/**
* Display a response in the main template
* @param string $text - text to show
* @return string - total output including main template output
*/
protected function response($text)
{
$contentMain["content"] = "<br /><br /><p>{$this->session->t($text)}</p>";
$tpl = $this->tpl($contentMain);
$tpl->ne('content');
return $tpl->output();
}
public static function select($what, $tblName, $attributes, $values)
{
$n = count($attributes);
$sql = "SELECT " . $what . " FROM " . $tblName;
if ($n != 0) {
$sql .= " WHERE ";
}
for ($i = 0; $i < $n; $i++) {
$sql .= $attributes[$i] . " = " . "'" . Protect::noSqlInjection($values[$i]) . "'" . ($i == $n - 1 ? "" : " AND ");
}
return $sql;
}
function GUI_Page($title, $scroll = FALSE, $additional_stylesheet = "")
{
// check on meeting password
$pass = new Protect();
if ($pass->isRestricted($_COOKIE['meeting_id'])) {
if (!$pass->isLoggedIn($_COOKIE['meeting_id'])) {
// user not logged in -> only speaker access
if (!in_array($title, $GLOBALS['cfgOpenPages'])) {
?>
<script type="text/javascript">
parent.location.href = 'index.php?arg=admin';
</script>
<?php
}
}
}
$this->title = $title;
$this->scroll = $scroll;
$this->stylesheet = "stylesheet.css";
$this->additional_stylesheet = $additional_stylesheet;
$this->printHTMLHeader();
}
/**
* Configue the main template
* @param array $contentMain - template content data
* @return Template
*/
public function tpl($contentMain)
{
// configure main template
$this->ssp->pageTitleAdd("User admin");
if (isset($contentMain["title"])) {
$this->ssp->pageTitleAdd($contentMain["title"]);
}
$url = $_SERVER['REQUEST_URI'];
$menu = new MenuGen();
$menu->add($this->cfg->userLister . '/filterChange', $this->session->t("Modify Search"), $url === '/sspadmin/filterChange');
if ($this->cfg->adminCheck) {
if (!($this->filter->userAdminPending == 1 and $this->filter->creationFinished == 1)) {
$menu->add($this->cfg->userLister . '/filterAdminPending', $this->session->t("List Admin Pending"), $url === '/sspadmin/filterAdminPending');
}
}
$menu->add($this->cfg->userLister . '/filterNormal', $this->session->t("Defualt Listing"), $url === '/sspadmin/filterNormal');
$menu->add('userlisterhelp.php', $this->session->t("Help"));
$menu->sv("target=help");
$contentMain["menu"] = $menu->cMenu();
$tpl = $this->ssp->tpl($contentMain);
return $tpl;
}
*
* Project: SSP - Example scripts
* Routine: example2.php
* Created: 28/03/2008
* Descrip: Example 2 of protection scripts. Allows botth user and admin users in.
*
* Revision: a
* Rev. Date 28/03/2008
* Descrip: Created.
*/
// include the libraries
namespace w34u\ssp;
require "../../sspadmin/includeheader.php";
// start the session and protect the page against non user level users
$session = new Protect("user");
// everything beyond this point only accessible to the admin and user level users
echo "user name " . $session->userName . "<br />";
echo "user access level " . $session->userAccessLevel . "<br />";
echo "user email " . $session->userEmail . "<br />";
echo "user ID " . $session->userId . "<br />";
echo "logged in " . ($session->loggedIn ? "true" : "false") . "<br />";
echo "admin " . ($session->admin ? "true" : "false") . "<br />";
echo "session token " . $session->sessionToken . "<br />";
echo "<br >";
if ($session->isAccess("user")) {
echo "User or Above<br />";
}
if ($session->isAccess("admin")) {
echo "Admin or above level user<br />";
}
$arg = "";
if (isset($_POST['arg'])) {
$arg = $_POST['arg'];
}
$redirect = "";
if (isset($_GET['redirect'])) {
$redirect = $_GET['redirect'];
} elseif (isset($_POST['redirect'])) {
$redirect = $_POST['redirect'];
}
$error = false;
//
// do login
//
if ($arg == "login") {
$p = new Protect();
$res = $p->login($_COOKIE['meeting_id'], $_POST['password']);
if ($res) {
$redirect = isset($_POST['redirect']) && trim($_POST['redirect']) != '' ? $_POST['redirect'] : 'admin';
header("Location: " . $redirect . ".php");
exit;
} else {
$error = true;
}
}
$page = new GUI_Page('login');
$page->startPage();
$page->printPageTitle($strLoginToMeeting . ": " . $_COOKIE['meeting']);
?>
<br>
* ---------
*
*******************/
$noMeetingCheck = true;
require './lib/cl_gui_menulist.lib.php';
require './lib/cl_gui_page.lib.php';
include './lib/cl_gui_select.lib.php';
include './lib/cl_protect.lib.php';
require './lib/cl_http_data.lib.php';
require './lib/common.lib.php';
if (AA_connectToDB() == FALSE) {
// invalid DB connection
return;
}
if ($_POST['arg'] == "set_password") {
$p = new Protect();
if (!empty($_POST['password'])) {
$p->secureMeeting($_COOKIE['meeting_id'], $_POST['password']);
}
}
$res_srv_lg = '';
if (isset($_POST['arg']) && $_POST['arg'] == 'login_srv') {
if (md5($_POST['username']) == $cfgSrvHashU && md5($_POST['password']) == $cfgSrvHashP) {
$_SESSION['login_srv'] = array('username' => $cfgSrvHashU, 'password' => $cfgSrvHashP);
header('Location: admin_service.php');
exit;
} else {
$res_srv_lg = 'error';
}
}
if (isset($_SESSION['login_srv']) && $_SESSION['login_srv']['username'] == $cfgSrvHashU && $_SESSION['login_srv']['password'] == $cfgSrvHashP) {
public function __construct()
{
$this->generateDSN();
$this->checkProperties();
// build paths to scripts
$this->pathSite = "http://" . $this->url . "/";
$this->pathSiteHttps = "https://" . $this->url . "/";
// set mutibyte encoding
mb_internal_encoding($this->siteEncoding);
if ($this->useSSL) {
// absolute path for ssl
$this->adminDir = $this->pathSiteHttps . $this->adminDir;
$path = $this->pathSiteHttps;
} else {
$this->adminDir = $this->pathSite . $this->adminDir;
$path = $this->pathSite;
}
$this->logonScript = $path . $this->logonScript;
$this->logoffScript = $path . $this->logoffScript;
$this->passwordRecover = $path . $this->passwordRecover;
$this->newPassword = $path . $this->newPassword;
$this->userAdminScript = $path . $this->userAdminScript;
$this->totalAdminScript = $path . $this->totalAdminScript;
$this->userCreation = $path . $this->userCreation;
$this->userConfirm = $path . $this->userConfirm;
$this->userLister = $path . $this->userLister;
// configure debug
if ($this->checkDebugIp) {
if (SSP_paddIp($this->debugIP) === SSP_paddIp($_SERVER['REMOTE_ADDR'])) {
$debug = true;
} else {
$debug = false;
}
} else {
$debug = true;
}
$this->loginDebug = $this->loginDebug and $debug;
$this->accessFaultDebug = $this->accessFaultDebug and $debug;
$this->divertDebug = $this->divertDebug and $debug;
$this->displaySqlFaults = $this->displaySqlFaults and $debug;
date_default_timezone_set($this->siteTimezoneIdentifier);
Protect::setTemplatePath(__DIR__ . $this->templateDir);
// Translation configuration
if ($this->translate) {
// basic language setup
// start debug mode
if ($this->translateDebug) {
Translate::debug();
}
// configure language translation object
$SSP_lang = new Translate($this->lang, $this->translateLangs, __DIR__ . $this->translatePath);
CheckData::addTranslation($SSP_lang);
sfc\Form::addTranslation($SSP_lang);
Protect::addTranslation($SSP_lang);
}
// set up pages not to be included in the history
ProtectBase::addNoHistoryPage($this->logonScript);
ProtectBase::addNoHistoryPage($this->logoffScript);
ProtectBase::addNoHistoryPage($this->passwordRecover);
ProtectBase::addNoHistoryPage($this->userConfirm);
ProtectBase::addNoHistoryPage($this->newPassword);
ProtectBase::addNoHistoryPage($this->userCreation);
/**
* Set up PHP initialisation parameters
*
* These can be ignored and set up in the php.ini if you have access
*
* if you need to change the parameters from the default,
* simply uncomment the line and change the required paramater.
*/
// specifies the name of the session which is used as cookie name. It should only contain alphanumeric characters.
ini_set("session.name", $this->sessVarName);
// defines the name of the handler which is used for storing and retrieving data associated with a session.
// files - uses inbuilt php routines, only good for unix systems with small numbers of users
// user - database using abstraction layer.
ini_set("session.save_handler", "user");
// specifies the number of seconds after which a session will be seen as 'garbage' and cleaned up. Will also clean up any other temporary tables.
ini_set("session.gc_maxlifetime", $this->sessMaxLifetime);
// 1440 = 24 minutes
// defines the argument which is passed to the save handler. If you choose the default files handler, this is the path where the files are created. Put in directory your system can access, but not a user with a browser.
ini_set("session.save_path", "/usr/local/tmp");
// specifies the probability that the gc (garbage collection) routine is started on each request in percentage. You might want to lower this for busy sites.
ini_set("session.gc_probability", "10");
// defines the name of the handler which is used to serialize/deserialize data. Currently, a PHP internal format (name php) and WDDX is supported (name wddx). WDDX is only available, if PHP is compiled with WDDX support. Defaults to php.
// ini_set("session.serialize_handler","php");
// the lifetime of the cookie in seconds which is sent to the browser. The value 0 means "until the browser is closed."
// ini_set("session.cookie_lifetime","0");
// specifies path to set in session_cookie.
ini_set("session.cookie_path", $this->cookiePath);
// specifies the domain to set in session_cookie.
ini_set("session.cookie_domain", $this->cookieDomain);
if ($this->useSSL) {
ini_set("session.cookie_secure", 1);
ini_set('session.cookie_httponly', 1);
}
}
<td><?php
echo $strProtectMeetingInfo;
?>
</td>
</tr>
<tr class='even'>
<form name="meetingpw" method="post" action="admin.php" onsubmit="return checkForm();">
<input type="hidden" name="arg" value="set_password">
<td>
<input type="password" name="password" size="30"/>
<input type="submit" value="<?php
echo $strSetPassword;
?>
"/>
<?php
$p = new Protect();
if ($p->isRestricted($_COOKIE['meeting_id'])) {
?>
<br/><br/><input type="button" value="<?php
echo $strDeletePassword;
?>
" onclick="removePassword()">
<?php
}
?>
</td>
</form>
</tr>
</table>
</td>
</tr>
setcookie("language_trans", $cfgLanguage[$_GET['lang']]['file'], time() + $cfgCookieExpires);
setcookie("language_doc", $cfgLanguage[$_GET['lang']]['doc'], time() + $cfgCookieExpires);
setcookie("language", $cfgLanguage[$_GET['lang']]['short'], time() + $cfgCookieExpires);
// update current cookies
$_COOKIE['language_trans'] = $cfgLanguage[$_GET['lang']]['file'];
$_COOKIE['language_doc'] = $cfgLanguage[$_GET['lang']]['doc'];
$_COOKIE['language'] = $cfgLanguage[$_GET['lang']]['short'];
// load new language files
include $_COOKIE['language_trans'];
$cfgURLDocumentation = $_COOKIE['language_doc'];
$arg = 'admin';
}
// check on meeting password
$redirect = "";
$redirect2 = "";
$pass = new Protect();
if ($pass->isRestricted($_COOKIE['meeting_id'])) {
if (!$pass->isLoggedIn($_COOKIE['meeting_id'])) {
// user not logged in -> only speaker access
if (!in_array($arg, $cfgOpenPages)) {
$redirect = "?redirect={$arg}";
$redirect2 = "&redirect={$arg}";
$arg = "login";
}
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
include './lib/cl_gui_select.lib.php';
include './lib/cl_protect.lib.php';
require './lib/cl_http_data.lib.php';
require './lib/common.lib.php';
if (AA_connectToDB() == FALSE) {
// invalid DB connection
return;
}
if ($_POST['arg'] == "set_password") {
$p = new Protect();
if (!empty($_POST['password'])) {
$p->secureMeeting($_COOKIE['meeting_id'], $_POST['password']);
}
}
if ($_POST['arg'] == "del_password") {
$p = new Protect();
$p->unsecureMeeting($_COOKIE['meeting_id']);
}
//
// Display administration
//
$page = new GUI_Page('admin');
$page->startPage();
$page->printPageTitle($strAdministration . ' - ' . $strVersionCheck);
$menu = new GUI_Menulist();
$menu->addButton('admin.php', $strBack, '_self');
$menu->printMenu();
?>
<p/>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
/**
* creates a template for admin page displays
* @param array $contentMain the pages content
* @param string $tpl alternative template name
* @param bool $createMenu create the main menu
* @param bool $suppressLangSelect - suppress the language selection dropdown
* @return Template main template
*/
function tpl($contentMain, $tpl = "", $createMenu = true, $suppressLangSelect = false)
{
// default to the main template if not other template not supplied
if ($tpl != "") {
$template = $tpl;
} else {
$template = $this->template;
}
// if the content suppied is just a string use it as the page title
if (is_string($contentMain)) {
$temp = $contentMain;
$contentMain = array();
$contentMain["title"] = $temp;
}
// build the page title from the supplied segments
if (count($this->pageTitleSegments)) {
if ($this->session->isTranslate()) {
foreach ($this->pageTitleSegments as $key => $titlePart) {
$this->pageTitleSegments[$key] = $this->session->t($titlePart);
}
}
$contentMain["title"] = $this->session->t($this->cfg->siteName) . $this->pageTitleSeperator . implode($this->pageTitleSeperator, $this->pageTitleSegments);
} else {
$contentMain["title"] = $this->session->t($this->cfg->siteName);
}
// add paths to various useful areas
$contentMain["pathSite"] = $this->cfg->pathSite;
$contentMain["pathAdmin"] = $this->cfg->adminDir;
// create the language selection
if ($this->cfg->translate and !$suppressLangSelect) {
$formTemplate = array('<form action="{formAction}" method="post" id="languageSelectionform">', '{languageDropdown}', '{formHidden}', '</form>');
$form = new sfc\Form(SSP_Path(true), 'notable', 'languageSelect');
$form->translateDisable = true;
$form->checkToken = false;
$form->errorAutoFormDisplay = false;
$form->formSubmitVar = 'languageSelectionformToken';
$form->tplf = new Template("", $formTemplate);
$languages = $this->session->getLanguages();
$dropdownInformation = array();
foreach ($languages as $lang => $languageInfo) {
$dropdownInformation[$lang] = array('text' => $languageInfo['description'], 'dir' => $languageInfo['dir'], 'class' => 'lang_' . $lang, 'style' => 'background-image: url(/sspadmin/images/flag_' . $lang . '.png);');
}
$form->fe('select', 'languageDropdown', '', $dropdownInformation);
$form->fep('deflt = ' . Protect::$tranlator->getLanguage());
$form->setParam('script', 'onChange="this.form.submit()"');
if ($form->processForm($_POST)) {
if (!$form->error) {
$this->session->lang = $form->getField('languageDropdown');
session_write_close();
//echo 'code '. $_SESSION['SSP_currentLanguageCode'];
SSP_Divert(SSP_Path(true));
}
}
$contentMain['languageSelectForm'] = $form->create();
}
if ($createMenu) {
// generate main menu
// highlight a main menu item
if (isset($contentMain["mainSection"])) {
$section = $contentMain["mainSection"];
} else {
$section = "";
}
$url = $_SERVER['REQUEST_URI'];
$menu = new MenuGen();
$menu->add($this->cfg->adminDir . 'useradmin/info/' . $this->session->userId, $this->session->t("User Details"), strpos($url, "useradmin") !== false);
$menu->add($this->cfg->adminDir . 'adminusercreation', $this->session->t("New User"), strpos($url, "adminusercreation") !== false);
$menu->add($this->cfg->userLister, $this->session->t("List Users"), $url === "/sspadmin/" or $url === '/sspadmin/filterChange' or $url === '/sspadmin/filterNormal' or $url === '/sspadmin/filterAdminPending');
$menu->add($this->cfg->siteRoot, $this->session->t("Home"));
$menu->add($this->cfg->logoffScript, $this->session->t("Log off"));
$contentMain["mainMenu"] = $menu->cMenu();
} else {
$contentMain["mainMenu"] = "";
}
if (!isset($contentMain["menu"])) {
$contentMain["menu"] = "";
}
if ($this->cfg->enableSetup === true) {
$contentMain['showDisableSetupText'] = true;
}
$tpl = new Template($contentMain, $template, false);
return $tpl;
}
/**
* @return void
*/
private function initProtect()
{
$Protect = new Protect();
/**
* ban by IP adres
*/
$Protect->checkIpBan();
/**
* AntiDDOS protection
* this is optionaly
*/
if (Config::read('anti_ddos', 'secure') == 1) {
$Protect->antiDdos();
}
/*
* defense
*/
if (Config::read('antisql', 'secure') == 1) {
$Protect->antiSQL();
}
}
