function ActionHandler()
{
global $Page, $User, $Pass, $Action, $Error, $LoggedIN;
if (!isset($User) && !isset($Pass)) {
return 'login';
}
if (!isset($User) || $User == "") {
$Error = 'Username is not entered.';
return 'login';
}
if (!isset($Pass) || $Pass == "") {
$Error = 'Password is not entered.';
return 'login';
}
if ($LoggedIN != 1 && $Action != 'login') {
return 'login';
}
if ($Action == 'login') {
if ($User == 'demo' && $Pass == 'demo') {
session_register($User);
session_register($Pass);
session_register($LoggedIN);
$LoggedIN = 1;
return 'main';
}
$Error = 'Username or Password Incorrect';
return 'login';
}
if (!is_set($Page)) {
return 'login';
}
}
function InitSessionVar()
{
if (!array_key_exists('preloaded', $_SESSION) || !is_array($_SESSION['preloaded'])) {
session_register('preloaded');
$_SESSION['preloaded'] = array();
}
}
function checkinput()
{
include "conn/conn.php";
$sql = mysql_query("select * from tb_user where name='" . $this->name . "'", $conn);
$info = mysql_fetch_array($sql);
if ($info == false) {
echo "<script language='javascript'>alert('不存在此用户!');history.back();</script>";
exit;
} else {
if ($info[dongjie] == 1) {
echo "<script language='javascript'>alert('该用户已经被冻结!');history.back();</script>";
exit;
}
if ($info[pwd] == $this->pwd) {
session_start();
$_SESSION[username] = $info[name];
session_register("producelist");
$producelist = "";
session_register("quatity");
$quatity = "";
header("location:index.php");
exit;
} else {
echo "<script language='javascript'>alert('密码输入错误!');history.back();</script>";
exit;
}
}
}
function check_admin_login($login_arr)
{
$login_arr = add_slashes($login_arr);
$username = $login_arr[username];
$password = sha1(SALT_VAR . $login_arr[password]);
$roleid = $login_arr[roleid];
// $qry = "select * from admin where username='******' and password='******'";
// $row = mysql_query($qry);
$row = single_row(ADMIN, "*", "roleid='" . $roleid . "' and`username`='" . $username . "' and `password`='" . $password . "'", "id", "desc", "", false);
if ($row != false) {
session_register($_SESSION[Adm_UserId]);
session_register($_SESSION[Adm_RoleId]);
session_register($_SESSION[Adm_Email]);
session_register($_SESSION[Adm_UserNm]);
session_register($_SESSION[Adm_Fname]);
session_register($_SESSION[Adm_Lname]);
$_SESSION[Adm_UserId] = $row[id];
$_SESSION[Adm_RoleId] = $row[roleid];
$_SESSION[Adm_Email] = $row[email];
$_SESSION[Adm_UserNm] = $row[username];
$_SESSION[Adm_Fname] = $row[fname];
$_SESSION[Adm_Lname] = $row[lname];
return true;
} else {
return false;
}
}
function __construct($new = false)
{
if ($new) {
$sessID = isset($_COOKIE['sessID']) ? $_COOKIE['sessID'] : '';
if ($sessID) {
session_id($sessID);
session_start();
if (array_key_exists('userId', $_SESSION) && $_SESSION['userId'] > -1) {
$this->id = $_SESSION['userId'];
$this->load();
} else {
$this->id = -1;
}
} else {
mt_srand((double) microtime() * 100000);
$sessID = md5(uniqid(mt_rand()));
setcookie('sessID', $sessID, time() + 6 * 3600, '/');
session_id($sessID);
session_name($sessID);
@session_start();
session_register('userId', 'userTime');
$_SESSION['userId'] = -1;
$this->id = -1;
$_SESSION['userTime'] = time();
}
$this->sessionId = $sessID;
}
}
function bayesspam_init()
{
if (isset($_SESSION['username'])) {
if ($GLOBALS['bayes_granularity'] == 'user') {
$GLOBALS['bayes_username'] = addslashes(preg_replace('/' . $GLOBALS['bayes_domain_seperator'] . '/', '!', $_SESSION['username']));
} elseif ($GLOBALS['bayes_granularity'] == 'domain') {
$GLOBALS['bayes_username'] = addslashes(preg_replace('/^.+' . $GLOBALS['bayes_domain_seperator'] . '/', '', $_SESSION['username']));
} else {
$GLOBALS['bayes_username'] = '******';
}
}
$GLOBALS['bayesdbhandle'] = DB::connect($GLOBALS['bayesdbtype'] . '://' . $GLOBALS['bayesdbuser'] . ':' . $GLOBALS['bayesdbpass'] . '@' . $GLOBALS['bayesdbhost'] . ':' . $GLOBALS['bayesdbport'] . '/' . $GLOBALS['bayesdbname'], 1);
if (DB::isError($GLOBALS['bayesdbhandle'])) {
if ($GLOBALS['bayes_show_db_error']) {
bindtextdomain('bayesspam', SM_PATH . 'plugins/bayesspam/locale');
textdomain('bayesspam');
echo $GLOBALS['bayesdbhandle']->getDebugInfo() . "<BR>";
echo _("BayesSpam improperly configured. Check DB Information.");
bindtextdomain('squirrelmail', SM_PATH . 'locale');
textdomain('squirrelmail');
}
$GLOBALS['bayesdbhandle'] = null;
} else {
$GLOBALS['bayesdbhandle']->setFetchMode(DB_FETCHMODE_ASSOC);
}
if ($GLOBALS['bayesdbhandle'] == null) {
return;
}
if (!isset($_SESSION['bayesspam_corpus'])) {
session_register('bayesspam_corpus');
}
}
function doLogin($usu_login, $usu_senha)
{
$db = new db("../config.php");
$json = new Services_JSON();
$db->executa($db->getJoinRecord("funcionarios", "fun_nome='{$usu_login}' and fun_senha='{$usu_senha}'", '', 0), true, "user");
if ($db->num_rows == 1) {
$id = $db->user["usu_id"];
$login = $db->user["usu_login"];
$itens = array("usu_id" => $id, "usu_login" => $login, "status" => 1);
$str = $json->encode($itens);
session_register("usu_nome");
session_register("usu_id");
$_SESSION["usu_modulo"] = 0;
$_SESSION["usu_nome"] = $db->user["fun_nome"];
$_SESSION["usu_id"] = $db->user["fun_id"];
$_SESSION["sis_exerc"] = $exercicio;
$_SESSION["usu_grpid"] = $grp_id;
$_SESSION["bgcolor"] = "#EAE5DA";
$_SESSION["dtatend"] = date("d/m/Y");
if (isset($_SERVER["HTTP_X_FORWARDED_FOR"])) {
$ip = $_SERVER["HTTP_X_FORWARDED_FOR"];
} else {
$ip = $HTTP_SERVER_VARS['REMOTE_ADDR'];
}
} else {
$itens = array("usu_id" => '', "usu_login" => $_GET["usu_login"], "status" => 2);
$str = $json->encode($itens);
}
return $str;
}
function pyphp_session_add($key, $val)
{
# $_SESSION[$key]=$val;
# php 4.1 workaround
$GLOBALS[$key] = $val;
session_register($key);
}
function olc_session_register($variable)
{
global $session_started;
if ($session_started == true) {
return session_register($variable);
}
}
function createImage()
{
// Delete Old File
if (is_file(@$_SESSION['stringcode'] . "gif")) {
@unlink(@$_SESSION['old_file_code'] . "gif");
}
// Creates the images, writes the file
$fileRand = $_REQUEST["PHPSESSID"];
$string_a = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "x", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9");
$keys = array_rand($string_a, 6);
foreach ($keys as $n => $v) {
$string .= $string_a[$v];
}
session_register("stringcode");
@($_SESSION['stringcode'] = $string);
//$backgroundimage = "security/bg_im.gif";
//$im=imagecreatefromgif($backgroundimage);
//$colour = imagecolorallocate($im, rand(0,0), rand(0,0), rand(0,0));
//$font = 'security/arial.ttf';
//$angle = rand(0,0);
// Add the text
//imagefttext(
//imagettftext($im, 11, $angle,14, 17, $colour, $font, $string);
//$outfile= "security/$fileRand.gif";
//imagegif($im,$outfile);
return $string;
}
function loginUser()
{
$this->userInfo = new userInfo();
$this->userInfo->setUsername(isset($_POST['username']) ? $_POST['username'] : '');
if (isset($_POST['password']) && !empty($_POST['password'])) {
$this->userInfo->setPassword($this->users->common->data_encrypt($_POST['password']));
} else {
$this->userInfo->setPassword('');
}
$this->userInfo->setStatus(1);
$this->userInfo->setUsertype(1);
$this->users->setUserinfo($this->userInfo);
if ($this->validate()) {
$result = $this->users->loginUser();
if (isset($result) && !empty($result)) {
//if(!isset($_SESSION['session_userid']) || empty($_SESSION['session_userid'])) session_destroy();
$this->msg = 'Login Successfully!';
session_register('session_userid');
$_SESSION['session_userid'] = $result;
$this->users->updateLastAccess($result, date('Y-m-d H:i:s'));
$this->users->common->redirect('dashboard.php');
} else {
$this->msg = "Invalid username or password.";
}
} else {
$this->msg = 'Validation invalid';
}
}
function authenticate()
{
$username = trim($_POST["username"]);
$password = trim($_POST["password"]);
$captcha = trim($_POST["captcha"]);
if ($username == '' || $password == '' || $captcha == '') {
set_login_error("Any emtpy field is not allowed");
} else {
include_once "/var/www/includes/captch_code.php";
if (check_code($captcha)) {
$cr = new crypto();
$password = $cr->one_way_crypt($password);
$u = new user();
if ($u->validate_user($username, $password)) {
$session = new user_session();
setcookie('app_session_id', $session->create_session_id($u->get_uid(), $u->get_uname(), $u->get_email()));
session_register($username);
header("Location: /challenges.php");
} else {
set_login_error("Authentication Failed");
}
} else {
set_login_error("Invalid Captcha");
}
}
}
function chkinput()
{
if (strval($this->xym) != $_SESSION["autonum1"]) {
echo "<script>alert('验证码输入错误!');history.go(-1);</script>";
exit;
}
include_once "conn/conn.php";
$sql = mysql_query("select usernc from tb_user where usernc='" . $this->usernc . "'", $conn);
$info = mysql_fetch_array($sql);
if ($info == false) {
echo "<script>alert('对不起,不存在该用户!');history.back();</script>";
exit;
} else {
$sql = mysql_query("select usernc from tb_user where usernc='" . $this->usernc . "' and pwd='" . $this->userpwd . "'", $conn);
$info = mysql_fetch_array($sql);
if ($info == false) {
echo "<script>alert('对不起,密码输入错误!');history.back();</script>";
exit;
} else {
//date_default_timezone_set("Asia/Hong_Kong");
$lastlogintime = date("Y-m-j H:i:s");
mysql_query("update tb_user set lastlogintime='" . $lastlogintime . "',logintimes=logintimes+1 where usernc='" . $this->usernc . "'", $conn);
if ($_SESSION["unc"] != "") {
session_unregister("unc");
}
session_register("unc");
$_SESSION["unc"] = $this->usernc;
echo "<script>alert('登录成功!');history.back();</script>";
}
}
mysql_close($conn);
}
function set_session($session_name, $value)
{
if (PHP_VERSION < '5.3.0') {
session_register($session_name);
}
${$session_name} = $_SESSION["{$session_name}"] = $value;
}
public function testSessionUnregister()
{
session_register("TESTES_#3");
$this->assertTrue(session_is_registered("TESTES_#3"));
session_unregister("TESTES_#3");
$this->assertFalse(session_is_registered("TESTES_#3"));
}
function check_input()
{
if (strval($this->tb_validate) != $_SESSION["validate1"]) {
echo "<script>alert('验证码输入错误!');history.go(-1);</script>";
exit;
}
include_once "conn/conn.php";
$sql = mysql_query("select tb_forum_user from tb_forum_user where tb_forum_type=2 and tb_forum_user='******'", $conn);
$info = mysql_fetch_array($sql);
if ($info == false) {
echo "<script>alert('对不起,不存在该用户!');history.back();</script>";
exit;
} else {
$sql = mysql_query("select tb_forum_user from tb_forum_user where tb_forum_type=2 and tb_forum_user='******' and tb_forum_pass='******'", $conn);
$info = mysql_fetch_array($sql);
if ($info == false) {
echo "<script>alert('对不起,密码输入错误!');history.back();</script>";
exit;
} else {
if ($_SESSION["admin_user"] != "") {
session_unregister("admin_user");
}
session_register("admin_user");
$_SESSION["admin_user"] = $this->tb_user;
echo "<script>alert('登录成功!');window.location.href='index.php';</script>";
}
}
mysql_close($conn);
}
function registerTierVisitor($aId, $aUrl)
{
$uid = md5(uniqid(rand(0, 9999999), true));
setcookie("txp", "{$uid}", mktime(0, 0, 0, 1, 1, 2020), "/", "{$aUrl}", 0);
session_start();
session_register("txp");
return $uid;
}
function registerSession($id)
{
session_start();
$user = $this->users[$id];
$_SESSION[$this->sessionName] = array("ID" => session_id(), "username" => md5($user['username']), "password" => md5($user['password']), "user_id" => $id);
session_register($sessionName);
return true;
}
function clear_allocations()
{
if (isset($_SESSION['alloc'])) {
unset($_SESSION['alloc']->allocs);
unset($_SESSION['alloc']);
}
session_register('alloc');
}
function set_session($param_name, $param_value)
{
global ${$param_name};
if (session_is_registered($param_name)) {
session_unregister($param_name);
}
${$param_name} = $param_value;
session_register($param_name);
}
function tep_session_register($variable)
{
global $session_started;
if ($session_started == true) {
return session_register($variable);
} else {
return false;
}
}
function putReadCount($tbl, $uid, $cookie, $how)
{
global $DB_CONNECT, $HTTP_SESSION_VARS;
if (!strstr($cookie, $tbl . '_' . $uid . '_') || $how) {
db_query("UPDATE kimsbod7_" . $tbl . "_dat SET BB_HIT=BB_HIT+1 WHERE BB_UID='" . $uid . "'", $DB_CONNECT);
$kimsboard7_view = $tbl . "_" . $uid . "_;" . $HTTP_SESSION_VARS[kimsboard7_view];
session_register(kimsboard7_view);
}
}
/**
* Set a session var
*
* @param string $name The nam of the session var
* @param mixed $value The var
* @return bool
*/
function set($name, $value)
{
if (empty($name)) {
return false;
}
$_SESSION[$name] = $value;
session_register($name);
return true;
}
function addSession($field, $class, $message, $type = '')
{
global $messageToStack;
if (!session_is_registered('messageToStack')) {
session_register('messageToStack');
$messageToStack = array();
}
$messageToStack[] = array('field' => $field, 'class' => $class, 'text' => $message, 'type' => $type);
}
public function login($username = NULL, $password = NULL)
{
$result = $this->objUser->getWhere('user', array('username' => $username, 'password' => md5($password)))->num_rows();
if ($result < 1) {
print 'Error : Username or password invalid';
exit;
} else {
session_register('username', $username);
header('Location:../view/admin.php');
}
}
function account_session_start($userid, $passwd)
{
global $user;
if ($userid && $passwd) {
$user = new User($userid, $passwd);
}
if ($user->id) {
session_register("user");
}
watchdog("message", $user->id ? "session opened for user '{$user->userid}'" : "failed login for user `{$userid}'");
}
public function RegSession_Register()
{
/*---------- for session register-----------*/
session_register('valid');
session_register('LoginId');
session_register('EmailId');
session_register('ProfileId');
session_register('Gender');
session_register('ProfileStatus');
session_register('lng');
session_register('rel');
}
function actionPerform(&$skin, $moduleID)
{
$displayForm = false;
$usernameError = '';
$passwordError = '';
if (isset($_POST["event"]) && $_POST["event"] == 'login') {
//Check username and password.
//Inorder to avoid sql injection attacks both
//should contains characters form a to z and/or numbers only
if (isset($_POST["username"]) && !$skin->main->checkString('[^a-zA-Z0-9]', $_POST["username"])) {
$usernameError = "Username must contains numbers and/or character from a to z only";
$displayForm = true;
}
if (isset($_POST["passwd"]) && !$skin->main->checkString('[^a-zA-Z0-9]', $_POST["passwd"])) {
$passwordError = "Password must contains numbers and/or character from a to z only";
$displayForm = true;
}
if (isset($_POST["passwd"]) && $_POST["passwd"] == '') {
$passwordError = "Password can not be empty!";
$displayForm = true;
}
if (isset($_POST["username"]) && $_POST["username"] == '') {
$passwordError = "Username can not be empty!";
$displayForm = true;
}
if (!$displayForm) {
$query = "SELECT * FROM {$skin->main->databaseTablePrefix}users WHERE is_active=1 AND username="******"username"]) . " AND password='******'";
$recordSet = $skin->main->databaseConnection->Execute($query);
//Check for error, if an error occured then report that error
if (!$recordSet) {
trigger_error("Unable to check user authentication\nreason is : " . $skin->main->databaseConnection->ErrorMsg());
$displayForm = true;
} else {
if ($skin->main->databaseConnection->Affected_Rows() == 1) {
session_register('username');
$_SESSION["username"] = $_POST["username"];
$skin->main->eventHandler->fireEvent("login_succeed", $_POST["username"]);
$skin->main->selectedTab = $skin->main->getInitialTab();
$skin->main->userGroup = $skin->main->getUserGroup();
$skin->main->revalidate = TRUE;
} else {
$skin->main->eventHandler->fireEvent("login_fail", $_POST["username"]);
$displayForm = true;
}
}
}
} else {
$displayForm = true;
}
//Assign codeBehind variables
$skin->main->controlVariables["login"] = array('displayForm' => $displayForm, 'usernameError' => $usernameError, 'passwordError' => $passwordError);
}
function openid_authenticate() {
global $openid_response;
global $db;
if($_REQUEST[openid_id]) {
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
// create file storage area for OpenID data
$store = new Auth_OpenID_FileStore('./oid_store');
// create OpenID consumer
$consumer = new Auth_OpenID_Consumer($store);
// begin sign-in process
// create an authentication request to the OpenID provider
$auth = $consumer->begin($_REQUEST['openid_id']);
if (!$auth) {
die("ERROR: Please enter a valid OpenID.");
}
// redirect to OpenID provider for authentication
$_SESSION[openid_saveurl]=$_SERVER[REQUEST_URI];
$url = $auth->redirectURL("http://$_SERVER[HTTP_HOST]$web_path", "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]");
header('Location: ' . $url);
}
elseif($_REQUEST[openid_identity]) {
// include files
require_once "Auth/OpenID/Consumer.php";
require_once "Auth/OpenID/FileStore.php";
// create file storage area for OpenID data
$store = new Auth_OpenID_FileStore('./oid_store');
// create OpenID consumer
// read response from OpenID provider
$consumer = new Auth_OpenID_Consumer($store);
$openid_response = $consumer->complete("http://$_SERVER[HTTP_HOST]$_SESSION[openid_saveurl]");
// set session variable depending on authentication result
if ($openid_response->status == Auth_OpenID_SUCCESS) {
$_SESSION[current_user]=get_user($_REQUEST[openid_identity]);
session_register("current_user");
$db->query("insert or replace into openid_user values ( '$_REQUEST[openid_identity]' )");
} else {
print "OpenID-Authentication failed";
print_r($openid_response);
}
header("Location: http://$_SERVER[HTTP_HOST]$_SESSION[openid_saveurl]");
}
}
function allowentry($account, $password)
{
include "./connect.php";
$sql = "SELECT account, password, level FROM tb_users WHERE account = '" . $account . "' and password='******'";
$result = mysql_query($sql);
$rows = mysql_num_rows($result);
while ($col = mysql_fetch_row($result)) {
if ($col[2] == 1) {
session_register("super");
}
}
return $rows == 1;
}
