Exemple #1
0
function login($loginid, $password, $expires = null)
{
    $ctx = Model_Context::getInstance();
    $loginid = POD::escapeString($loginid);
    $blogid = getBlogId();
    $userid = Auth::authenticate($blogid, $loginid, $password);
    if ($userid === false) {
        return false;
    }
    if (empty($_POST['save'])) {
        setcookie('TSSESSION_LOGINID', '', time() - 31536000, $ctx->getProperty('service.path') . '/', $ctx->getProperty('service.domain'));
    } else {
        setcookie('TSSESSION_LOGINID', $loginid, time() + 31536000, $ctx->getProperty('service.path') . '/', $ctx->getProperty('service.domain'));
    }
    if (in_array("group.writers", Acl::getCurrentPrivilege())) {
        Session::authorize($blogid, $userid, $expires);
    }
    return true;
}
Exemple #2
0
<?php

/// Copyright (c) 2004-2015, Needlworks  / Tatter Network Foundation
/// All rights reserved. Licensed under the GPL.
/// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT)
$IV = array('POST' => array('save' => array(array('on'), 'mandatory' => false)));
require ROOT . '/library/preprocessor.php';
if (false) {
    doesHaveMembership();
    doesHaveOwnership();
    Session::authorize();
    login();
    fetchConfigVal();
}
Exemple #3
0
include "settings/settings.php";
$pdo_link = new PDO("mysql:dbname={$db_name};host={$db_host}", $db_user, $db_password);
function autoloader($class_name)
{
    include "classes/" . strtolower($class_name) . ".class.php";
}
spl_autoload_register('autoloader');
/**
*	Attempt to load a user
*/
$SESSION_STARTED = false;
if (isset($_SERVER["HTTP_X_AUTH_KEY"]) && ($auth_key_header = explode(":", $_SERVER["HTTP_X_AUTH_KEY"])) && count($auth_key_header) == 2) {
    list($sess_username, $sess_password) = $auth_key_header;
    $CURRENT_USER = new User($pdo_link);
    $CURRENT_USER->username = $sess_username;
    $CURRENT_USER->password = $sess_password;
    if ($CURRENT_USER->auth()) {
        $SESSION_STARTED = true;
    }
}
if (isset($_SERVER["HTTP_X_SESSION_TOKEN"])) {
    if (count($AR_SESSION_PAIR = explode(":", $_SERVER["HTTP_X_SESSION_TOKEN"])) == 2) {
        $AR_SESSION = new Session($pdo_link);
        list($sess_username, $token) = $AR_SESSION_PAIR;
        $AR_SESSION->token = $token;
        if ($AR_SESSION->authorize($sess_username)) {
            $CURRENT_USER = $AR_SESSION->user;
            $SESSION_STARTED = true;
        }
    }
}
 function setAcl($openid)
 {
     Acl::authorize('openid', $openid);
     $pool = DBModel::getInstance();
     $context = Model_Context::getInstance();
     $blogid = intval($context->getProperty('blog.id'));
     $pool->reset('UserSettings');
     $pool->setQualifier('name', 'like', 'openid.', true);
     $pool->setQualifier('value', 'equals', $openid, true);
     $pool->setOrder('userid', 'ASC');
     $result = $pool->getCell('userid');
     $userid = null;
     if ($result) {
         $userid = $result;
         Acl::authorize('textcube', $userid);
     }
     if (!empty($userid) && in_array("group.writers", Acl::getCurrentPrivilege())) {
         Session::authorize($blogid, $userid);
     } else {
         Session::authorize($blogid, SESSION_OPENID_USERID);
     }
 }
Exemple #5
0
             }
         } else {
             set_status(403, $STR["invalid_auth_key"]);
         }
     }
     break;
     //Delete a given token
     //Requires the username to be present in the path
     //Path must be in this way session/username/session_token
 //Delete a given token
 //Requires the username to be present in the path
 //Path must be in this way session/username/session_token
 case "DELETE":
     if (count($path) > 2 && (list($username, $token) = array_slice($path, 0, 2))) {
         $session->token = $token;
         if ($session->authorize($username)) {
             $session->destroy();
             set_status(200, $STR["sess_token_deleted"]);
         } else {
             set_status(403, $STR["couldnt_authorize"]);
         }
     } else {
         set_status(403, $STR["missing_parameters"]);
     }
     break;
     //
     //
 //
 //
 case "GET":
     if (count($path) > 2 && (list($username, $token) = array_slice($path, 0, 2))) {
Exemple #6
0
$display = new Display();
$router = new Router();
$kyros = new Kyros();
$hooks = new Hooks();
$config = new Config();
$utility = new Utility();
$config->load();
$session = new Session();
$db = new mysqli($config->sql_hostname, $config->sql_username, $config->sql_password, $config->sql_database);
if ($db->connect_error) {
    die("Unable to connect to MySQLi");
}
foreach (glob("hooks/*.hook.php") as $file) {
    include $file;
}
$session->authorize();
$session->user->permissions = new Permissions();
$session->user->permissions->load($session->user->id);
$kyros->theme = $utility->load_theme();
$router->build();
$kyros->site_dir = $config->site_dir;
$kyros->theme_dir = $config->theme_dir . $config->theme . "/";
$wrapper = new Template();
$wrapper->sidebar = true;
$wrapper->admin_button = "";
$wrapper->topic_button = "";
$wrapper->hooks = $hooks;
$wrapper->site_name = $config->site_name;
$wrapper->site_dir = $config->site_dir;
$categories = array();
if ($result = $db->query("SELECT * FROM categories")) {
Exemple #7
0
<?php

include "../src/core.php";
$username = "******";
$token = "EIgzUkY0PJ";
$sess = new Session($pdo_link);
$sess->token = $token;
$sess->authorize($username);
var_dump($sess);