Exemple #1
 public function wizard_checkKey()
     $fileError = false;
     if (!isset($_SESSION['CATS']) || empty($_SESSION['CATS'])) {
         echo 'CATS has lost your session!';
     /* Bail out if the user doesn't have SA permissions. */
     if ($this->_realAccessLevel < ACCESS_LEVEL_SA) {
         echo 'You do not have access to set the key.';
     if (isset($_GET[$id = 'key']) && $_GET[$id] != '') {
         $license = new License();
         $key = strtoupper(trim($_GET[$id]));
         $configWritten = false;
         if ($license->setKey($key) !== false) {
             if ($license->isProfessional()) {
                 if (!CATSUtility::isSOAPEnabled()) {
                     echo "CATS Professional requires the PHP SOAP library which isn't currently installed.\n\n" . "Installation Instructions:\n\n" . "WAMP/Windows Users:\n" . "1) Left click on the wamp icon.\n" . "2) Select \"PHP Settings\" from the drop-down list.\n" . "3) Select \"PHP Extensions\" from the drop-down list.\n" . "4) Check the \"php_soap\" option.\n" . "5) Restart WAMP.\n\n" . "Linux Users:\n" . "Re-install PHP with the --enable-soap configuration option.\n\n" . "Please visit http://www.catsone.com for more support options.";
                 } else {
                     if (!LicenseUtility::validateProfessionalKey($key)) {
                         echo "That is not a valid CATS Professional license key. Please visit " . "http://www.catsone.com/professional for more information about CATS Professional.\n\n" . "For a free open-source key, please visit http://www.catsone.com/ and " . "click on \"Downloads\".";
             if (CATSUtility::changeConfigSetting('LICENSE_KEY', "'" . $key . "'")) {
                 $configWritten = true;
         if ($configWritten) {
             echo 'Ok';
     // The key hasn't been written. But they may have manually inserted the key into their config.php, check
     if (LicenseUtility::isLicenseValid()) {
         echo 'Ok';
     if ($fileError) {
         echo 'You entered a valid key, but this wizard is unable to write to your config.php file! You have ' . 'two choices: ' . "\n\n" . '1) Change the file permissions of your config.php file.' . "\n" . 'If you\'re using unix, try:' . "\n" . 'chmod 777 config.php' . "\n\n" . '2) Edit your config.php file manually and enter your valid key near this line: ' . "\n" . 'define(\'LICENSE_KEY\', \'ENTER YOUR KEY HERE\');' . "\n" . 'Once you\'ve done this, refresh your browser.' . "\n\n" . 'For more help, visit our website at http://www.catsone.com for support options.';
     echo 'That is not a valid key. You can register for a free open source license key on our website ' . 'at http://www.catsone.com or a professional key to unlock all of the available features at ' . 'http://www.catsone.com/professional';
Exemple #2
    private function attemptLogin()
        //FIXME: getTrimmedInput()!
        if (isset($_POST['siteName'])) {
            $siteName = $_POST['siteName'];
        } else {
            $siteName = '';
        if (!isset($_POST['username']) || !isset($_POST['password'])) {
            $message = 'Invalid username or password.';
            if (isset($_GET['reloginVars'])) {
                $this->_template->assign('reloginVars', urlencode($_GET['reloginVars']));
            } else {
                $this->_template->assign('reloginVars', '');
            $site = new Site(-1);
            $rs = $site->getSiteByUnixName($siteName);
            if (isset($rs['name'])) {
                $siteNameFull = $rs['name'];
            } else {
                $siteNameFull = $siteName;
            $this->_template->assign('aspMode', false);
            if (!eval(Hooks::get('LOGIN_NO_CREDENTIALS'))) {
            $this->_template->assign('message', $message);
            $this->_template->assign('messageSuccess', false);
            $this->_template->assign('siteName', $siteName);
            $this->_template->assign('siteNameFull', $siteNameFull);
            $this->_template->assign('dateString', date('l, F jS, Y'));
            if (ModuleUtility::moduleExists("asp")) {
            } else {
        $username = $this->getTrimmedInput('username', $_POST);
        $password = $this->getTrimmedInput('password', $_POST);
        if (strpos($username, '@') !== false) {
            $siteName = '';
        if ($siteName != '') {
            $site = new Site(-1);
            $rs = $site->getSiteByUnixName($siteName);
            if (isset($rs['siteID'])) {
                $username .= '@' . $rs['siteID'];
        /* Make a blind attempt at logging the user in. */
        $_SESSION['CATS']->processLogin($username, $password);
        /* If unsuccessful, take the user back to the login page. */
        if (!$_SESSION['CATS']->isLoggedIn()) {
            $message = $_SESSION['CATS']->getLoginError();
            if (isset($_GET['reloginVars'])) {
                $this->_template->assign('reloginVars', urlencode($_GET['reloginVars']));
            } else {
                $this->_template->assign('reloginVars', '');
            $site = new Site(-1);
            $rs = $site->getSiteByUnixName($siteName);
            if (isset($rs['name'])) {
                $siteNameFull = $rs['name'];
            } else {
                $siteNameFull = $siteName;
            $this->_template->assign('aspMode', false);
            if (!eval(Hooks::get('LOGIN_UNSUCCESSFUL'))) {
            $this->_template->assign('message', $message);
            $this->_template->assign('messageSuccess', false);
            $this->_template->assign('siteName', $siteName);
            $this->_template->assign('siteNameFull', $siteNameFull);
            $this->_template->assign('dateString', date('l, F jS, Y'));
            if (ModuleUtility::moduleExists("asp")) {
            } else {
        $systemInfoDb = new SystemInfo();
        $accessLevel = $_SESSION['CATS']->getAccessLevel();
        $mailerSettings = new MailerSettings($_SESSION['CATS']->getSiteID());
        $mailerSettingsRS = $mailerSettings->getAll();
        /***************************** BEGIN NEW WIZARD *****************************************/
         * Improved setup wizard using the Wizard library. If the user succeeds,
         * all old-style wizards will no longer be shown.
        $wizard = new Wizard(CATSUtility::getIndexName() . '?m=home', './js/wizardIntro.js');
        if ($_SESSION['CATS']->isFirstTimeSetup()) {
            $wizard->addPage('Welcome!', './modules/login/wizard/Intro.tpl', '', false, true);
        if (!$_SESSION['CATS']->isAgreedToLicense()) {
            $phpeval = '';
            if (!eval(Hooks::get('LICENSE_TERMS'))) {
            $wizard->addPage('License', './modules/login/wizard/License.tpl', $phpeval, true, true);
        if (!file_exists('modules/asp') || defined('CATS_TEST_MODE') && CATS_TEST_MODE) {
            // On-site wizard pages
            if (!LicenseUtility::isLicenseValid()) {
                if (defined('LICENSE_KEY') && LICENSE_KEY == '') {
                    $template = 'Register.tpl';
                    $templateName = 'Register';
                } else {
                    $template = 'Reregister.tpl';
                    $templateName = 'License Expired';
                $wizard->addPage($templateName, './modules/login/wizard/' . $template, '', false, true);
        // if logged in for the first time, change password
        if (strtolower($username) == 'admin' && $password === DEFAULT_ADMIN_PASSWORD) {
            $wizard->addPage('Password', './modules/login/wizard/Password.tpl', '', false, true);
        // make user set an e-mail address
        if (trim($_SESSION['CATS']->getEmail()) == '') {
            $wizard->addPage('E-mail', './modules/login/wizard/Email.tpl', '', false, true);
        // if no site name set, make user set site name
        if ($accessLevel >= ACCESS_LEVEL_SA && $_SESSION['CATS']->getSiteName() === 'default_site') {
            $wizard->addPage('Site', './modules/login/wizard/SiteName.tpl', '', false, true);
        // CATS Hosted Wizard Pages
        if (!eval(Hooks::get('ASP_WIZARD_PAGES'))) {
        if ($_SESSION['CATS']->isFirstTimeSetup()) {
            $wizard->addPage('Setup Users', './modules/login/wizard/Users.tpl', '
                $users = new Users($siteID);
                $mp = $users->getAll();
                $data = $users->getLicenseData();

                $this->_template->assign(\'users\', $mp);
                $this->_template->assign(\'totalUsers\', $data[\'totalUsers\']);
                $this->_template->assign(\'userLicenses\', $data[\'userLicenses\']);
                $this->_template->assign(\'accessLevels\', $users->getAccessLevels());
            if (!eval(Hooks::get('ASP_WIZARD_IMPORT'))) {
        // The wizard will not display if no pages have been added.
        /******************************* END NEW WIZARD *******************************************/
        /* Session is logged in, do we need to send the user to the wizard?
         * This should be done only on the first use, indicated by the
         * admin user's password still being set to the default.
        /* If we have a specific page to go to, go there. */
        /* These hooks are for important things, like disabling the site based on criteria. */
        if (!eval(Hooks::get('LOGGED_IN'))) {
        if (isset($_GET['reloginVars'])) {
        /* LOGGED_IN_MESSAGES hooks are only for messages which show up on initial login (warnings, etc) */
        if (!eval(Hooks::get('LOGGED_IN_MESSAGES'))) {
        } else {
            if ($accessLevel >= ACCESS_LEVEL_SA && $mailerSettingsRS['configured'] == '0') {
                $this->_template->assign('inputType', 'conclusion');
                $this->_template->assign('title', 'E-Mail Disabled');
                $this->_template->assign('prompt', 'E-mail features are disabled. In order to enable e-mail features (such as e-mail notifications), please configure your e-mail settings by clicking on the Settings tab and then clicking on Administration.');
                $this->_template->assign('action', $this->getAction());
                $this->_template->assign('home', 'home');
            } else {
                if (!eval(Hooks::get('LOGGED_IN_HOME_PAGE'))) {