function tryToLogUser(&$httpVars, $isLast = false) { if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") { return false; } $rememberLogin = ""; $rememberPass = ""; $secureToken = ""; $loggedUser = null; include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? AJXP_Utils::sanitize($httpVars["userid"], AJXP_SANITIZE_EMAILCHARS) : null; $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = "******"; $rememberPass = "******"; } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } $loggedUser = AuthService::getLoggedUser(); if ($loggedUser != null) { $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1); $passId = -1; if (isset($httpVars["tmp_repository_id"])) { $passId = $httpVars["tmp_repository_id"]; } else { if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) { $passId = $force; } } $res = ConfService::switchUserToActiveRepository($loggedUser, $passId); if (!$res) { AuthService::disconnect(); $loggingResult = -3; } } if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) { AuthService::refreshRememberCookie($loggedUser); } AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken); AJXP_XMLWriter::close(); if ($loggingResult > 0 || $isLast) { exit; } }
public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } switch ($action) { case "get_secure_token": HTMLWriter::charsetHeader("text/plain"); print AuthService::generateSecureToken(); //exit(0); break; //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ case "pass_change": $userObject = AuthService::getLoggedUser(); if ($userObject == null || $userObject->getId() == "guest") { header("Content-Type:text/plain"); print "SUCCESS"; break; } $oldPass = $httpVars["old_pass"]; $newPass = $httpVars["new_pass"]; $passSeed = $httpVars["pass_seed"]; if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) { AuthService::updatePassword($userObject->getId(), $newPass); if ($userObject->getLock() == "pass_change") { $userObject->removeLock(); $userObject->save("superuser"); } } else { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } header("Content-Type:text/plain"); print "SUCCESS"; break; default: break; } return ""; }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) { // Force legacy theme for the moment $this->pluginConf["GUI_THEME"] = "oxygen"; } if (!defined("AJXP_THEME_FOLDER")) { define("CLIENT_RESOURCES_FOLDER", AJXP_PLUGINS_FOLDER . "/gui.ajax/res"); define("AJXP_THEME_FOLDER", CLIENT_RESOURCES_FOLDER . "/themes/" . $this->pluginConf["GUI_THEME"]); } foreach ($httpVars as $getName => $getValue) { ${$getName} = AJXP_Utils::securePath($getValue); } if (isset($dir) && $action != "upload") { $dir = SystemTextEncoding::fromUTF8($dir); } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // GET AN HTML TEMPLATE //------------------------------------ case "get_template": HTMLWriter::charsetHeader(); $folder = CLIENT_RESOURCES_FOLDER . "/html"; if (isset($httpVars["pluginName"])) { $folder = AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/" . AJXP_Utils::securePath($httpVars["pluginName"]); if (isset($httpVars["pluginPath"])) { $folder .= "/" . AJXP_Utils::securePath($httpVars["pluginPath"]); } } $crtTheme = $this->pluginConf["GUI_THEME"]; $thFolder = AJXP_THEME_FOLDER . "/html"; if (isset($template_name)) { if (is_file($thFolder . "/" . $template_name)) { include $thFolder . "/" . $template_name; } else { if (is_file($folder . "/" . $template_name)) { include $folder . "/" . $template_name; } } } break; //------------------------------------ // GET I18N MESSAGES //------------------------------------ //------------------------------------ // GET I18N MESSAGES //------------------------------------ case "get_i18n_messages": $refresh = false; if (isset($httpVars["lang"])) { ConfService::setLanguage($httpVars["lang"]); $refresh = true; } HTMLWriter::charsetHeader('text/javascript'); HTMLWriter::writeI18nMessagesClass(ConfService::getMessages($refresh)); break; //------------------------------------ // SEND XML REGISTRY //------------------------------------ //------------------------------------ // SEND XML REGISTRY //------------------------------------ case "get_xml_registry": $regDoc = AJXP_PluginsService::getXmlRegistry(); $changes = AJXP_Controller::filterActionsRegistry($regDoc); if ($changes) { AJXP_PluginsService::updateXmlRegistry($regDoc); } if (isset($_GET["xPath"])) { $regPath = new DOMXPath($regDoc); $nodes = $regPath->query($_GET["xPath"]); AJXP_XMLWriter::header("ajxp_registry_part", array("xPath" => $_GET["xPath"])); if ($nodes->length) { print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML($nodes->item(0))); } AJXP_XMLWriter::close("ajxp_registry_part"); } else { AJXP_Utils::safeIniSet("zlib.output_compression", "4096"); header('Content-Type: application/xml; charset=UTF-8'); print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML()); } break; //------------------------------------ // DISPLAY DOC //------------------------------------ //------------------------------------ // DISPLAY DOC //------------------------------------ case "display_doc": HTMLWriter::charsetHeader(); echo HTMLWriter::getDocFile(AJXP_Utils::securePath(htmlentities($_GET["doc_file"]))); break; //------------------------------------ // GET BOOT GUI //------------------------------------ //------------------------------------ // GET BOOT GUI //------------------------------------ case "get_boot_gui": header("X-UA-Compatible: chrome=1"); HTMLWriter::charsetHeader(); if (!is_file(TESTS_RESULT_FILE)) { $outputArray = array(); $testedParams = array(); $passed = AJXP_Utils::runTests($outputArray, $testedParams); if (!$passed && !isset($_GET["ignore_tests"])) { die(AJXP_Utils::testResultsToTable($outputArray, $testedParams)); } else { AJXP_Utils::testResultsToFile($outputArray, $testedParams); } } $START_PARAMETERS = array("BOOTER_URL" => "index.php?get_action=get_boot_conf", "MAIN_ELEMENT" => "ajxp_desktop"); if (AuthService::usersEnabled()) { AuthService::preLogUser(isset($httpVars["remote_session"]) ? $httpVars["remote_session"] : ""); AuthService::bootSequence($START_PARAMETERS); if (AuthService::getLoggedUser() != null || AuthService::logUser(null, null) == 1) { if (AuthService::getDefaultRootId() == -1) { AuthService::disconnect(); } else { $loggedUser = AuthService::getLoggedUser(); if (!$loggedUser->canRead(ConfService::getCurrentRootDirIndex()) && AuthService::getDefaultRootId() != ConfService::getCurrentRootDirIndex()) { ConfService::switchRootDir(AuthService::getDefaultRootId()); } } } } AJXP_Utils::parseApplicationGetParameters($_GET, $START_PARAMETERS, $_SESSION); $confErrors = ConfService::getErrors(); if (count($confErrors)) { $START_PARAMETERS["ALERT"] = implode(", ", array_values($confErrors)); } $JSON_START_PARAMETERS = json_encode($START_PARAMETERS); $crtTheme = $this->pluginConf["GUI_THEME"]; if (ConfService::getConf("JS_DEBUG")) { if (!isset($mess)) { $mess = ConfService::getMessages(); } if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html")) { include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html"; } else { include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui_debug.html"; } } else { if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html")) { $content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html"); } else { $content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui.html"); } if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) { $content = str_replace("ajaxplorer_boot.js", "ajaxplorer_boot_protolegacy.js", $content); } $content = AJXP_XMLWriter::replaceAjxpXmlKeywords($content, false); if ($JSON_START_PARAMETERS) { $content = str_replace("//AJXP_JSON_START_PARAMETERS", "startParameters = " . $JSON_START_PARAMETERS . ";", $content); } print $content; } break; //------------------------------------ // GET CONFIG FOR BOOT //------------------------------------ //------------------------------------ // GET CONFIG FOR BOOT //------------------------------------ case "get_boot_conf": if (isset($_GET["server_prefix_uri"])) { $_SESSION["AJXP_SERVER_PREFIX_URI"] = $_GET["server_prefix_uri"]; } $config = array(); $config["ajxpResourcesFolder"] = "plugins/gui.ajax/res"; $config["ajxpServerAccess"] = AJXP_SERVER_ACCESS; $config["zipEnabled"] = ConfService::zipEnabled(); $config["multipleFilesDownloadEnabled"] = ConfService::getCoreConf("ZIP_CREATION"); $config["customWording"] = array("welcomeMessage" => $this->pluginConf["CUSTOM_WELCOME_MESSAGE"], "title" => ConfService::getCoreConf("APPLICATION_TITLE"), "icon" => $this->pluginConf["CUSTOM_ICON"], "iconWidth" => $this->pluginConf["CUSTOM_ICON_WIDTH"], "iconHeight" => $this->pluginConf["CUSTOM_ICON_HEIGHT"], "iconOnly" => $this->pluginConf["CUSTOM_ICON_ONLY"], "titleFontSize" => $this->pluginConf["CUSTOM_FONT_SIZE"]); $config["usersEnabled"] = AuthService::usersEnabled(); $config["loggedUser"] = AuthService::getLoggedUser() != null; $config["currentLanguage"] = ConfService::getLanguage(); $config["session_timeout"] = intval(ini_get("session.gc_maxlifetime")); if (!isset($this->pluginConf["CLIENT_TIMEOUT_TIME"]) || $this->pluginConf["CLIENT_TIMEOUT_TIME"] == "") { $to = $config["session_timeout"]; } else { $to = $this->pluginConf["CLIENT_TIMEOUT_TIME"]; } $config["client_timeout"] = $to; $config["client_timeout_warning"] = $this->pluginConf["CLIENT_TIMEOUT_WARN"]; $config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG"); $config["usersEditable"] = ConfService::getAuthDriverImpl()->usersEditable(); $config["ajxpVersion"] = AJXP_VERSION; $config["ajxpVersionDate"] = AJXP_VERSION_DATE; if (stristr($_SERVER["HTTP_USER_AGENT"], "msie 6")) { $config["cssResources"] = array("css/pngHack/pngHack.css"); } if (!empty($this->pluginConf['GOOGLE_ANALYTICS_ID'])) { $config["googleAnalyticsData"] = array("id" => $this->pluginConf['GOOGLE_ANALYTICS_ID'], "domain" => $this->pluginConf['GOOGLE_ANALYTICS_DOMAIN'], "event" => $this->pluginConf['GOOGLE_ANALYTICS_EVENT']); } $config["i18nMessages"] = ConfService::getMessages(); $config["password_min_length"] = ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth"); $config["SECURE_TOKEN"] = AuthService::generateSecureToken(); $config["streaming_supported"] = "true"; $config["theme"] = $this->pluginConf["GUI_THEME"]; header("Content-type:application/json;charset=UTF-8"); print json_encode($config); break; default: break; } return false; }
public function computeBootConf() { if (isset($_GET["server_prefix_uri"])) { $_SESSION["AJXP_SERVER_PREFIX_URI"] = str_replace("_UP_", "..", $_GET["server_prefix_uri"]); } $currentIsMinisite = strpos(session_name(), "AjaXplorer_Shared") === 0; $config = array(); $config["ajxpResourcesFolder"] = "plugins/gui.ajax/res"; if ($currentIsMinisite) { $config["ajxpServerAccess"] = "index_shared.php"; } else { $config["ajxpServerAccess"] = AJXP_SERVER_ACCESS; } $config["zipEnabled"] = ConfService::zipBrowsingEnabled(); $config["multipleFilesDownloadEnabled"] = ConfService::zipCreationEnabled(); $customIcon = $this->getFilteredOption("CUSTOM_ICON"); self::filterXml($customIcon); $config["customWording"] = array("welcomeMessage" => $this->getFilteredOption("CUSTOM_WELCOME_MESSAGE"), "title" => ConfService::getCoreConf("APPLICATION_TITLE"), "icon" => $customIcon, "iconWidth" => $this->getFilteredOption("CUSTOM_ICON_WIDTH"), "iconHeight" => $this->getFilteredOption("CUSTOM_ICON_HEIGHT"), "iconOnly" => $this->getFilteredOption("CUSTOM_ICON_ONLY"), "titleFontSize" => $this->getFilteredOption("CUSTOM_FONT_SIZE")); $cIcBin = $this->getFilteredOption("CUSTOM_ICON_BINARY"); if (!empty($cIcBin)) { $config["customWording"]["icon_binary_url"] = "get_action=get_global_binary_param&binary_id=" . $cIcBin; } $config["usersEnabled"] = AuthService::usersEnabled(); $config["loggedUser"] = AuthService::getLoggedUser() != null; $config["currentLanguage"] = ConfService::getLanguage(); $config["session_timeout"] = intval(ini_get("session.gc_maxlifetime")); $timeoutTime = $this->getFilteredOption("CLIENT_TIMEOUT_TIME"); if (empty($timeoutTime)) { $to = $config["session_timeout"]; } else { $to = $timeoutTime; } if ($currentIsMinisite) { $to = -1; } $config["client_timeout"] = intval($to); $config["client_timeout_warning"] = floatval($this->getFilteredOption("CLIENT_TIMEOUT_WARN")); $config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG"); $config["usersEditable"] = ConfService::getAuthDriverImpl()->usersEditable(); $config["ajxpVersion"] = AJXP_VERSION; $config["ajxpVersionDate"] = AJXP_VERSION_DATE; $analytic = $this->getFilteredOption('GOOGLE_ANALYTICS_ID'); if (!empty($analytic)) { $config["googleAnalyticsData"] = array("id" => $analytic, "domain" => $this->getFilteredOption('GOOGLE_ANALYTICS_DOMAIN'), "event" => $this->getFilteredOption('GOOGLE_ANALYTICS_EVENT')); } $config["i18nMessages"] = ConfService::getMessages(); $config["SECURE_TOKEN"] = AuthService::generateSecureToken(); $config["streaming_supported"] = "true"; $config["theme"] = $this->pluginConf["GUI_THEME"]; return $config; }
public function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } $mess = ConfService::getMessages(); switch ($action) { case "login": if (!AuthService::usersEnabled()) { return; } $rememberLogin = ""; $rememberPass = ""; $secureToken = ""; $loggedUser = null; include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = "******"; $rememberPass = "******"; $loggedUser = AuthService::getLoggedUser(); } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } $loggedUser = AuthService::getLoggedUser(); if ($loggedUser != null) { $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1); $passId = -1; if (isset($httpVars["tmp_repository_id"])) { $passId = $httpVars["tmp_repository_id"]; } else { if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) { $passId = $force; } } $res = ConfService::switchUserToActiveRepository($loggedUser, $passId); if (!$res) { AuthService::disconnect(); $loggingResult = -3; } } if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) { AuthService::refreshRememberCookie($loggedUser); } AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken); AJXP_XMLWriter::close(); break; //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ //------------------------------------ // CHANGE USER PASSWORD //------------------------------------ case "pass_change": $userObject = AuthService::getLoggedUser(); if ($userObject == null || $userObject->getId() == "guest") { header("Content-Type:text/plain"); print "SUCCESS"; break; } $oldPass = $httpVars["old_pass"]; $newPass = $httpVars["new_pass"]; $passSeed = $httpVars["pass_seed"]; if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) { AuthService::updatePassword($userObject->getId(), $newPass); if ($userObject->getLock() == "pass_change") { $userObject->removeLock(); $userObject->save("superuser"); } } else { header("Content-Type:text/plain"); print "PASS_ERROR"; break; } header("Content-Type:text/plain"); print "SUCCESS"; break; case "logout": AuthService::disconnect(); $loggingResult = 2; session_destroy(); AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, null, null, null); AJXP_XMLWriter::close(); break; case "get_seed": $seed = AuthService::generateSeed(); if (AuthService::suspectBruteForceLogin()) { HTMLWriter::charsetHeader('application/json'); print json_encode(array("seed" => $seed, "captcha" => true)); } else { HTMLWriter::charsetHeader("text/plain"); print $seed; } //exit(0); break; case "get_secure_token": HTMLWriter::charsetHeader("text/plain"); print AuthService::generateSecureToken(); //exit(0); break; case "get_captcha": include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; CaptchaProvider::sendCaptcha(); //exit(0) ; break; case "back": AJXP_XMLWriter::header("url"); echo AuthService::getLogoutAddress(false); AJXP_XMLWriter::close("url"); //exit(1); break; default: break; } return ""; }
function tryToLogUser(&$httpVars, $isLast = false) { // CATCH THE STANDARD LOGIN OPERATION if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") { return false; } if (AJXP_Utils::userAgentIsNativePydioApp()) { return false; } $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $duoActive = false; if (!empty($userId)) { $uObject = ConfService::getConfStorageImpl()->createUserObject($userId); if ($uObject != null) { $duoActive = $uObject->mergedRole->filterParameterValue("authfront.duosecurity", "DUO_AUTH_ACTIVE", AJXP_REPO_SCOPE_ALL, false); } } if (!$duoActive) { return false; } $rememberLogin = ""; $rememberPass = ""; $secureToken = ""; $loggedUser = null; include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php"; if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null; $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = "******"; $rememberPass = "******"; } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } $loggedUser = AuthService::getLoggedUser(); if ($loggedUser != null) { $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1); $passId = -1; if (isset($httpVars["tmp_repository_id"])) { $passId = $httpVars["tmp_repository_id"]; } else { if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) { $passId = $force; } } $res = ConfService::switchUserToActiveRepository($loggedUser, $passId); if (!$res) { AuthService::disconnect(); $loggingResult = -3; } } if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) { AuthService::refreshRememberCookie($loggedUser); } AJXP_XMLWriter::header(); AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken); AJXP_XMLWriter::close(); if ($loggingResult > 0 && $loggedUser != null) { require_once $this->getBaseDir() . "/duo_php/duo_web.php"; $appUnique = $this->getFilteredOption("DUO_AUTH_AKEY"); $iKey = $this->getFilteredOption("DUO_AUTH_IKEY"); $sKey = $this->getFilteredOption("DUO_AUTH_SKEY"); $res = Duo::signRequest($iKey, $sKey, $appUnique, $loggedUser->getId()); $loggedUser->personalRole->setParameterValue("authfront.duosecurity", "DUO_AUTH_LAST_SIGNATURE", $res); $loggedUser->setLock("duo_show_iframe"); $loggedUser->save("superuser"); } // if($loggingResult > 0 || $isLast){ exit; // } }
function switchAction($action, $httpVars, $fileVars) { if (!isset($this->actions[$action])) { return; } foreach ($httpVars as $getName => $getValue) { ${$getName} = AJXP_Utils::securePath($getValue); } if (isset($dir) && $action != "upload") { $dir = SystemTextEncoding::fromUTF8($dir); } $mess = ConfService::getMessages(); switch ($action) { //------------------------------------ // GET AN HTML TEMPLATE //------------------------------------ case "get_template": HTMLWriter::charsetHeader(); $folder = CLIENT_RESOURCES_FOLDER . "/html"; if (isset($httpVars["pluginName"])) { $folder = "plugins/" . $httpVars["pluginName"]; if (isset($httpVars["pluginPath"])) { $folder .= "/" . $httpVars["pluginPath"]; } } if (isset($template_name) && is_file($folder . "/" . $template_name)) { include $folder . "/" . $template_name; } break; //------------------------------------ // GET I18N MESSAGES //------------------------------------ //------------------------------------ // GET I18N MESSAGES //------------------------------------ case "get_i18n_messages": HTMLWriter::charsetHeader('text/javascript'); HTMLWriter::writeI18nMessagesClass(ConfService::getMessages()); break; //------------------------------------ // SEND XML REGISTRY //------------------------------------ //------------------------------------ // SEND XML REGISTRY //------------------------------------ case "get_xml_registry": $regDoc = AJXP_PluginsService::getXmlRegistry(); if (isset($_GET["xPath"])) { $regPath = new DOMXPath($regDoc); $nodes = $regPath->query($_GET["xPath"]); AJXP_XMLWriter::header("ajxp_registry_part", array("xPath" => $_GET["xPath"])); if ($nodes->length) { print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML($nodes->item(0))); } AJXP_XMLWriter::close("ajxp_registry_part"); } else { header('Content-Type: application/xml; charset=UTF-8'); print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML()); } break; //------------------------------------ // DISPLAY DOC //------------------------------------ //------------------------------------ // DISPLAY DOC //------------------------------------ case "display_doc": HTMLWriter::charsetHeader(); echo HTMLWriter::getDocFile(htmlentities($_GET["doc_file"])); break; //------------------------------------ // CHECK UPDATE //------------------------------------ //------------------------------------ // CHECK UPDATE //------------------------------------ case "check_software_update": $content = @file_get_contents(SOFTWARE_UPDATE_SITE . "ajxp.version"); $message = $mess["345"]; if (isset($content) && $content != "") { if (strstr($content, "::URL::") !== false) { list($version, $downloadUrl) = explode("::URL::", $content); } else { $version = $content; $downloadUrl = "http://www.ajaxplorer.info/"; } $compare = version_compare(AJXP_VERSION, $content); if ($compare >= 0) { $message = $mess["346"]; } else { $link = '<a target="_blank" href="' . $downloadUrl . '">' . $downloadUrl . '</a>'; $message = sprintf($mess["347"], $version, $link); } } HTMLWriter::charsetHeader("text/plain"); print $message; break; //------------------------------------ // GET CONFIG FOR BOOT //------------------------------------ //------------------------------------ // GET CONFIG FOR BOOT //------------------------------------ case "get_boot_conf": if (isset($_GET["server_prefix_uri"])) { $_SESSION["AJXP_SERVER_PREFIX_URI"] = $_GET["server_prefix_uri"]; } $config = array(); $config["ajxpResourcesFolder"] = AJXP_THEME_FOLDER; $config["ajxpServerAccess"] = SERVER_ACCESS; $config["zipEnabled"] = ConfService::zipEnabled(); $config["multipleFilesDownloadEnabled"] = !DISABLE_ZIP_CREATION; $config["flashUploaderEnabled"] = ConfService::getConf("UPLOAD_ENABLE_FLASH"); $welcomeCustom = ConfService::getConf("WELCOME_CUSTOM_MSG"); if ($welcomeCustom != "") { $config["customWelcomeMessage"] = $welcomeCustom; } if (!ConfService::getConf("UPLOAD_ENABLE_FLASH")) { $UploadMaxSize = AJXP_Utils::convertBytes(ini_get('upload_max_filesize')); $confMaxSize = ConfService::getConf("UPLOAD_MAX_FILE"); if ($confMaxSize != 0 && $confMaxSize < $UploadMaxSize) { $UploadMaxSize = $confMaxSize; } $confTotalNumber = ConfService::getConf("UPLOAD_MAX_NUMBER"); $config["htmlMultiUploaderOptions"] = array("282" => $UploadMaxSize, "284" => $confTotalNumber); } $config["usersEnabled"] = AuthService::usersEnabled(); $config["loggedUser"] = AuthService::getLoggedUser() != null; $config["currentLanguage"] = ConfService::getLanguage(); $config["session_timeout"] = intval(ini_get("session.gc_maxlifetime")); $config["client_timeout"] = ConfService::getConf("CLIENT_TIMEOUT_TIME"); $config["client_timeout_warning"] = ConfService::getConf("CLIENT_TIMEOUT_WARNING"); $config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG"); $config["ajxpVersion"] = AJXP_VERSION; $config["ajxpVersionDate"] = AJXP_VERSION_DATE; if (stristr($_SERVER["HTTP_USER_AGENT"], "msie 6")) { $config["cssResources"] = array("css/pngHack/pngHack.css"); } if (defined("GOOGLE_ANALYTICS_ID") && GOOGLE_ANALYTICS_ID != "") { $config["googleAnalyticsData"] = array("id" => GOOGLE_ANALYTICS_ID, "domain" => GOOGLE_ANALYTICS_DOMAIN, "event" => GOOGLE_ANALYTICS_EVENT); } $config["i18nMessages"] = ConfService::getMessages(); $config["password_min_length"] = defined('AJXP_PASSWORD_MINLENGTH') ? AJXP_PASSWORD_MINLENGTH : 8; $config["SECURE_TOKEN"] = AuthService::generateSecureToken(); header("Content-type:application/json;charset=UTF-8"); print json_encode($config); break; default: break; } return false; }
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) { $loggingResult = -4; } else { $userId = isset($httpVars["userid"]) ? $httpVars["userid"] : null; $userPass = isset($httpVars["password"]) ? $httpVars["password"] : null; $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false; $cookieLogin = isset($httpVars["cookie_login"]) ? true : false; $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]); if ($rememberMe && $loggingResult == 1) { $rememberLogin = $userId; $loggedUser = AuthService::getLoggedUser(); $rememberPass = $loggedUser->getCookieString(); } if ($loggingResult == 1) { session_regenerate_id(true); $secureToken = AuthService::generateSecureToken(); } if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) { $loggingResult = -4; // Force captcha reload } } } else { AuthService::logUser(null, null); } } } } } } // Check that current user can access current repository, try to switch otherwise.