/**
* Triggered on loc_begin_index
*
* Perform user logout after registration if account locked and redirection to profile page is password renewal is set
*/
function PP_Init()
{
global $conf, $user;
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_PP = unserialize($conf['PasswordPolicy']);
// Perfoming redirection for locked accounts
// -----------------------------------------
if (!is_a_guest() and $user['username'] != "16" and $user['username'] != "18") {
// Perform user logout if user account is locked
if (isset($conf_PP['LOGFAILBLOCK']) and $conf_PP['LOGFAILBLOCK'] == 'true' and PP_UsrBlock_Verif($user['username']) and !is_admin() and !is_webmaster()) {
invalidate_user_cache();
logout_user();
if ($conf['guest_access']) {
redirect(make_index_url() . '?PP_msg=locked', 0);
} else {
redirect(get_root_url() . 'identification.php?PP_msg=locked', 0);
}
}
}
// Performing redirection to profile page for password reset
// ---------------------------------------------------------
if (isset($conf_PP['PWDRESET']) and $conf_PP['PWDRESET'] == 'true') {
$query = '
SELECT user_id, status
FROM ' . USER_INFOS_TABLE . '
WHERE user_id = ' . $user['id'] . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
if ($data['status'] != "webmaster" and $data['status'] != "generic") {
if (PP_check_pwdreset($user['id'])) {
redirect(PHPWG_ROOT_PATH . 'profile.php');
}
}
}
}
/**
* Try to perform a login, perform_login_if_requested will redirect as necessary
*/
public function requestLogin()
{
$logged_out = in('logged_out');
// Logout page redirected to this one, so display the message.
$login_error_message = in('error');
// Error to display after unsuccessful login and redirection.
$is_logged_in = is_logged_in();
$pass = post('pass');
$username_requested = post('user');
if ($logged_out) {
logout_user();
// Perform logout if requested!
} else {
if ($username_requested === null || $pass === null) {
$login_error_message = 'No username or no password specified';
}
}
if (!$login_error_message && !$is_logged_in) {
$login_error_message = self::perform_login_if_requested($username_requested, $pass);
}
if ($login_error_message) {
return new RedirectResponse('/login.php?error=' . url($login_error_message));
} else {
// Successful login, go to the main page
return new RedirectResponse('/');
}
}
function main()
{
// создаем сессию
session_start();
// выполняем выход из системы и перенаправляем пользователя на главную страницу
logout_user();
redirect('./');
}
function logout($echo = false, $redirect = 'index.php')
{
return logout_user($echo, $redirect);
}
public function logout()
{
logout_user();
set_alert('success', 'Successfully logout.');
redirect('account/login');
exit;
}
/**
* Logout user
*/
public function logout()
{
logout_user();
redirect('login');
}
function logout()
{
logout_user();
header("Location: index.php");
}
function logout()
{
logout_user();
$this->wrap(self::STATUS_OK, array("status" => "OK"));
}
public function index()
{
logout_user();
return new RedirectResponse('/logout/loggedout');
}
public function signOutAction()
{
logout_user();
$this->redirect_to(home_root_path_path());
}
/**
* Make account non-operational
*/
public function deleteAccount()
{
$session = SessionFactory::getSession();
$player = new Player(self_char_id());
$self_info = $player->dataWithClan();
$passW = in('passw', null);
$username = $self_info['uname'];
$error = '';
$command = in('command');
$delete_attempts = $session->get('delete_attempts', 0);
$verify = self::is_authentic($username, $passW);
if ($verify && empty($delete_attempts)) {
// only allow account deletion on first attempt
$this->pauseAccount($player->id());
logout_user();
// This may redirect and stuff?
} else {
$session->set('delete_attempts', $delete_attempts + 1);
$error = 'Deleting of account failed, please email ' . SUPPORT_EMAIL;
}
$parts = ['command' => $command, 'error' => $error, 'delete_attempts' => $delete_attempts];
return $this->render($parts);
}
/**
* Triggered on UAM_LoginTasks()
*
* Executes optional post-login tasks for unvalidated users
*
*/
function UAM_USR_ScheduledTasks()
{
global $conf, $user, $page;
if (!defined('PHPWG_ROOT_PATH')) {
die('Hacking attempt!');
}
include_once PHPWG_ROOT_PATH . 'admin/include/functions.php';
$conf_UAM = unserialize($conf['UserAdvManager']);
$collection = array();
$reminder = false;
$page['filtered_users'] = get_unvalid_user_autotasks();
foreach ($page['filtered_users'] as $listed_user) {
array_push($collection, $listed_user['id']);
}
// Unvalidated accounts auto email sending and autodeletion if user already reminded
// ---------------------------------------------------------------------------------
if (isset($conf_UAM['USRAUTO']) and $conf_UAM['USRAUTO'] == 'true') {
if (count($collection) > 0) {
// Process if a non-admin nor webmaster user is logged
// ---------------------------------------------------
if (in_array($user['id'], $collection)) {
// Check ConfirmMail reminder state
// --------------------------------
$query = '
SELECT reminder
FROM ' . USER_CONFIRM_MAIL_TABLE . '
WHERE user_id = ' . $user['id'] . ';';
$result = pwg_db_fetch_assoc(pwg_query($query));
if (isset($result['reminder']) and $result['reminder'] == 'true') {
$reminder = true;
} else {
$reminder = false;
}
// If never reminded before, send reminder and set reminder True
// -------------------------------------------------------------
if (!$reminder and isset($conf_UAM['USRAUTOMAIL']) and $conf_UAM['USRAUTOMAIL'] == 'true') {
$typemail = 1;
// Get current user information
// ----------------------------
$query = '
SELECT id, username, mail_address
FROM ' . USERS_TABLE . '
WHERE id = ' . $user['id'] . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
ResendMail2User($typemail, $user['id'], stripslashes($data['username']), $data['mail_address'], true);
}
// If already reminded before, delete user
// ---------------------------------------
if ($reminder) {
// delete account
delete_user($user['id']);
// Logged-in user cleanup, session destruction and redirected to custom page
// -------------------------------------------------------------------------
invalidate_user_cache();
logout_user();
redirect(make_index_url() . '?UAM_msg=deleted', 0);
}
} else {
foreach ($collection as $user_id) {
// Check reminder state
// --------------------
$query = '
SELECT reminder
FROM ' . USER_CONFIRM_MAIL_TABLE . '
WHERE user_id = ' . $user_id . ';';
$result = pwg_db_fetch_assoc(pwg_query($query));
if (isset($result['reminder']) and $result['reminder'] == 'true') {
$reminder = true;
} else {
$reminder = false;
}
// If never reminded before, send reminder and set reminder True
// -------------------------------------------------------------
if (!$reminder and isset($conf_UAM['USRAUTOMAIL']) and $conf_UAM['USRAUTOMAIL'] == 'true') {
$typemail = 1;
// Get current user information
// ----------------------------
$query = '
SELECT id, username, mail_address
FROM ' . USERS_TABLE . '
WHERE id = ' . $user_id . '
;';
$data = pwg_db_fetch_assoc(pwg_query($query));
ResendMail2User($typemail, $user_id, stripslashes($data['username']), $data['mail_address'], true);
} elseif ($reminder) {
// Delete account
// --------------
delete_user($user_id);
}
}
}
}
}
}
/**
* Validate CSRF token, GET only.
* User will get logged out in case $logout=true and error reporting does not stop script.
*
* @access public
* @param string $token_name (default: 'csrftoken')
* @param bool $logout (default: true)
* @return bool
*/
function validate_csrf_get_token($token_name = 'csrftoken', $logout = true)
{
if ($_SERVER['REQUEST_METHOD'] === 'GET' && count($_GET)) {
if (empty($_GET[$token_name])) {
if ($logout) {
trigger_error('No CSRF GET token found, probable invalid request.', E_USER_ERROR);
logout_user('csrf-get-invalid', 'danger');
}
return false;
}
if ($_GET[$token_name] !== get_token_get_value($token_name)) {
if ($logout) {
trigger_error('Validating the CSRF GET token failed, probable an outdated request.', E_USER_ERROR);
logout_user('csrf-get-failed', 'danger');
}
return false;
}
}
return true;
}
<?php $alive = false; $private = false; $quickstat = false; $page_title = "Log out"; include SERVER_ROOT . "interface/header.php"; logout_user($echo = true, $redirect = false); // From lib_auth (for authenticate) include SERVER_ROOT . "interface/footer.php";
function perform_login_if_requested($is_logged_in, $login_requested, $settings)
{
Request::setTrustedProxies(Constants::$trusted_proxies);
$request = Request::createFromGlobals();
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : null;
// Extract the settings as sent in below.
list($logged_out, $username_requested, $pass, $referrer, $stored_username) = $settings;
// already logged in/login behaviors
if ($logged_out) {
logout_user();
// Perform logout if requested!
$is_logged_in = false;
} elseif (!$is_logged_in) {
// Perform login if they aren't already logged in.
if ($login_requested) {
// Request to login was made.
$login_attempt_info = array('username' => $username_requested, 'user_agent' => $user_agent, 'ip' => $request->getClientIp(), 'successful' => 0, 'additional_info' => $_SERVER);
$logged_in = login_user($username_requested, $pass);
$is_logged_in = $logged_in['success'];
if (!$is_logged_in) {
// Login was attempted, but failed, so display an error.
store_auth_attempt($login_attempt_info);
$login_error_message = $logged_in['login_error'];
redirect("login.php?error=" . url($login_error_message));
} else {
// log a successful login attempt
$login_attempt_info['successful'] = 1;
store_auth_attempt($login_attempt_info);
redirect("/");
// Successful login, go to the main page...
}
}
}
return array($is_logged_in, $logged_out, $referrer, $stored_username);
}
/**
* API method
* Performs a logout
* @param mixed[] $params
*/
function ws_session_logout($params, &$service)
{
if (!is_a_guest()) {
logout_user();
}
return true;
}
$show_user_interface = false;
printEditUserView($datarootpath);
}
//creates a new user
if (isset($_POST['create_user_submit'])) {
if ($_POST['username'] != "") {
create_user($_POST['username'], $_POST['password'], $datarootpath, $secret_word, isset($_POST['can_upload']) && $_POST['can_upload'] ? "true" : "false", isset($_POST['can_delete']) && $_POST['can_delete'] ? "true" : "false", $_POST['allowed_shares']);
}
}
//edits a user
if (isset($_POST['edit_user_submit'])) {
edit_user_submit($datarootpath, $secret_word);
}
//closes the session of a given user
if (isset($_POST['logout_user'])) {
logout_user($datarootpath);
}
//interface for administrators
if ($show_user_interface) {
if ($_GET["path"] == "" or $_GET["path"] == "") {
//user list interface for administrator
showUserListPannel($datarootpath, $canAccessSystemFolder);
} else {
//file viewer interface for administrator
$path = $_GET["path"];
$showFileViewer = true;
echo '<a href="index.php?path="><-- back to user administration </a></br>';
}
}
}
//Normal user handling-----------------------------------------------------------------------------------------------------------------------------------------------------------------------
// | This program is distributed in the hope that it will be useful, but |
// | WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
// | General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to the Free Software |
// | Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, |
// | USA. |
// +-----------------------------------------------------------------------+
// by default we start with guest
$user['id'] = $conf['guest_id'];
if (isset($_COOKIE[session_name()])) {
if (isset($_GET['act']) and $_GET['act'] == 'logout') {
// logout
logout_user();
redirect(get_gallery_home_url());
} elseif (!empty($_SESSION['pwg_uid'])) {
$user['id'] = $_SESSION['pwg_uid'];
}
}
// Now check the auto-login
if ($user['id'] == $conf['guest_id']) {
auto_login();
}
// using Apache authentication override the above user search
if ($conf['apache_authentication']) {
$remote_user = null;
foreach (array('REMOTE_USER', 'REDIRECT_REMOTE_USER') as $server_key) {
if (isset($_SERVER[$server_key])) {
$remote_user = $_SERVER[$server_key];
$page_result_code = SUCCESS_NO_ERROR;
$page_message = "";
$user_name = "";
/*
* Page script logic
*/
session_start();
$page_result_code = check_login_session();
// if a login session exists
if ($page_result_code == SUCCESS_NO_ERROR) {
// get short variable names.
$user_name = $_SESSION['validated_user'];
$page_message = "Welcome " . $user_name . ", this is your account";
// first, check if logout var is set, then if it is 1.
if (isset($_GET["logout"]) == TRUE && $_GET["logout"] == 1) {
$page_result_code = logout_user();
if ($page_result_code == SUCCESS_NO_ERROR) {
$page_message = "successfully logged out";
// redirect to the 'login' page
// REMEMBER:
// header() must be called before any actual output is
// sent, either by normal HTML tags, blank lines in a file, or from PHP.
// plus addressess must be absolute (we need to change this)
header("Location: ../index.php");
} else {
handle_result_code($page_result_code, $page_message);
}
}
} else {
handle_result_code($page_result_code, $page_message);
}
