} /*Some more include defines specific to client only */ define('CLIENTINC_DIR', INCLUDE_DIR . 'client/'); define('OSTCLIENTINC', TRUE); //Check the status of the HelpDesk. if (!is_object($cfg) || !$cfg->getId() || $cfg->isHelpDeskOffline()) { include './offline.php'; exit; } //Forced upgrade? Version mismatch. if (defined('THIS_VERSION') && strcasecmp($cfg->getVersion(), THIS_VERSION)) { die('System is offline for an upgrade.'); exit; } /* include what is needed on client stuff */ require_once INCLUDE_DIR . 'class.client.php'; require_once INCLUDE_DIR . 'class.ticket.php'; require_once INCLUDE_DIR . 'class.dept.php'; //clear some vars $errors = array(); $msg = ''; $thisclient = null; //Make sure the user is valid..before doing anything else. if ($_SESSION['_client']['userID'] && $_SESSION['_client']['key']) { $thisclient = new ClientSession($_SESSION['_client']['userID'], $_SESSION['_client']['key']); } //print_r($_SESSION); //is the user logged in? if ($thisclient && $thisclient->getId() && $thisclient->isValid()) { $thisclient->refreshSession(); }
function signOn($errors = array()) { global $ost; if (!isset($_POST['userid']) || !isset($_POST['token'])) { return false; } elseif (!($_config = new Config('pwreset'))) { return false; } elseif (!($acct = ClientAccount::lookupByUsername($_POST['userid'])) || !$acct->getId() || !($client = new ClientSession(new EndUser($acct->getUser())))) { $errors['msg'] = __('Invalid user-id given'); } elseif (!($id = $_config->get($_POST['token'])) || $id != $client->getId()) { $errors['msg'] = __('Invalid reset token'); } elseif (!($ts = $_config->lastModified($_POST['token'])) && $ost->getConfig()->getPwResetWindow() < time() - strtotime($ts)) { $errors['msg'] = __('Invalid reset token'); } elseif (!$acct->forcePasswdReset()) { $errors['msg'] = __('Unable to reset password'); } else { return $client; } }
$loginmsg = _('Excessive failed login attempts'); $errors['err'] = _('You\'ve reached maximum failed login attempts allowed. Try again later.'); } else { //Timeout is over. //Reset the counter for next round of attempts after the timeout. $_SESSION['_user']['laststrike'] = null; $_SESSION['_user']['strikes'] = 0; } } // Check password if (!$errors && ($thisuser = new ClientSession($_POST['username'])) && $thisuser->check_passwd($_POST['passwd'])) { $_SESSION['_user'] = array(); //clear. $_SESSION['_user']['userID'] = $thisuser->getEmail(); //Email $_SESSION['_user']['key'] = $thisuser->getId(); //Ticket ID --acts as password when used with email. See above. $_SESSION['_user']['token'] = $thisuser->getSessionToken(); $_SESSION['TZ_OFFSET'] = $cfg->getTZoffset(); $_SESSION['daylight'] = $cfg->observeDaylightSaving(); // Update last login $thisuser->update_lastlogin($thisuser->getId()); //Log login info... $msg = sprintf("%s/%s " . _("logged in"), $thisuser->getEmail(), $thisuser->getId()); Sys::log(LOG_DEBUG, 'Client login', $msg, $thisuser->getEmail()); //Redirect tickets.php session_write_close(); session_regenerate_id(); @header("Location: tickets.php"); require_once 'tickets.php'; //Just incase. of header already sent error.
//Forced upgrade? Version mismatch. if (defined('THIS_VERSION') && strcasecmp($cfg->getVersion(), substr(THIS_VERSION, 0, strripos(THIS_VERSION, '.')))) { die(_('System is offline for an upgrade.')); exit; } // include what is needed on user stuff require_once INCLUDE_DIR . 'class.ticket.php'; // clear some vars $errors = array(); $msg = ''; $thisuser = null; // Has got the user a session? Then make sure the user is valid...before doing anything else. if ($_SESSION['_user']['userID'] && $_SESSION['_user']['key']) { if (!$cfg->getUserLogRequired()) { $thisuser = new UserSession($_SESSION['_user']['userID'], $_SESSION['_user']['key']); } else { $thisuser = new ClientSession($_SESSION['_user']['userID'], $_SESSION['_user']['key']); // Block blocked client if (!$thisuser->isactive()) { $errors['err'] = _('Access Disabled. Contact Admin'); $_SESSION['_user'] = array(); session_unset(); session_destroy(); } } } // print_r($_SESSION); // Is the user logged in? if ($thisuser && $thisuser->getId() && $thisuser->isValid()) { $thisuser->refreshSession(); }