Example #1
0
function Main()
{
    global $TPLV, $bottom, $db, $migalha, $usuario;
    $TPLV = new TemplatePower(TEMPLATE_PATH . "login.tpl");
    $TPLV->assignGlobal("uploadPath", UPLOAD_PATH);
    $TPLV->assignGlobal("imagePath", IMAGE_PATH);
    $TPLV->assignGlobal("swfPath", SWF_PATH);
    $TPLV->assignGlobal("localPath", LOCAL_PATH);
    $TPLV->assignGlobal('navBottom', $bottom);
    $TPLV->prepare();
    $in = $_GET['in'];
    switch ($in) {
        default:
        case 'restrito':
            if ($usuario->isLogado()) {
                inicio();
            } else {
                restrito();
            }
            break;
        case 'inicio':
            inicio();
            break;
        case 'logout':
            logout();
            break;
    }
}
Example #2
0
 static function logout($input)
 {
     $result = logout();
     if (!$result) {
         throw new Exception("could_not_logout");
     }
 }
Example #3
0
function LoginUser($tool_provider)
{
    // Clear any existing sessions
    if (elgg_is_logged_in()) {
        logout();
    }
    $values = GetPluginSettings();
    $userprovision = $values['userprovision'];
    $user_id = $tool_provider->user->getID(BasicLTI_Tool_Provider::ID_SCOPE_GLOBAL);
    $consumer_key = $tool_provider->consumer->guid;
    $context_id = $tool_provider->user->context->id;
    // Does user exist
    $user = CheckLTIUser($user_id);
    // Provision user, if on and needed
    if (empty($user)) {
        if ($userprovision) {
            $user = CreateLTIUser($consumer_key, $context_id, $tool_provider->user);
            if (empty($user)) {
                forward();
            }
        } else {
            system_message(elgg_echo('LTI:info:noprovision'));
            forward();
            exit;
        }
    }
    // Set up current context id
    $user->context_id = $context_id;
    $user->email = $tool_provider->user->email;
    $user->name = $tool_provider->user->fullname;
    $user->save();
    // Login
    $result = login($user, false);
    return $result;
}
Example #4
0
function check_login()
{
    // If session does not exist on server side, or IP address has changed, or session has expired, show login screen.
    if (!isset($_SESSION['uid']) || !$_SESSION['uid'] || $_SESSION['ip'] != allIPs() || time() >= $_SESSION['expires_on']) {
        logout();
    }
    $_SESSION['expires_on'] = time() + INACTIVITY_TIMEOUT;
    // User accessed a page : Update his/her session expiration date.
    // Tracabilité LOG
    $dbconn = pg_connect(CONFIG_DB) or die('Connexion impossible : ' . pg_last_error());
    $numero_ID = $_SESSION['numero_abo'];
    if ($_SESSION['username'] != 'beprev') {
        $today = new DateTime('now');
        $horodate = date_format($today, 'Y-m-d H:i:s');
        $req = 'SELECT MAX("ID") from user_log;';
        $result = pg_query($req) or die('Échec de la requête : ' . pg_last_error());
        $table = pg_fetch_row($result);
        $Id = $table[0];
        if (strlen($Id) == 0) {
            $Id = 0;
        }
        $Id = $Id + 1;
        $page = $_SESSION["ipFrontOffice"] . $_SERVER['PHP_SELF'];
        $req = "INSERT INTO user_log (\"ID\", id_user,page,horodate) VALUES ('{$Id}','{$numero_ID}','{$page}','{$horodate}');";
        $result = pg_query($req) or die('Échec de la requête : ' . pg_last_error());
    }
    pg_close($dbconn);
}
Example #5
0
function reset_db()
{
    global $dbname;
    global $dblocation;
    global $dbpassword;
    global $dbuser;
    global $reset_complete;
    global $error_message;
    $db_connected = false;
    try {
        $mysqli = new mysqli($dblocation, $dbuser, $dbpassword, $dbname);
        if ($mysqli->connect_errno) {
            $error_message = "Failed to connect to MySQL: (" . $mysqli->connect_errno . ") Check your setting in the Config.php file.  " . $mysqli->connect_error;
        }
        $db_connected = True;
    } catch (mysqli_sql_exception $e) {
        $error_message = "Check your settings in the Config.php file.<br /><br />  Failed to connect to MySQL.  " . $e;
    }
    if ($db_connected) {
        $command = "mysql --user="******" --password="******" --database=" . $dbname . " < ./db-scripts/ResetDB.sql";
        $output = shell_exec($command);
        echo $output;
        $reset_complete = True;
        logout();
    }
}
Example #6
0
function onPost()
{
    if (!isset($_POST['method'])) {
        http_response_code(HTTP_BAD_REQUEST);
        echo 'method field reuired';
        return;
    }
    switch ($_POST['method']) {
        case METHOD_LOGIN:
            login();
            break;
        case METHOD_LOGOUT:
            logout();
            break;
        case METHOD_CREATE_ACCOUNT:
            createAccount();
            break;
        case METHOD_USER_INFO:
            userInfo();
            break;
        default:
            http_response_code(HTTP_BAD_REQUEST);
            echo 'invalid method name: ' . $_POST['method'];
            return;
    }
}
Example #7
0
function main() {

    global $auth;

    if ($_REQUEST['action'] == 'delete' && $auth){
        delete();
    }
    elseif ($_REQUEST['action'] == 'list' && $auth){
        view_list();
    }
    elseif ($_REQUEST['action'] == 'banip' && $auth){
        banip();
    }
    elseif ($_REQUEST['action'] == 'search' && $auth){
        search();
    }
    elseif ($_REQUEST['action'] == 'bannedlist' && $auth){
        bannedlist();
    }
    elseif ($_REQUEST['action'] == 'unbanip' && $auth){
        unbanip();
    }
    elseif ($_REQUEST['action'] == 'logout'){
        logout();
    }
    elseif (1) {
        login_screen();
    }

}
Example #8
0
/**
 * routing
 *
 * @since 1.2.1
 * @deprecated 2.0.0
 *
 * @package Redaxscript
 * @category Center
 * @author Henry Ruhs
 */
function routing()
{
    /* check token */
    if ($_POST && $_POST['token'] != TOKEN) {
        notification(l('error_occurred'), l('token_incorrect'), l('home'), ROOT);
        return;
    }
    /* call default post */
    $post_list = array('comment', 'login', 'password_reset', 'registration', 'reminder', 'search');
    foreach ($post_list as $value) {
        if ($_POST[$value . '_post'] && function_exists($value . '_post')) {
            call_user_func($value . '_post');
            return;
        }
    }
    /* general routing */
    switch (FIRST_PARAMETER) {
        case 'admin':
            if (LOGGED_IN == TOKEN) {
                admin_routing();
            } else {
                notification(l('error_occurred'), l('access_no'), l('login'), 'login');
            }
            return;
        case 'login':
            login_form();
            return;
        case 'logout':
            if (LOGGED_IN == TOKEN) {
                logout();
            } else {
                notification(l('error_occurred'), l('access_no'), l('login'), 'login');
            }
            return;
        case 'password_reset':
            if (s('reminder') == 1 && FIRST_SUB_PARAMETER && THIRD_PARAMETER) {
                password_reset_form();
            } else {
                notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
            }
            return;
        case 'registration':
            if (s('registration')) {
                registration_form();
            } else {
                notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
            }
            return;
        case 'reminder':
            if (s('reminder') == 1) {
                reminder_form();
            } else {
                notification(l('error_occurred'), l('access_no'), l('home'), ROOT);
            }
            return;
        default:
            contents();
            return;
    }
}
Example #9
0
function user_delete($username_to_delete)
{
    if (!$username_to_delete) {
        redirect('/');
    }
    if (($username_to_delete == $_SERVER['USER'] || user_is_administrator()) && user_is_valid($_SERVER['USERINFO_ARRAY']['username'], $_SERVER['USERINFO_ARRAY']['userpass'])) {
        $userdir = "{$_SERVER['PWUSERS_DIR']}/{$username_to_delete}";
        exec("rm -fR {$userdir}", $delresults);
        exec("grep -rli {$username_to_delete} {$_SERVER['PWUSERS_DIR']}/*/watchedlist.txt", $watchedlists);
        foreach ($watchedlists as $watched) {
            $data = file_get_contents($watched);
            if (strstr($data, "!{$planowner}")) {
                preg_match("|(!{$planowner}.*!)|", $data, $matches);
                $remove = $matches[0];
            } else {
                $remove = "\n{$planowner}\n";
            }
            // remove whatever we found
            $data = str_replace($remove, '', $data);
            // break down multiple linebreaks so the list doesn't look weird in the edit view
            $data = str_replace("\n\n", "\n", $data);
            file_put_contents($watched, $data);
        }
    } else {
        output("Error deleting {$username_to_delete}", "\n\t<div class='alert'>\n\tYou can't delete {$username_to_delete}. Talk to an\n\t<a href='mailto:help@planwatch.org'>admin</a>.\n\tClick <a href='{$_SERVER['WEB_ROOT']}/'>here</a> to go back to the main page.\n\t</div>\n\t");
    }
    if ($username_to_delete == $user) {
        logout("{$username_to_delete} has been deleted.");
    } else {
        redirect('/');
    }
}
Example #10
0
function page_protect()
{
    session_start();
    global $db;
    if (isset($_SESSION['HTTP_USER_AGENT'])) {
        if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
            logout();
            exit;
        }
    }
    if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
        if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
            $cookie_user_id = filter($_COOKIE['user_id']);
            $rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='{$cookie_user_id}'") or die(mysql_error());
            list($ckey, $ctime) = mysql_fetch_row($rs_ctime);
            if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
                logout();
            }
            if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
                session_regenerate_id();
                //against session fixation attacks.
                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_name'] = $_COOKIE['user_name'];
                list($user_level) = mysql_fetch_row(mysql_query("select user_level from users where id='{$_SESSION['user_id']}'"));
                $_SESSION['user_level'] = $user_level;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
            } else {
                logout();
            }
        } else {
            header("Location: login.php");
            exit;
        }
    }
}
Example #11
0
 public function loginOut()
 {
     //退出时清除session
     logout();
     savePermissionIDEliminate();
     savePermissionURLEliminate();
     $this->success('退出成功!', U('checkLogin'));
 }
Example #12
0
function checkAccess()
{
    if (!isUserAuth()) {
        logout();
        //Ensure user does not receive sensitive content 4.4.3
        die("Unauthorized access");
    }
}
Example #13
0
	function exec($args, $stdin, &$stdout, &$stderr, &$system)
	{
		logout();

		$system->triggerEventIntern("logout", array());
		$stdout = ucf(i18n("logout successfull"));
		return true;
	}
Example #14
0
function deleteUser()
{
    $user = new User();
    $user->deleteUser($_POST['usr_id']);
    if (isset($_SESSION['id']) && $_SESSION['id'] == $_POST['usr_id']) {
        logout();
    }
}
Example #15
0
function validate_xsrf_token($token)
{
    if ($token != $_SESSION[CONST_XSRF_TOKEN_KEY]) {
        log_exception(new Exception('Invalid XSRF token. Was: "' . $token . '". Wanted: "' . $_SESSION[CONST_XSRF_TOKEN_KEY] . '"'));
        logout();
        exit;
    }
}
Example #16
0
function check_logon()
{
    $fingerprint = md5($_SERVER['REMOTE_ADDR'] . 'dh(6Km4$X*' . $_SERVER['HTTP_USER_AGENT']);
    session_start();
    if (!isset($_SESSION['log_user']) || $_SESSION['log_fingerprint'] != $fingerprint) {
        logout();
    }
    session_regenerate_id();
}
Example #17
0
function change_password($users, $passwords, $user, $old, $new)
{
    if (verify_password($users, $passwords, $user, $old)) {
        $new_salt = generate_random_string(20);
        $passwords[array_keys($users, $user)][0] = hash_password($new, $new_salt);
        $passwords[array_keys($users, $user)][1] = $new_salt;
        logout();
    }
}
Example #18
0
function login()
{
    if (isset($_SESSION["s_user"])) {
        _debug("login(): session detected");
        //if ( ! user_activate( $_SESSION["s_user"], $_SESSION["s_pass"] ))
        if (!user_activate($_SESSION["s_user"], base64_decode($_SESSION["s_pass"]))) {
            _debug("Failed to activate user " . $_SESSION['s_user']);
            logout();
        }
    } else {
        if (isset($_POST["p_pass"])) {
            $p_pass = $_POST["p_pass"];
        } else {
            $p_pass = "";
        }
        if (isset($_POST["p_user"])) {
            _debug("login(): login authentication");
            // Check Login
            //if ( ! user_activate( stripslashes( $_POST["p_user"] ), md5( stripslashes( $p_pass ) ) ) )
            if (!user_activate(stripslashes($_POST["p_user"]), $p_pass)) {
                global $error_msg;
                show_error($error_msg["login_failed"] . ": " . $_POST["p_user"]);
            }
            // authentication sucessfull
            _debug("user '" . $_POST["p_user"] . "' successfully authenticated");
            // set language
            $_SESSION['language'] = qx_request("lang", "en");
            return;
        } else {
            // Ask for Login
            show_header($GLOBALS["messages"]["actlogin"]);
            echo "<CENTER><BR><TABLE width=\"300\"><TR><TD colspan=\"2\" class=\"header\" nowrap><B>";
            echo $GLOBALS["messages"]["actloginheader"] . "</B></TD></TR>\n<FORM name=\"login\" action=\"";
            echo make_link("login", NULL, NULL) . "\" method=\"post\">\n";
            echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD><TD align=\"right\">";
            echo "<INPUT name=\"p_user\" type=\"text\" size=\"25\"></TD></TR>\n";
            echo "<TR><TD>" . $GLOBALS["messages"]["miscpassword"] . ":</TD><TD align=\"right\">";
            echo "<INPUT name=\"p_pass\" type=\"password\" size=\"25\"></TD></TR>\n";
            // NAS4Free Code
            //Select box and auto language detection array
            echo "<TR><TD>" . gettext("Detected Language:<br />(Change if needed)") . "</TD><TD align=\"right\">";
            @(include "./_lang/_info.php");
            // End NAS4Free Code
            echo "<TR><TD colspan=\"2\" align=\"right\"><INPUT type=\"submit\" value=\"";
            echo $GLOBALS["messages"]["btnlogin"] . "\"></TD></TR>\n</FORM></TABLE><BR></CENTER>\n";
            ?>
<script language="JavaScript1.2" type="text/javascript">
                <!--
                if(document.login) document.login.p_user.focus();
            // -->
            </script><?php 
            show_footer();
            exit;
        }
    }
}
Example #19
0
function checkAuth($request)
{
    if ($request['logout']) {
        $UID = logout();
    } elseif ($request['u']) {
        $UID = login($request['u'], $request['p']);
    } else {
        $UID = checkAuthToken();
    }
    return $UID;
}
Example #20
0
function timeoutExpired()
{
    global $gorumuser, $gorumroll, $gorumauthlevel, $gorumrecognised;
    global $autoLogout, $autoLogoutTime, $scriptName;
    if ($autoLogout && time() - $gorumuser->lastClickTime > $autoLogoutTime * 60 && ($gorumroll->list != "user" || $gorumroll->method != "create_form" && $gorumroll->method != "create" && $gorumroll->method != "login_form" && $gorumroll->method != "login")) {
        logout();
        $s = "Timeout expired. Please, log in!";
        $s .= "<p><a href='{$scriptName}'>Click here to return to the application!</a>";
        echo $s;
        die;
    }
    return FALSE;
}
Example #21
0
function login()
{
    //print_r($GLOBALS['__SESSION']);
    if (isset($GLOBALS['__SESSION']["s_user"])) {
        if (!activate_user($GLOBALS['__SESSION']["s_user"], $GLOBALS['__SESSION']["s_pass"])) {
            logout();
        }
        $GLOBALS["lang"] = $GLOBALS['__SESSION']["s_lang"];
        $GLOBALS["language"] = $GLOBALS['__SESSION']["s_lang"];
        require "./_lang/" . $GLOBALS["language"] . ".php";
        require "./_lang/" . $GLOBALS["language"] . "_mimes.php";
    } else {
        if (isset($GLOBALS['__POST']["p_pass"])) {
            $p_pass = $GLOBALS['__POST']["p_pass"];
        } else {
            $p_pass = "";
        }
        if (isset($GLOBALS['__POST']["p_user"])) {
            // Check Login
            if (!activate_user(stripslashes($GLOBALS['__POST']["p_user"]), md5(stripslashes($p_pass)))) {
                logout();
            }
            $GLOBALS['__SESSION']["s_lang"] = $GLOBALS['__POST']["lang"];
            return;
        } else {
            // Ask for Login
            show_header($GLOBALS["messages"]["actlogin"]);
            echo "<BR><TABLE width=\"300\"><TR><TD colspan=\"2\" class=\"header\" nowrap><B>";
            echo $GLOBALS["messages"]["actloginheader"] . "</B></TD></TR>\n<FORM name=\"login\" action=\"";
            echo make_link("login", NULL, NULL) . "\" method=\"post\">\n";
            echo "<TR><TD>" . $GLOBALS["messages"]["miscusername"] . ":</TD><TD align=\"right\">";
            echo "<INPUT name=\"p_user\" type=\"text\" size=\"25\"></TD></TR>\n";
            echo "<TR><TD>" . $GLOBALS["messages"]["miscpassword"] . ":</TD><TD align=\"right\">";
            echo "<INPUT name=\"p_pass\" type=\"password\" size=\"25\"></TD></TR>\n";
            echo "<TR><TD>" . $GLOBALS["messages"]["misclang"] . ":</TD><TD align=\"right\">";
            echo "<SELECT name=\"lang\">\n";
            @(include "./_lang/_info.php");
            echo "</SELECT></TD></TR>\n";
            echo "<TR><TD colspan=\"2\" align=\"right\"><INPUT type=\"submit\" value=\"";
            echo $GLOBALS["messages"]["btnlogin"] . "\"></TD></TR>\n</FORM></TABLE><BR>\n";
            ?>
<script language="JavaScript1.2" type="text/javascript">
<!--
	if(document.login) document.login.p_user.focus();
// -->
</script><?php 
            show_footer();
            exit;
        }
    }
}
Example #22
0
 public static function show()
 {
     if ($_GET['action'] == 'logout') {
         logout();
         header('Location: login.php');
     }
     include SYSTEM_ROOT . '/templates/header.php';
     $file = SYSTEM_ROOT . '/templates/' . $_GET['action'] . '.php';
     if (file_exists($file)) {
         include $file;
     } else {
         include SYSTEM_ROOT . '/templates/index.php';
     }
     include SYSTEM_ROOT . '/templates/footer.php';
 }
Example #23
0
 function login($user = FALSE, $pass = FALSE)
 {
     $CI =& get_instance();
     $CI->load->model('auth_model');
     $query = $CI->auth_model->login(array($user, $pass));
     if ($query->num_rows() == 1) {
         $query = $query->row_array();
         $CI->session->set_userdata('login', $CI->encrypt->encode(md5($query['id_user'] . $query['email'])));
         $CI->session->set_userdata('id_user', $CI->encrypt->encode($query['id_user']));
         return TRUE;
     } else {
         logout();
         return FALSE;
     }
 }
Example #24
0
function page_protect() {
session_start();

global $db; 

if (isset($_SESSION['HTTP_USER_AGENT']))
{
    if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT']))
    {
        logout();
        exit;
    }
}

if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name']) ) 
{
	if(isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])){
	
	$cookie_user_id  = filter($_COOKIE['user_id']);
	$rs_ctime = mysql_query("select `ckey`,`ctime` from `users` where `id` ='$cookie_user_id'") or die(mysql_error());
	list($ckey,$ctime) = mysql_fetch_row($rs_ctime);
	// coookie expiry
	if( (time() - $ctime) > 60*60*24*COOKIE_TIME_OUT) {

		logout();
		}

	 if( !empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)  ) {
	 	  session_regenerate_id(); 
	
		  $_SESSION['user_id'] = $_COOKIE['user_id'];
		  $_SESSION['user_name'] = $_COOKIE['user_name'];

		  $_SESSION['user_firstname'] = $first_name;
		  $_SESSION['user_lastname'] = $last_name;
		  
		  $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
		  
	   } else {
	   logout();
	   }

  } else {
	header("Location: index.php");
	exit();
	}
}
}
Example #25
0
function page_protect()
{
    session_start();
    global $db;
    /* Secure against Session Hijacking by checking user agent */
    if (isset($_SESSION['HTTP_USER_AGENT'])) {
        if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
            logout();
            exit;
        }
    }
    /* If session not set, check for cookies set by Remember me */
    if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
        header("Location: index.php");
        exit;
    }
}
Example #26
0
function page_protect()
{
    session_start();
    global $mysql_hostname, $mysql_username, $mysql_password, $mysql_dbname;
    /* Secure against Session Hijacking by checking user agent */
    if (isset($_SESSION['HTTP_USER_AGENT'])) {
        if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
            logout();
            exit;
        }
    }
    // before we allow sessions, we need to check authentication key - ckey and ctime stored in database
    /* If session not set, check for cookies set by Remember me */
    if (!isset($_SESSION['username'])) {
        if (isset($_COOKIE['username']) && isset($_COOKIE['userkey'])) {
            /* we double check cookie expiry time against stored in database */
            $conn = mysql_connect($mysql_hostname, $mysql_username, $mysql_password);
            if (!$conn) {
                die('Could not connect: ' . mysql_error());
            }
            mysql_select_db($mysql_dbname);
            $qry = "SELECT ckey,ctime FROM users where username='******'";
            $cookie_username = filter($_COOKIE['username']);
            $rs_ctime = mysql_query($qry, $conn);
            list($ckey, $ctime) = mysql_fetch_row($rs_ctime);
            mysql_close($conn);
            // coookie expiry
            if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
                logout();
            }
            /* Security check with untrusted cookies - dont trust value stored in cookie. 		
            			/* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
            if (!empty($ckey) && isUserID($_COOKIE['username']) && $_COOKIE['userkey'] == sha1($ckey)) {
                session_regenerate_id();
                //against session fixation attacks.
                $_SESSION['username'] = $_COOKIE['username'];
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
            } else {
                logout();
            }
        } else {
            header("Location: index.php");
            exit;
        }
    }
}
Example #27
0
function login()
{
    global $my;
    if (isset($GLOBALS['__SESSION']["s_user"])) {
        if (!activate_user($GLOBALS['__SESSION']["s_user"], $GLOBALS['__SESSION']["s_pass"])) {
            logout();
        }
    } else {
        if (isset($GLOBALS['__POST']["p_pass"])) {
            $p_pass = $GLOBALS['__POST']["p_pass"];
        } else {
            $p_pass = "";
        }
        if (isset($GLOBALS['__POST']["p_user"])) {
            // Check Login
            if (!activate_user(stripslashes($GLOBALS['__POST']["p_user"]), md5(stripslashes($p_pass)))) {
                logout();
            }
            return;
        } else {
            // Ask for Login
            show_header($GLOBALS["messages"]["actlogin"]);
            echo "<br><table width=\"300\"><tr><td colspan=\"2\" class=\"header\" nowrap><b>";
            echo $GLOBALS["messages"]["actloginheader"] . "</b></td></tr>\n<form name=\"login\" action=\"";
            echo make_link("login", null, null) . "\" method=\"post\">\n";
            echo "<tr><td>" . $GLOBALS["messages"]["miscusername"] . ":</td><td align=\"right\">";
            echo "<input name=\"p_user\" type=\"text\" value=\"" . $my->username . "\" size=\"25\"></td></tr>\n";
            echo "<tr><td>" . $GLOBALS["messages"]["miscpassword"] . ":</td><td align=\"right\">";
            echo "<input name=\"p_pass\" type=\"password\" size=\"25\"></td></tr>\n";
            echo "<tr><td>" . $GLOBALS["messages"]["misclang"] . ":</td><td align=\"right\">";
            echo "<select name=\"lang\">\n";
            @(include _QUIXPLORER_PATH . "/languages/_info.php");
            echo "</select></td></tr>\n";
            echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"submit\" value=\"";
            echo $GLOBALS["messages"]["btnlogin"] . "\"></td></tr>\n</form></table><br>\n";
            ?>
<script language="JavaScript1.2" type="text/javascript">
<!--
	if(document.login) document.login.p_user.focus();
// -->
</script><?php 
            show_footer();
            exit;
        }
    }
}
Example #28
0
function page_protect()
{
    session_start();
    global $link, $linkopd;
    /* Secure against Session Hijacking by checking user agent */
    if (isset($_SESSION['HTTP_USER_AGENT'])) {
        if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])) {
            logout();
            exit;
        }
    }
    // before we allow sessions, we need to check authentication key - ckey and ctime stored in database
    /* If session not set, check for cookies set by Remember me */
    if (!isset($_SESSION['user_id']) && !isset($_SESSION['user_name'])) {
        if (isset($_COOKIE['user_id']) && isset($_COOKIE['user_key'])) {
            /* we double check cookie expiry time against stored in database */
            $cookie_user_id = filter($_COOKIE['user_id']);
            $rs_ctime = mysqli_query($link, "select `ckey`,`ctime` from `users` where `id` ='{$cookie_user_id}'") or die(mysqli_error($link));
            list($ckey, $ctime) = mysqli_fetch_row($rs_ctime);
            // coookie expiry
            if (time() - $ctime > 60 * 60 * 24 * COOKIE_TIME_OUT) {
                logout();
            }
            /* Security check with untrusted cookies - dont trust value stored in cookie. 		
            /* We also do authentication check of the `ckey` stored in cookie matches that stored in database during login*/
            if (!empty($ckey) && is_numeric($_COOKIE['user_id']) && isUserID($_COOKIE['user_name']) && $_COOKIE['user_key'] == sha1($ckey)) {
                session_regenerate_id();
                //against session fixation attacks.
                $_SESSION['user_id'] = $_COOKIE['user_id'];
                $_SESSION['user_name'] = $_COOKIE['user_name'];
                /* query user level from database instead of storing in cookies */
                list($user_level) = mysqli_fetch_row(mysqli_query($link, "select user_level from users where id='{$_SESSION['user_id']}'"));
                list($accode) = mysqli_fetch_row(mysqli_query($link, "select user_level from users where id='{$_SESSION['user_id']}'"));
                $_SESSION['user_level'] = $user_level;
                $_SESSION['user_accode'] = $accode;
                $_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
            } else {
                logout();
            }
        } else {
            header("Location: ../login/login.php");
            exit;
        }
    }
}
Example #29
0
function exclui_conta_usuario()
{
    // dados de formulario ------------------------------
    $email = remove_html($_POST['email']);
    // email
    $senha = remove_html($_POST['senha']);
    // senha
    // ---------------------------------------------------------
    // valida email e senha ------------------------------
    if ($email == null or $senha == null or retorne_esta_logado() == false or retorne_super_usuario() == true) {
        return null;
        // retorno nulo
    }
    // ---------------------------------------------------------
    // cifra a senha ---------------------------------------
    $senha = cifra_senha_md5($senha);
    // senha
    // ---------------------------------------------------------
    // informa se login existe ---------------------------
    $login_existe = retorne_usuario_existe($email, $senha);
    // informa se login existe
    // ---------------------------------------------------------
    // valida existencia de usuario --------------------
    if ($login_existe == false or $email != email_cookie() or $senha != senha_cookie() or retorne_esta_logado() == false) {
        return null;
        // retorno
    }
    // ---------------------------------------------------------
    // id de usuario logado ------------------------------
    $idusuario = retorne_idusuario_logado();
    // id de usuario logado
    // ---------------------------------------------------------
    // exclui pasta pessoal ------------------------------
    excluir_pastas_subpastas(retorne_pasta_pessoal_usuario_logado());
    // exclui pasta pessoal
    // ---------------------------------------------------------
    // remove referencia em todas as tabelas ------
    remove_referencia_tabelas();
    // remove referencia em todas as tabelas
    // ---------------------------------------------------------
    // logout ------------------------------------------------
    logout(null);
    // logout
    // ---------------------------------------------------------
}
Example #30
0
function auto_login()
{
    if (is_user_logged_in()) {
        if (!defined_session_cookie()) {
            logout();
        } else {
            //logout if the logged user is different from the one in the session
            $session_id = get_session_id();
            $username = get_username($session_id);
            $current_user = wp_get_current_user();
            if ($username != $current_user->user_login) {
                logout();
            }
        }
    } else {
        check_and_login();
    }
}