function login($loginid, $password, $expires = null) { $ctx = Model_Context::getInstance(); $loginid = POD::escapeString($loginid); $blogid = getBlogId(); $userid = Auth::authenticate($blogid, $loginid, $password); if ($userid === false) { return false; } if (empty($_POST['save'])) { setcookie('TSSESSION_LOGINID', '', time() - 31536000, $ctx->getProperty('service.path') . '/', $ctx->getProperty('service.domain')); } else { setcookie('TSSESSION_LOGINID', $loginid, time() + 31536000, $ctx->getProperty('service.path') . '/', $ctx->getProperty('service.domain')); } if (in_array("group.writers", Acl::getCurrentPrivilege())) { Session::authorize($blogid, $userid, $expires); } return true; }
<?php /// Copyright (c) 2004-2015, Needlworks / Tatter Network Foundation /// All rights reserved. Licensed under the GPL. /// See the GNU General Public License for more details. (/documents/LICENSE, /documents/COPYRIGHT) $IV = array('POST' => array('save' => array(array('on'), 'mandatory' => false))); require ROOT . '/library/preprocessor.php'; if (false) { doesHaveMembership(); doesHaveOwnership(); Session::authorize(); login(); fetchConfigVal(); }
include "settings/settings.php"; $pdo_link = new PDO("mysql:dbname={$db_name};host={$db_host}", $db_user, $db_password); function autoloader($class_name) { include "classes/" . strtolower($class_name) . ".class.php"; } spl_autoload_register('autoloader'); /** * Attempt to load a user */ $SESSION_STARTED = false; if (isset($_SERVER["HTTP_X_AUTH_KEY"]) && ($auth_key_header = explode(":", $_SERVER["HTTP_X_AUTH_KEY"])) && count($auth_key_header) == 2) { list($sess_username, $sess_password) = $auth_key_header; $CURRENT_USER = new User($pdo_link); $CURRENT_USER->username = $sess_username; $CURRENT_USER->password = $sess_password; if ($CURRENT_USER->auth()) { $SESSION_STARTED = true; } } if (isset($_SERVER["HTTP_X_SESSION_TOKEN"])) { if (count($AR_SESSION_PAIR = explode(":", $_SERVER["HTTP_X_SESSION_TOKEN"])) == 2) { $AR_SESSION = new Session($pdo_link); list($sess_username, $token) = $AR_SESSION_PAIR; $AR_SESSION->token = $token; if ($AR_SESSION->authorize($sess_username)) { $CURRENT_USER = $AR_SESSION->user; $SESSION_STARTED = true; } } }
function setAcl($openid) { Acl::authorize('openid', $openid); $pool = DBModel::getInstance(); $context = Model_Context::getInstance(); $blogid = intval($context->getProperty('blog.id')); $pool->reset('UserSettings'); $pool->setQualifier('name', 'like', 'openid.', true); $pool->setQualifier('value', 'equals', $openid, true); $pool->setOrder('userid', 'ASC'); $result = $pool->getCell('userid'); $userid = null; if ($result) { $userid = $result; Acl::authorize('textcube', $userid); } if (!empty($userid) && in_array("group.writers", Acl::getCurrentPrivilege())) { Session::authorize($blogid, $userid); } else { Session::authorize($blogid, SESSION_OPENID_USERID); } }
} } else { set_status(403, $STR["invalid_auth_key"]); } } break; //Delete a given token //Requires the username to be present in the path //Path must be in this way session/username/session_token //Delete a given token //Requires the username to be present in the path //Path must be in this way session/username/session_token case "DELETE": if (count($path) > 2 && (list($username, $token) = array_slice($path, 0, 2))) { $session->token = $token; if ($session->authorize($username)) { $session->destroy(); set_status(200, $STR["sess_token_deleted"]); } else { set_status(403, $STR["couldnt_authorize"]); } } else { set_status(403, $STR["missing_parameters"]); } break; // // // // case "GET": if (count($path) > 2 && (list($username, $token) = array_slice($path, 0, 2))) {
$display = new Display(); $router = new Router(); $kyros = new Kyros(); $hooks = new Hooks(); $config = new Config(); $utility = new Utility(); $config->load(); $session = new Session(); $db = new mysqli($config->sql_hostname, $config->sql_username, $config->sql_password, $config->sql_database); if ($db->connect_error) { die("Unable to connect to MySQLi"); } foreach (glob("hooks/*.hook.php") as $file) { include $file; } $session->authorize(); $session->user->permissions = new Permissions(); $session->user->permissions->load($session->user->id); $kyros->theme = $utility->load_theme(); $router->build(); $kyros->site_dir = $config->site_dir; $kyros->theme_dir = $config->theme_dir . $config->theme . "/"; $wrapper = new Template(); $wrapper->sidebar = true; $wrapper->admin_button = ""; $wrapper->topic_button = ""; $wrapper->hooks = $hooks; $wrapper->site_name = $config->site_name; $wrapper->site_dir = $config->site_dir; $categories = array(); if ($result = $db->query("SELECT * FROM categories")) {
<?php include "../src/core.php"; $username = "******"; $token = "EIgzUkY0PJ"; $sess = new Session($pdo_link); $sess->token = $token; $sess->authorize($username); var_dump($sess);