static function validate_login_ntlm($username, $password) { if (!function_exists("java_get_base")) { require "lib/java/java.php"; } if (!function_exists("java_require")) { sys_log_message_alert("login", sprintf("{t}%s is not compiled / loaded into PHP.{/t}", "PHP/Java Bridge")); return false; } java_require("jcifs-1.3.8_tb.jar"); $conf = new JavaClass("jcifs.Config"); $conf->setProperty("jcifs.smb.client.responseTimeout", "5000"); $conf->setProperty("jcifs.resolveOrder", "LMHOSTS,DNS"); $conf->setProperty("jcifs.smb.client.soTimeout", "10000"); $conf->setProperty("jcifs.smb.lmCompatibility", "0"); $conf->setProperty("jcifs.smb.client.useExtendedSecurity", false); $auth = sys_get_header("Authorization"); $session = new JavaClass("jcifs.smb.SmbSession"); $result = new Java("jcifs.smb.NtlmPasswordAuthentication", "", $username, $password); $username = $result->getUsername(); if (SETUP_AUTH_NTLM_SHARE) { $w = new Java("jcifs.smb.SmbFile", SETUP_AUTH_NTLM_SHARE, $result); $message = $w->canListFiles(); if ($message == "Invalid access to memory location.") { header("Location: index.php"); exit; } } else { $message = $session->logon(SETUP_AUTH_HOSTNAME_NTLM, $result); } if ($message != "" or $username == "") { sys_log_message_alert("login", sprintf("{t}Login failed from %s.{/t} (ntlm) ({t}Username{/t}: %s, %s)", _login_get_remoteaddr(), $username, $message)); return false; } $_SERVER["REMOTE_USER"] = modify::strip_ntdomain($username); if (empty($_REQUEST["folder"])) { $_REQUEST["redirect"] = 1; } return true; }
* @link http://www.simple-groupware.de * @copyright Simple Groupware Solutions Thomas Bley 2002-2012 * @license GPLv2 */ define("NOCONTENT", true); define("NOSESSION", true); require "index.php"; if (empty($_REQUEST["item"]) and empty($_REQUEST["filename"])) { sys_error("Missing parameters.", "403 Forbidden"); } sys_check_auth(); $ext = modify::getfileext(urldecode($_SERVER["REQUEST_URI"])); if (in_array($ext, explode(",", INVALID_EXTENSIONS))) { sys_error(t("{t}this file extension is not allowed{/t}") . " (" . $ext . ")", "403 Forbidden"); } $content_length = sys_get_header("Content-Length"); if ($content_length == 0 and strtolower($_REQUEST["action"]) != "move") { _upload_success(); } if (strtolower($_REQUEST["action"]) == "move" and !empty($_SERVER["HTTP_DESTINATION"])) { $_SERVER["REQUEST_URI"] = substr($_SERVER["HTTP_DESTINATION"], strpos($_SERVER["HTTP_DESTINATION"], "/sgdav/")); } if ($_REQUEST["item"] == "session") { $path = str_replace("//", "/", urldecode($_SERVER["REQUEST_URI"])); $filename = basename($path); $path = dirname($path); if (sys_strbegins($filename, "~") or sys_strbegins($filename, ".") or modify::getfileext($filename) == "tmp") { $target = SIMPLE_CACHE . "/upload/" . $_SESSION["username"] . sha1($path) . "--" . urlencode($filename); if ($fp = fopen("php://input", "r") and $ft = fopen($target, "wb")) { while (!feof($fp)) { fwrite($ft, fread($fp, 8192));