Esempio n. 1
0
require_once "server/classes/class.AJXP_Logger.php";
ConfService::init("server/conf/conf.php");
$confStorageDriver = ConfService::getConfStorageImpl();
require_once $confStorageDriver->getUserClassFileName();
session_name("AjaXplorer");
session_start();
set_error_handler(array("AJXP_XMLWriter", "catchError"), E_ALL & ~E_NOTICE);
if (isset($_GET["tmp_repository_id"])) {
    ConfService::switchRootDir($_GET["tmp_repository_id"], true);
}
if (AuthService::usersEnabled()) {
    $rememberLogin = "";
    $rememberPass = "";
    if (isset($_GET["get_action"]) && $_GET["get_action"] == "get_seed") {
        header("Content-type:text/plain; charset:UTF-8");
        print AuthService::generateSeed();
        exit(0);
    }
    if (isset($_GET["get_action"]) && $_GET["get_action"] == "logout") {
        AuthService::disconnect();
        $loggingResult = 2;
    }
    //AuthService::disconnect();
    if (isset($_GET["get_action"]) && $_GET["get_action"] == "back") {
        AJXP_XMLWriter::header("url");
        echo AuthService::getLogoutAddress(false);
        AJXP_XMLWriter::close("url");
        exit(1);
    }
    if (isset($_GET["get_action"]) && $_GET["get_action"] == "login") {
        $userId = isset($_GET["userid"]) ? $_GET["userid"] : null;
 public function switchAction($action, $httpVars, $fileVars)
 {
     switch ($action) {
         case "logout":
             AuthService::disconnect();
             $loggingResult = 2;
             session_destroy();
             AJXP_XMLWriter::header();
             AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
             AJXP_XMLWriter::close();
             break;
         case "get_seed":
             $seed = AuthService::generateSeed();
             if (AuthService::suspectBruteForceLogin()) {
                 HTMLWriter::charsetHeader('application/json');
                 print json_encode(array("seed" => $seed, "captcha" => true));
             } else {
                 HTMLWriter::charsetHeader("text/plain");
                 print $seed;
             }
             break;
         case "get_captcha":
             include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
             CaptchaProvider::sendCaptcha();
             //exit(0) ;
             break;
         case "back":
             AJXP_XMLWriter::header("url");
             echo AuthService::getLogoutAddress(false);
             AJXP_XMLWriter::close("url");
             //exit(1);
             break;
         default:
             break;
     }
     return "";
 }
Esempio n. 3
0
                $detectedUser = $matches[1];
            }
        }
    }
    try {
        ConfService::switchRootDir($optRepoId, true);
    } catch (AJXP_Exception $e) {
    }
} else {
    if ($optStatusFile) {
        file_put_contents($optStatusFile, "ERROR:You must pass a -r argument specifying either a repository id or alias");
    }
    die("You must pass a -r argument specifying either a repository id or alias");
}
if (AuthService::usersEnabled() && !empty($optUser)) {
    $seed = AuthService::generateSeed();
    if ($seed != -1) {
        $optPass = md5(md5($optPass) . $seed);
    }
    $loggingResult = AuthService::logUser($optUser, $optPass, isset($optToken), false, $seed);
    // Check that current user can access current repository, try to switch otherwise.
    $loggedUser = AuthService::getLoggedUser();
    if ($loggedUser != null && $detectedUser !== false && $loggedUser->isAdmin()) {
        AuthService::disconnect();
        AuthService::logUser($detectedUser, "empty", true, false, "");
        $loggedUser = AuthService::getLoggedUser();
    }
    if ($loggedUser != null) {
        ConfService::switchRootDir($optRepoId, true);
        /*
        $res = ConfService::switchUserToActiveRepository($loggedUser, $optRepoId);
Esempio n. 4
0
 public function switchAction($action, $httpVars, $fileVars)
 {
     if (!isset($this->actions[$action])) {
         return;
     }
     $mess = ConfService::getMessages();
     switch ($action) {
         case "login":
             if (!AuthService::usersEnabled()) {
                 return;
             }
             $rememberLogin = "";
             $rememberPass = "";
             $secureToken = "";
             $loggedUser = null;
             include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
             if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
                 $loggingResult = -4;
             } else {
                 $userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
                 $userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
                 $rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
                 $cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
                 $loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
                 if ($rememberMe && $loggingResult == 1) {
                     $rememberLogin = "******";
                     $rememberPass = "******";
                     $loggedUser = AuthService::getLoggedUser();
                 }
                 if ($loggingResult == 1) {
                     session_regenerate_id(true);
                     $secureToken = AuthService::generateSecureToken();
                 }
                 if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
                     $loggingResult = -4;
                     // Force captcha reload
                 }
             }
             $loggedUser = AuthService::getLoggedUser();
             if ($loggedUser != null) {
                 $force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
                 $passId = -1;
                 if (isset($httpVars["tmp_repository_id"])) {
                     $passId = $httpVars["tmp_repository_id"];
                 } else {
                     if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
                         $passId = $force;
                     }
                 }
                 $res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
                 if (!$res) {
                     AuthService::disconnect();
                     $loggingResult = -3;
                 }
             }
             if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
                 AuthService::refreshRememberCookie($loggedUser);
             }
             AJXP_XMLWriter::header();
             AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
             AJXP_XMLWriter::close();
             break;
             //------------------------------------
             //	CHANGE USER PASSWORD
             //------------------------------------
         //------------------------------------
         //	CHANGE USER PASSWORD
         //------------------------------------
         case "pass_change":
             $userObject = AuthService::getLoggedUser();
             if ($userObject == null || $userObject->getId() == "guest") {
                 header("Content-Type:text/plain");
                 print "SUCCESS";
                 break;
             }
             $oldPass = $httpVars["old_pass"];
             $newPass = $httpVars["new_pass"];
             $passSeed = $httpVars["pass_seed"];
             if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
                 header("Content-Type:text/plain");
                 print "PASS_ERROR";
                 break;
             }
             if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
                 AuthService::updatePassword($userObject->getId(), $newPass);
                 if ($userObject->getLock() == "pass_change") {
                     $userObject->removeLock();
                     $userObject->save("superuser");
                 }
             } else {
                 header("Content-Type:text/plain");
                 print "PASS_ERROR";
                 break;
             }
             header("Content-Type:text/plain");
             print "SUCCESS";
             break;
         case "logout":
             AuthService::disconnect();
             $loggingResult = 2;
             session_destroy();
             AJXP_XMLWriter::header();
             AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
             AJXP_XMLWriter::close();
             break;
         case "get_seed":
             $seed = AuthService::generateSeed();
             if (AuthService::suspectBruteForceLogin()) {
                 HTMLWriter::charsetHeader('application/json');
                 print json_encode(array("seed" => $seed, "captcha" => true));
             } else {
                 HTMLWriter::charsetHeader("text/plain");
                 print $seed;
             }
             //exit(0);
             break;
         case "get_secure_token":
             HTMLWriter::charsetHeader("text/plain");
             print AuthService::generateSecureToken();
             //exit(0);
             break;
         case "get_captcha":
             include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
             CaptchaProvider::sendCaptcha();
             //exit(0) ;
             break;
         case "back":
             AJXP_XMLWriter::header("url");
             echo AuthService::getLogoutAddress(false);
             AJXP_XMLWriter::close("url");
             //exit(1);
             break;
         default:
             break;
     }
     return "";
 }