/**
* Write a new error message to log.
*
* @param int $priority One of the PHP Syslog priority constants.
* @param string $message Message to log.
*
* @return bool True on success.
*/
public static function error($message)
{
if (!self::$opened) {
self::initiate();
}
$logHeader = (!Session::isLoggedIn() ? 'Guest' : 'User ' . Session::getVar('username')) . ' ' . $_SERVER['REMOTE_ADDR'] . ' (' . microtime(true) . '): ';
return self::$logModel->error($logHeader . $message);
}
/**
* Write a new error message to log.
*
* @param int $priority One of the PHP Syslog priority constants.
* @param string $message Message to log.
*
* @return bool True on success.
*/
public static function error($priority, $message)
{
if (!self::$opened) {
self::initiate();
}
$logHeader = (!Session::isLoggedIn() ? 'Guest' : 'User ' . Session::getVar('username')) . ' (' . microtime() . '): ';
return syslog($priority, $logHeader . $message);
}
/**
* Determine if a user has finished a mission.
*
* @param string $id Mission id.
*
* @return bool True if the user has completed the mission before.
*/
public static function hasDone($id)
{
if (!Session::isLoggedIn()) {
return false;
}
$missions = self::getModel();
return (bool) $missions->getTimesDone(Session::getVar('_id'), $id);
}
public function general()
{
if (($id = Session::getVar('_id')) == false) {
$id = null;
}
$get = array_map(array($this, 'clean'), $_GET);
$post = array_map(array($this, 'clean'), $_POST);
$arguments = array_map(array($this, 'clean'), Log::$arguments);
$entry = array('userId' => $id, 'ids' => array('ipAddress' => $_SERVER['REMOTE_ADDR'], 'sid' => session_id()), 'uri' => $this->clean(Log::$uri), 'request' => $this->clean(Log::$request), 'arguments' => $arguments, 'input' => array('GET' => $get, 'POST' => $post), 'time' => microtime(true), 'loadTime' => microtime(true) - Log::$start);
array_push($this->general, serialize($entry));
}
/**
* Check ACLs to determine if a user has a certain permission.
*
* @param string $name Name of the permission to check for.
*
* @return bool True if the user does have the permission in $name.
*/
public static function can($name)
{
return Session::isLoggedIn();
if (!self::$populated) {
self::_populate();
}
$group = Session::getVar('group');
if (empty($group)) {
$group = 'guest';
}
$result = self::$acl->can($group, $name);
return $result;
}
public static function errorBan()
{
$bans = Session::getVar('bans');
if (empty($bans)) {
return;
}
if ($bans['errorBan']) {
goto ban;
}
return;
ban:
$rand = rand(0, 1);
if ($rand) {
die(self::$errors[array_rand(self::$errors)]);
}
}
private function info($level)
{
$default = array('name' => '', 'photourl' => '');
if (!Session::isLoggedIn()) {
$this->view['data'] = $default;
goto infoReturn;
}
$photoUrl = 'https://secure.gravatar.com/avatar/' . md5(strtolower(trim(Session::getVar('email')))) . '?d=identicon&r=pg';
if ($level == 'public') {
$this->view['data'] = array('name' => Session::getVar('username'), 'photourl' => $photoUrl);
} elseif ($level == 'full') {
$this->view['data'] = array('uniqueid' => (string) Session::getVar('_id'), 'name' => Session::getVar('username'), 'email' => Session::getVar('email'), 'photourl' => $photoUrl);
} else {
$this->view['data'] = $default;
}
infoReturn:
return true;
}
/**
*
* Implements standard username/password and IP-address based user authentication. Applications
* requiring completely custom authentication methods should override this method. However, most of
* the time if you need custom authentication you can just create a custom user auth handler class ("username/password" authentication).
*
* One clean way to extend Auth is create a sub-class whose constructor calls addUserHandler() and delegates
* everything else to Auth.
*
* @access private
* @param array of login options (same as the associative option array in the class constructor)
*/
public function doAuthentication($pa_options)
{
global $AUTH_CURRENT_USER_ID;
$o_event_log = new Eventlog();
$vs_app_name = $this->config->get("app_name");
foreach (array('no_headers', 'dont_redirect_to_login', 'dont_create_new_session', 'dont_redirect_to_welcome', 'user_name', 'password', 'options', 'noPublicUsers', 'dont_redirect', 'no_headers', 'redirect') as $vs_key) {
if (!isset($pa_options[$vs_key])) {
$pa_options[$vs_key] = null;
}
}
if (!is_array($pa_options["options"])) {
$pa_options["options"] = array();
}
if ($pa_options["no_headers"]) {
$pa_options["dont_redirect_to_login"] = true;
$pa_options["dont_create_new_session"] = true;
$pa_options["dont_redirect_to_welcome"] = true;
}
if ($pa_options["dont_redirect"]) {
$pa_options["dont_redirect_to_login"] = true;
$pa_options["dont_redirect_to_welcome"] = true;
}
$vb_login_successful = false;
if (!$pa_options["user_name"]) {
// no incoming login
//
// is a user already logged in?
//
if ($vn_user_id = $this->session->getVar($vs_app_name . "_user_id")) {
// does session have a user attached to it?
// user is already logged in
$this->user = new ca_users($vn_user_id);
// add user object
if (!$this->user->isActive() || $this->user->numErrors() || $pa_options['noPublicUsers'] && $this->user->isPublicUser()) {
// error means user_id in session is invalid
$vb_login_successful = false;
} else {
$vb_login_successful = true;
}
if ($vb_login_successful) {
// Login was successful
$this->session->setVar($vs_app_name . "_lastping", time());
// set last time we heard from client in session
$this->user->setLastPing(time());
$AUTH_CURRENT_USER_ID = $vn_user_id;
//$this->user->close(); ** will be called externally **
return $vb_login_successful;
}
}
if (!$vb_login_successful) {
$this->user = new ca_users();
// add user object
$vs_tmp1 = $vs_tmp2 = null;
if ($vn_auth_type = $this->user->authenticate($vs_tmp1, $vs_tmp2, $pa_options["options"])) {
# error means user_id in session is invalid
if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
$vb_login_successful = false;
} else {
$vb_login_successful = true;
$vn_user_id = $this->user->getUserID();
}
}
if (!$vb_login_successful) {
// throw user to login screen
if (!$pa_options["dont_redirect_to_login"]) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login with redirect for user id '" . $vn_user_id . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
$vs_redirect = $this->getRequestUrl(true);
if (strpos($vs_redirect, $this->config->get("auth_login_path") !== -1)) {
$vs_redirect = '';
} else {
$vs_redirect = '?redirect=' . urlencode($vs_redirect);
}
$this->opo_response->addHeader("Location", $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path") . $vs_redirect);
}
return false;
}
}
}
//
// incoming login
//
if ($pa_options["user_name"]) {
$vb_login_successful = false;
$this->user = new ca_users();
if ($vn_auth_type = $this->user->authenticate($pa_options["user_name"], $pa_options["password"], $pa_options["options"])) {
# error means user_id in session is invalid
if ($pa_options['noPublicUsers'] && $this->user->isPublicUser() || !$this->user->isActive()) {
$vb_login_successful = false;
} else {
$vb_login_successful = true;
$vn_user_id = $this->user->getUserID();
}
}
}
if (!$vb_login_successful) {
$this->user = null;
// auth failed
// throw user to login screen
if ($pa_options["user_name"]) {
$o_event_log->log(array("CODE" => "LOGF", "SOURCE" => "Auth", "MESSAGE" => "Failed login for '" . $pa_options["user_name"] . "' (" . $_SERVER['REQUEST_URI'] . "); IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent='" . $_SERVER["HTTP_USER_AGENT"] . "'"));
}
if (!$pa_options["dont_redirect_to_login"]) {
$vs_auth_login_url = $this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_path");
$this->opo_response->addHeader("Location", $vs_auth_login_url);
}
return false;
} else {
$o_event_log->log(array("CODE" => "LOGN", "SOURCE" => "Auth", "MESSAGE" => "Successful login for '" . $pa_options["user_name"] . "'; IP=" . $_SERVER["REMOTE_ADDR"] . "; user agent=" . $_SERVER["HTTP_USER_AGENT"]));
$this->session->setVar($vs_app_name . "_user_auth_type", $vn_auth_type);
// type of auth used: 1=username/password; 2=ip-base auth
$this->session->setVar($vs_app_name . "_user_id", $vn_user_id);
// auth succeeded; set user_id in session
$this->session->setVar($vs_app_name . "_logintime", time());
// also set login time (unix timestamp) in session
$this->session->setVar($vs_app_name . "_lastping", time());
$this->session->setVar("screen_width", isset($_REQUEST["_screen_width"]) ? intval($_REQUEST["_screen_width"]) : 0);
$this->session->setVar("screen_height", isset($_REQUEST["_screen_height"]) ? intval($_REQUEST["_screen_height"]) : 0);
$this->session->setVar("has_pdf_plugin", isset($_REQUEST["_has_pdf_plugin"]) ? intval($_REQUEST["_has_pdf_plugin"]) : 0);
$this->user->setVar('last_login', time(), array('volatile' => true));
$this->user->setLastLogout($this->user->getLastPing(), array('volatile' => true));
//$this->user->close(); ** will be called externally **
$AUTH_CURRENT_USER_ID = $vn_user_id;
if ($pa_options['redirect']) {
// redirect to specified URL
$this->opo_response->setRedirect($pa_options['redirect']);
$this->opo_response->sendResponse();
exit;
}
if (!$pa_options["dont_redirect_to_welcome"]) {
// redirect to "welcome" page
$this->opo_response->setRedirect($this->getBaseUrlPath() . '/' . $this->getScriptName() . '/' . $this->config->get("auth_login_welcome_path"));
$this->opo_response->sendResponse();
exit;
}
return true;
}
}
<?php
include "class_session.inc.php";
$session = new Session();
if ($session->isValid()) {
//Test if the session has not been stolen
print_r($session->getVar("test"));
unset($session);
session_destroy();
} else {
echo $session->getLastError();
}
protected function certificate_remove()
{
// Delete
if (!Session::isLoggedIn()) {
return Error::set('You are not logged in!');
}
if (empty($_POST['hash'])) {
return Error::set('No certificate hash was found.');
}
$certs = new certs(ConnectionFactory::get('mongo'), ConnectionFactory::get('redis'));
$cert = $certs->get($_POST['hash'], false);
if ($cert == null) {
return Error::set('Invalid certificate hash.');
}
if (substr($cert, 0, strpos($cert, ':')) != Session::getVar('_id')) {
return Error::set('You are not allowed to remove this certificate.');
}
$users = new users(ConnectionFactory::get('mongo'));
$users->removeCert(Session::getVar('_id'), $_POST['hash']);
$certs->removeCert($_POST['hash']);
header('Location: ' . Url::format('/user/settings'));
}
/**
* Add a new certificate.
*
* @param string $cert The public certificate to add.
*/
public function add($cert)
{
$this->redis->incr('cert_serial');
$this->grid->storeBytes(Session::getVar('_id') . ':' . trim($cert), array('key' => $this->getKey($cert)));
return true;
}
public function authChange($type, $comment)
{
return CheckAcl::can($type . 'AllComment') || CheckAcl::can($type . 'Comment') && Session::getVar('username') == $comment['user']['username'];
}
public static function canView($bug)
{
if ($bug['public'] == true) {
return true;
}
if (Session::isLoggedIn() && (string) $bug['reporter']['$id'] == (string) Session::getVar('_id') || CheckAcl::can('viewPrivateBug')) {
return true;
}
return false;
}
public function validate($title, $category, $description, $text, $tags, $creating = true)
{
$ref = MongoDBRef::create('users', Session::getVar('_id'));
$func = function ($value) {
return trim($value);
};
$title = substr($this->clean($title), 0, 100);
$description = substr($this->clean($description), 0, 500);
$body = substr($this->clean($text), 0, 7000);
if (is_array($tags)) {
$tags = implode(',', $tags);
}
$tags = array_map($func, explode(',', $this->clean($tags)));
if (empty($title)) {
return 'Invalid title.';
}
if (empty($description)) {
return 'Invalid description';
}
if (empty($body)) {
return 'Invalid body.';
}
if (empty(self::$categories[$category])) {
return 'Invalid category.';
}
$entry = array('title' => $title, 'category' => $category, 'description' => $description, 'body' => $body, 'tags' => $tags, 'user' => $ref, 'date' => time(), 'commentable' => true, 'published' => false, 'ghosted' => false);
if (!$creating) {
unset($entry['user'], $entry['date'], $entry['commentable'], $entry['published']);
}
self::ApcPurge('getNewPosts', null);
return $entry;
}
">Logout</a></li>
<?php
}
?>
</ul>
<?php
if (Session::isLoggedIn()) {
?>
<p class="navbar-text pull-right">Logged in as
<a href="<?php
echo Url::format('/user/view/' . Session::getVar('username'));
?>
">
<?php
echo Session::getVar('username');
?>
</a></p>
<?php
} else {
?>
<p class="navbar-text pull-right">
<a href="<?php
echo Url::format('/user/login');
?>
">Login</a>
</p>
<?php
}
?>
</div><!--/.nav-collapse -->
} else {
echo Date::dayFormat($comment['date']);
}
?>
</small><br />
</td>
<td>
<p>
<div class="pull-right">
<?php
$edit = false;
$delete = false;
if (CheckAcl::can('editAllComment') || CheckAcl::can('editComment') && Session::getVar('username') == $comment['user']['username']) {
$edit = true;
}
if (CheckAcl::can('deleteAllComment') || CheckAcl::can('deleteComment') && Session::getVar('username') == $comment['user']['username']) {
$delete = true;
}
if ($edit) {
?>
<a class="btn btn-primary" href="<?php
echo Url::format('/comment/edit/' . $comment['_id']);
?>
">Edit</a>
<?php
}
if ($delete) {
?>
<a class="btn btn-danger" href="<?php
echo Url::format('/comment/delete/' . $comment['_id']);
?>
public function validate($title, $department, $text, $tags, $shortNews, $commentable, $creating = true, $preview = false)
{
$ref = MongoDBRef::create('users', Session::getVar('_id'));
$func = function ($value) {
return trim($value);
};
$title = substr($this->clean($title), 0, 100);
$department = substr(str_replace(' ', '-', strtolower($this->clean($department))), 0, 80);
$body = substr($this->clean($text), 0, 5000);
if (is_array($tags)) {
$tags = implode(',', $tags);
}
$tags = array_map($func, explode(',', $this->clean($tags)));
if (empty($title)) {
return 'Invalid title.';
}
if (empty($body)) {
return 'Invalid body.';
}
$entry = array('title' => $title, 'department' => $department, 'body' => $body, 'tags' => $tags, 'user' => $ref, 'date' => time(), 'shortNews' => (bool) $shortNews, 'commentable' => (bool) $commentable, 'ghosted' => false);
if (!$creating) {
unset($entry['user'], $entry['date'], $entry['flaggable']);
}
if (!$preview) {
self::ApcPurge('getNewPosts', null);
}
return $entry;
}
/**
* Add a note to a user's profile.
*
* @param string $userId The user's id.
* @param string $note The note.
*
* @return mixed Null on success, or an error string.
*/
public function addNote($userId, $note)
{
$this->clearCache($userId);
$user = $this->db->findOne(array('_id' => $this->_toMongoId($userId)));
if (!$user) {
return 'Invalid user id.';
}
$note = $this->clean($note);
if (empty($note)) {
return 'Invalid note.';
}
$this->db->update(array('_id' => $this->_toMongoId($userId)), array('$push' => array('notes' => array('user' => MongoDBRef::create('users', Session::getVar('_id')), 'date' => time(), 'text' => substr($note, 0, 160)))));
}
