function tryToLogUser(&$httpVars, $isLast = false)
{
if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") {
return false;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? AJXP_Utils::sanitize($httpVars["userid"], AJXP_SANITIZE_EMAILCHARS) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
if ($loggingResult > 0 || $isLast) {
exit;
}
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
switch ($action) {
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
default:
break;
}
return "";
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
// Force legacy theme for the moment
$this->pluginConf["GUI_THEME"] = "oxygen";
}
if (!defined("AJXP_THEME_FOLDER")) {
define("CLIENT_RESOURCES_FOLDER", AJXP_PLUGINS_FOLDER . "/gui.ajax/res");
define("AJXP_THEME_FOLDER", CLIENT_RESOURCES_FOLDER . "/themes/" . $this->pluginConf["GUI_THEME"]);
}
foreach ($httpVars as $getName => $getValue) {
${$getName} = AJXP_Utils::securePath($getValue);
}
if (isset($dir) && $action != "upload") {
$dir = SystemTextEncoding::fromUTF8($dir);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
case "get_template":
HTMLWriter::charsetHeader();
$folder = CLIENT_RESOURCES_FOLDER . "/html";
if (isset($httpVars["pluginName"])) {
$folder = AJXP_INSTALL_PATH . "/" . AJXP_PLUGINS_FOLDER . "/" . AJXP_Utils::securePath($httpVars["pluginName"]);
if (isset($httpVars["pluginPath"])) {
$folder .= "/" . AJXP_Utils::securePath($httpVars["pluginPath"]);
}
}
$crtTheme = $this->pluginConf["GUI_THEME"];
$thFolder = AJXP_THEME_FOLDER . "/html";
if (isset($template_name)) {
if (is_file($thFolder . "/" . $template_name)) {
include $thFolder . "/" . $template_name;
} else {
if (is_file($folder . "/" . $template_name)) {
include $folder . "/" . $template_name;
}
}
}
break;
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
case "get_i18n_messages":
$refresh = false;
if (isset($httpVars["lang"])) {
ConfService::setLanguage($httpVars["lang"]);
$refresh = true;
}
HTMLWriter::charsetHeader('text/javascript');
HTMLWriter::writeI18nMessagesClass(ConfService::getMessages($refresh));
break;
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
case "get_xml_registry":
$regDoc = AJXP_PluginsService::getXmlRegistry();
$changes = AJXP_Controller::filterActionsRegistry($regDoc);
if ($changes) {
AJXP_PluginsService::updateXmlRegistry($regDoc);
}
if (isset($_GET["xPath"])) {
$regPath = new DOMXPath($regDoc);
$nodes = $regPath->query($_GET["xPath"]);
AJXP_XMLWriter::header("ajxp_registry_part", array("xPath" => $_GET["xPath"]));
if ($nodes->length) {
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML($nodes->item(0)));
}
AJXP_XMLWriter::close("ajxp_registry_part");
} else {
AJXP_Utils::safeIniSet("zlib.output_compression", "4096");
header('Content-Type: application/xml; charset=UTF-8');
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML());
}
break;
//------------------------------------
// DISPLAY DOC
//------------------------------------
//------------------------------------
// DISPLAY DOC
//------------------------------------
case "display_doc":
HTMLWriter::charsetHeader();
echo HTMLWriter::getDocFile(AJXP_Utils::securePath(htmlentities($_GET["doc_file"])));
break;
//------------------------------------
// GET BOOT GUI
//------------------------------------
//------------------------------------
// GET BOOT GUI
//------------------------------------
case "get_boot_gui":
header("X-UA-Compatible: chrome=1");
HTMLWriter::charsetHeader();
if (!is_file(TESTS_RESULT_FILE)) {
$outputArray = array();
$testedParams = array();
$passed = AJXP_Utils::runTests($outputArray, $testedParams);
if (!$passed && !isset($_GET["ignore_tests"])) {
die(AJXP_Utils::testResultsToTable($outputArray, $testedParams));
} else {
AJXP_Utils::testResultsToFile($outputArray, $testedParams);
}
}
$START_PARAMETERS = array("BOOTER_URL" => "index.php?get_action=get_boot_conf", "MAIN_ELEMENT" => "ajxp_desktop");
if (AuthService::usersEnabled()) {
AuthService::preLogUser(isset($httpVars["remote_session"]) ? $httpVars["remote_session"] : "");
AuthService::bootSequence($START_PARAMETERS);
if (AuthService::getLoggedUser() != null || AuthService::logUser(null, null) == 1) {
if (AuthService::getDefaultRootId() == -1) {
AuthService::disconnect();
} else {
$loggedUser = AuthService::getLoggedUser();
if (!$loggedUser->canRead(ConfService::getCurrentRootDirIndex()) && AuthService::getDefaultRootId() != ConfService::getCurrentRootDirIndex()) {
ConfService::switchRootDir(AuthService::getDefaultRootId());
}
}
}
}
AJXP_Utils::parseApplicationGetParameters($_GET, $START_PARAMETERS, $_SESSION);
$confErrors = ConfService::getErrors();
if (count($confErrors)) {
$START_PARAMETERS["ALERT"] = implode(", ", array_values($confErrors));
}
$JSON_START_PARAMETERS = json_encode($START_PARAMETERS);
$crtTheme = $this->pluginConf["GUI_THEME"];
if (ConfService::getConf("JS_DEBUG")) {
if (!isset($mess)) {
$mess = ConfService::getMessages();
}
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html")) {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui_debug.html";
} else {
include AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui_debug.html";
}
} else {
if (is_file(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html")) {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/themes/{$crtTheme}/html/gui.html");
} else {
$content = file_get_contents(AJXP_INSTALL_PATH . "/plugins/gui.ajax/res/html/gui.html");
}
if (preg_match('/MSIE 7/', $_SERVER['HTTP_USER_AGENT']) || preg_match('/MSIE 8/', $_SERVER['HTTP_USER_AGENT'])) {
$content = str_replace("ajaxplorer_boot.js", "ajaxplorer_boot_protolegacy.js", $content);
}
$content = AJXP_XMLWriter::replaceAjxpXmlKeywords($content, false);
if ($JSON_START_PARAMETERS) {
$content = str_replace("//AJXP_JSON_START_PARAMETERS", "startParameters = " . $JSON_START_PARAMETERS . ";", $content);
}
print $content;
}
break;
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
case "get_boot_conf":
if (isset($_GET["server_prefix_uri"])) {
$_SESSION["AJXP_SERVER_PREFIX_URI"] = $_GET["server_prefix_uri"];
}
$config = array();
$config["ajxpResourcesFolder"] = "plugins/gui.ajax/res";
$config["ajxpServerAccess"] = AJXP_SERVER_ACCESS;
$config["zipEnabled"] = ConfService::zipEnabled();
$config["multipleFilesDownloadEnabled"] = ConfService::getCoreConf("ZIP_CREATION");
$config["customWording"] = array("welcomeMessage" => $this->pluginConf["CUSTOM_WELCOME_MESSAGE"], "title" => ConfService::getCoreConf("APPLICATION_TITLE"), "icon" => $this->pluginConf["CUSTOM_ICON"], "iconWidth" => $this->pluginConf["CUSTOM_ICON_WIDTH"], "iconHeight" => $this->pluginConf["CUSTOM_ICON_HEIGHT"], "iconOnly" => $this->pluginConf["CUSTOM_ICON_ONLY"], "titleFontSize" => $this->pluginConf["CUSTOM_FONT_SIZE"]);
$config["usersEnabled"] = AuthService::usersEnabled();
$config["loggedUser"] = AuthService::getLoggedUser() != null;
$config["currentLanguage"] = ConfService::getLanguage();
$config["session_timeout"] = intval(ini_get("session.gc_maxlifetime"));
if (!isset($this->pluginConf["CLIENT_TIMEOUT_TIME"]) || $this->pluginConf["CLIENT_TIMEOUT_TIME"] == "") {
$to = $config["session_timeout"];
} else {
$to = $this->pluginConf["CLIENT_TIMEOUT_TIME"];
}
$config["client_timeout"] = $to;
$config["client_timeout_warning"] = $this->pluginConf["CLIENT_TIMEOUT_WARN"];
$config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG");
$config["usersEditable"] = ConfService::getAuthDriverImpl()->usersEditable();
$config["ajxpVersion"] = AJXP_VERSION;
$config["ajxpVersionDate"] = AJXP_VERSION_DATE;
if (stristr($_SERVER["HTTP_USER_AGENT"], "msie 6")) {
$config["cssResources"] = array("css/pngHack/pngHack.css");
}
if (!empty($this->pluginConf['GOOGLE_ANALYTICS_ID'])) {
$config["googleAnalyticsData"] = array("id" => $this->pluginConf['GOOGLE_ANALYTICS_ID'], "domain" => $this->pluginConf['GOOGLE_ANALYTICS_DOMAIN'], "event" => $this->pluginConf['GOOGLE_ANALYTICS_EVENT']);
}
$config["i18nMessages"] = ConfService::getMessages();
$config["password_min_length"] = ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth");
$config["SECURE_TOKEN"] = AuthService::generateSecureToken();
$config["streaming_supported"] = "true";
$config["theme"] = $this->pluginConf["GUI_THEME"];
header("Content-type:application/json;charset=UTF-8");
print json_encode($config);
break;
default:
break;
}
return false;
}
public function computeBootConf()
{
if (isset($_GET["server_prefix_uri"])) {
$_SESSION["AJXP_SERVER_PREFIX_URI"] = str_replace("_UP_", "..", $_GET["server_prefix_uri"]);
}
$currentIsMinisite = strpos(session_name(), "AjaXplorer_Shared") === 0;
$config = array();
$config["ajxpResourcesFolder"] = "plugins/gui.ajax/res";
if ($currentIsMinisite) {
$config["ajxpServerAccess"] = "index_shared.php";
} else {
$config["ajxpServerAccess"] = AJXP_SERVER_ACCESS;
}
$config["zipEnabled"] = ConfService::zipBrowsingEnabled();
$config["multipleFilesDownloadEnabled"] = ConfService::zipCreationEnabled();
$customIcon = $this->getFilteredOption("CUSTOM_ICON");
self::filterXml($customIcon);
$config["customWording"] = array("welcomeMessage" => $this->getFilteredOption("CUSTOM_WELCOME_MESSAGE"), "title" => ConfService::getCoreConf("APPLICATION_TITLE"), "icon" => $customIcon, "iconWidth" => $this->getFilteredOption("CUSTOM_ICON_WIDTH"), "iconHeight" => $this->getFilteredOption("CUSTOM_ICON_HEIGHT"), "iconOnly" => $this->getFilteredOption("CUSTOM_ICON_ONLY"), "titleFontSize" => $this->getFilteredOption("CUSTOM_FONT_SIZE"));
$cIcBin = $this->getFilteredOption("CUSTOM_ICON_BINARY");
if (!empty($cIcBin)) {
$config["customWording"]["icon_binary_url"] = "get_action=get_global_binary_param&binary_id=" . $cIcBin;
}
$config["usersEnabled"] = AuthService::usersEnabled();
$config["loggedUser"] = AuthService::getLoggedUser() != null;
$config["currentLanguage"] = ConfService::getLanguage();
$config["session_timeout"] = intval(ini_get("session.gc_maxlifetime"));
$timeoutTime = $this->getFilteredOption("CLIENT_TIMEOUT_TIME");
if (empty($timeoutTime)) {
$to = $config["session_timeout"];
} else {
$to = $timeoutTime;
}
if ($currentIsMinisite) {
$to = -1;
}
$config["client_timeout"] = intval($to);
$config["client_timeout_warning"] = floatval($this->getFilteredOption("CLIENT_TIMEOUT_WARN"));
$config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG");
$config["usersEditable"] = ConfService::getAuthDriverImpl()->usersEditable();
$config["ajxpVersion"] = AJXP_VERSION;
$config["ajxpVersionDate"] = AJXP_VERSION_DATE;
$analytic = $this->getFilteredOption('GOOGLE_ANALYTICS_ID');
if (!empty($analytic)) {
$config["googleAnalyticsData"] = array("id" => $analytic, "domain" => $this->getFilteredOption('GOOGLE_ANALYTICS_DOMAIN'), "event" => $this->getFilteredOption('GOOGLE_ANALYTICS_EVENT'));
}
$config["i18nMessages"] = ConfService::getMessages();
$config["SECURE_TOKEN"] = AuthService::generateSecureToken();
$config["streaming_supported"] = "true";
$config["theme"] = $this->pluginConf["GUI_THEME"];
return $config;
}
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$mess = ConfService::getMessages();
switch ($action) {
case "login":
if (!AuthService::usersEnabled()) {
return;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
$loggedUser = AuthService::getLoggedUser();
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
case "logout":
AuthService::disconnect();
$loggingResult = 2;
session_destroy();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
AJXP_XMLWriter::close();
break;
case "get_seed":
$seed = AuthService::generateSeed();
if (AuthService::suspectBruteForceLogin()) {
HTMLWriter::charsetHeader('application/json');
print json_encode(array("seed" => $seed, "captcha" => true));
} else {
HTMLWriter::charsetHeader("text/plain");
print $seed;
}
//exit(0);
break;
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
case "get_captcha":
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
CaptchaProvider::sendCaptcha();
//exit(0) ;
break;
case "back":
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
//exit(1);
break;
default:
break;
}
return "";
}
function tryToLogUser(&$httpVars, $isLast = false)
{
// CATCH THE STANDARD LOGIN OPERATION
if (!isset($httpVars["get_action"]) || $httpVars["get_action"] != "login") {
return false;
}
if (AJXP_Utils::userAgentIsNativePydioApp()) {
return false;
}
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$duoActive = false;
if (!empty($userId)) {
$uObject = ConfService::getConfStorageImpl()->createUserObject($userId);
if ($uObject != null) {
$duoActive = $uObject->mergedRole->filterParameterValue("authfront.duosecurity", "DUO_AUTH_ACTIVE", AJXP_REPO_SCOPE_ALL, false);
}
}
if (!$duoActive) {
return false;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
if ($loggingResult > 0 && $loggedUser != null) {
require_once $this->getBaseDir() . "/duo_php/duo_web.php";
$appUnique = $this->getFilteredOption("DUO_AUTH_AKEY");
$iKey = $this->getFilteredOption("DUO_AUTH_IKEY");
$sKey = $this->getFilteredOption("DUO_AUTH_SKEY");
$res = Duo::signRequest($iKey, $sKey, $appUnique, $loggedUser->getId());
$loggedUser->personalRole->setParameterValue("authfront.duosecurity", "DUO_AUTH_LAST_SIGNATURE", $res);
$loggedUser->setLock("duo_show_iframe");
$loggedUser->save("superuser");
}
// if($loggingResult > 0 || $isLast){
exit;
// }
}
function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
foreach ($httpVars as $getName => $getValue) {
${$getName} = AJXP_Utils::securePath($getValue);
}
if (isset($dir) && $action != "upload") {
$dir = SystemTextEncoding::fromUTF8($dir);
}
$mess = ConfService::getMessages();
switch ($action) {
//------------------------------------
// GET AN HTML TEMPLATE
//------------------------------------
case "get_template":
HTMLWriter::charsetHeader();
$folder = CLIENT_RESOURCES_FOLDER . "/html";
if (isset($httpVars["pluginName"])) {
$folder = "plugins/" . $httpVars["pluginName"];
if (isset($httpVars["pluginPath"])) {
$folder .= "/" . $httpVars["pluginPath"];
}
}
if (isset($template_name) && is_file($folder . "/" . $template_name)) {
include $folder . "/" . $template_name;
}
break;
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
//------------------------------------
// GET I18N MESSAGES
//------------------------------------
case "get_i18n_messages":
HTMLWriter::charsetHeader('text/javascript');
HTMLWriter::writeI18nMessagesClass(ConfService::getMessages());
break;
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
//------------------------------------
// SEND XML REGISTRY
//------------------------------------
case "get_xml_registry":
$regDoc = AJXP_PluginsService::getXmlRegistry();
if (isset($_GET["xPath"])) {
$regPath = new DOMXPath($regDoc);
$nodes = $regPath->query($_GET["xPath"]);
AJXP_XMLWriter::header("ajxp_registry_part", array("xPath" => $_GET["xPath"]));
if ($nodes->length) {
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML($nodes->item(0)));
}
AJXP_XMLWriter::close("ajxp_registry_part");
} else {
header('Content-Type: application/xml; charset=UTF-8');
print AJXP_XMLWriter::replaceAjxpXmlKeywords($regDoc->saveXML());
}
break;
//------------------------------------
// DISPLAY DOC
//------------------------------------
//------------------------------------
// DISPLAY DOC
//------------------------------------
case "display_doc":
HTMLWriter::charsetHeader();
echo HTMLWriter::getDocFile(htmlentities($_GET["doc_file"]));
break;
//------------------------------------
// CHECK UPDATE
//------------------------------------
//------------------------------------
// CHECK UPDATE
//------------------------------------
case "check_software_update":
$content = @file_get_contents(SOFTWARE_UPDATE_SITE . "ajxp.version");
$message = $mess["345"];
if (isset($content) && $content != "") {
if (strstr($content, "::URL::") !== false) {
list($version, $downloadUrl) = explode("::URL::", $content);
} else {
$version = $content;
$downloadUrl = "http://www.ajaxplorer.info/";
}
$compare = version_compare(AJXP_VERSION, $content);
if ($compare >= 0) {
$message = $mess["346"];
} else {
$link = '<a target="_blank" href="' . $downloadUrl . '">' . $downloadUrl . '</a>';
$message = sprintf($mess["347"], $version, $link);
}
}
HTMLWriter::charsetHeader("text/plain");
print $message;
break;
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
//------------------------------------
// GET CONFIG FOR BOOT
//------------------------------------
case "get_boot_conf":
if (isset($_GET["server_prefix_uri"])) {
$_SESSION["AJXP_SERVER_PREFIX_URI"] = $_GET["server_prefix_uri"];
}
$config = array();
$config["ajxpResourcesFolder"] = AJXP_THEME_FOLDER;
$config["ajxpServerAccess"] = SERVER_ACCESS;
$config["zipEnabled"] = ConfService::zipEnabled();
$config["multipleFilesDownloadEnabled"] = !DISABLE_ZIP_CREATION;
$config["flashUploaderEnabled"] = ConfService::getConf("UPLOAD_ENABLE_FLASH");
$welcomeCustom = ConfService::getConf("WELCOME_CUSTOM_MSG");
if ($welcomeCustom != "") {
$config["customWelcomeMessage"] = $welcomeCustom;
}
if (!ConfService::getConf("UPLOAD_ENABLE_FLASH")) {
$UploadMaxSize = AJXP_Utils::convertBytes(ini_get('upload_max_filesize'));
$confMaxSize = ConfService::getConf("UPLOAD_MAX_FILE");
if ($confMaxSize != 0 && $confMaxSize < $UploadMaxSize) {
$UploadMaxSize = $confMaxSize;
}
$confTotalNumber = ConfService::getConf("UPLOAD_MAX_NUMBER");
$config["htmlMultiUploaderOptions"] = array("282" => $UploadMaxSize, "284" => $confTotalNumber);
}
$config["usersEnabled"] = AuthService::usersEnabled();
$config["loggedUser"] = AuthService::getLoggedUser() != null;
$config["currentLanguage"] = ConfService::getLanguage();
$config["session_timeout"] = intval(ini_get("session.gc_maxlifetime"));
$config["client_timeout"] = ConfService::getConf("CLIENT_TIMEOUT_TIME");
$config["client_timeout_warning"] = ConfService::getConf("CLIENT_TIMEOUT_WARNING");
$config["availableLanguages"] = ConfService::getConf("AVAILABLE_LANG");
$config["ajxpVersion"] = AJXP_VERSION;
$config["ajxpVersionDate"] = AJXP_VERSION_DATE;
if (stristr($_SERVER["HTTP_USER_AGENT"], "msie 6")) {
$config["cssResources"] = array("css/pngHack/pngHack.css");
}
if (defined("GOOGLE_ANALYTICS_ID") && GOOGLE_ANALYTICS_ID != "") {
$config["googleAnalyticsData"] = array("id" => GOOGLE_ANALYTICS_ID, "domain" => GOOGLE_ANALYTICS_DOMAIN, "event" => GOOGLE_ANALYTICS_EVENT);
}
$config["i18nMessages"] = ConfService::getMessages();
$config["password_min_length"] = defined('AJXP_PASSWORD_MINLENGTH') ? AJXP_PASSWORD_MINLENGTH : 8;
$config["SECURE_TOKEN"] = AuthService::generateSecureToken();
header("Content-type:application/json;charset=UTF-8");
print json_encode($config);
break;
default:
break;
}
return false;
}
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? $httpVars["userid"] : null;
$userPass = isset($httpVars["password"]) ? $httpVars["password"] : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = $userId;
$loggedUser = AuthService::getLoggedUser();
$rememberPass = $loggedUser->getCookieString();
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
} else {
AuthService::logUser(null, null);
}
}
}
}
}
}
// Check that current user can access current repository, try to switch otherwise.
