/**
Assumes op=login and login params have been provided
if(strlen($HTTP_VARS['uid'])>0 && strlen($HTTP_VARS['passwd'])>0)
returns:
SITE_IS_DISABLED - if user is not admin and site is diabled
FALSE - if login failure
TRUE - if login successful
Does not perform any redirects
*/
function perform_login($HTTP_VARS)
{
$HTTP_VARS['uid'] = strtolower($HTTP_VARS['uid']);
// make lowercase
if (is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd'])) {
if (get_opendb_config_var('site', 'enable') !== FALSE || is_user_granted_permission(PERM_ADMIN_LOGIN)) {
register_user_login($HTTP_VARS['uid'], $HTTP_VARS['remember'] == 'true');
opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged in', array($HTTP_VARS['uid']));
return TRUE;
} else {
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User tried to log in while site is disabled', array($HTTP_VARS['uid']));
return "SITE_IS_DISABLED";
}
} else {
//if(is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd']))
opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User failed to login', array($HTTP_VARS['uid']));
return FALSE;
}
}
function get_admin_announcements_rs()
{
$announcements_rs = array();
$user_cnt = fetch_user_cnt(NULL, INCLUDE_ROLE_PERMISSIONS, EXCLUDE_CURRENT_USER, INCLUDE_ACTIVATE_USER);
if ($user_cnt > 0) {
$announcements_rs[] = array(heading => get_opendb_lang_var('activate_users'), message => get_opendb_lang_var('there_are_no_of_users_awaiting_activation', array('no_of_users' => $user_cnt)), link => "user_listing.php?restrict_active_ind=X", link_text => get_opendb_lang_var('activate_users'));
}
if (validate_user_passwd(get_opendb_session_var('user_id'), 'admin')) {
$announcements_rs[] = array(heading => get_opendb_lang_var('change_admin_user_password'), message => get_opendb_lang_var('change_admin_user_password_msg'), link => "user_admin.php?op=change_password&user_id=" . get_opendb_session_var('user_id'), link_text => get_opendb_lang_var('change_my_password'));
}
if (fetch_user_email(get_opendb_session_var('user_id')) == '*****@*****.**') {
$announcements_rs[] = array(heading => get_opendb_lang_var('change_admin_user_email'), message => get_opendb_lang_var('change_admin_user_email_msg'), link => "user_admin.php?op=edit&user_id=" . get_opendb_session_var('user_id'), link_text => get_opendb_lang_var('edit_my_info'));
}
if (!is_exists_any_item_type()) {
$admin_type_r = get_system_admin_tools_menu('s_item_type');
$announcements_rs[] = array(heading => get_opendb_lang_var('no_item_types'), message => get_opendb_lang_var('add_new_item_type_msg'), link => "admin.php?type=s_item_type", link_text => $admin_type_r['link'] . ' Admin Tool');
}
if (!is_exists_any_site_plugin()) {
$admin_type_r = get_system_admin_tools_menu('s_site_plugin');
$announcements_rs[] = array(heading => get_opendb_lang_var('no_site_plugins'), message => get_opendb_lang_var('add_new_site_plugin_msg'), link => "admin.php?type=s_site_plugin", link_text => $admin_type_r['link'] . ' Admin Tool');
}
return $announcements_rs;
}
require_once "./include/begin.inc.php";
include_once "./lib/JsonRpcServer.class.php";
// TODO - enable a plugin layer
include_once "./lib/jsonrpc/ItemSearch.class.php";
function request_http_basic_auth()
{
header('WWW-Authenticate: Basic realm="' . htmlspecialchars(get_opendb_title()) . '"');
header('HTTP/1.0 401 Unauthorized');
}
if (is_site_enabled()) {
if (!isset($_SERVER['PHP_AUTH_USER'])) {
request_http_basic_auth();
} else {
$userId = $_SERVER['PHP_AUTH_USER'];
$password = $_SERVER['PHP_AUTH_PW'];
if (is_user_active($userId) && validate_user_passwd($userId, $password)) {
$server = new JsonRpcServer();
// TODO - currently no role based permissions are being performed for these services.
$server->registerClass(new ItemSearch());
$server->handle();
} else {
request_http_basic_auth();
}
}
} else {
header('HTTP/1.0 503 Service Unavailable');
echo "<h1>" . get_opendb_lang_var('site_is_disabled') . "</h1>";
echo get_opendb_lang_var('site_is_disabled');
}
// Cleanup after begin.inc.php
require_once "./include/end.inc.php";
