Esempio n. 1
0
 /**
  * Check administrator login during the upgrade steps
  *
  * @return boolean True if login succeded
  */
 function checkLogin()
 {
     if (empty($_COOKIE['oat']) || $_COOKIE['oat'] != OA_UPGRADE_UPGRADE) {
         return true;
     }
     // Clean up session
     $GLOBALS['session'] = array();
     // Detection needs to happen every time to make sure that database parameters are
     $oUpgrader = new OA_Upgrade();
     $openadsDetected = $oUpgrader->detectOpenads(true) || $oUpgrader->existing_installation_status == OA_STATUS_CURRENT_VERSION;
     // Sequentially check, to avoid useless work
     if (!$openadsDetected) {
         if (!($panDetected = $oUpgrader->detectPAN(true))) {
             if (!($maxDetected = $oUpgrader->detectMAX(true))) {
                 if (!($max01Detected = $oUpgrader->detectMAX01(true))) {
                     // No upgrade-able version detected, return
                     return false;
                 }
             }
         }
     }
     phpAds_SessionStart();
     OA_Upgrade_Login::readSession($panDetected);
     $oPlugin = new Plugins_Authentication();
     if ($oPlugin->suppliedCredentials()) {
         // The new Users, Account, Permissions & Preference feature was introduced in OpenX 2.5.46-dev
         $newLogin = $openadsDetected && version_compare($oUpgrader->versionInitialApplication, '2.5.46-dev', '>=') == -1;
         if ($newLogin) {
             OA_Upgrade_Login::_checkLoginNew();
         } else {
             if ($openadsDetected || $maxDetected) {
                 OA_Upgrade_Login::_checkLoginOld('preference', true);
             } elseif ($max01Detected) {
                 OA_Upgrade_Login::_checkLoginOld('config', true);
             } elseif ($panDetected) {
                 OA_Upgrade_Login::_checkLoginOld('config', false);
             } else {
                 return false;
             }
         }
     }
     return OA_Permission::isAccount(OA_ACCOUNT_ADMIN) || OA_Permission::isUserLinkedToAdmin();
 }
 /**
  * Login to the system with the session ID.
  *
  * @access public
  *
  * @param string $username
  * @param string $password
  * @param string &$sessionId
  *
  * @return boolean
  */
 function logon($username, $password, &$sessionId)
 {
     global $_POST, $_COOKIE;
     global $strUsernameOrPasswordWrong;
     /**
      * @todo Please check if the following statement is in correct place because
      * it seems illogical that user can get session ID from internal login with
      * a bad username or password.
      */
     if (!$this->_verifyUsernameAndPasswordLength($username, $password)) {
         return false;
     }
     $_POST['username'] = $username;
     $_POST['password'] = $password;
     $_POST['login'] = '******';
     $_COOKIE['sessionID'] = uniqid('phpads', 1);
     $_POST['phpAds_cookiecheck'] = $_COOKIE['sessionID'];
     $this->preInitSession();
     if ($this->_internalLogin($username, $password)) {
         // Check if the user has administrator access to Openads.
         if (OA_Permission::isUserLinkedToAdmin()) {
             $this->postInitSession();
             $sessionId = $_COOKIE['sessionID'];
             return true;
         } else {
             $this->raiseError('User must be OA installation admin');
             return false;
         }
     } else {
         $this->raiseError($strUsernameOrPasswordWrong);
         return false;
     }
 }
Esempio n. 3
0
 function _assignUserAccountInfo($oCurrentSection)
 {
     global $session;
     // Show currently logged on user and IP
     if (OA_Auth::isLoggedIn() || defined('phpAds_installing')) {
         $this->oTpl->assign('helpLink', OA_Admin_Help::getHelpLink($oCurrentSection));
         if (!defined('phpAds_installing')) {
             $this->oTpl->assign('infoUser', OA_Permission::getUsername());
             $this->oTpl->assign('buttonLogout', true);
             $this->oTpl->assign('buttonReportBugs', true);
             // Account switcher
             OA_Admin_UI_AccountSwitch::assignModel($this->oTpl);
             $this->oTpl->assign('strWorkingAs', $GLOBALS['strWorkingAs_Key']);
             $this->oTpl->assign('keyWorkingAs', $GLOBALS['keyWorkingAs']);
             $this->oTpl->assign('accountId', OA_Permission::getAccountId());
             $this->oTpl->assign('accountName', OA_Permission::getAccountName());
             $this->oTpl->assign('accountSearchUrl', MAX::constructURL(MAX_URL_ADMIN, 'account-switch-search.php'));
             $this->oTpl->assign('productUpdatesCheck', OA_Permission::isAccount(OA_ACCOUNT_ADMIN) && $GLOBALS['_MAX']['CONF']['sync']['checkForUpdates'] && !isset($session['maint_update_js']));
             if (OA_Permission::isUserLinkedToAdmin()) {
                 $this->oTpl->assign('maintenanceAlert', OA_Dal_Maintenance_UI::alertNeeded());
             }
         } else {
             $this->oTpl->assign('buttonStartOver', true);
         }
     }
 }
Esempio n. 4
0
function checkLogin()
{
    require_once MAX_PATH . '/lib/OA/Permission.php';
    require_once MAX_PATH . '/lib/OA/Upgrade/Login.php';
    OA_Upgrade_Login::autoLogin();
    return OA_Permission::isAccount(OA_ACCOUNT_ADMIN) || OA_Permission::isUserLinkedToAdmin();
}
Esempio n. 5
0
 /**
  * A method to check if the user has specific permissions to perform
  * an action on an account
  *
  * TODOPERM - consider caching permissions in user session so they could
  *            be reused across many user requests
  *
  * @static
  * @param integer $permissionId
  * @param int $accountId
  * @return boolean
  */
 function hasPermission($permissionId, $accountId = null, $userId = null)
 {
     if (empty($userId)) {
         $userId = OA_Permission::getUserId();
     }
     if (OA_Permission::isUserLinkedToAdmin($userId)) {
         return true;
     }
     static $aCache = array();
     if (empty($accountId)) {
         $accountId = OA_Permission::getAccountId();
         $accountType = OA_Permission::getAccountType();
     } else {
         $oAccounts = OA_Dal::staticGetDO('accounts', $accountId);
         if ($oAccounts) {
             $accountType = $oAccounts->accountType;
         } else {
             // Account does not exist
             Max::raiseError('No such account ID: ' . $accountId);
             return false;
         }
     }
     if (OA_Permission::isPermissionRelatedToAccountType($accountType, $permissionId)) {
         $aCache[$userId][$accountId] = OA_Permission::getAccountUsersPermissions($userId, $accountId);
     } else {
         $aCache[$userId][$accountId][$permissionId] = true;
     }
     return isset($aCache[$userId][$accountId][$permissionId]) ? $aCache[$userId][$accountId][$permissionId] : false;
 }