function check_session($login_required = TRUE, $redirect_function = NULL) { $msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again."); session_start(); // clear old cookies from earlier CoreSystem versions foreach (array("pa_username", "pa_password") as $name) { if (isset($_COOKIE[$name])) { setcookie($name, "", 0, "/"); } } if (empty($_SESSION['user'])) { // no current session; see if we can auto-login from a cookie try { PA_Login::process_cookie(); } catch (CNException $e) { // log, but otherwise silently drop it on the floow Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString()); } } $not_logged_in = FALSE; if (empty($_SESSION['user'])) { $not_logged_in = TRUE; $msg = 'error=1'; } else { if ($login_required === "password" && $_SESSION['login_source'] != "password") { $not_logged_in = TRUE; $msg = 'msg=' . urlencode("For your security, you must enter your password to access this page."); } } if ($not_logged_in) { // redirect to login page if login is required if ($login_required) { if ($redirect_function) { return $redirect_function(); } header("Location: " . PA::$url . "/cnuser_login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . $_SERVER['REDIRECT_QUERY_STRING'])); } return 0; } else { ob_start(); $time = gmdate('D, d M Y H:i:s') . 'GMT'; header("Last-Modified: {$time}"); header("Expires: {$time}"); header("Pragma: no-cache"); return 1; } }
function check_session($login_required = TRUE, $redirect_function = NULL) { global $base_url; //, $disable_password_protection; global $path_prefix, $network_info; $msg = __("Please login to access this page"); session_start(); // clear old cookies from earlier PA versions foreach (array("pa_username", "pa_password") as $name) { if (isset($_COOKIE[$name])) { setcookie($name, "", 0, "/"); } } if (empty($_SESSION['user'])) { // no current session; see if we can auto-login from a cookie try { PA_Login::process_cookie(); } catch (PAException $e) { // log, but otherwise silently drop it on the floow Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString()); } } $not_logged_in = FALSE; if (empty($_SESSION['user'])) { $not_logged_in = TRUE; $msg = 'error=1'; } else { if ($login_required === "password" && $_SESSION['login_source'] != "password") { $not_logged_in = TRUE; $msg = 'msg=' . urlencode("For your security, you must enter your password to access this page."); } } if ($not_logged_in) { // redirect to login page if login is required if ($login_required) { if ($redirect_function) { return $redirect_function(); } header("Location: {$base_url}/login.php?" . $msg . "&return=" . urlencode($_SERVER['REQUEST_URI'])); } return 0; } else { // we are logged in! // additional check if user is member of the network if ($login_required) { //if user is not in network Do nothing FIX ME Do we need to do something? if (empty($network_info)) { // Do nothing may be in future we will need to do something Mothership } else { $script_name = $_SERVER['SCRIPT_NAME']; $tmp_array = explode('/', $script_name); $script_name = end($tmp_array); $page_access = FALSE; $page_array = array('mymessage.php', 'addmessage.php', 'edit_profile.php', 'deletemessage.php', 'edit_relations.php', 'logout.php', 'deletecomment.php', 'request.php'); if (in_array($script_name, $page_array)) { $page_access = TRUE; } $user_type = Network::get_user_type($network_info->network_id, $_SESSION['user']['id']); if (!$page_access) { $redirect_page = $network_info->is_private() ? 'request.php' : 'homepage.php'; if ($user_type == DISABLED_MEMBER) { $redirect_url = "{$base_url}/{$redirect_page}?msg=7003"; } else { if (empty($user_type) || $user_type == NETWORK_WAITING_MEMBER) { $redirect_url = "{$base_url}/{$redirect_page}?msg=7002"; } else { $redirect_url = NULL; } } if ($redirect_url) { header("Location: {$redirect_url}"); exit; } } } } //____eof__login_required ob_start(); $time = gmdate('D, d M Y H:i:s') . 'GMT'; header("Last-Modified: {$time}"); header("Expires: {$time}"); header("Pragma: no-cache"); return 1; } }
function check_session($login_required = TRUE, $redirect_function = NULL) { $msg = __("Sorry - you are not logged in or you have been logged out due to inactivity. Please, log in again."); session_start(); // clear old cookies from earlier PA versions foreach (array("pa_username", "pa_password") as $name) { if (isset($_COOKIE[$name])) { setcookie($name, "", 0, "/"); } } if (empty($_SESSION['user'])) { // no current session; see if we can auto-login from a cookie try { PA_Login::process_cookie(); } catch (PAException $e) { // log, but otherwise silently drop it on the floow Logger::log("Exception occurred processing login cookie: " . $e->getTraceAsString()); } } $not_logged_in = FALSE; if (empty($_SESSION['user'])) { $not_logged_in = TRUE; $msg = 'error=1'; } else { if ($login_required === "password" && $_SESSION['login_source'] != "password") { $not_logged_in = TRUE; $msg = 'msg=' . urlencode("For your security, you must enter your password to access this page."); } } if ($not_logged_in) { // redirect to login page if login is required if ($login_required) { if ($redirect_function) { return $redirect_function(); } if (isset($_SERVER) && isset($_SERVER['REQUEST_URI']) && !empty($_SERVER['REQUEST_URI']) && strrpos($_SERVER['REQUEST_URI'], "logout.php") != false) { $return = null; // Parag Jagdale - 10/14/10 // if return url is set in the request then after logout redirect to the location if (!empty($_REQUEST['return'])) { $return = $_REQUEST['return']; } else { $redirectQueryString = null; if (isset($_GET) && isset($_GET['redirect'])) { $redirectQueryString = $_GET['redirect']; } if (isset($redirectQueryString) && !empty($redirectQueryString)) { //TODO: check if there are security implications to sending this directly // to header(Location: ), or if there needs to be cleanup of the parameter $return = $redirectQueryString; } else { $return = CC_APPLICATION_URL . "/people/logout"; } } //echo strrpos($_SERVER['REQUEST_URI'],"logout.php") . $return; exit; if (isset($return) && !empty($return) && $return != false) { header("Location: {$return}"); exit; } } // Parag Jagdale - 10/14/10: end header("Location: " . PA::$url . "/login.php?" . $msg . "&return=" . urlencode($_SERVER['REDIRECT_URL'] . '?' . @$_SERVER['REDIRECT_QUERY_STRING'])); } return 0; } else { ob_start(); $time = gmdate('D, d M Y H:i:s') . 'GMT'; header("Last-Modified: {$time}"); header("Expires: {$time}"); header("Pragma: no-cache"); return 1; } }