception : %s", $e->getTraceAsString());
send_error($error_page, $e->error_code, $e->desc, NULL, $state, $response_mode);
} catch (Exception $e) {
log_debug("handle_auth exception : %s", $e->getTraceAsString());
send_error($error_page, 'invalid_request', $e->getMessage(), NULL, $state, $response_mode);
}
}
print_secure_content();
} else {
if (!$_SESSION["logging"]) {
$_SESSION["logging"] = true;
loginform();
} else {
if ($_SESSION["logging"]) {
$number_of_rows = checkpass();
if ($number_of_rows == 1) {
$_SESSION[user] = $_POST[userlogin];
$_SESSION[logged] = true;
echo "<h1>you have loged in successfully</h1>";
print_secure_content();
} else {
echo "wrong pawssword or username, please try again";
loginform();
}
}
}
}
function loginform()
{
echo "please enter your login information to proceed with our site";
echo "<table border='2'><tr><td>username</td><td><input type='text' name='userlogin' size'20'></td></tr><tr><td>password</td><td><input type='password' name='password' size'20'></td></tr></table>";
echo "<input type='submit' >";
echo "<h3><a href='registerform.php'>register now!</a></h3>";
}
function checkpass()
{
$dbHost = getenv('OPENSHIFT_MYSQL_DB_HOST');
//Get host from OpenShift
/**
* Account does not exist - show both the login and register forms
*
* @param string $msg message to display if one is needed
* @return string HTML for form
*
*/
function defaultform($msg)
{
global $LANG04, $_CONF;
$retval = '';
if (!empty($msg)) {
$retval .= COM_showMessageText($msg, $LANG04[21], false, 'info');
}
$retval .= loginform(true);
if ($_CONF['disable_new_user_registration'] == FALSE) {
$retval .= newuserform();
}
$retval .= getpasswordform();
return $retval;
}
function content()
{
global $pagenum, $selected, $message, $menu, $set, $langmessage, $LNEversion, $out, $prefix;
if ($message != "") {
$out .= "<div class=\"LNE_message\">" . $message . "</div>\n";
}
if ($_SESSION['adminlevel'] > 3) {
$out .= adminmenu();
}
switch ($_GET['do']) {
case "search":
$out .= "<h2 class=\"LNE_title\">{$langmessage['66']}</h2>\n";
$out .= search();
break;
case "register":
if ($set['gzip']) {
$out .= register();
}
break;
case "addons":
$out .= addons();
break;
case "create":
$out .= create_page();
break;
case "database":
$out .= query();
break;
case "delete":
delete_page();
break;
case "edit":
print $out;
$out = "";
editpage();
break;
case "editextra":
print $out;
$out = "";
extras();
break;
case "editmenu":
$out .= editmenu();
break;
case "login":
$out .= loginform();
break;
case "plugins":
$out .= plugins();
break;
case "profile":
if ($_SESSION[$set['password']] == "1") {
$out .= profile();
}
break;
case "query":
$out .= query();
break;
case "settings":
$out .= settings();
break;
case "setup":
$out .= setup();
break;
case "sitemap":
$out .= showsitemap($langmessage, 0);
break;
case "users":
$out .= users();
break;
default:
$addons = fetch_all(dbquery("SELECT * FROM " . $prefix . "addons WHERE active=1"));
$found = false;
foreach ($addons as $addon) {
if ($_GET['do'] == $addon['name'] && $_SESSION['adminlevel'] >= $addon['adminlevel']) {
require_once "addons/" . $addon['name'] . "/admin.php";
$out .= $addon['aname']();
$found = true;
break;
}
}
if (!$found) {
$result = dbquery("SELECT * FROM " . $prefix . "paginas WHERE page=\"" . $pagenum . "\"");
if ($row = fetch_array($result)) {
if ($row['restricted'] != 0 && $row['restricted'] > $_SESSION['adminlevel']) {
$out .= restrictedpage($row['restricted']);
} else {
$contnt = html_entity_decode(stripslashes($row['content']));
showcontent($contnt);
}
} else {
$result = dbquery("SELECT * FROM " . $prefix . "paginas WHERE page=\"index\"");
if ($row = fetch_array($result)) {
$contnt = html_entity_decode(stripslashes($row['content']));
showcontent($contnt);
} else {
$out .= "<h2>{$langmessage['116']}</h2>\n";
}
}
foreach ($addons as $addon) {
if (strpos($contnt, "%!\$" . $addon['name']) && $addon['header'] == 1) {
require_once "addons/" . $addon['name'] . "/header.php";
}
}
}
}
}
?>
<?php
if (isset($_SESSION["logging"]) && isset($_SESSION["logged"])) {
print_secure_content($pdo);
} else {
if (!isset($_SESSION["logging"])) {
$_SESSION["logging"] = true;
loginform($pdo);
} else {
if (isset($_SESSION["logging"])) {
$number_of_rows = checkpass($pdo);
if ($number_of_rows >= 1) {
@($_SESSION[user] = @$_POST[userlogin]);
@($_SESSION[logged] = true);
print_secure_content($pdo);
} else {
loginform($pdo);
if ($number_of_rows == 0 && isset($_POST["userlogin"]) && isset($_POST["password"])) {
echo "wrong password or username, please try again<br>";
}
}
}
}
}
?>
<?php
include_once 'footer.php';
generatetabform("index.php", "Main");
generatetabform("index.php", "ViewCoursebudgets");
generatetabform("index.php", "personalView");
generatetabform("index.php", "ManageUsers");
generatetabform("index.php", "ManageCourses");
generatetabform("index.php", "ManageCoursesPerPeriod");
generatetabform("index.php", "ladokView");
} else {
//
// Login
//
echo '<header>';
echo "<div id='bgDiv'><img id='background-img' class='bg' src='./images/Sven_Logo_192.png' alt=''></div>";
echo "<a href='index.php' title='Start' class='logoLink'></a>";
echo '</header>';
echo '<div id="content">';
echo '<div class="clearfix"></div>';
if (isset($_COOKIE['theme'])) {
//Cookies are enabled
loginform("index.php", "Login är signatur", "Login");
//Login form
if (isset($_POST['loginFail'])) {
echo "<h2>Fel signatur eller lösenord.</h2>";
}
}
echo '</div>';
}
echo '<footer>';
echo "</footer>";
echo "</body>";
echo "</html>";
/*$page = $_SERVER['HTTP_REFERER'];
$sec = "0.1";
header("Refresh: $sec; url=$page");*/
define('LOGINED', "1");
define('LEVEL', $seldataArray['level']);
define_array($seldataArray['level'], json_decode($seldataArray['allow'], true), "ALLOW");
define('ADMINLOGIN', $seldataArray['login']);
define('ADMINID', $seldataArray['id']);
$Ilog = array('login' => ADMINLOGIN, 'type' => 'authorize', 'action' => 'authorize', 'message' => "Авторизация " . ADMINLOGIN . " c IP:" . $_SERVER["REMOTE_ADDR"] . " BROWSER:" . $_SERVER['HTTP_USER_AGENT']);
$dataMySQL->Insert($Ilog, DB_PREFIX . "logs");
} else {
$content .= loginform($_POST, "<h3 style='color:red;'>Неверный логин или пароль</h3>");
define('LOGINED', "0");
$Ilog = array('login' => $_POST['user'], 'type' => 'authorize', 'action' => 'unauthorize', 'message' => "Неудачная попытка авторизации " . $_POST['user'] . " c паролем " . $_POST['pass'] . " IP:" . $_SERVER["REMOTE_ADDR"] . " BROWSER:" . $_SERVER['HTTP_USER_AGENT']);
$dataMySQL->Insert($Ilog, DB_PREFIX . "logs");
}
} else {
$content .= loginform($_POST);
define('LOGINED', "0");
}
}
if ($_GET['page'] == 'logout') {
setcookie("user", "", time() - 360000, "/");
setcookie("bypass", "", time() - 360000, "/");
$sec = "0.1";
header("Refresh: {$sec}; url=/admin.php");
}
if (!LOGINED) {
define('LOGINED', "0");
}
unset($seldataArray);
