/**
* Locks page to non-authenticated browsers
*
*/
public static function blockPageToVisitors()
{
openRailwayCore::dbConnect();
if (isset($_SESSION['session_id'])) {
$result = openRailwayCore::dbQuery("SELECT `session_id` FROM " . SESSIONS_TABLE . " WHERE `session_id` = '" . $_SESSION['session_id'] . "'");
if (mysql_num_rows($result) == 0) {
goto login;
}
}
if (!isset($_SESSION['session_id'])) {
login:
openRailwayCore::pageHeader("Access not authorised");
$template = new Template();
$template->set_custom_template(FROOT . 'theme/' . STYLE, 'default');
if (isset($_GET['l']) && $_GET['l'] == 'fail') {
$template->assign_block_vars('if_login_failed', array());
}
if (isset($_GET['l']) && $_GET['l'] == "logout") {
$template->assign_block_vars('if_logged_out', array());
}
if (isset($_GET['l']) && $_GET['l'] == "flogout") {
$template->assign_block_vars('if_force_logged_out', array());
}
if (isset($_GET['l']) && $_GET['l'] == 'reauth') {
$template->assign_block_vars('if_reauth', array());
} else {
$template->assign_block_vars('if_not_reauth', array());
}
$template->assign_var('ROOT', ROOT);
$template->set_filenames(array('body' => 'login.html'));
$template->display('body');
openRailwayCore::pageFooter();
die;
}
// Check to see if user agent has changed since login, if so log out
if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) {
$interaction = openRailwayCore::createInteractionIdentifier();
openRailwayCore::logEvent(time(), $interaction, $_SESSION['user_id'], 5, 1, "User agent (UID: " . $_SESSION['user_id'] . ") change detected");
Authentication::suspendUser($_SESSION['user_id'], $interaction, 1);
}
}
<?php
include "config.php";
session_start();
openRailwayCore::initialisation();
openRailwayCore::dbConnect();
Authentication::blockPageToVisitors();
// Process login info section
$ipAddr = $_SESSION['user_ip'];
$loginTime = date('l jS F Y H:i:s T', $_SESSION['log_in_time']);
use phpbrowscap\Browscap;
$bc = new Browscap(FROOT . "cache");
// $browser = $bc->getBrowser(); COMMENTED OUT AS XAMPP DOES NOT SUPPORT
openRailwayCore::pageHeader("Your dashboard");
$template = new Template();
$template->set_custom_template("theme/" . STYLE, 'default');
$template->assign_var('IP_ADDR', $ipAddr);
$template->assign_var('LOGTIME', $loginTime);
if (isset($browser['parent']) && isset($browser['platform'])) {
$template->assign_var('BRWSR', $browser['parent'] . " on " . $browser['platform']);
}
$template->set_filenames(array('body' => 'home.html'));
$template->display('body');
openRailwayCore::pageFooter();
$active_var = "LOG_ACT";
break;
case "log_err":
$title = "Security Logs";
$active_var = "LOG_ERR";
break;
default:
$title = "Statistics";
$active_var = "STATS";
break;
}
if (!isset($active_var)) {
$active_var = "error";
}
// Load layout
openRailwayCore::pageHeader($title . " | Control Panel");
$template = new Template();
$template->set_custom_template("includes/", 'default');
$template->assign_var('ROOT', ROOT);
$template->assign_var($active_var, "active");
$template->assign_var('MAIN_TITLE', $title);
$template->set_filenames(array('layout' => 'layout.html'));
$template->display('layout');
if (file_exists(strtolower($active_var) . ".php")) {
include $active_var . ".php";
} else {
$main = new Template();
$main->set_custom_template("includes/", 'default');
$main->assign_var('ROOT', ROOT);
$main->set_filenames(array('main' => "error.html"));
$main->display('main');
}
Authentication::blockPageToVisitors();
break;
case "logout":
Authentication::logUserOut();
break;
}
}
break;
case "suspended":
if (isset($_SESSION['user_id_suspended'])) {
$sql = "SELECT * FROM `users` WHERE user_id = '" . $_SESSION['user_id_suspended'] . "'";
$result = openRailwayCore::dbQuery($sql);
$user = mysql_fetch_assoc($result);
if ($user['suspended'] == 1) {
openRailwayCore::pageHeader("Account suspended");
$template = new Template();
$template->set_custom_template(FROOT . "theme/" . STYLE, 'default');
$template->set_filenames(array('body' => 'suspended.html'));
$template->display('body');
openRailwayCore::pageFooter();
} else {
header("Location: " . ROOT . "index.php");
}
} else {
header("Location: " . ROOT . "index.php");
}
break;
default:
Authentication::blockPageToVisitors();
// If invalid mode, redirect to account
