/**
* authenticate a username and password
*
* This function takes the given <var>$username</var> and <var>$password</var> and authenticates
* them against the database. The passwords are encrypted using the crypt() function.
* The username is stored in the <var>$_SESSION["pgv_user"]</var> session variable.
* @param string $user_name the username for the user attempting to login
* @param string $password the plain text password to test
* @param boolean $basic true if the userName and password were retrived via Basic HTTP authentication. Defaults to false. At this point, this is only used for logging
* @return the user_id if sucessful, false otherwise
*/
function authenticateUser($user_name, $password, $basic = false)
{
// If we were already logged in, log out first
if (PGV_USER_ID) {
userLogout(PGV_USER_ID);
}
if ($user_id = get_user_id($user_name)) {
$dbpassword = get_user_password($user_id);
if (crypt($password, $dbpassword) == $dbpassword) {
if (get_user_setting($user_id, 'verified') == 'yes' && get_user_setting($user_id, 'verified_by_admin') == 'yes' || get_user_setting($user_id, 'canadmin') == 'Y') {
set_user_setting($user_id, 'loggedin', 'Y');
//-- reset the user's session
$_SESSION = array();
$_SESSION['pgv_user'] = $user_id;
// show that they have logged in with their password
$_SESSION['cookie_login'] = false;
AddToLog(($basic ? "Basic HTTP Authentication" : "Login") . " Successful");
return $user_id;
}
}
}
AddToLog(($basic ? "Basic HTTP Authentication" : "Login") . " Failed ->" . $user_name . "<-");
return false;
}
// MAIN
if (isset($_POST['mode'])) {
$mode = $_POST['mode'];
} elseif (isset($_GET['mode'])) {
$mode = $_GET['mode'];
} else {
$mode = '';
}
$display = '';
$pageBody = '';
if (isset($_POST['cancel'])) {
echo COM_refresh($_CONF['site_url'] . '/index.php');
}
switch ($mode) {
case 'logout':
$pageBody = userLogout();
break;
case 'profile':
case 'user':
$pageBody .= userprofile();
break;
case 'create':
$pageBody .= createuser();
break;
case 'getpassword':
$pageBody .= _userGetpassword();
break;
case 'newpwd':
$pageBody .= _userNewpwd();
break;
case 'setnewpwd':
dbQuery("UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid']));
} else {
dbQuery("INSERT INTO Groups SET Name=?, MonitorIds=?", array($_POST['newGroup']['Name'], $monitors));
}
$refreshParent = true;
$view = 'none';
} elseif ($action == "delete") {
if (isset($_REQUEST['runState'])) {
dbQuery("delete from States where Name=?", array($_REQUEST['runState']));
}
if (isset($_REQUEST['markUids'])) {
foreach ($_REQUEST['markUids'] as $markUid) {
dbQuery("delete from Users where Id = ?", array($markUid));
}
if ($markUid == $user['Id']) {
userLogout();
}
}
if (!empty($_REQUEST['gid'])) {
dbQuery("delete from Groups where Id = ?", array($_REQUEST['gid']));
if (isset($_COOKIE['zmGroup'])) {
if ($_REQUEST['gid'] == $_COOKIE['zmGroup']) {
unset($_COOKIE['zmGroup']);
setcookie("zmGroup", "", time() - 3600 * 24 * 2);
$refreshParent = true;
}
}
}
}
} else {
if (ZM_USER_SELF_EDIT && $action == "user") {
header("Content-type: text/html");
} else {
header("Content-type: text/xml");
}
$connection = connectDb();
$response = "";
logUserAction();
switch ($_REQUEST['command']) {
case "check_login_status":
$response = checkLoginStatus();
break;
case "user_login":
$response = userLogin($_REQUEST['user_name'], $_REQUEST['password']);
break;
case "user_logout":
$response = userLogout();
break;
case "get_comments":
$response = getComments($_REQUEST['url']);
break;
case "new_comment":
$response = newComment($_REQUEST['url'], $_REQUEST['content'], $_REQUEST['parent_id']);
break;
case "rate_comment":
$response = rateComment($_REQUEST['comment_id'], $_REQUEST['up']);
break;
case "register_new_user":
$response = registerNewUser($_REQUEST['user'], $_REQUEST['password'], $_REQUEST['email']);
break;
case "update_page_rating":
$response = updatePageRating($_REQUEST['url'], $_REQUEST['url_parameter'], $_REQUEST['username'], $_REQUEST['title'], $_REQUEST['rating']);
}
//controllers start here
if (isset($_POST['sig_response'])) {
if (function_exists('verifyDuoSign')) {
if (!verifyDuoSign($_POST)) {
$_GET['errorMsg'] = "duoFailed";
}
}
} elseif (!empty($_GET['passlink'])) {
verifyPasscode($_GET['passlink'], 'link');
} elseif (!empty($_POST['passcode'])) {
verifyPasscode($_POST);
} elseif (!empty($_POST['email']) && !empty($_POST['password'])) {
userLogin($_POST);
} elseif (!empty($_GET['logout'])) {
userLogout(true);
} elseif (!empty($_POST['action']) && ($_POST['action'] == 'resetPasswordSendMail' || $_POST['action'] == 'resetPasswordChange')) {
userLoginResetPassword($_POST);
} elseif (!empty($_GET['view']) && $_GET['view'] == 'resetPasswordChange') {
userLoginResetPassword($_GET);
}
//controllers ends here
$min = '.min';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="robots" content="noindex">
<title>InfiniteWP</title>
<link href='https://fonts.googleapis.com/css?family=Droid+Sans:400,700' rel='stylesheet' type='text/css'>
function checkUserLoggedIn()
{
$return = false;
$userCookie = manageCookies::cookieGet('userCookie');
if ($userCookie != '') {
list($userEmail, $userSlat) = explode('||', $userCookie);
$userEmail = filterParameters($userEmail);
if ($userEmail != '' && $userSlat != '') {
$userInfo = DB::getRow("?:users", "userID,email,password", "email = '" . trim($userEmail) . "'");
$GLOBALS['userID'] = $userInfo['userID'];
$GLOBALS['email'] = strtolower($userInfo['email']);
$dbSlat = md5($GLOBALS['email'] . $userInfo['password']);
if ($userSlat == $dbSlat) {
$return = true;
}
}
}
if ($return == false) {
userLogout();
}
return $return;
}
/**
* logged in users
*
* prints a list of other users who are logged in
*/
function print_logged_in_users($block = true, $config = "", $side, $index)
{
global $pgv_lang, $PGV_SESSION_TIME, $TEXT_DIRECTION;
$block = true;
// Always restrict this block's height
// Log out inactive users
foreach (get_idle_users(time() - $PGV_SESSION_TIME) as $user_id => $user_name) {
if ($user_id != PGV_USER_ID) {
userLogout($user_id);
}
}
// List active users
$NumAnonymous = 0;
$loggedusers = array();
foreach (get_logged_in_users() as $user_id => $user_name) {
if (PGV_USER_IS_ADMIN || get_user_setting($user_id, 'visibleonline') == 'Y') {
$loggedusers[$user_id] = $user_name;
} else {
$NumAnonymous++;
}
}
$id = "logged_in_users";
$title = print_help_link("index_loggedin_help", "qm", "", false, true);
$title .= $pgv_lang["users_logged_in"];
$content = "<table width=\"90%\">";
$LoginUsers = count($loggedusers);
if ($LoginUsers == 0 and $NumAnonymous == 0) {
$content .= "<tr><td><b>" . $pgv_lang["no_login_users"] . "</b></td></tr>";
}
$Advisory = "anon_user";
if ($NumAnonymous > 1) {
$Advisory .= "s";
}
if ($NumAnonymous > 0) {
$pgv_lang["global_num1"] = $NumAnonymous;
// Make it visible
$content .= "<tr><td><b>" . print_text($Advisory, 0, 1) . "</b></td></tr>";
}
$Advisory = "login_user";
if ($LoginUsers > 1) {
$Advisory .= "s";
}
if ($LoginUsers > 0) {
$pgv_lang["global_num1"] = $LoginUsers;
// Make it visible
$content .= "<tr><td><b>" . print_text($Advisory, 0, 1) . "</b></td></tr>";
}
if (PGV_USER_ID) {
foreach ($loggedusers as $user_id => $user_name) {
$content .= "<tr><td><br />" . PrintReady(getUserFullName($user_id)) . " - " . $user_name;
if (PGV_USER_ID != $user_id && get_user_setting($user_id, 'contactmethod') != "none") {
$content .= "<br /><a href=\"javascript:;\" onclick=\"return message('" . $user_id . "');\">" . $pgv_lang["message"] . "</a>";
}
$content .= "</td></tr>";
}
}
$content .= "</table>";
global $THEME_DIR;
if ($block) {
require $THEME_DIR . 'templates/block_small_temp.php';
} else {
require $THEME_DIR . 'templates/block_main_temp.php';
}
}
static function _usersLoggedInTotal($type = 'all')
{
global $PGV_SESSION_TIME;
foreach (get_idle_users(time() - $PGV_SESSION_TIME) as $user_id => $user_name) {
if ($user_id != PGV_USER_ID) {
userLogout($user_id);
}
}
$anon = 0;
$visible = 0;
$x = get_logged_in_users();
foreach ($x as $user_id => $user_name) {
if (PGV_USER_IS_ADMIN || get_user_setting($user_id, 'visibleonline') == 'Y') {
$visible++;
} else {
$anon++;
}
}
if ($type == 'anon') {
return $anon;
} elseif ($type == 'visible') {
return $visible;
} else {
return $visible + $anon;
}
}
$pageId = "login";
// Check if the url contains a querystring with a page-part.
$p = null;
if (isset($_GET["p"])) {
$p = $_GET["p"];
}
// Is the action a known action?
$content = null;
$output = null;
if ($p == "login") {
$title = "Logga in";
$content = userLogin();
} else {
if ($p == "logout") {
$title = "Logga ut";
$content = userLogout();
} else {
$title = "Status login / logout";
}
}
?>
<?php
include "incl/header.php";
?>
<div id="content">
<div class="left borderRight width80"">
<?php
if (isset($content)) {
