Exemple #1
0
 function GetGpxContent()
 {
     $this->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->";
     $this->head_js[] = '/include/js/login.js';
     $this->head_js[] = '/include/js/md5_sha.js';
     $this->head_js[] = '/include/thirdparty/js/jsSHA.js';
     $this->css_admin[] = '/include/css/login.css';
     $_POST += array('username' => '');
     $this->admin_js = true;
     includeFile('tool/sessions.php');
     gpsession::cookie('g', 2);
     $this->BrowserWarning();
     $this->JavascriptWarning();
     echo '<div class="req_script nodisplay" id="login_container">';
     echo '<table><tr><td>';
     $cmd = common::GetCommand();
     switch ($cmd) {
         case 'send_password':
             if ($this->SendPassword()) {
                 $this->LoginForm();
             } else {
                 $this->FogottenPassword();
             }
             break;
         case 'forgotten':
             $this->FogottenPassword();
             break;
         default:
             $this->LoginForm();
             break;
     }
     echo '</td></tr></table>';
     echo '</div>';
 }
Exemple #2
0
 /**
  * Make sure the current user stays logged in after a revert is completed
  *
  */
 function TransferSession()
 {
     global $gpAdmin, $dataDir;
     $username = $gpAdmin['username'];
     // get user info
     include $dataDir . '/data/_site/users.php';
     $userinfo =& $users[$username];
     $session_id = gpsession::create($userinfo, $username);
     if (!$session_id) {
         return;
     }
     //set the cookie for the new data
     $config = gpFiles::Get('_site/config');
     $session_cookie = 'gpEasy_' . substr(sha1($config['gpuniq']), 12, 12);
     gpsession::cookie($session_cookie, $session_id);
     //set the update gpuniq value for the post_nonce
     $GLOBALS['config']['gpuniq'] = $config['gpuniq'];
 }
Exemple #3
0
 function LoginForm()
 {
     global $langmessage, $gp_index, $page;
     $page->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->";
     $page->head_js[] = '/include/js/login.js';
     $page->head_js[] = '/include/js/md5_sha.js';
     $page->css_admin[] = '/include/css/login.css';
     $_POST += array('username' => '');
     $page->admin_js = true;
     includeFile('tool/sessions.php');
     gpsession::cookie('g', 2);
     $action = 'Admin_Main';
     if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) {
         $action = $_REQUEST['file'];
     }
     echo '<div class="req_script nodisplay" id="login_container">';
     echo '<div id="browser_warning" class="nodisplay">';
     echo '<div><b>' . $langmessage['Browser Warning'] . '</b></div>';
     echo '<p>';
     echo $langmessage['Browser !Supported'];
     echo '</p>';
     echo '<p>';
     echo '<a href="http://www.mozilla.com/">Firefox</a>';
     echo '<a href="http://www.google.com/chrome">Chrome</a>';
     echo '<a href="http://www.apple.com/safari">Safari</a>';
     echo '<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx">Explorer</a>';
     echo '</p>';
     echo '</div>';
     echo '<div id="loginform">';
     echo '<p><b>' . $langmessage['LOGIN_REQUIRED'] . '</b></p>';
     echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin_Main', 'Reload to continue...') . '</div>';
     echo '<form action="' . common::GetUrl($action) . '" method="post" id="login_form">';
     echo '<div>';
     echo '<input type="hidden" name="cmd" value="login" />';
     if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) {
         echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '" />';
     }
     echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />';
     echo '</div>';
     echo '<label>';
     echo $langmessage['username'];
     echo '<input type="text" class="login_text" name="username" value="' . htmlspecialchars($_POST['username']) . '" />';
     echo '<input type="hidden" name="user_sha" value="" />';
     echo '</label>';
     echo '<label>';
     echo $langmessage['password'];
     echo '<input type="password" class="login_text password" name="password" value="" />';
     echo '<input type="hidden" name="pass_md5" value="" />';
     echo '<input type="hidden" name="pass_sha" value="" />';
     echo '</label>';
     echo '<input type="submit" class="login_submit" name="aa" value="' . $langmessage['login'] . '" />';
     echo '<p>';
     echo '<label>';
     echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> ';
     echo '<span>' . $langmessage['remember_me'] . '</span>';
     echo '</label> ';
     echo '<label>';
     echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> ';
     echo '<span>' . $langmessage['send_encrypted'] . '</span>';
     echo '</label>';
     echo '</p>';
     echo '<p>';
     echo '<label>';
     $url = common::GetUrl('Admin', 'cmd=forgotten');
     echo sprintf($langmessage['forgotten_password'], $url);
     echo '</label>';
     echo '</p>';
     echo '</form>';
     echo '</div>';
     echo '</div>';
     echo '<div class="without_script" id="javascript_warning">';
     echo '<p><b>' . $langmessage['JAVASCRIPT_REQ'] . '</b></p>';
     echo '<p>';
     echo $langmessage['INCOMPAT_BROWSER'];
     echo ' ';
     echo $langmessage['MODERN_BROWSER'];
     echo '</p>';
     echo '</div>';
 }
Exemple #4
0
 /**
  * Determine if $session_id represents a valid session and if so start the session
  *
  */
 function start($session_id)
 {
     global $langmessage, $dataDir, $gp_random, $gp_admin_html;
     //get the session file
     $sessions = gpsession::GetSessionIds();
     if (!isset($sessions[$session_id])) {
         gpsession::cookie(gp_session_cookie, '', time() - 42000);
         //make sure the cookie is deleted
         message($langmessage['Session Expired'] . ' (timeout)');
         return false;
     }
     $sess_info = $sessions[$session_id];
     //check ~ip, ~user agent ...
     if (gp_browser_auth && isset($sess_info['uid'])) {
         $auth_uid = gpsession::auth_browseruid();
         $auth_uid_legacy = gpsession::auth_browseruid(true);
         //legacy option added to prevent logging users out, added 2.0b2
         if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) {
             gpsession::cookie(gp_session_cookie, '', time() - 42000);
             //make sure the cookie is deleted
             message($langmessage['Session Expired'] . ' (browser auth)');
             return false;
         }
     }
     $session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name'];
     if ($session_file === false || !file_exists($session_file)) {
         gpsession::cookie(gp_session_cookie, '', time() - 42000);
         //make sure the cookie is deleted
         message($langmessage['Session Expired'] . ' (invalid)');
         return false;
     }
     //lock to prevent conflicting edits
     $locked = false;
     $last_sess_id = false;
     $last_sess_time = 0;
     $since_last_session = 0;
     foreach ($sessions as $sess_temp_id => $sess_temp_info) {
         if (!isset($sess_temp_info['time']) || !$sess_temp_info['time']) {
             continue;
         }
         $diff = (time() - $sess_temp_info['time']) / 60;
         if ($diff < gp_lock_time && $last_sess_time < $sess_temp_info['time']) {
             $last_sess_id = $sess_temp_id;
             $last_sess_time = $sess_temp_info['time'];
             $since_last_session = time() - $last_sess_time;
         }
     }
     if ($last_sess_id && $last_sess_id != $session_id) {
         $expires = ceil((gp_lock_time - $since_last_session) / 60);
         //no longer locked
         if ($expires > 0) {
             $locked = true;
             message($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], $expires));
         }
     }
     //prevent browser caching when editing
     Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT');
     Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT');
     Header('Cache-Control: no-store, no-cache, must-revalidate');
     // HTTP/1.1
     Header('Cache-Control: post-check=0, pre-check=0', false);
     Header('Pragma: no-cache');
     // HTTP/1.0
     $GLOBALS['gpAdmin'] = gpsession::SessionData($session_file, $checksum);
     if ($locked) {
         $GLOBALS['gpAdmin']['locked'] = true;
     } else {
         unset($GLOBALS['gpAdmin']['locked']);
     }
     register_shutdown_function(array('gpsession', 'close'), $session_file, $checksum);
     gpsession::SaveSetting();
     //update time and move to end of $sessions array
     if (!$locked && (!$since_last_session || $since_last_session > gp_lock_time / 2)) {
         $sessions[$session_id]['time'] = time();
         gpsession::SaveSessionIds($sessions);
     }
     //make sure forms have admin nonce
     ob_start(array('gpsession', 'AdminBuffer'));
     //make sure each logged in request has the gp_admin_html area
     $gp_admin_html = '<div id="gp_admin_html"></div>';
     return true;
 }
Exemple #5
0
 /**
  * Handle admin login/logout/session_start if admin session parameters exist
  *
  */
 function sessions()
 {
     $update_cookies = false;
     $cmd = '';
     if (isset($_GET['cmd']) && $_GET['cmd'] == 'logout') {
         $cmd = 'logout';
     } elseif (isset($_POST['cmd']) && $_POST['cmd'] == 'login') {
         $cmd = $_POST['cmd'];
     } elseif (isset($_COOKIE[gp_session_cookie])) {
         $cmd = 'start';
     } elseif (isset($_COOKIE['gpEasy'])) {
         $_COOKIE[gp_session_cookie] = $_COOKIE['gpEasy'];
         $update_cookies = true;
         $cmd = 'start';
     }
     if (empty($cmd)) {
         return;
     }
     includeFile('tool/sessions.php');
     includeFile('admin/admin_tools.php');
     includeFile('tool/editing.php');
     if ($update_cookies) {
         gpsession::cookie(gp_session_cookie, $_COOKIE['gpEasy']);
         gpsession::cookie('gpEasy', '', time() - 42000);
     }
     switch ($cmd) {
         case 'logout':
             gpsession::LogOut();
             return;
         case 'login':
             gpsession::LogIn();
             return;
     }
     if (isset($_COOKIE[gp_session_cookie])) {
         gpsession::CheckPosts($_COOKIE[gp_session_cookie]);
         gpsession::start($_COOKIE[gp_session_cookie]);
     }
 }