public static function ShowDebugConsole()
{
if (UL_DEBUG) {
?>
<script type="text/javascript">
top.uLoginConsoleRef = window.open("", "uLoginConsoleWindow", "height=150,width=450,location=0,menubar=0,status=0,toolbar=0,scrollbars=1");
top.uLoginConsoleRef.document.writeln(
'<html><head><style type=text/css>'
+'body{background-color:white}'
+'.logtype0{color:black}'
+'.logtype1{color:blue}'
+'.logtype2{color:gold}'
+'.logtype3{color:orange}'
+'.logtype4{color:red}'
+'</style><title>uLogin Debug Console</title>'
+'</head><body onLoad="self.focus()"><?php
$log = ulLog::DebugLog();
foreach ($log as $logEntry) {
$nameFormatTag = 'logtype' . $logEntry['type'];
$openFormatTag = '<span class="' . $nameFormatTag . '">';
$closeFormatTag = '</span>';
$formattedTs = number_format($logEntry['ts'] - $GLOBALS['ul_start_ts'], 4);
echo '• ' . $openFormatTag . $formattedTs . ' ' . $logEntry['msg'] . $closeFormatTag . '<br/>';
}
?>
</body></html>');
top.uLoginConsoleRef.document.close();
</script><?php
}
}
public function DeleteUser($uid)
{
// Needed for logging
$username = self::Username($uid);
if ($username === false) {
return false;
}
// Delete user and logout
$ret = $this->Backend->DeleteLogin($uid);
if ($ret === true) {
ulLog::Log('delete login', $username, ulUtils::GetRemoteIP(false));
}
return $ret === true;
}
$msg = 'account creation failure';
} else {
$msg = 'account created';
}
}
}
}
}
// Now we handle the presentation, based on whether we are logged in or not.
// Nothing fancy, except where we create the 'login'-nonce towards the end
// while generating the login form.
header('Content-Type: text/html; charset=UTF-8');
// This inserts a few lines of javascript so that we can debug session problems.
// This will be very usefull if you experience sudden session drops, but you'll
// want to avoid using this on a live website.
ulLog::ShowDebugConsole();
if (isAppLoggedIn()) {
?>
<?php
echo $msg;
?>
<h3>This is a protected page. You are logged in, <?php
echo $_SESSION['username'];
?>
.</h3>
<form action="example.php" method="POST"><input type="hidden" name="action" value="refresh"><input type="submit" value="Refresh page"></form>
<form action="example.php" method="POST"><input type="hidden" name="action" value="logout"><input type="submit" value="Logout"></form>
<form action="example.php" method="POST"><input type="hidden" name="action" value="delete"><input type="submit" value="Delete account"></form>
<?php
} else {
?>
<?php require_once '../main.inc.php'; // Limit size of log by cleaning it ulLog::Clean(); // Clean up expired sessions of the default storage engine set in the configuration $SessionStoreClass = UL_SESSION_BACKEND; $SessionStore = new $SessionStoreClass(); $SessionStore->gc(); // Remove expired nonces ulPdoNonceStore::Clean();
/**
* This function checks to make sure a session exists and is coming from the proper host. On new visits and hacking
* attempts this function will return false.
*
* @return bool
*/
private static function preventHijacking()
{
$fp = self::tryFingerprint();
$sses = $_SESSION['sses'];
// Check for changed user agent, but make special exception for IE
if ($sses['userAgent'] != $fp['userAgent'] && !(strpos($sses['userAgent'], 'Trident') !== false && strpos($fp['userAgent'], 'Trident') !== false)) {
ulLog::DebugLog('User agent mismatch.', 3);
return false;
}
// Check for changed referrer domain
if (UL_SESSION_CHECK_REFERER) {
if (!empty($sses['hostDomain']) && $sses['hostDomain'] != $fp['hostDomain']) {
ulLog::DebugLog('HTTP_REFERER mismatch.', 3);
return false;
}
}
// Check for changed IP, but take proxies into consideration
if (UL_SESSION_CHECK_IP) {
$sessionIpSegment = substr($sses['IPaddress'], 0, 7);
$remoteIpSegment = substr($fp['IPaddress'], 0, 7);
if ($sses['IPaddress'] != $fp['IPaddress'] && !(in_array($sessionIpSegment, self::$aolProxies) && in_array($remoteIpSegment, self::$aolProxies))) {
ulLog::DebugLog('IP mismatch.', 3);
return false;
}
}
// Check for secret token
if (!self::verifyTokenCookie()) {
ulLog::DebugLog('Session token mismatch.', 3);
return false;
}
return true;
}
