Exemple #1
0
 function logError($msg)
 {
     include_once dirname(__FILE__) . "/error.class.inc.php";
     $e = new errorHandler();
     $e->setError(9, "Logging error: " . $msg);
     $e->dumpError();
     return;
 }
Exemple #2
0
// include the crypto thing
include_once "../includes/crypt.class.inc.php";
startCMSSession();
// include_once the error handler
include_once "../includes/error.class.inc.php";
$e = new errorHandler();
// if $max_attempts system setting is set, use it, otherwise set to 3
$max_attempts = !empty($max_attempts) ? $max_attempts : 3;
$username = preg_replace("/[^\\w\\.@-]/", "", htmlspecialchars($_POST['username']));
$givenPassword = preg_replace("/[^\\w\\.@-]/", "", htmlspecialchars($_POST['password']));
$captcha_code = preg_replace("/[^\\w\\.@-]/", "", $_POST['captcha_code']);
$sql = "SELECT {$dbase}." . $table_prefix . "manager_users.*, {$dbase}." . $table_prefix . "user_attributes.* FROM {$dbase}." . $table_prefix . "manager_users, {$dbase}." . $table_prefix . "user_attributes WHERE {$dbase}." . $table_prefix . "manager_users.username REGEXP BINARY '^" . $username . "\$' and {$dbase}." . $table_prefix . "user_attributes.internalKey={$dbase}." . $table_prefix . "manager_users.id;";
$rs = mysql_query($sql);
$limit = mysql_num_rows($rs);
if ($limit == 0 || $limit > 1) {
    $e->setError(900);
    $e->dumpError();
}
$row = mysql_fetch_assoc($rs);
$internalKey = $row['internalKey'];
$dbasePassword = $row['password'];
$failedlogins = $row['failedlogincount'];
$blocked = $row['blocked'];
$blockeduntil = $row['blockeduntil'];
$registeredsessionid = $row['sessionid'];
$role = $row['role'];
$lastlogin = $row['lastlogin'];
$nrlogins = $row['logincount'];
$fullname = $row['fullname'];
$email = $row['email'];
if ($failedlogins >= $max_attempts && $blockeduntil > time()) {
         if ($oT->checkTemplateById($_REQUEST['id'], $_REQUEST['customtable'])) {
             $tbl = (int) $_REQUEST['customtable'];
             $onetbl = $modx->getFullTableName('customtable_' . $tbl);
             $manager_theme = $modx->config['manager_theme'];
             include_once "header.inc.php";
             include_once MODX_BASE_PATH . "/assets/plugins/customtables/mutate_content.dynamic.php";
             include_once "footer.inc.php";
             die;
         }
     }
     if ($action == 5 && isset($_REQUEST['customtable']) && $_POST['mode'] == '27') {
         if (isset($_REQUEST['customtable']) && $oT->checkTemplate($_REQUEST['customtable'])) {
             if (!$modx->hasPermission('save_document')) {
                 include_once MODX_MANAGER_PATH . "includes/error.class.inc.php";
                 $err = new errorHandler();
                 $err->setError(3, "You don't have enough privileges for this action!");
                 $err->dumpError();
             }
             $oT->api->setTable('customtable_' . $_REQUEST['customtable']);
             $oT->updateDoc($_POST);
             $oT->modx->clearCache();
             header('Location:index.php?a=27&customtable=' . $_REQUEST['customtable'] . '&id=' . (int) $_POST['id']);
             echo 'updated';
             die;
         }
     }
     break;
 case 'OnWebPageInit':
     $oT->checkCacheEvents();
     break;
 default:
Exemple #4
0
$length_eng_lang = count($_lang);
if ($manager_language != "english") {
    include_once "includes/lang/" . $manager_language . ".inc.php";
}
// include_once the error handler
include_once "includes/error.class.inc.php";
$e = new errorHandler();
// first we check to see if this is a frameset request
if (!isset($_POST['a']) && !isset($_GET['a']) && $e->getError() == 0) {
    // this looks to be a top-level frameset request, so let's serve up a frameset
    include_once "frames/1.php";
    exit;
}
// retrieve the action directive form the request
if (isset($_GET['a']) && isset($_POST['a'])) {
    $e->setError(100);
    $e->dumpError();
    // set $e to a corresponding errorcode
    // we know that if an error occurs here, something's wrong,
    // so we dump the error, thereby stopping the script.
} else {
    $action = $_REQUEST['a'];
}
// now we decide what to do according to the action request.
switch ($action) {
    /********************************************************************/
    // frame management - show the requested frame
    /********************************************************************/
    case "1":
        // get the requested frame
        $frame = $_REQUEST['f'];
Exemple #5
0
 function userLogin($username, $password, $rememberme = 0, $url = "", $id = "", $alias = "", $use_captcha = 0, $captcha_code = "")
 {
     // Performs user login and permissions assignment
     // And combination of the following variables can be sent
     // Defaults to current document
     // $url   = and fully qualified URL (no validation performed)
     // $id    = an existing document ID (no validation performed)
     // $alias = any document alias (no validation performed)
     // include the crypto thing
     include_once "./manager/includes/crypt.class.inc.php";
     // include_once the error handler
     include_once "./manager/includes/error.class.inc.php";
     $e = new errorHandler();
     if ($use_captcha == 1) {
         if ($_SESSION['veriword'] != $captcha_code) {
             unset($_SESSION['veriword']);
             $e->setError(905);
             $e->dumpError();
             $newloginerror = 1;
         }
     }
     unset($_SESSION['veriword']);
     $username = htmlspecialchars($username);
     $givenPassword = htmlspecialchars($password);
     $sql = "SELECT " . $this->db . "manager_users.*, " . $this->db . "user_attributes.* FROM " . $this->db . "manager_users, " . $this->db . "user_attributes WHERE " . $this->db . "manager_users.username REGEXP BINARY '^" . $username . "\$' and " . $this->db . "user_attributes.internalKey=" . $this->db . "manager_users.id;";
     $rs = $this->dbQuery($sql);
     $limit = $this->recordCount($rs);
     if ($limit == 0 || $limit > 1) {
         $e->setError(900);
         $e->dumpError();
     }
     $row = $this->fetchRow($rs);
     $_SESSION['shortname'] = $username;
     $_SESSION['fullname'] = $row['fullname'];
     $_SESSION['email'] = $row['email'];
     $_SESSION['phone'] = $row['phone'];
     $_SESSION['mobilephone'] = $row['mobilephone'];
     $_SESSION['internalKey'] = $row['internalKey'];
     $_SESSION['failedlogins'] = $row['failedlogincount'];
     $_SESSION['lastlogin'] = $row['lastlogin'];
     $_SESSION['role'] = $row['role'];
     $_SESSION['nrlogins'] = $row['logincount'];
     if ($row['failedlogincount'] >= $this->config['max_attempts'] && $row['blockeduntil'] > time()) {
         session_destroy();
         session_unset();
         $e->setError(902);
         $e->dumpError();
     }
     if ($row['failedlogincount'] >= $this->config['max_attempts'] && $row['blockeduntil'] < time()) {
         $sql = "UPDATE " . $this->db . "user_attributes SET failedlogincount='0', blockeduntil='" . (time() - 1) . "' where internalKey=" . $row['internalKey'] . ";";
         $rs = $this->dbQuery($sql);
     }
     if ($row['blocked'] == "1") {
         session_destroy();
         session_unset();
         $e->setError(903);
         $e->dumpError();
     }
     if ($row['blockeduntil'] > time()) {
         session_destroy();
         session_unset();
         $e->setError(904);
         $e->dumpError();
     }
     if ($row['password'] != md5($givenPassword)) {
         session_destroy();
         session_unset();
         $e->setError(901);
         $newloginerror = 1;
         $e->dumpError();
     }
     $sql = "SELECT * FROM " . $this->db . "user_roles where id=" . $row['role'] . ";";
     $rs = $this->dbQuery($sql);
     $row = $this->fetchRow($rs);
     $_SESSION['permissions'] = $row;
     $_SESSION['frames'] = 0;
     $_SESSION['validated'] = 1;
     if ($url == "") {
         $url = $this->makeURL($id, $alias);
     }
     $this->sendRedirect($url);
 }