print "Not logged in";
exit(0);
}
$parms = new Parameters();
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
print "Invalid user";
exit(0);
} elseif (!$user->isAdmin() && !$user->isSupervisor()) {
print "Insufficient permission";
exit(0);
}
// read in parameters
$filter = $parms->getParm('filter');
if ($filter == '') {
$filter = 'access';
}
$start = $parms->getParm('start');
if ($start == '') {
$start = 0;
}
/* maxlines not recommended for ajax as it could result in gaps in log view although can be used to prevent excessive log entries killing browser session*/
/* Instead maxlines should be used on original, but allow multiple additional entries */
/* If used then will restrict number of lines returned within getlog */
$maxlines = $parms->getParm('maxlines');
if ($maxlines == '') {
$maxlines = 0;
}
$order = $parms->getParm('order');
//$get_values = getPostParms();
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// php session - we don't check for login status if come to this page we need to relogin
$session = new DashboardSession();
//Get parameters - check safe and return as array
// all values are included in array - even if not on url
$parms = new Parameters();
// Allow messages to be sent to the web page
$message = '';
// If we have a username & password then login attempt, if not then prompt
/** logging in **/
// First check that the password is correct - as otherwise we won't allow anything
// $password is already md5 encoded, as is the value in get_values so just do direct compare
if ($parms->getParm('user') != '' && $parms->getParm('password') != '') {
$username = $parms->getParm('user');
$password = $parms->getParm('password');
if ($debug) {
print "Login attempt {$username} / {$password}";
}
// gets user object based on username
$user = $kdb->getUserUsername($username);
// check we got a user back
if ($user == null) {
if ($debug) {
print "No matching user found\n";
}
loginFail('usernamepassword');
}
// Get username and password and check - first check shouldn't hit but additional check
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=password.php");
exit(0);
}
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=password.php&message=notuser");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters();
// Do we have a password (old, new and repeat new)
if ($parms->getParm('password') != '') {
$password = $parms->getParm('password');
// check that password is correct
if (md5($password) != $user->getPassword()) {
passwordChg("Incorrect password");
}
// check password matches
if ($parms->getParm('newpassword') != $parms->getParm('repeatpassword')) {
passwordChg("Passwords do not match");
}
$newpassword = $parms->getParm('newpassword');
// set password in database
$kdb->setUserPassword($username, md5($newpassword));
// redirect to dashboard page - with message password changed
header("Location: dashboard.php?message=newpass");
} else {
include 'inc/' . $class_name . '.php';
}
/*** Connect to database ***/
$db = new Database($dbsettings);
$kdb = new KidsafeDB($db);
//Get parameters - check safe and return as object
// all values are included in array - even if not on url
$parms = new Parameters();
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// If we have a password then adding entry, if not then prompt what to add
/** Adding entry **/
// First check that the password is correct - as otherwise we won't allow anything
// $password is already md5 encoded, as is the value in get_values so just do direct compare
if ($parms->getParm('add') == 'stage2') {
// gets user object based on username
$user = $kdb->getUserUsername($parms->getParm('username'));
// check we got a user back
if ($user == null) {
if ($debug) {
print "User doesn't exist " . $parms->getParm('username') . "\n";
}
loginFail();
}
// Get username and password and check - first check shouldn't hit but additional check
if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) {
if ($debug) {
print "Login failure user: "******" password: "******" \n";
}
loginFail();
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters($parms_allowed);
// valid messages
// newpass, nopermission
if ($parms->getParm('action') == 'save') {
// create rule object with defaults - populate below
$rule = new Rule();
// This is user entered - so needs to be vetted
// need better error message
$website = $parms->getParm('website');
if ($website == '') {
if ($debug) {
print "Website needs to be specified\n";
}
$err = Errors::getInstance();
$err->errorEvent(ERROR_PARAMETER, "Website needs to be specified");
}
// check to see if this is a url rather than a domain / regexp
// basic check looking for :// (could be http / https)
if (preg_match('#://#', $website)) {
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters();
// valid messages
// newpass, nopermission
if ($parms->getParm('action') == 'save') {
// Saved changed entry
$this_username = $parms->getParm('username');
// if not supplied id then go to dashboard
if ($this_username == "") {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// returns user object - use to check that username is valid
$this_user = $kdb->getUserUsername($this_username);
if ($this_user == null) {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// confirmed that user exists
$this_user->setFullname($parms->getParm('fullname'));
$kdb = new KidsafeDB($db);
$session_file = new SessionFile($sessionfilename);
//Get parameters - check safe and return as array
// all values are included in array - even if not on url
$parms = new Parameters();
//$get_values = getPostParms();
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// Allow messages to be sent to the web page
$message = '';
// If we have a username & password then login attempt, if not then prompt
/** logging in **/
// First check that the password is correct - as otherwise we won't allow anything
// $password is already md5 encoded, as is the value in get_values so just do direct compare
if ($parms->getParm('user') != '' && $parms->getParm('password') != '') {
$username = $parms->getParm('user');
$password = $parms->getParm('password');
if ($debug) {
print "Login attempt {$username} / {$password}";
}
// gets user object based on username
$user = $kdb->getUserUsername($username);
// check we got a user back
if ($user == null) {
if ($debug) {
print "No matching user found\n";
}
loginFail('usernamepassword');
}
// Get username and password and check - first check shouldn't hit but additional check
die("Unable to connect to the database");
}
// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=listrules.php");
exit(0);
}
$parms = new Parameters();
// valid messages
if ($parms->getParm('message') == 'unknownuser') {
$user_messages .= "User invalid\n";
}
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=listusers.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin() && !$user->isSupervisor()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$all_users = $kdb->getUsersAll();
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters();
// valid messages
// newpass, nopermission
if ($parms->getParm('action') == 'save') {
// Saved changed entry
$this_id = $parms->getParm('id');
// if not supplied id then go to dashboard
if ($this_id == "") {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// returns ruleobject $this_rule - use to check that id is valid
$rule = $kdb->getRuleRuleid($this_id);
if ($rule == null) {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// confirmed that rule exists - now update the rule with the new details
// don't check if it's changed - just overwrite with new details
}
// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=dashboard.php");
exit(0);
}
$parms = new Parameters();
// valid messages
// newpass, nopermission, parameter
if ($parms->getParm('message') == 'newpass') {
$user_messages .= "Password successfully changed\n";
} elseif ($parms->getParm('message') == 'nopermission') {
$user_messages .= "Insufficient permission\n";
} elseif ($parms->getParm('message') == 'parameter') {
$user_messages .= "Missing or invalid parameter\n";
}
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
function __autoload($class_name)
{
include 'inc/' . $class_name . '.php';
}
/*** Connect to database ***/
$db = new Database($dbsettings);
$kdb = new KidsafeDB($db);
//Get parameters - check safe and return as object
$parms = new Parameters();
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// used to set messages to provide to the user (eg. 'proxy not disabled for local network');
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
if ($parms->getParm('url') == '') {
$user_messages .= 'No website specified in the redirect. <br>';
}
// Do we have an IP address from the parms - if so use that, if not try and find from the server (only if no proxy set for local connections)
if ($parms->getParm('source') != '') {
$ip = $parms->getParm('source');
} else {
// note need to check that ip is not the same as the proxy (in which case they haven't set bypass for local
$ip = $_SERVER['REMOTE_ADDR'];
if ($ip == $_SERVER['SERVER_ADDR']) {
// if nolocal then don't allow login
if ($nolocal == True) {
$ip = '';
}
// if nolocal false then allow tunnelled proxy connections
// We add warning in either case which can prompt user if it doesn't work
{
include 'inc/' . $class_name . '.php';
}
/*** Connect to database ***/
$db = new Database($dbsettings);
$kdb = new KidsafeDB($db);
if ($db->getStatus() != 1) {
die("Unable to connect to the database");
}
// Get parameters - check safe and return as object
// all values are included in array - even if not on url
$parms = new Parameters();
// used to set messages to provide to the user
// including <br> on the end of each message will keep the messages separate for the user
$user_messages = '';
if ($parms->getParm('message') == 'passwordmatch') {
$user_message .= 'Passwords do not match<br>';
}
/** Check for login - or redirect to login.php **/
$session = new DashboardSession();
// are we logged in already?
if ($session->getUsername() == '') {
//If not redirect to login page - then redirect here
header("Location: dashboardlogin.php?redirect=adduser.php");
exit(0);
}
// create user object - this is local user - not the one we are adding
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=password.php&message=notuser");
// create user object
$user = $kdb->getUserUsername($session->getUsername());
// check we have valid user
if ($user == null) {
header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser");
exit(0);
} elseif (!$user->isAdmin()) {
header("Location: dashboard.php?message=nopermission");
exit(0);
}
// Username used to display back to user
$username = $user->getUsername();
$parms = new Parameters();
// valid messages
// newpass, nopermission
if ($parms->getParm('action') == 'save') {
// Saved changed entry
$this_id = $parms->getParm('id');
// if not supplied id then go to dashboard
if ($this_id == "") {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// returns ruleobject $this_rule - use to check that id is valid
$site = $kdb->getSiteSiteid($this_id);
if ($site == null) {
header("Location: dashboard.php?message=parameter");
exit(0);
}
// confirmed that site exists
$site->setId($this_id);
