protected function _initialize() { parent::_initialize(); /*加入用户模块时打开*/ define('UID', is_login()); D('Content')->publishDueContents(); //定时发布 $wap = check_wap(); //访问首页的时候如果是手机用户访问跳转到mobile显示 if ($wap && C('OPEN_WAP_TPL')) { $this->iswap = true; layout('layout_wap'); } else { $this->iswap = false; } $this->login_user = session('user_auth'); // set visit $visit = array('ip' => get_remote_ip(), 'http_user_agent' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']), 'http_referer' => htmlspecialchars($_SERVER['HTTP_REFERER']), 'uri' => htmlspecialchars($_SERVER['REQUEST_URI']), 'module' => strtolower(CONTROLLER_NAME), 'module_id' => I('id'), 'request' => serialize($_REQUEST), 'first_get' => array_shift(I('get.'))); D("Visit")->add($visit); }
<center> <p class="alert alert-warning"><?php __("Warning"); echo "<br/>"; __("The IP and subnet you have here are allowed for ALL users and ALL usages"); ?> </p> </center> <br/> <fieldset> <legend><?php __("Add an IP"); ?> - <a href="javascript:edit_ip('','<?php echo htmlentities(get_remote_ip()) . "','Home IP'"; ?> );" ><?php echo __("Add my current IP"); ?> </a></legend> <span id="form_add_ip"> <form method="post" action="adm_authip_whitelist.php" name="main" id="main"> <p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php __("Cancel edit"); ?> </a></p> <input type="hidden" name="id" value="" id="edit_id" /> <p> <?php __("Enter here the IP address you want. <br/> <i>IPv4, IPv6 and subnet allowed</i>");
/** Termine une session du bureau virtuel (logout) * @return boolean TRUE si la session a bien été détruite, FALSE sinon. */ function del_session() { global $db, $user, $err, $cuid, $classes, $hooks; $_COOKIE["session"] = addslashes(isset($_COOKIE["session"]) ? $_COOKIE["session"] : ''); setcookie("session", "", 0, "/"); setcookie("oldid", "", 0, "/"); if ($_COOKIE["session"] == "") { $err->error = 0; return true; } if (strlen($_COOKIE["session"]) != 32) { $err->raise("mem", _("Cookie incorrect, please accept the session cookie")); return false; } $ip = get_remote_ip(); $db->query("select uid,'{$ip}' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'"); if ($db->num_rows() == 0) { $err->raise("mem", _("Session unknown, contact the administrator")); return false; } $db->next_record(); if ($db->f("me") != $db->f("ip")) { $err->raise("mem", _("IP address incorrect, please contact the administrator")); return false; } $cuid = $db->f("uid"); $db->query("delete from sessions where sid='" . $_COOKIE["session"] . "';"); $err->error = 0; # Invoker le logout dans toutes les autres classes /* foreach($classes as $c) { if (method_exists($GLOBALS[$c],"alternc_del_session")) { $GLOBALS[$c]->alternc_del_session(); } } */ $hooks->invoke("alternc_del_session"); session_unset(); @session_destroy(); return true; }
/** * Envoi un log d'appel d'API dans /var/log/alternc/bureau.log * * Cette fonction loggue dans /var/log l'appel à la fonction de l'API * d'AlternC. * * @param integer $clsid Numéro de la classe dont on a appelé une fonction * @param string $function Nom de la fonction appelée * @param string $param Paramètre (facultatif) passés à la fonction de l'API. * @return boolean TRUE si le log a été ajouté, FALSE sinon * */ function log($clsid, $function, $param = "") { global $mem, $cuid; return @file_put_contents($this->logfile, date("d/m/Y H:i:s") . " - " . get_remote_ip() . " - CALL - " . $mem->user["login"] . " - {$clsid} - {$function} - {$param}\n", FILE_APPEND); }
// We check the cookie's value : list($newuid, $passcheck) = explode("/", $_COOKIE["oldid"]); $newuid = intval($newuid); if (!$newuid) { $error = _("Your authentication information are incorrect"); include "index.php"; exit; } $admin->enabled = true; $r = $admin->get($newuid); if ($passcheck != md5($r["pass"])) { $error = _("Your authentication information are incorrect"); include "index.php"; exit; } if ($r['lastip'] != get_remote_ip()) { $error = _("Your IP is incorrect."); include "index.php"; exit; } // FIXME we should add a peremption date on the cookie // Ok, so we remove the cookie : setcookie('oldid', '', 0, '/'); unset($_COOKIE['oldid']); // And we go back to the former administrator account : if (!$mem->setid($newuid)) { $error = $err->errstr(); include "index.php"; exit; } include_once "adm_list.php";
if (!isset($_SESSION['last_action']) || empty($_SESSION['last_action'])) { header("location: logout.php"); die; } if (!isset($_SESSION['visits']) || empty($_SESSION['visits'])) { header("location: logout.php"); die; } /* *--------------------------------------------------------------- * Session time out in seconds *--------------------------------------------------------------- * */ /* verify fingerprint, important for session highjacking */ $IPADDRESS = get_remote_ip(); $USERAGENT = $_SERVER['HTTP_USER_AGENT']; $FINGERPRINT = md5($_SESSION['USER'] . $_SESSION['IPADDRESS'] . $_SESSION['USERAGENT']); if ($FINGERPRINT !== $_SESSION['FINGERPRINT']) { header("location: index.php"); die; } /* * *--------------------------------------------------------------- * Session time out in seconds *--------------------------------------------------------------- * */ /* Session fixation fix */ if (!isset($_SESSION['initiated'])) {
function set_ip_log() { $ip = get_remote_ip(); $url = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI']; $query = 'select `num` from access where `ip` = "' . $ip . '"'; $result = mysql_query($query); while ($row = mysql_fetch_assoc($result)) { $num = $row['num']; } if (!empty($num)) { $edit_query = 'UPDATE `access` SET `num` = "' . ($num + 1) . '" , `url` = "' . $url . '" WHERE `ip` = "' . $ip . '" ;'; mysql_query($edit_query); } else { $add_query = 'INSERT INTO `access` (`ip`, `num`, `url`) VALUES ("' . $ip . '", "1", "' . $url . '");'; mysql_query($add_query); } }