コード例 #1
0
ファイル: UserLister.php プロジェクト: julesbl/ssp
 /**
  * Delete a user
  * @param type $userId
  * @return string
  */
 public function deleteUser($userId)
 {
     // check for valid user id, ie. hex
     $check = new \w34u\ssp\CheckData();
     if ($check->check('hex', $userId) !== 0) {
         SSP_Divert($this->cfg->totalAdminScript);
     }
     // delete a user, not the current
     if (strcasecmp($userId, $this->session->userId) != 0) {
         if (isset($_POST["deleteUser"])) {
             $where = array("UserId" => $userId);
             $this->db->delete($this->cfg->userMiscTable, $where, "SSP Admin: deleting user misc data");
             $this->db->delete($this->cfg->userTable, $where, "SSP Admin: deleting user login data");
             SSP_Divert($this->cfg->totalAdminScript);
         } elseif (isset($_POST["preserveUser"])) {
             SSP_Divert($this->cfg->totalAdminScript);
         } else {
             // prompt to delete user
             $where = array("UserId" => $userId);
             $user = $this->db->get($this->cfg->userMiscTable, $where, "SSP Admin: Getting data to prompt for user delete");
             if ($user) {
                 $content = get_object_vars($user);
                 $content["path"] = SSP_Path();
                 $page = new Template($content, "userListerDeletePrompt.tpl", false);
                 $mainContent = array();
                 $mainContent["title"] = " - delete user " . $user->FirstName . " " . $user->FamilyName;
                 $mainContent["content"] = $page->output();
                 $tpl = $this->tpl($mainContent);
                 return $tpl->output();
             } else {
                 SSP_Divert($this->cfg->totalAdminScript);
             }
         }
     }
 }
コード例 #2
0
ファイル: Logon.php プロジェクト: julesbl/ssp
 /**
  * Login base class constructor
  * @param w34u\ssp\Protect $session - session object
  * @param w34u\ssp\Template $tpl - template in which to wrap the form
  * @param bool $ignoreToken - dont use a token on the login form
  * @param bool $createForm - create the login form
  */
 public function __construct($session, $tpl = "", $ignoreToken = false, $createForm = true)
 {
     if ($createForm) {
         parent::__construct($session, $tpl, $ignoreToken);
     } else {
         $this->cfg = Configuration::getConfiguration();
         $this->db = SspDb::getConnection();
     }
 }
コード例 #3
0
ファイル: Setup.php プロジェクト: julesbl/ssp
 /**
  * SSP site constructor
  * @param Protect $session - protection object
  * @param bool $translateAdmin - load admin translation files
  * @param string $template - main template name
  */
 function __construct($session, $translateAdmin = false, $template = false)
 {
     $this->session = $session;
     $this->cfg = Configuration::getConfiguration();
     $this->db = SspDb::getConnection();
     if ($this->cfg->translate and $translateAdmin) {
         Protect::$tranlator->loadFile(false, 'admin');
     }
     if ($template !== false) {
         $this->template = $template;
     }
 }
コード例 #4
0
ファイル: SessionHandler.php プロジェクト: julesbl/ssp
 public function __construct()
 {
     $this->cfg = Configuration::getConfiguration();
     $this->db = SspDb::getConnection();
 }
コード例 #5
0
ファイル: UserAdminBase.php プロジェクト: julesbl/ssp
 /**
  * Constructor
  * @param SSP_Protect $session - session object
  * @param Setup $ssp
  * @param string $id 
  */
 public function __construct($session, $ssp, $id = "", $templateFile = "", $generateMenus = true)
 {
     // constructor for the user admin object
     $this->cfg = Configuration::getConfiguration();
     $this->db = SspDb::getConnection();
     if ($id != "") {
         $this->id = $id;
     } elseif (is_object($session)) {
         $this->id = $session->userId;
     }
     $this->session = $session;
     $this->ssp = $ssp;
     $this->admin = $this->session->admin;
     $this->templateFile = $templateFile;
     $this->generateMenus = $generateMenus;
 }
コード例 #6
0
ファイル: dbsetup.php プロジェクト: julesbl/ssp
*   but WITHOUT ANY WARRANTY; without even the implied warranty of
*   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
*   The MIT License (MIT) for more details.
*
*   Revision:	a
*   Rev. Date	12/04/2005
*   Descrip:	Created.
*
*   Revision:	b
*   Rev. Date	14/01/2016
*   Descrip:	Composer implemented.
*/
namespace w34u\ssp;

require "../includeheader.php";
$SSP_DB = SspDb::getConnection();
$SSP_Config = Configuration::getConfiguration();
$values = array();
$query = "CREATE TABLE `" . $SSP_Config->sessionTable . "` (\n  `SessionId` char(32) NOT NULL default '',\n  `UserId` char(32) NOT NULL default '',\n  `SessionTime` int(11) NOT NULL default '0',\n  `SessionName` varchar(30) NOT NULL default '',\n  `SessionIp` varchar(40) NOT NULL default '',\n  `SessionUserIp` varchar(40) NOT NULL default '',\n  `SessionCheckIp` tinyint(4) NOT NULL default '0',\n  `SessionRandom` int(11) NOT NULL default '0',\n  `SessionData` blob NOT NULL,\n  PRIMARY KEY  (`SessionId`),\n  KEY `SessionTime` (`SessionTime`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating session table");
$query = "CREATE TABLE `" . $SSP_Config->tokenTable . "` (\n  `token` char(32) NOT NULL default '',\n  `time` int(11) NOT NULL default '0',\n  `id` varchar(50) NOT NULL default '',\n  PRIMARY KEY  (`token`),\n  KEY `time` (`time`),\n  KEY `id` (`id`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating token table");
$query = "CREATE TABLE `" . $SSP_Config->userTable . "` (\n  `UserId` char(32) NOT NULL default '',\n  `UserEmail` varchar(255) NOT NULL default '',\n  `UserName` varchar(50) default NULL,\n  `UserPassword` varchar(255) NOT NULL default '',\n  `UserIp` varchar(30) NOT NULL default '',\n  `UserIpCheck` tinyint(4) NOT NULL default '0',\n  `UserAccess` varchar(20) NOT NULL default 'public',\n  `lang` varchar(10) NOT NULL default '',\n  `country` varchar(10) NOT NULL default '',\n  `UserDateLogon` int(11) NOT NULL default '0',\n  `UserDateLastLogon` int(11) NOT NULL default '0',\n  `UserDateCreated` int(11) NOT NULL default '0',\n  `UserDisabled` tinyint(4) NOT NULL default '0',\n  `UserPending` tinyint(4) NOT NULL default '0',\n  `UserAdminPending` tinyint(4) NOT NULL default '0',\n  `CreationFinished` tinyint(4) NOT NULL default '0',\n  `UserWaiting` tinyint(4) NOT NULL default '0',\n  `UserInvisible` tinyint(4) NOT NULL default '0',\n  PRIMARY KEY  (`UserId`),\n  KEY `UserEmail` (`UserEmail`),\n  UNIQUE KEY `UserName` (`UserName`),\n  KEY `UserPassword` (`UserPassword`),\n  KEY `UserDisabled` (`UserDisabled`,`UserPending`,`UserAdminPending`,`CreationFinished`,`UserWaiting`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating login table");
$query = "CREATE TABLE `" . $SSP_Config->userMiscTable . "` (\n  `UserId` char(32) NOT NULL default '',\n  `Title` varchar(15) NOT NULL default '',\n  `FirstName` varchar(20) NOT NULL default '',\n  `Initials` varchar(5) NOT NULL default '',\n  `FamilyName` varchar(30) NOT NULL default '',\n  `Address` varchar(255) NOT NULL default '',\n  `TownCity` varchar(30) NOT NULL default '',\n  `PostCode` varchar(10) NOT NULL default '',\n  `County` varchar(20) NOT NULL default '',\n  `Country` varchar(5) NOT NULL default '',\n  PRIMARY KEY  (`UserId`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating user misc data table");
$query = "CREATE TABLE `" . $SSP_Config->responseTable . "` (\n  `token` char(32) NOT NULL default '',\n  `time` int(11) NOT NULL default '0',\n  `UserId` char(32) NOT NULL default '',\n  PRIMARY KEY  (`token`),\n  KEY `time` (`time`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating user misc data table");
$query = "CREATE TABLE `" . $SSP_Config->tableRememberMe . "` (\n  `id` char(32) NOT NULL default '',\n  `user_id` char(32) NOT NULL default '',\n  `date_expires` int(11) NOT NULL default '0',\n  PRIMARY KEY  (`id`),\n  KEY `date_expires` (`date_expires`)\n) CHARACTER SET " . $SSP_Config->connectionEncoding . " COLLATE " . $SSP_Config->tableCollation;
$SSP_DB->query($query, $values, "SSP Database configuration: Creating remember me table");
$session = new Protect();
コード例 #7
0
ファイル: functions.php プロジェクト: julesbl/ssp
/**
 * Cleans up any old response tokens
 * @global SSP_Configure $SSP_Config
 * @global type $SSP_DB
 */
function SSP_ResponseClean()
{
    $SSP_Config = Configuration::getConfiguration();
    $SSP_DB = SspDb::getConnection();
    $query = "delete from " . $SSP_Config->responseTable . " where " . $SSP_DB->qt("time") . " < ?";
    $values = array(time());
    $SSP_DB->query($query, $values, "SSP Functions: Cleaning up old response tokens");
}
コード例 #8
0
ファイル: ProtectBase.php プロジェクト: julesbl/ssp
 /**
  * Constructor
  * @param string $pageAccessLevel - users allowed to access the page
  * @param bool $pageCheckEquals - if true only this user type can access this page
  * @param bool $doHistory - do history for this page
  * @param ProtectConfig $config - Protected session configuration options
  */
 public function __construct($pageAccessLevel = "", $pageCheckEquals = false, $doHistory = true, $config = false)
 {
     global $loginContent;
     if ($config === false) {
         $this->config = new \w34u\ssp\ProtectConfig();
     } else {
         $this->config = $config;
     }
     $this->cfg = Configuration::getConfiguration();
     $this->db = SspDb::getConnection();
     // set up db session handling
     $handler = new SessionHandler();
     session_set_save_handler(array($handler, 'open'), array($handler, 'close'), array($handler, 'read'), array($handler, 'write'), array($handler, 'destroy'), array($handler, 'gc'));
     // the following prevents unexpected effects when using objects as save handlers
     register_shutdown_function("session_write_close");
     session_start();
     $this->setupLanguage();
     $this->maintenanceMode();
     // turn off sql cacheing if it is set, but preserve the status to turn it back on after
     if ($this->db->cache) {
         $queryResultCacheing = true;
         $this->db->cache = false;
     } else {
         $queryResultCacheing = false;
     }
     $pageAccessLevel = $this->checkParameters($pageAccessLevel, $pageCheckEquals);
     if (isset($loginContent)) {
         $_SESSION["SSP_LoginPageAddtionalContent"] = $loginContent;
     }
     // check https:// site, and if fail divert to correct url
     if ($this->cfg->useSSL or $this->config->forceSSLPath) {
         if (!isset($_SERVER['HTTPS']) or $_SERVER['HTTPS'] == "off") {
             // script not called using https
             SSP_Divert(SSP_Path(true, true));
         }
     }
     $this->country = "";
     // do any external routines before history is called
     $this->autoLogin();
     if ($doHistory) {
         $this->pageHistory();
     }
     // get all session information for valid sessions
     $query = sprintf("select * from %s where %s = ? and %s = ?", $this->cfg->sessionTable, $this->db->qt("SessionId"), $this->db->qt("SessionName"));
     $values = array(session_id(), session_name());
     $this->db->query($query, $values, "SSP session handling: Get session information");
     if ($this->db->numRows() > 0) {
         // get result if existing session
         $sessionInfo = $this->db->fetchRow();
         $newSession = false;
     } else {
         $newSession = true;
         $this->log("New session started");
     }
     // process user information if logged in.
     $userFault = false;
     $needHigherLogin = false;
     $userInfo = null;
     if (!$newSession and trim($sessionInfo->UserId) != "") {
         $where = array("UserId" => $sessionInfo->UserId);
         $userInfo = $this->db->get($this->cfg->userTable, $where, "SSP Session: getting login data");
         if ($this->db->numRows()) {
             // user found
             // check for login expiry
             if ($sessionInfo->SessionTime + $this->cfg->loginExpiry > time()) {
                 $this->loggedIn = true;
                 $this->userId = $userInfo->UserId;
                 $this->userName = $userInfo->UserName;
                 $this->userAccessLevel = $userInfo->UserAccess;
                 if ($this->cfg->userLevels[$this->userAccessLevel] >= $this->cfg->adminLevel) {
                     // admin user
                     $this->admin = true;
                 }
                 $this->userEmail = SSP_decrypt($userInfo->UserEmail);
                 if (isset($userInfo->country) and trim($userInfo->country) != "") {
                     $this->country = $userInfo->country;
                 }
             } else {
                 $this->log("Login expired");
                 $this->loggedIn = false;
                 $this->db->update($this->cfg->sessionTable, array('UserId' => ''), array('SessionId' => session_id(), 'SessionName' => session_name()), 'SSP Session: clearing user id from expired login');
             }
         } else {
             $this->log("User not found from ID");
             $userFault = true;
         }
     }
     $pageAccess = $this->cfg->userLevels[$pageAccessLevel];
     if ($this->loggedIn) {
         // do security checking for user if logged in
         // validate flags
         $flagsValid = true;
         foreach ($this->cfg->validUserFlags as $flagName => $validFlagValue) {
             if ($userInfo->{$flagName} != $validFlagValue) {
                 $flagsValid = false;
                 $this->log("Invalid user flag " . $flagName . " value required: " . $validFlagValue . " actual: " . $userInfo->{$flagName});
                 break;
             }
         }
         if (!$flagsValid) {
             $userFault = true;
         } elseif ($this->cfg->userLevels[$userInfo->UserAccess] < $pageAccess) {
             // user does not have a high enough access level
             $userFault = true;
             $needHigherLogin = true;
             // flag higher login needed
             $this->log("User Access level not high enough Level: " . $userInfo->UserAccess . " " . $this->cfg->userLevels[$userInfo->UserAccess] . " Page " . $pageAccess);
         } elseif ($pageCheckEquals and $this->cfg->userLevels[$userInfo->UserAccess] != $pageAccess) {
             // user does not have the correct user access level
             $userFault = true;
             $needHigherLogin = true;
             // flag different login needed
             $this->log("User Access level not equal to the page's level");
         } elseif ($this->cfg->checkIpAddress and SSP_trimIp($sessionInfo->SessionIp) !== SSP_trimIp($_SERVER["REMOTE_ADDR"])) {
             // users IP address has changed
             $userFault = true;
             $this->log("User IP address changed " . SSP_paddIp($_SERVER["REMOTE_ADDR"]));
         } elseif (($this->cfg->fixedIpAddress or $userInfo->UserIpCheck) and SSP_paddIp($sessionInfo->SessionUserIp) !== SSP_paddIp($_SERVER["REMOTE_ADDR"])) {
             // user is at incorrect IP address
             $userFault = true;
             $this->log("User IP address incorrect, UserIP: " . SSP_paddIp($sessionInfo->SessionUserIp) . " Remote IP: " . SSP_paddIp($_SERVER["REMOTE_ADDR"]));
         }
         $userFault = $this->chackRandom($sessionInfo);
     } else {
         $this->log("User not logged in");
     }
     // handle user faults
     $this->userFaultHandling($pageAccess, $userFault, $needHigherLogin, $queryResultCacheing);
     // final setup of page
     $this->finalSetup($userInfo);
     // restore query cacheing mode
     $this->db->cache = $queryResultCacheing;
 }
コード例 #9
0
ファイル: LogonBase.php プロジェクト: julesbl/ssp
 /**
  * Login base class constructor
  * @param w34u\ssp\Protect $session - session object
  * @param w34u\ssp\Template $tpl - template in which to wrap the form
  * @param bool $ignoreToken - dont use a token on the login form
  */
 public function __construct($session, $tpl = "", $ignoreToken = false)
 {
     $this->session = $session;
     $this->cfg = Configuration::getConfiguration();
     $this->db = SspDb::getConnection();
     $this->rememberMe = $this->cfg->loginRememberMe;
     // define the form to login
     $form = $this->loginScreenDefine($tpl, $ignoreToken);
     // process the form on submit
     $this->processForm($form);
 }