コード例 #1
0
ファイル: setSuperpassword.php プロジェクト: cmskit/core
//echo $_SESSION[$_GET['project']]['root'].' / '.md5($_SERVER['REMOTE_ADDR'] . $super[1]);
function L($s)
{
    return str_replace('_', ' ', $s);
}
if (!isset($super) || isset($_GET['project']) && isset($_SESSION[$_GET['project']]['root']) && $_SESSION[$_GET['project']]['root'] == md5($_SERVER['REMOTE_ADDR'] . $super[1])) {
    if (is_writable('../')) {
        // save Settings to File
        if (isset($_POST['pass'])) {
            $templates = glob('./tpl_*.php');
            $tpl = array();
            foreach ($templates as $template) {
                $tpl[] = basename($template);
            }
            $salt = substr(md5(mt_rand()), 0, 12);
            $crpt = explode(':', crpt($_POST['pass'], $salt));
            // save the Settings to inc/global_configuration.php
            file_put_contents('../global_configuration.php', '<?php
	// auto-generated: do not edit!
	$super = array(\'' . $salt . '\', \'' . array_pop($crpt) . '\');
	$config = array(
		\'theme\' => array(\'' . $_POST['theme'] . '\'), // default jQuery-UI-theme
		\'template\' => array(\'' . $_POST['template'] . '\'), // default backend-template
		\'autolog\' => ' . (strlen($_POST['pass']) > 0 ? 'false' : 'true') . ', // automatic login without password
		\'login\' => \'' . $_POST['login'] . '\', // use login-extension
	);
	');
            chmod('../global_configuration.php', 0776);
            echo '<div id="wrapper">
			<h2>' . L('Password_saved') . '!</h2>
			<a href="../../">' . L('Login-Page') . '</a></div>';
コード例 #2
0
ファイル: loginfunctions.php プロジェクト: cmskit/core
/**
 * @param $projectPath
 * @param $projectName
 */
function verifyUser($mysession, $post, $projectPath, $projectName)
{
    global $log, $objects, $action, $mysession;
    // Array containing Hook-Names to be processed (should be filled in hooks.php)
    $loginHooks = array();
    // set the Check-Variable to false
    $log = false;
    // dummy
    $filter = '';
    $super = array();
    // includes
    $includes = array(array(true, 'inc/global_configuration.php'), array(true, $projectPath . '/objects/__model.php'), array(true, $projectPath . '/objects/__filter.php'), array(true, $projectPath . '/objects/__database.php'), array(false, 'extensions/default/hooks.php'), array(false, $projectPath . '/extensions/default/hooks.php'));
    foreach ($includes as $a) {
        if ($a[0] && file_exists($a[1]) != $a[0]) {
            exit('"' . $a[1] . '" is missing');
        }
        //echo $a[1].'<br>';
        @(include $a[1]);
    }
    $mainConfig = $config;
    $_CONF = $projectName . '\\Configuration';
    // define/reset the main Session-Array
    $mysession = array('sys_secret' => md5($_CONF::SECRET), 'usr_secret' => md5($post['pass']), 'login' => time(), 'special' => array(), 'lang' => $post['lang'], 'client' => json_decode(stripcslashes(htmlspecialchars_decode($post['client'])), true), 'filter' => $filter, 'sort' => array(), 'fields' => array(), 'messages' => array(), 'settings' => array('interface' => array('theme' => $mainConfig['theme'], 'default' => $mainConfig['template']), 'templates' => array('default' => array('columns' => array(55, 200, 200, 20, 1))), 'objects' => array('sort' => array())));
    //$projectConfiguration = new $i();
    //$_SESSION[$projectName]['projectConfiguration'] = ;
    // collect global backend templates from backend and -optional- project
    $templateFolders = glob('{templates/*,../projects/' . $projectName . '/templates/*}', GLOB_ONLYDIR | GLOB_BRACE);
    $mainConfig['templates'] = array();
    foreach ($templateFolders as $templatePath) {
        if (file_exists($templatePath . '/backend.php')) {
            $mainConfig['templates'][basename($templatePath)] = $templatePath;
        }
    }
    // load configs
    foreach (array('extensions/default/config/config.php', $projectPath . '/extensions/default/config/config.php') as $configFile) {
        if (include $configFile) {
            $mainConfig = array_merge_recursive($mainConfig, json_decode($config, true));
            // print_r($mainConfig);exit(); // test if config is merged correctly (swap $configFiles above)
        }
    }
    $mysession['config'] = $mainConfig;
    // check for superroot //////////////////////////////////////////////////////////////
    if (crpt(substr($post['pass'], 0, 200), $super[0]) === $super[0] . ':' . $super[1] && (in_array($_SERVER['SERVER_NAME'], array('localhost', '127.0.0.1')) || isset($_SESSION['captcha_answer']) && $post['name'] == $_SESSION['captcha_answer']) || end($mainConfig['autolog']) === 1) {
        // try to load a previously saved configuration
        @(include $projectPath . '/extensions/default/config/superroot.php');
        // define User as "Super-Root" and put some infos into the user-array
        $mysession['root'] = md5($_SERVER['REMOTE_ADDR'] . $super[1]);
        // if the super-password is older than 2 months
        if (time() - filemtime('inc/global_configuration.php') > 5259487) {
            $mysession['messages'][] = 'Hello admin: please refresh your super-password!';
        }
        // settings
        $mysession['settings'][0] = array('default' => array('objects' => array()));
        $mysession['special']['user'] = array('id' => 0, 'username' => 'superroot', 'prename' => 'superroot', 'lastname' => 'superroot', 'profiles' => array(0 => 'superroot'), 'lastlogin' => 0, 'logintime' => time(), 'wizards' => array(), 'fileaccess' => array(array('driver' => 'LocalFileSystem', 'path' => 'files/', 'tmbPath' => 'files/.tmb')));
        $log = true;
    }
    // super-root END
    // (try to) call Login-Hooks
    foreach ($loginHooks as $hook) {
        if (function_exists($hook)) {
            $mysession = call_user_func($hook, $mysession);
        }
    }
    //
    // collect Admin-Wizards from backend and -optional- project
    if (isset($mysession['root'])) {
        $mysession['adminfolders'] = array();
        foreach (glob('{admin/*,../projects/' . $projectName . '/admin/*}', GLOB_ONLYDIR | GLOB_BRACE) as $f) {
            $bf = basename($f);
            // Admin-Wizards beginning with "_" are for Super-Admins only
            if ($mysession['root'] != 1 || substr($bf, 0, 1) != '_') {
                $mysession['special']['user']['wizards'][] = array('name' => $bf, 'url' => $f . '/index.php?project=' . $projectName);
            }
        }
    }
    // login failed
    if (!$log) {
        $errormsg = 'please_log_in';
        goToIndex($projectName, $errormsg);
    } else {
        // Login-Check was successful
        $mysession['objects'] = $objects;
        $mysession['loginTime'] = time();
        // create Check to prevent Session-Hijacking in crud.php
        $mysession['user_fingerprint'] = md5($_SERVER['REMOTE_ADDR'] . $_SERVER['HTTP_USER_AGENT'] . date('z'));
    }
    // reset Captcha-Answer if exists
    if (isset($_SESSION['captcha_answer'])) {
        unset($_SESSION['captcha_answer']);
    }
    return $mysession;
}