public static function ShowDebugConsole() { if (UL_DEBUG) { ?> <script type="text/javascript"> top.uLoginConsoleRef = window.open("", "uLoginConsoleWindow", "height=150,width=450,location=0,menubar=0,status=0,toolbar=0,scrollbars=1"); top.uLoginConsoleRef.document.writeln( '<html><head><style type=text/css>' +'body{background-color:white}' +'.logtype0{color:black}' +'.logtype1{color:blue}' +'.logtype2{color:gold}' +'.logtype3{color:orange}' +'.logtype4{color:red}' +'</style><title>uLogin Debug Console</title>' +'</head><body onLoad="self.focus()"><?php $log = ulLog::DebugLog(); foreach ($log as $logEntry) { $nameFormatTag = 'logtype' . $logEntry['type']; $openFormatTag = '<span class="' . $nameFormatTag . '">'; $closeFormatTag = '</span>'; $formattedTs = number_format($logEntry['ts'] - $GLOBALS['ul_start_ts'], 4); echo '• ' . $openFormatTag . $formattedTs . ' ' . $logEntry['msg'] . $closeFormatTag . '<br/>'; } ?> </body></html>'); top.uLoginConsoleRef.document.close(); </script><?php } }
public function DeleteUser($uid) { // Needed for logging $username = self::Username($uid); if ($username === false) { return false; } // Delete user and logout $ret = $this->Backend->DeleteLogin($uid); if ($ret === true) { ulLog::Log('delete login', $username, ulUtils::GetRemoteIP(false)); } return $ret === true; }
$msg = 'account creation failure'; } else { $msg = 'account created'; } } } } } // Now we handle the presentation, based on whether we are logged in or not. // Nothing fancy, except where we create the 'login'-nonce towards the end // while generating the login form. header('Content-Type: text/html; charset=UTF-8'); // This inserts a few lines of javascript so that we can debug session problems. // This will be very usefull if you experience sudden session drops, but you'll // want to avoid using this on a live website. ulLog::ShowDebugConsole(); if (isAppLoggedIn()) { ?> <?php echo $msg; ?> <h3>This is a protected page. You are logged in, <?php echo $_SESSION['username']; ?> .</h3> <form action="example.php" method="POST"><input type="hidden" name="action" value="refresh"><input type="submit" value="Refresh page"></form> <form action="example.php" method="POST"><input type="hidden" name="action" value="logout"><input type="submit" value="Logout"></form> <form action="example.php" method="POST"><input type="hidden" name="action" value="delete"><input type="submit" value="Delete account"></form> <?php } else { ?>
<?php require_once '../main.inc.php'; // Limit size of log by cleaning it ulLog::Clean(); // Clean up expired sessions of the default storage engine set in the configuration $SessionStoreClass = UL_SESSION_BACKEND; $SessionStore = new $SessionStoreClass(); $SessionStore->gc(); // Remove expired nonces ulPdoNonceStore::Clean();
/** * This function checks to make sure a session exists and is coming from the proper host. On new visits and hacking * attempts this function will return false. * * @return bool */ private static function preventHijacking() { $fp = self::tryFingerprint(); $sses = $_SESSION['sses']; // Check for changed user agent, but make special exception for IE if ($sses['userAgent'] != $fp['userAgent'] && !(strpos($sses['userAgent'], 'Trident') !== false && strpos($fp['userAgent'], 'Trident') !== false)) { ulLog::DebugLog('User agent mismatch.', 3); return false; } // Check for changed referrer domain if (UL_SESSION_CHECK_REFERER) { if (!empty($sses['hostDomain']) && $sses['hostDomain'] != $fp['hostDomain']) { ulLog::DebugLog('HTTP_REFERER mismatch.', 3); return false; } } // Check for changed IP, but take proxies into consideration if (UL_SESSION_CHECK_IP) { $sessionIpSegment = substr($sses['IPaddress'], 0, 7); $remoteIpSegment = substr($fp['IPaddress'], 0, 7); if ($sses['IPaddress'] != $fp['IPaddress'] && !(in_array($sessionIpSegment, self::$aolProxies) && in_array($remoteIpSegment, self::$aolProxies))) { ulLog::DebugLog('IP mismatch.', 3); return false; } } // Check for secret token if (!self::verifyTokenCookie()) { ulLog::DebugLog('Session token mismatch.', 3); return false; } return true; }