function processAuthentications()
{
if (isset($_POST[POST_INTERN_PROCESS_AUTHENTICATIONS . "_va"])) {
if (isValidated()) {
appendAuthentications();
}
}
}
function validate($_basic = false)
{
global $INTERNAL, $GROUPS, $RESPONSE, $CONFIG, $CM;
if (!empty($CONFIG["gl_rhts"]) && getScheme() != SCHEME_HTTP_SECURE) {
define("AUTH_RESULT", LOGIN_REPLY_HTTPS);
} else {
if (DB_CONNECTION || SERVERSETUP) {
if (!empty($_POST[POST_INTERN_AUTHENTICATION_USERID]) && !empty($_POST[POST_INTERN_AUTHENTICATION_PASSWORD])) {
foreach ($INTERNAL as $sysId => $operator) {
if (strtolower($operator->UserId) == strtolower($_POST[POST_INTERN_AUTHENTICATION_USERID])) {
if ($operator->ValidateLoginAttempt()) {
if (!empty($operator->Password) && ($operator->Password == md5($_POST[POST_INTERN_AUTHENTICATION_PASSWORD]) || sha1($operator->Password) == $_POST[POST_INTERN_AUTHENTICATION_PASSWORD])) {
define("CALLER_SYSTEM_ID", $sysId);
if ($_basic) {
define("VALIDATED", true);
return;
}
if (!empty($CM)) {
$operator->LoadUnCacheables();
}
if (isset($_POST[POST_INTERN_NEW_PASSWORD])) {
$INTERNAL[CALLER_SYSTEM_ID]->ChangePassword($_POST[POST_INTERN_NEW_PASSWORD], true, true);
$RESPONSE->Authentications = "<val userid=\"" . base64_encode(CALLER_SYSTEM_ID) . "\" pass=\"" . base64_encode($_POST[POST_INTERN_NEW_PASSWORD]) . "\" />\r\n";
}
if (empty($_POST["p_db_no_req"]) && !DB_CONNECTION) {
define("AUTH_RESULT", LOGIN_REPLY_DB);
break;
}
if (!LOGIN && !SERVERSETUP) {
if ($operator->Deactivated) {
define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED);
break;
}
if (!$operator->ClientWeb && $operator->LastActive < time() - $CONFIG["timeout_clients"] && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] == $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_SESSION_TIMEOUT);
break;
}
if ($operator->SignOffRequest || !empty($_POST["p_app_device_id"]) && $operator->AppDeviceId != "LOGIN" && $operator->AppDeviceId != $_POST["p_app_device_id"]) {
$operator->SignOff(false);
define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST);
break;
}
if (!empty($operator->LoginId) && !empty($_POST[POST_INTERN_AUTHENTICATION_LOGINID]) && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] != $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION);
break;
}
} else {
if (LOGIN && !SERVERSETUP) {
$operator->AppClient = !empty($_POST["p_app"]);
$operator->ClientWeb = !empty($_POST["p_web"]);
if (($operator->AppClient || $operator->ClientWeb) && $operator->GetPermission(45, PERMISSION_FULL) == PERMISSION_NONE) {
define("AUTH_RESULT", LOGIN_REPLY_NO_MOBILE_ACCESS);
break;
} else {
if ($operator->Deactivated) {
define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED);
break;
} else {
if ($operator->SignOffRequest) {
$operator->SignOff(false);
define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST);
break;
} else {
if (empty($_POST[POST_INTERN_IGNORE_SIGNED_ON]) && $operator->LastActive > time() - $CONFIG["timeout_clients"] && !empty($operator->LoginId) && $_POST[POST_INTERN_AUTHENTICATION_LOGINID] != $operator->LoginId) {
define("AUTH_RESULT", LOGIN_REPLY_ALREADY_ONLINE);
break;
} else {
if ($operator->PasswordChangeRequest) {
define("AUTH_RESULT", LOGIN_REPLY_CHANGE_PASS);
break;
}
}
}
}
}
} else {
if (SERVERSETUP && $operator->Level != USER_LEVEL_ADMIN) {
if (!(in_array($CONFIG["gl_host"], $operator->WebsitesUsers) && !empty($_POST[POST_INTERN_GET_MANAGEMENT])) && !(in_array($CONFIG["gl_host"], $operator->WebsitesConfig) && empty($_POST[POST_INTERN_GET_MANAGEMENT]))) {
define("AUTH_RESULT", LOGIN_REPLY_NOADMIN);
break;
}
}
}
}
define("VALIDATED", true);
if (!LOGOFF && isset($_POST[POST_INTERN_AUTHENTICATION_LOGINID])) {
$operator->LoginId = $_POST[POST_INTERN_AUTHENTICATION_LOGINID];
} elseif (LOGOFF) {
$operator->LoginId = null;
}
define("AUTH_RESULT", LOGIN_REPLY_SUCCEEDED);
break;
} else {
$operator->DeleteLoginAttempts();
$operator->SaveLoginAttempt(md5($_POST[POST_INTERN_AUTHENTICATION_PASSWORD]));
break;
}
}
}
}
}
} else {
define("AUTH_RESULT", LOGIN_REPLY_DB);
}
}
if (isValidated() && LOGIN) {
$INTERNAL[CALLER_SYSTEM_ID]->IP = getIP();
$INTERNAL[CALLER_SYSTEM_ID]->FirstActive = time();
$INTERNAL[CALLER_SYSTEM_ID]->VisitorFileSizes = array();
$INTERNAL[CALLER_SYSTEM_ID]->VisitorStaticReload = array();
$isex = !empty($INTERNAL[CALLER_SYSTEM_ID]->Groups) && $GROUPS[$INTERNAL[CALLER_SYSTEM_ID]->Groups[0]]->IsExternal;
$RESPONSE->Login = $INTERNAL[CALLER_SYSTEM_ID]->GetLoginReply($isex, getTimeDifference($_POST[POST_INTERN_CLIENT_TIME]));
}
if (!defined("AUTH_RESULT")) {
define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION);
}
}
define("LIVEZILLA_PATH", "../../");
@set_time_limit(30);
require LIVEZILLA_PATH . "_definitions/definitions.inc.php";
require LIVEZILLA_PATH . "_lib/objects.global.users.inc.php";
require LIVEZILLA_PATH . "_lib/functions.global.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.dynamic.inc.php";
require LIVEZILLA_PATH . "_definitions/definitions.protocol.inc.php";
require LIVEZILLA_PATH . "_lib/functions.internal.inc.php";
require LIVEZILLA_PATH . "_lib/objects.internal.inc.php";
@set_error_handler("handleError");
@error_reporting(E_ALL);
header("Pragma: no-cache");
header("Cache-Control: no-cache, must-revalidate");
header("Keep-Alive: timeout=5, max=100");
initDataProvider();
initData(array("INTERNAL", "INPUTS"));
validate(true);
if (isValidated() && is("CALLER_SYSTEM_ID")) {
if ($INTERNAL[CALLER_SYSTEM_ID]->GetPermission(46) != PERMISSION_NONE) {
require "objects.apiv2.inc.php";
$apiv2 = new ApiV2(isset($_POST["p_json_pretty"]));
if ($apiv2->RunActions() && empty($apiv2->ErrorField) && !empty($apiv2->JSONOutput)) {
exit($apiv2->JSONOutput);
} else {
header("HTTP/1.1 400 Bad Request");
exit("HTTP/1.1 400 Bad Request" . $apiv2->GetErrorCodes());
}
}
}
header("HTTP/1.1 403 Forbidden");
exit("HTTP/1.1 403 Forbidden");
function SetPasswordChangeNeeded($_needed)
{
if (isValidated() || !$_needed) {
$this->PasswordChangeRequest = $_needed;
queryDB(true, "UPDATE `" . DB_PREFIX . DATABASE_OPERATORS . "` SET `password_change_request`='" . ($_needed ? "1" : "0") . "' WHERE `system_id`='" . DBManager::RealEscape($this->SystemId) . "' LIMIT 1;");
}
}
function setConfig($id = 0)
{
global $INTERNAL, $RESPONSE, $STATS, $CONFIG;
administrationLog("setConfig", "", CALLER_SYSTEM_ID);
if (isValidated() && ($INTERNAL[CALLER_SYSTEM_ID]->Level == USER_LEVEL_ADMIN || in_array($CONFIG["gl_host"], $INTERNAL[CALLER_SYSTEM_ID]->WebsitesConfig))) {
if (is("STATS_ACTIVE") && !empty($_POST["p_reset_stats"])) {
$STATS->ResetAll();
}
$int = 0;
$file = ISSUBSITE || $INTERNAL[CALLER_SYSTEM_ID]->Level != USER_LEVEL_ADMIN ? str_replace("config.inc", "config." . SUBSITEHOST . ".inc", FILE_CONFIG) : FILE_CONFIG;
if (DB_CONNECTION && (!ISSUBSITE || file_exists($file))) {
queryDB(true, "UPDATE `" . DB_PREFIX . DATABASE_COMMERCIAL_CHAT_TYPES . "` SET `delete`='1';");
queryDB(true, "DELETE FROM `" . DB_PREFIX . DATABASE_COMMERCIAL_CHAT_LOCALIZATIONS . "`;");
while (!empty($_POST["p_cfg_cct_id_" . $int])) {
$cct = new CommercialChatBillingType($_POST["p_cfg_cct_id_" . $int], $_POST["p_cfg_cct_mnoc_" . $int], $_POST["p_cfg_cct_mtloc_" . $int], $_POST["p_cfg_cct_tae_" . $int], $_POST["p_cfg_cct_tvbo_" . $int], $_POST["p_cfg_cct_svbo_" . $int], $_POST["p_cfg_cct_evbo_" . $int], $_POST["p_cfg_cct_citl_" . $int], $_POST["p_cfg_cct_p_" . $int]);
$cct->Save();
$iint = 0;
while (!empty($_POST["p_cfg_cctli_id_" . $int . "_" . $iint])) {
$cctl = new CommercialChatVoucherLocalization($_POST["p_cfg_cctli_id_" . $int . "_" . $iint], $_POST["p_cfg_cctli_itl_" . $int . "_" . $iint], $_POST["p_cfg_cctli_t_" . $int . "_" . $iint], $_POST["p_cfg_cctli_d_" . $int . "_" . $iint], $_POST["p_cfg_cctli_terms_" . $int . "_" . $iint], $_POST["p_cfg_cctli_emvc_" . $int . "_" . $iint], $_POST["p_cfg_cctli_emvp_" . $int . "_" . $iint], $_POST["p_cfg_cctli_emvu_" . $int . "_" . $iint], $_POST["p_cfg_cctli_exr_" . $int . "_" . $iint]);
$cctl->Save($_POST["p_cfg_cct_id_" . $int]);
$iint++;
}
$int++;
}
$int = 0;
queryDB(true, "DELETE FROM `" . DB_PREFIX . DATABASE_COMMERCIAL_CHAT_PROVIDERS . "`;");
while (!empty($_POST["p_cfg_ccpp_id_" . $int])) {
$ccpp = new CommercialChatPaymentProvider($_POST["p_cfg_ccpp_id_" . $int], $_POST["p_cfg_ccpp_n_" . $int], $_POST["p_cfg_ccpp_a_" . $int], $_POST["p_cfg_ccpp_u_" . $int], $_POST["p_cfg_ccpp_l_" . $int]);
$ccpp->Save();
$int++;
}
$int = 0;
queryDB(true, "DELETE FROM `" . DB_PREFIX . DATABASE_MAILBOXES . "`;");
while (!empty($_POST["p_cfg_es_i_" . $int])) {
$acc = new Mailbox($int, true);
$acc->Save();
$int++;
}
queryDB(true, "DELETE FROM `" . DB_PREFIX . DATABASE_COMMERCIAL_CHAT_TYPES . "` WHERE `delete`='1';");
queryDB(true, "DELETE FROM `" . DB_PREFIX . DATABASE_CONFIG . "`;");
foreach ($_POST as $key => $value) {
if (strpos($key, "p_cfg_g_") === 0) {
$skey = str_replace("p_cfg_g_", "", $key);
$value = base64_decode($value);
queryDB(true, "REPLACE INTO `" . DB_PREFIX . DATABASE_CONFIG . "` (`key`,`value`) VALUES ('" . DBManager::RealEscape($skey) . "','" . DBManager::RealEscape($value) . "');");
}
}
}
if (isset($_POST["p_available"])) {
setAvailability(!empty($_POST["p_available"]));
}
$id = createFile($file, base64_decode($_POST["p_upload_value"]), true);
$int = 1;
$delete = false;
while (isset($_POST["p_int_trans_iso_" . $int]) && strpos($_POST["p_int_trans_iso_" . $int], "..") === false) {
$file = getLocalizationFileString($_POST["p_int_trans_iso_" . $int], false);
if (!isset($_POST["p_int_trans_delete_" . $int])) {
createFile($file, $_POST["p_int_trans_content_" . $int], true);
} else {
$delete = true;
if (file_exists($file)) {
@unlink($file);
}
if (empty($CONFIG["gl_root"])) {
createFile($file, "", true);
}
}
$int++;
}
if (!$delete && (!@file_exists($file) || @file_exists($file) && @filemtime($file) !== false && @filemtime($file) < time() - 10)) {
header("HTTP/1.1 502 Bad Gateway");
exit("HTTP/1.1 502 Bad Gateway");
}
}
removeSSpanFile(true);
setIdle(0);
$RESPONSE->SetStandardResponse($id, "");
}
}
}
}
}
}
}
}
}
}
}
}
}
} else {
$RESPONSE->SetValidationError(AUTH_RESULT);
}
if (isValidated() && !SERVERSETUP) {
if (LOGOFF || LOGIN) {
if (LOGOFF) {
$INTERNAL[CALLER_SYSTEM_ID]->GetExternalObjects();
}
foreach ($INTERNAL[CALLER_SYSTEM_ID]->ExternalChats as $chat) {
$chat->Load();
if ($chat->Members[CALLER_SYSTEM_ID]->Status == 0 && count($chat->Members) <= 1) {
$chat->InternalClose(CALLER_SYSTEM_ID);
} else {
if ($chat->Status == 1 && $chat->Members[CALLER_SYSTEM_ID]->Status != 2) {
$chat->InternalDecline(CALLER_SYSTEM_ID);
} else {
$chat->LeaveChat(CALLER_SYSTEM_ID);
}
}