/**
* Get list of pages that user can access
*
* IS THE SAME FUNCTION OF USERS LIBRARY !!!!
*/
function sumo_get_user_accesspoints($id = NULL, $html = FALSE)
{
if ($id) {
global $SUMO, $language;
$user_data = sumo_get_user_info($id, 'id', FALSE);
$num_groups = count($user_data['group']);
$group_query = '';
if (!in_array('sumo', $user_data['group'])) {
$group_query = " WHERE ";
for ($g = 0; $g < $num_groups; $g++) {
$group_query .= "usergroup='" . $user_data['group'][$g] . "' OR \n\t\t\t\t\t\t\t usergroup LIKE '" . $user_data['group'][$g] . ";%' OR\n\t\t\t\t\t\t\t usergroup LIKE '%;" . $user_data['group'][$g] . ";%'";
if ($g < $num_groups - 1) {
$group_query .= " OR ";
}
}
}
$query = "SELECT * FROM " . SUMO_TABLE_ACCESSPOINTS . " \n\t\t\t\t " . $group_query . " \n\t\t\t\t ORDER BY name";
$rs = $SUMO['DB']->Execute($query);
$ap = array();
while ($tab = $rs->FetchRow()) {
$ap[] = $tab;
}
// html output
if ($html) {
if (in_array('sumo', $user_data['group'])) {
return $language['AllAccessPoints'];
}
$list = '';
$num_ap = count($ap);
if ($num_ap > 0) {
$list = "<table cellspacing='0' class='tab'>\n" . " <tr>\n" . " <td class='tab-title'>" . $language['Page'] . "</td>\n" . " <td class='tab-title'>" . $language['Path'] . "</td>\n" . " </tr>\n";
for ($p = 0; $p < $num_ap; $p++) {
$style = sumo_alternate_str('tab-row-on', 'tab-row-off');
// Format group string to display it
$group = preg_replace("/sumo:7/", "<b><font color='#BB0000'>sumo:7</font></b>", $ap[$p]['usergroup']);
$group = preg_replace("/sumo:/", "<font color='#BB0000'>sumo</font>:", $group);
$group = str_replace(';', '; ', $group);
$group = strlen(strip_tags($group)) > 50 ? substr($group, 0, 50) . '...' : $group;
// Format path string to display it
$path = strlen($ap[$p]['path']) > 50 ? substr($ap[$p]['path'], 0, 50) . '...' : $ap[$p]['path'];
$path = "<a href='" . $ap[$p]['path'] . "' target='_blank'>" . $path . "</a>";
$name = sumo_get_accesspoint_name($ap[$p]['name'], $_COOKIE['language']);
$list .= "<tr>\n" . " <td class='" . $style . "'>" . $name . "</td>\n" . " <td class='" . $style . "'>" . $path . "</td>\n" . "</tr>\n";
}
$list .= "</table>";
}
$ap = $list;
}
return $ap;
} else {
return FALSE;
}
}
$tot = $rs->PO_RecordCount();
$rs = $SUMO['DB']->SelectLimit($query2, $_SESSION['rows_relationship_group2accesspoints'], $_SESSION['start_relationship_group2accesspoints']);
$vis = $rs->PO_RecordCount();
/**
* Create list
*/
$list = sumo_get_table_header($table['data']['group2accesspoints']);
while ($tab = $rs->FetchRow()) {
$style = sumo_alternate_str('tab-row-on', 'tab-row-off');
$query = "SELECT id,node,path,name FROM " . SUMO_TABLE_ACCESSPOINTS . "\n\t\t\t WHERE (\n\t\t\t \t\t usergroup LIKE '" . $tab['usergroup'] . "' \n\t\t\t\t\t OR usergroup LIKE '" . $tab['usergroup'] . ";%'\n\t\t\t\t\t OR usergroup LIKE '%;" . $tab['usergroup'] . "'\n\t\t\t\t\t OR usergroup LIKE '%;" . $tab['usergroup'] . ";%'\n\t\t\t\t\t )\n\t\t\t ORDER BY node,name,path";
$rs2 = $SUMO['DB']->Execute($query);
$ap = "<table width='100%'>";
$a = 0;
while ($tab2 = $rs2->FetchRow()) {
$style2 = sumo_alternate_str('tab-row-on', 'tab-row-off', $tab['usergroup']);
$tab2['name'] = sumo_get_accesspoint_name($tab2['name'], $_COOKIE['language']);
$ap .= "<tr>" . "<td width='100%' class='" . $style2 . "' nowrap>" . "<a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=edit&id=" . $tab2['id'] . "\");'>" . $tab2['name'] . "</a>" . "</td>" . "<td class='" . $style2 . "'>" . "<a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=edit&id=" . $tab2['id'] . "\");'>" . $tab2['path'] . "</a>" . "</td>" . "</tr>\n";
$a++;
}
$ap .= "</table>";
if ($search) {
$tab['usergroup'] = sumo_color_match_string($field['usergroup'][1], $tab['usergroup']);
}
$width = $a > 5 ? " width='450'" : '';
$list .= "<tr>\n" . " <td class='" . $style . "'><b>" . "<a href='javascript:sumo_ajax_get(\"groups\",\"?module=groups&action=edit&id=" . $tab['id'] . "\");'>" . $tab['usergroup'] . "</a>" . "</b>" . "<br>({$a} " . $language['accesspoints'] . ")</td>\n";
if ($_SESSION['relationship']['group2accesspoints']['col'][100]) {
$list .= " <td>" . $ap . "</td>\n";
}
if ($_SESSION['relationship']['group2accesspoints']['col'][101]) {
$list .= " <td style='border-bottom:1px solid #DCDCDC'><img onclick='javascript:window.open(\"services.php?module=relationship&service=relationship&cmd=GET_GROUP2ACCESSPOINTS&id=" . $tab['id'] . "\",\"group2accesspoints\",\"height=200,width=500,resizable=yes,scrollbars=yes\");' " . " src='services.php?module=relationship&service=relationship&cmd=GET_GROUP2ACCESSPOINTS&id=" . $tab['id'] . "' alt=''{$width}></td>\n" . "</tr>\n";
}
* @author Alberto Basso <*****@*****.**>
* @copyright Copyright © 2003-2009, Alberto Basso
* @package SUMO
* @category Console
*/
$id = isset($_GET['id']) ? $_GET['id'] : '';
$tab = sumo_get_accesspoint_info($id, 'id', FALSE);
$checked['http_auth'] = $tab['http_auth'] ? " checked='checked'" : "";
$checked['filtering'] = $tab['filtering'] ? " checked='checked'" : "";
$checked['pwd_encrypt'] = $tab['pwd_encrypt'] ? " checked='checked'" : "";
$checked['change_pwd'] = $tab['change_pwd'] ? " checked='checked'" : "";
$checked['registration'] = $tab['registration'] ? " checked='checked'" : "";
$form_name = 'AddAccesspoints';
$tpl['GET:ID'] = $tab['id'];
$tpl['GET:AddForm'] = sumo_get_form_req('', 'add', 'id=' . $tab['id']);
$tpl['PUT:Node'] = sumo_put_node($tab['node']);
$tpl['PUT:Theme'] = sumo_put_themes($tab['theme']);
$tpl['PUT:Groups'] = sumo_put_accesspoint_group($tab['id']);
$tpl['PUT:AddGroup'] = sumo_add_accesspoint_group();
$tpl['PUT:AddRegGroup'] = sumo_add_accesspoint_group('', 'reg_group');
$tpl['PUT:Name'] = sumo_put_accesspoint_name($form_name, sumo_get_accesspoint_name($tab['name']));
$tpl['PUT:Path'] = "<input type='text' size='35' name='path' value='" . $tab['path'] . "' />";
$tpl['PUT:HTTPAuth'] = "<input type='checkbox' name='http_auth' " . $checked['http_auth'] . " onclick='if(document.{$form_name}.http_auth.checked==true && document.{$form_name}.pwd_encrypt.disabled==false){document.{$form_name}.pwd_encrypt.checked=false;}' />";
$tpl['PUT:Filtering'] = "<input type='checkbox' name='filtering' " . $checked['filtering'] . " />";
$tpl['PUT:PwdEncrypt'] = "<input type='checkbox' name='pwd_encrypt' " . $checked['pwd_encrypt'] . " onclick='if(document.{$form_name}.pwd_encrypt.checked==true){document.{$form_name}.http_auth.checked=false;}' />";
$tpl['PUT:ChangePwd'] = "<input type='checkbox' name='change_pwd' " . $checked['change_pwd'] . " />";
$tpl['PUT:Registration'] = "<input type='checkbox' name='registration' " . $checked['registration'] . " " . "onclick='if(document.{$form_name}.registration.checked==true){document.{$form_name}.reg_group.disabled=false;}else{document.{$form_name}.reg_group.disabled=true;}' />";
$tpl['LINK:Add'] = sumo_get_action_icon("", "add");
$tpl['LINK:Edit'] = sumo_get_action_icon("", "edit");
$tpl['LINK:Remove'] = sumo_get_action_icon("", "remove");
$tpl['BUTTON:Back'] = "<input type='button' class='button-red' value='" . $language["Back"] . "' onclick='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=list\");'>";
$msg = sumo_get_simple_rand_string(4, "123456789");
$delete = "<div class='sub-module-icon' " . "onmouseover='this.style.outline=\"1px solid #999999\";this.style.background=\"#FFFFFF\"' " . "onmouseout='this.style.outline=\"\";this.style.background=\"\"'>" . "<a href=\"javascript:" . "sumo_show_message('msg{$msg}', '" . htmlspecialchars(sumo_get_message('AreYouSureDelete', array($tab['path'], htmlspecialchars(sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']), ENT_QUOTES)))) . "', \n\t\t\t\t\t\t'h', 0, \n\t\t\t\t\t\t'" . base64_encode(sumo_get_form_req('', 'delete', 'id=' . $tab['id'])) . "',\n\t\t\t\t\t\t'" . base64_encode('') . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='button' value='" . $language['Cancel'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='submit' value='" . $language['Ok'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "'\n\t\t\t\t);\">" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/modules/accesspoints/remove.png' vspace='4'><br>" . $language['Remove'] . "</a>" . "</div>";
} else {
$delete = sumo_get_action_icon("", "remove");
}
$node = sumo_get_node_info($tab['node']);
$tpl['GET:ID'] = $tab['id'];
$tpl['GET:RegGroup'] = $tab['reg_group'];
$tpl['GET:Updated'] = sumo_get_human_date($tab['updated']);
$tpl['GET:Created'] = sumo_get_human_date($tab['created']);
$tpl['GET:Created'] = sumo_get_human_date($tab['created']);
$tpl['GET:Node'] = $node['name'];
$tpl['GET:Groups'] = implode(", ", $tab['usergroup']);
$tpl['GET:RegGroup'] = $tab['reg_group'];
$tpl['GET:Theme'] = ucfirst($tab['theme']);
$tpl['GET:Name'] = sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']);
$tpl['GET:Filtering'] = "<input type='checkbox' name='filtering' " . $checked['filtering'] . " disabled />";
$tpl['GET:ChangePwd'] = "<input type='checkbox' name='change_pwd' " . $checked['change_pwd'] . " disabled />";
$tpl['GET:Registration'] = "<input type='checkbox' name='registration' " . $checked['registration'] . " disabled />";
$tpl['GET:Path'] = "<input type='text' size='50' name='path' value='" . $tab['path'] . "' disabled />";
$tpl['GET:HTTPAuth'] = "<input type='checkbox' name='http_auth' " . $checked['http_auth'] . " disabled />";
$tpl['GET:PwdEncrypt'] = "<input type='checkbox' name='pwd_encrypt' " . $checked['pwd_encrypt'] . " disabled />";
$tpl['LINK:Add'] = sumo_verify_permissions(5, 'sumo') ? sumo_get_action_icon("", "add", "accesspoints.content", "?module=accesspoints&action=new&decoration=false") : sumo_get_action_icon("", "add");
$tpl['LINK:Edit'] = sumo_verify_permissions(4, 'sumo') ? sumo_get_action_icon("", "edit", "accesspoints.content", "?module=accesspoints&action=edit&id=" . $tab['id'] . "&decoration=false") : sumo_get_action_icon("", "edit");
$tpl['LINK:Remove'] = $delete;
$tpl['BUTTON:Back'] = "<input type='button' class='button-red' value='" . $language["Back"] . "' onclick='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=list\");'>";
// Use REQUEST method because when delete a group on AP
// the command came from a link
$visibility['SecurityOptions'] = $_REQUEST['SecurityOptions_visibility'] ? true : false;
$visibility['LayoutOptions'] = $_REQUEST['LayoutOptions_visibility'] ? true : false;
$tpl['LINK:SecurityOptions'] = sumo_get_action_link($form_name, 'SecurityOptions', $visibility['SecurityOptions']);
/**
* Enable new password
*
* @author Alberto Basso
*/
function sumo_activate_new_password($code = '')
{
if (preg_match('/^[a-z0-9]{40}$/i', $code)) {
global $SUMO;
$query1 = "SELECT * FROM " . SUMO_TABLE_USERS_TEMP . " \r\n\t\t\t\t WHERE reg_code='" . $code . "' \r\n\t\t\t\t AND action=2";
$rs = $SUMO['DB']->Execute($query1);
$tab = $rs->FetchRow();
$query2 = "UPDATE " . SUMO_TABLE_USERS . " \r\n\t\t\t\t SET password='******'password'] . "' \r\n\t\t\t\t WHERE username='******'username'] . "' \r\n\t\t\t\t AND username<>'sumo'";
sumo_delete_user_temp();
// Delete old temp users
sumo_delete_user_temp($tab['email'], 2);
$SUMO['DB']->Execute($query2);
// Send notify e-mail to user
if (!$SUMO['config']['server']['admin']['email']) {
sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE);
} else {
$name = sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']);
$m = new Mail();
$m->From($SUMO['config']['server']['admin']['email']);
$m->To($tab['email']);
$m->Subject(sumo_get_message('I00012C'));
$m->Body(sumo_get_message("I00105M", array($tab['username'], date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format'], $SUMO['server']['time']), "\"" . $name . "\"")), SUMO_CHARSET);
$m->Priority(3);
$m->Send();
}
$logto = $SUMO['config']['accounts']['registration']['notify']['reg'] ? 3 : '0,1';
sumo_write_log('I00004X', array($tab['username'], $tab['email']), $logto, 2);
}
}
$color = 'orange';
}
if ($tab['expire'] < $SUMO['server']['time'] + 300) {
$color = 'red';
}
$country = explode('-', $tab['country_name']);
$country[0] = ucwords(strtolower($country[0]));
$country[1] = strtolower($country[1]);
$flag = trim($country[1]) ? trim($country[1]) . ".png" : "blank.png";
if (!$country[1]) {
$country[1] = 'blank';
}
$user = $search ? sumo_color_match_string($field['user'][1], $tab['username']) : $tab['username'];
$username = sumo_get_username($tab['username']);
$apinfo = sumo_get_accesspoint_info(sumo_get_normalized_accesspoint($tab['url']), 'path');
$apname = sumo_get_accesspoint_name($apinfo['name'], $_COOKIE['language']);
$list .= "<tr>\n";
if ($col[1]) {
$list .= " <td class='" . $style . "'><img src='themes/" . $SUMO['page']['theme'] . "/images/modules/sessions/status_" . $color . ".gif' class='session-status'> " . $tab['id'] . "</td>\n";
}
if ($col[4]) {
$list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"users\",\"?module=users&action=view&id=" . $tab['id_user'] . "\");" . "' title='" . $language['ViewUser'] . ": " . $username . "'>" . $user . "</a></td>\n";
}
if ($col[2]) {
$list .= " <td class='" . $style . "' align='right'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_node&id=" . $node[$tab['node']]['id'] . "\");'>" . $node[$tab['node']]['name'] . "</a></td>\n";
}
//if($col[2]) $list .= " <td class='".$style."'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=nlist\");'>".$node[$tab['node']]['name']."</a></td>\n";
if ($col[7]) {
$list .= " <td class='" . $style . "' align='right'>" . $tab['ip'] . "</td>\n";
}
if ($col[8]) {
<?php
// Fix PNG images if client browser is Internet Explorer
$pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "javascript:PNGFix()" : "";
$url_req = "";
// Filter URL query string
if ($_SERVER['QUERY_STRING']) {
$_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET)));
$get_data = array_keys($_GET);
$url_req = "?";
for ($k = 0; $k < count($get_data); $k++) {
$url_req .= $get_data[$k] . "=" . $_GET[$get_data[$k]] . "&";
}
}
$tpl_array = array("LANG:User" => $sumo_lang_core['User'], "LANG:Password" => $sumo_lang_core['Password'], "LANG:RegistrationForm" => $sumo_lang_core['RegistrationForm'], "LANG:RegistrationInfo" => $sumo_lang_core['RegistrationInfo'], "LANG:EraseAccount" => $sumo_lang_core['EraseAccount'], "LANG:EraseAccountInfo" => $sumo_lang_core['EraseAccountInfo'], "LANG:PasswordLost" => $sumo_lang_core['PasswordLost'], "LANG:PasswordLostInfo" => $sumo_lang_core['PasswordLostInfo'], "LANG:ConfirmRegistration" => $sumo_lang_core['ConfirmRegistration'], "LANG:ConfirmRegistrationInfo" => $sumo_lang_core['ConfirmRegistrationInfo'], "LANG:ConfirmEraseAccount" => $sumo_lang_core['ConfirmEraseAccount'], "LANG:ConfirmEraseAccountInfo" => $sumo_lang_core['ConfirmEraseAccountInfo'], "LANG:Email" => $sumo_lang_core['Email'], "LANG:Language" => $sumo_lang_core['Language'], "LANG:RegUser" => "<font color='red'>*</font> " . $sumo_lang_core['User'], "LANG:RegEmail" => "<font color='red'>*</font> " . $sumo_lang_core['Email'], "LANG:RegPassword" => "<font color='red'>*</font> " . $sumo_lang_core['Password'], "LANG:RegRepPassword" => "<font color='red'>*</font> " . $sumo_lang_core['RepPassword'], "LINK:Register" => sumo_get_link_registration(), "LINK:PasswordLost" => sumo_get_link_pwdlost(), "LINK:UnRegister" => sumo_get_link_registration(0), "GET:SumoVersion" => SUMO_VERSION, "GET:charset" => $SUMO['config']['server']['charset'], "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageTheme" => $SUMO['page']['theme'], "GET:ConfirmRegUser" => $sumo_reg_data['reg_user'], "GET:ConfirmRegEmail" => $sumo_reg_data['reg_email'], "GET:ConfirmLanguage" => $sumo_reg_data['reg_language'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:ScriptLoginFocus" => sumo_get_script_tag('login_focus.js'), "GET:ScriptRegistrationFocus" => sumo_get_script_tag('registration_focus.js'), "GET:ScriptLogin" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('check_login.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n", "GET:ScriptResubmit" => sumo_get_script_tag('resubmit.js'), "GET:ScriptNoRightClick" => sumo_get_script_tag('no_right_click.js'), "GET:OnLoad" => "onload='" . $pngfix . "'", "GET:Note" => $sumo_lang_core["PoweredBy"] . " <b>SUMO Access Manager</b> " . SUMO_VERSION . "<br>© Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "GET:NoteShort" => $sumo_lang_core["PoweredBy"] . "<br><b><a href='http://sumoam.sourceforge.net' target='_blank'>SUMO Access Manager</a></b>", "GET:LoginForm" => "<form method='POST' name='SumoAuth' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}else{sumo_pwd.value=hex_hmac_sha1(\"" . $SUMO['connection']['security_string'] . "\",hex_sha1(sumo_pwd.value));}'>", "GET:Message" => $sumo_message, "GET:Redirect" => "<meta http-equiv='refresh' content='10; " . $SUMO['page']['url'] . "'>", "PUT:RegUser" => "<input type='text' size='16' name='reg_user' value='" . $sumo_reg_data['reg_user'] . "' />" . "<input type='hidden' name='reg_group' value='" . $SUMO['page']['group'] . "' />", "PUT:RegEmail" => "<input type='text' size='16' name='reg_email' value='" . $sumo_reg_data['reg_email'] . "' />", "PUT:RegPassword" => "<input type='password' size='16' name='reg_password' autocomplete='off' />", "PUT:RegRepPassword" => "<input type='password' size='16' name='rep_reg_password' autocomplete='off' />", "PUT:User" => "<input type='text' size='16' name='sumo_user' class='username' />", "PUT:Password" => "<input type='password' size='16' name='sumo_pwd' class='password' autocomplete='off' />", "PUT:LanguageLogin" => sumo_get_available_languages(1, 1, $_COOKIE['language'], 'sumo_lang'), "PUT:Language" => sumo_get_available_languages(1), "BUTTON:Submit" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "' />", "BUTTON:BackLogin" => "<form action='" . $SUMO['page']['url'] . "' method='POST'><input type='submit' class='button' value='" . $sumo_lang_core['Back'] . "'></form>", "BUTTON:Back" => "<input type='button' class='button' value='" . $sumo_lang_core['Back'] . "' onclick='javascript:history.go(-1);' />");
// Disable password encryption (for LDAP server)
if (!$SUMO['page']['pwd_encrypt'] && !in_array($sumo_action, array('registration', 'regconfirmed'))) {
$tpl_array['GET:ScriptSHA1'] = "";
$tpl_array['GET:LoginForm'] = "<form name='SumoAuth' method='POST' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}'>";
}
// Prevent destroy valid session
// on others nodes if sessions replica is enabled
if (!SUMO_SESSIONS_REPLICA) {
session_destroy();
}
break;
case 'USERNOTEXIST':
$update_req = TRUE;
$sumo_message = sumo_get_message('W00001C', $_SESSION['user']['user']);
sumo_write_log('W00042X', array($_SESSION['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url'], sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language'])), '0,1', 2, 'errors');
session_destroy();
break;
case 'USERNOTACTIVE':
$update_req = TRUE;
$sumo_message = sumo_get_message('W00002C', $SUMO['client']['user']);
sumo_write_log('W00043X', array($SUMO['user']['user'], $SUMO['page']['url'], sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language'])), '0,1', 2, 'errors');
session_destroy();
break;
case 'CANNOTAUTHENTICATE':
$sumo_message = sumo_get_message('W00034C');
sumo_write_log('W00100X', array($SUMO['page']['url'], $SUMO['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country']), '0,1', 2, 'system');
session_destroy();
break;
case 'PASSWORDERROR':
$update_req = TRUE;
$sumo_message = sumo_get_message('W00003C');
sumo_write_log('W00044X', array($SUMO['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url']), '0,1', 2, 'errors');
session_destroy();
break;
case 'LDAPMODULEERROR':
$sumo_message = sumo_get_message('E00119X');
/**
* Get a "paranoic" message for WARNING e-mail
*
* @global resource $SUMO
* @param string $error
* @param string $code
* @param string $method
* @author Alberto Basso <*****@*****.**>
*/
function sumo_get_paranoic_message($error, $code, $method)
{
global $SUMO;
return "\n---------------------------------------\n" . " " . sumo_get_message($error) . ":\n\n" . " Date: " . date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format']) . "\n" . " IP: " . $SUMO['client']['ip'] . "\n" . " Host: " . $SUMO['client']['name'] . "\n" . " Request Method: " . $method . "\n" . " Request URI: " . $SUMO['page']['url'] . " \"" . sumo_get_accesspoint_name($SUMO['page']['name'], 'en') . "\"\n\n" . " Detected Code:\r\n\r\n" . $code . "\r\n" . "\n---------------------------------------\n";
}
$tpl['IMG:server.language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $conf['server']['language'] . ".png' alt='" . ucwords($conf['server']['language']) . "' class='flag'>";
$tpl['PUT:server.date_format'] = "<input type='text' size='5' name='config[server][date_format]' value='" . $conf['server']['date_format'] . "'>";
$tpl['PUT:server.time_format'] = "<input type='text' size='5' name='config[server][time_format]' value='" . $conf['server']['time_format'] . "'>";
$tpl['PUT:server.admin.name'] = "<input type='text' size='30' name='config[server][admin][name]' value='" . $conf['server']['admin']['name'] . "'>";
$tpl['PUT:server.admin.email'] = "<input type='text' size='30' name='config[server][admin][email]' value='" . $conf['server']['admin']['email'] . "'>";
$tpl['PUT:iptocountry.enabled'] = $conf['iptocountry']['enabled'] ? "<input type='checkbox' name='config[iptocountry][enabled]' checked='checked'>" : "<input type='checkbox' name='config[iptocountry][enabled]'>";
$tpl['GET:iptocountry.updater'] = "<a href='services.php?service=updater&cmd=UPDATE_IP2C' target='_new'>" . $language['iptocountry.updater'] . "</a>";
// Console
$tpl['PUT:console.tip'] = $conf['console']['tip'] ? "<input type='checkbox' name='config[console][tip]' checked='checked'>" : "<input type='checkbox' name='config[console][tip]'>";
// Security
$tpl['PUT:security.max_login_attempts'] = "<input type='text' size='5' name='config[security][max_login_attempts]' value='" . $conf['security']['max_login_attempts'] . "'>";
$tpl['PUT:security.banned_time'] = "<input type='text' size='5' name='config[security][banned_time]' value='" . $conf['security']['banned_time'] . "'>";
$tpl['PUT:security.access_violations'] = $conf['security']['access_violations'] ? "<input type='checkbox' name='config[security][access_violations]' checked='checked'>" : "<input type='checkbox' name='config[security][access_violations]'>";
// Accesspoints
$tpl['PUT:accesspoints.stats.enabled'] = $conf['accesspoints']['stats']['enabled'] ? "<input type='checkbox' name='config[accesspoints][stats][enabled]' checked='checked'>" : "<input type='checkbox' name='config[accesspoints][stats][enabled]'>";
$tpl['PUT:accesspoints.def_name'] = sumo_put_accesspoint_name('ModifySettings', sumo_get_accesspoint_name($conf['accesspoints']['def_name']));
$tpl['PUT:accesspoints.def_group'] = sumo_put_accesspoint_group($conf['accesspoints']['def_group']);
$tpl['PUT:accesspoints.def_theme'] = sumo_put_themes($conf['accesspoints']['def_theme'], 'config[accesspoints][def_theme]');
// Accounts
$tpl['PUT:accounts.life'] = "<input type='text' size='5' name='config[accounts][life]' value='" . $conf['accounts']['life'] . "'>";
$tpl['PUT:accounts.registration.enabled'] = $conf['accounts']['registration']['enabled'] ? "<input type='checkbox' name='config[accounts][registration][enabled]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][enabled]'>";
$tpl['PUT:accounts.registration.life'] = "<input type='text' size='5' name='config[accounts][registration][life]' value='" . $conf['accounts']['registration']['life'] . "'>";
$tpl['PUT:accounts.registration.notify.reg'] = $conf['accounts']['registration']['notify']['reg'] ? "<input type='checkbox' name='config[accounts][registration][notify][reg]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][notify][reg]'>";
$tpl['PUT:accounts.registration.notify.unreg'] = $conf['accounts']['registration']['notify']['unreg'] ? "<input type='checkbox' name='config[accounts][registration][notify][unreg]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][notify][unreg]'>";
$tpl['PUT:accounts.password.life'] = "<input type='text' size='5' name='config[accounts][password][life]' value='" . $conf['accounts']['password']['life'] . "'>";
$tpl['PUT:accounts.notify.updates'] = $conf['accounts']['notify']['updates'] ? "<input type='checkbox' name='config[accounts][notify][updates]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][updates]'>";
$tpl['PUT:accounts.notify.status'] = $conf['accounts']['notify']['status'] ? "<input type='checkbox' name='config[accounts][notify][status]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][status]'>";
$tpl['PUT:accounts.notify.expired'] = $conf['accounts']['notify']['expired'] ? "<input type='checkbox' name='config[accounts][notify][expired]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][expired]'>";
// Log to file format
//$tpl['PUT:logs.format'] = $conf['logs']['format'] ? $conf['logs']['format'] : "[".$SUMO['config']['server']['date_format']." ".$SUMO['config']['server']['time_format']. " O]";
// Log Manager: System
sumo_add_banned();
}
}
}
// Create SSO
if ($sumo_access == 'LOGIN' && SUMO_SESSIONS_REPLICA) {
sumo_create_session_id();
}
// Display Login or Message box
if ($sumo_access != 'CONTINUE' && $sumo_access != 'LOGIN') {
$SUMO['connection'] = sumo_get_connection_info();
// HTTP Basic Authentication
if (!empty($SUMO['page']['http_auth'])) {
$sumo_template = 'message';
$sumo_message = $sumo_access == 'LOGOUT' ? sumo_get_message('I00006C') : sumo_get_message('W00100C');
$sumo_page_name = sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language']);
header('WWW-Authenticate: Basic realm="' . $sumo_page_name . '"');
header('HTTP/1.0 401 Unauthorized');
header('status: 401 unauthorized');
header('Content/Type: text/html; charset=' . SUMO_CHARSET);
}
// Load base Template Library
$tpl_lib = SUMO_PATH . "/libs/lib.template.login.php";
$tpl_lib_ext = SUMO_PATH . "/libs/lib.template.login." . $SUMO['page']['theme'] . ".php";
$tpl_file = SUMO_PATH . "/themes/" . $SUMO['page']['theme'] . "/" . $sumo_template . ".tpl";
if (sumo_verify_file($tpl_lib)) {
require $tpl_lib;
}
if (file_exists($tpl_lib_ext)) {
require $tpl_lib_ext;
}
$tpl['GET:server.admin.name'] = $conf['server']['admin']['name']; $tpl['GET:server.admin.email'] = $conf['server']['admin']['email']; $tpl['GET:server.language'] = ucwords(sumo_get_string_languages($conf['server']['language'])); $tpl['IMG:server.language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $conf['server']['language'] . ".png' alt='" . $tpl['GET:server.language'] . "' class='flag'>"; $tpl['GET:server.date_format'] = $conf['server']['date_format']; $tpl['GET:server.time_format'] = $conf['server']['time_format']; $tpl['GET:iptocountry.enabled'] = $conf['iptocountry']['enabled'] ? $yes : $no; // Console $tpl['GET:console.tip'] = $conf['console']['tip'] ? $yes : $no; // Security $tpl['GET:security.max_login_attempts'] = $conf['security']['max_login_attempts']; $tpl['GET:security.banned_time'] = sumo_convert_sec2hms($conf['security']['banned_time']); $tpl['GET:security.access_violations'] = $conf['security']['access_violations'] ? $yes : $no; // Accesspoints $tpl['GET:accesspoints.stats.enabled'] = $conf['accesspoints']['stats']['enabled'] ? $yes : $no; $tpl['GET:accesspoints.def_name'] = sumo_get_accesspoint_name($conf['accesspoints']['def_name'], $_COOKIE['language']); $tpl['GET:accesspoints.def_group'] = $conf['accesspoints']['def_group']; $tpl['GET:accesspoints.def_theme'] = ucwords($conf['accesspoints']['def_theme']); // Accounts $tpl['GET:accounts.life'] = $conf['accounts']['life']; $tpl['GET:accounts.registration.enabled'] = $conf['accounts']['registration']['enabled'] ? $yes : $no; $tpl['GET:accounts.registration.life'] = $conf['accounts']['registration']['life']; $tpl['GET:accounts.registration.notify.reg'] = $conf['accounts']['registration']['notify']['reg'] ? $yes : $no; $tpl['GET:accounts.registration.notify.unreg'] = $conf['accounts']['registration']['notify']['unreg'] ? $yes : $no; $tpl['GET:accounts.password.life'] = $conf['accounts']['password']['life']; $tpl['GET:accounts.notify.updates'] = $conf['accounts']['notify']['updates'] ? $yes : $no; $tpl['GET:accounts.notify.status'] = $conf['accounts']['notify']['status'] ? $yes : $no; $tpl['GET:accounts.notify.expired'] = $conf['accounts']['notify']['expired'] ? $yes : $no; // Log Manager $tpl['GET:logs.life'] = "<input type='text' size='5' name='logs[life]' value='" . $conf['logs']['life'] . "' >"; // Log Manager: System
* @link http://sumoam.sourceforge.net SUMO Access Manager
* @author Alberto Basso <*****@*****.**>
* @copyright Copyright © 2003-2009, Alberto Basso
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @package SUMO
* @category Console
*/
// Fix PNG images if client browser is Internet Explorer
$pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "PNGFix();" : "";
// Create IP2Country table for first installation (1min available before timeout)
$ip2country = !file_exists(SUMO_PATH . '/tmp/iptocountry') && $SUMO['server']['db_type'] != 'sqlite' ? "sumo_ajax_get_bg(\"services.php?service=updater&cmd=UPDATE_IP2C\");" : "";
// If user is "sumo" display access level
if (sumo_verify_current_group('sumo')) {
if ($SUMO['user']['group_level']['sumo'] >= 1) {
$ul_color = 'green';
}
if ($SUMO['user']['group_level']['sumo'] >= 4) {
$ul_color = 'orange';
}
if ($SUMO['user']['group_level']['sumo'] > 5) {
$ul_color = 'red';
}
$ul_graph = sumo_get_graph($SUMO['user']['group_level']['sumo'], 7, 0, $ul_color, 50, 2);
} else {
$ul_graph = "";
}
// Clock
$clock = explode(':', $SUMO['config']['server']['time_format']);
$clock = date(intval($clock[0]) . ':' . $clock[1]);
$console['template'] = array("GET:SumoVersion" => SUMO_VERSION, "GET:UserName" => "<iframe name='CSID' src='' style='visibility:hidden;width:0px;height:0px;display:none'></iframe>" . "<a style='color:black;' href='javascript:sumo_ajax_get(\"users\",\"?module=users&action=view&id=" . $SUMO['user']['id'] . "\");'>" . $SUMO['user']['user'] . $ul_graph . "</a>", "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:PageTheme" => $SUMO['page']['theme'], "GET:charset" => $SUMO['config']['server']['charset'], "GET:Date" => "<a href='javascript:opacity(\"settings_view_clock\", 0, 100, 300);" . "sumo_ajax_get(\"settings_view_clock\", \"?module=settings&action=view_clock&decoration=false\")'>" . date($SUMO['config']['server']['date_format']) . "</a>", "GET:Clock" => "<a href='javascript:opacity(\"settings_view_clock\", 0, 100, 300);" . "sumo_ajax_get(\"settings_view_clock\", \"?module=settings&action=view_clock&decoration=false\")'>" . "<span id='clock'>" . $clock . "</span>" . "</a>", "GET:ScriptTooltip" => sumo_get_script_tag('wz_tooltip.js') . "\n" . sumo_get_script_tag('tip_centerwindow.js'), "GET:ScriptDragDrop" => sumo_get_script_tag('wz_dragdrop.js'), "GET:ScriptLibraries" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('ajax.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_ajax.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n" . sumo_get_script_tag('sumo_menu.js') . "\n" . sumo_get_script_tag('calendar.php?sumo_lang=' . $_COOKIE['language']) . "\n" . sumo_get_script_tag('clock.php?sumo_lang=' . $_COOKIE['language']) . "\n" . sumo_get_script_tag("messages.php?id=" . $SUMO['user']['id'] . "&loggedin=" . intval($_COOKIE['loggedin']) . "&group=" . base64_encode(implode(";", $SUMO['user']['group']))) . "\n", "GET:OnLoad" => "onload='javascript:startClock();opacity(\"menuConsole\", 100, 88, 1);opacity(\"menuLanguages\", 100, 88, 1);" . $pngfix . $ip2country . "'", "GET:Note" => $sumo_lang_core['PoweredBy'] . " <b>SUMO " . SUMO_VERSION . "</b> − © Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "LINK:Console" => "<a href='javascript:void(0)' onClick='return clickreturnvalue()' onMouseover='dropdownmenu(this, event, \"menuConsole\");' title='" . $console['language']['ConsoleTitle'] . "'>" . $console['language']['Console'] . "</a>", "LINK:Clean" => "<a href='" . $SUMO['page']['url'] . "' title='" . $console['language']['CleanTitle'] . "'><img src='" . $SUMO['page']['web_path'] . "/themes/" . $SUMO['page']['theme'] . "/images/desktop.png' alt='" . $console['language']['Clean'] . "'></a>", "LINK:LogOut" => "<a href='javascript:sumo_user_logout();' title='" . $console['language']['LogOutTitle'] . "'>" . $console['language']['LogOut'] . "</a>", "LINK:Help" => sumo_get_module_link('help', '', $console['language']['help'], false), "BUTTON:Ok" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "'>", "BUTTON:Submit" => "<input id='ok' type='submit' class='button-green' value='" . $sumo_lang_core["Ok"] . "'>", "BUTTON:Save" => "<input id='save' type='submit' class='button-green' value='" . $console['language']["Save"] . "'>", "BUTTON:Back" => "<input type='button' class='button-red' value='" . $console['language']["Back"] . "' onclick='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"?module=" . $_SESSION['module'] . "&decoration=false\");'>", "BUTTON:Cancel" => "<input id='cancel' type='button' class='button-red' value='" . $console['language']["Cancel"] . "' onclick='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"?module=" . $_SESSION['module'] . "&decoration=false\");'>");
/**
* Update accesspoint data
*/
function sumo_update_accesspoint_data($data = array())
{
if (!empty($data)) {
global $SUMO;
$id = intval($data['id']);
$node = $data['node'] ? intval($data['node']) : "NULL";
$path = $data['path'];
$group = $data['group'];
$reg_group = $data['reg_group'];
$theme = $data['theme'];
$http_auth = $data['http_auth'] == 'on' || $data['http_auth'] == 1 ? 1 : 0;
$filtering = $data['filtering'] == 'on' || $data['filtering'] == 1 ? 1 : 0;
$pwd_encrypt = $data['pwd_encrypt'] == 'on' || $data['pwd_encrypt'] == 1 ? 1 : 0;
$change_pwd = $data['change_pwd'] == 'on' || $data['change_pwd'] == 1 ? 1 : 0;
$registration = $data['registration'] == 'on' || $data['registration'] == 1 ? 1 : 0;
// AP names
$languages = sumo_get_available_languages();
$names = "";
for ($l = 0; $l < count($languages); $l++) {
$names[$l] = $languages[$l] . ":" . $data['name'][$languages[$l]];
}
$name = implode(";", $names);
$filtering = sumo_verify_is_console($path) ? 1 : $filtering;
/**
* Kill all sessions at path where pwd_encrypt
* or http_auth it has been changed
*/
$accesspoint = sumo_get_accesspoint_info($id, 'id', FALSE);
$nodeinfo = sumo_get_node_info($node);
if ($accesspoint['pwd_encrypt'] != $pwd_encrypt || $accesspoint['http_auth'] != $http_auth) {
$query = "DELETE FROM " . SUMO_TABLE_SESSIONS . " \r\n\t\t\t\t\t WHERE node='" . $nodeinfo['ip'] . "' AND url LIKE '%" . $path . "'";
$SUMO['DB']->Execute($query);
}
// Delete cached data
#if($path) $SUMO['DB']->CacheFlush("SELECT * FROM ".SUMO_TABLE_ACCESSPOINTS."
# WHERE path='".$path."'");
if ($node >= 1) {
$record['node'] = "node=" . $node;
}
if ($path) {
$record['path'] = "path='" . $path . "'";
}
if ($name) {
$record['name'] = "name='" . $name . "'";
}
if ($group) {
$record['group'] = "usergroup='" . sumo_get_ordered_groups($group) . "'";
}
if ($reg_group) {
$record['reg_group'] = "reg_group='" . $reg_group . "'";
}
if ($theme) {
$record['theme'] = "theme='" . $theme . "'";
}
$record['http_auth'] = "http_auth=" . $http_auth;
$record['filtering'] = "filtering=" . $filtering;
$record['pwd_encrypt'] = "pwd_encrypt=" . $pwd_encrypt;
$record['change_pwd'] = "change_pwd=" . $change_pwd;
$record['registration'] = "registration=" . $registration;
$record['updated'] = "updated=" . $SUMO['server']['time'];
// Create fields for query
$new_record = array_values($record);
for ($r = 0; $r < count($new_record); $r++) {
if ($new_record[$r]) {
$records[$r] = $new_record[$r];
}
}
$update = implode(', ', $records);
$select = implode(' AND ', $records);
// create query
$query = "UPDATE " . SUMO_TABLE_ACCESSPOINTS . " \r\n\t\t\t\t SET " . $update . " \r\n\t\t\t\t WHERE id=" . $id;
$SUMO['DB']->CacheFlush();
$SUMO['DB']->Execute($query);
// verify query success
$query = "SELECT COUNT(id) FROM " . SUMO_TABLE_ACCESSPOINTS . " \r\n\t\t\t\t WHERE id=" . $id . " \r\n\t\t\t\t AND " . $select;
$rs = $SUMO['DB']->Execute($query);
$tab = $rs->FetchRow();
// if updated:
if ($tab[0] == 1) {
if ($nodeinfo['ip'] == '') {
$nodeinfo['ip'] = 'UNDEFINED';
}
$apname = sumo_get_accesspoint_name($name, $SUMO['config']['server']['language']);
sumo_write_log('I07000X', array($id, $apname, $nodeinfo['ip'], $SUMO['user']['user']), 3, 3, 'system', FALSE);
return TRUE;
} else {
return FALSE;
}
}
}
$list = sumo_get_table_header($table['data']['stats']);
while ($tab = $rs->FetchRow()) {
$query2 = "SELECT MAX(access) FROM " . SUMO_TABLE_ACCESSPOINTS_STATS;
$query3 = "SELECT MAX(activity) FROM " . SUMO_TABLE_ACCESSPOINTS_STATS;
$style = sumo_alternate_str('tab-row-on', 'tab-row-off');
$rs2 = $SUMO['DB']->CacheExecute(15, $query2);
$rs3 = $SUMO['DB']->CacheExecute(15, $query3);
$max2 = $rs2->FetchRow();
$max3 = $rs3->FetchRow();
$path2 = $tab['path'];
$path3 = sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']);
$max_access = $max2[0];
$max_activity = $max3[0];
if ($search) {
$path2 = sumo_color_match_string($field['path'][1], $tab['path']);
$path3 = sumo_color_match_string($field['name'][1], sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']));
}
// verify if user is current node/path
if ($SUMO['page']['node'] == $tab['node'] && $SUMO['page']['path'] == $tab['path']) {
$style = 'tab-row-highlight';
}
$list .= "<tr>\n";
if ($_SESSION['accesspoints']['stats']['col'][3]) {
$list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=view&id=" . $tab['id_page'] . "\");'>" . $path3 . "</a></td>\n";
}
if ($_SESSION['accesspoints']['stats']['col'][1]) {
$list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_node&id=" . $tab['node'] . "\");'>" . $node[$tab['node']]['name'] . "</a></td>\n";
}
if ($_SESSION['accesspoints']['stats']['col'][4]) {
$list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=view&id=" . $tab['id_page'] . "\");'>" . $path2 . "</a></td>\n";
}
