function GetGpxContent() { $this->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->"; $this->head_js[] = '/include/js/login.js'; $this->head_js[] = '/include/js/md5_sha.js'; $this->head_js[] = '/include/thirdparty/js/jsSHA.js'; $this->css_admin[] = '/include/css/login.css'; $_POST += array('username' => ''); $this->admin_js = true; includeFile('tool/sessions.php'); gpsession::cookie('g', 2); $this->BrowserWarning(); $this->JavascriptWarning(); echo '<div class="req_script nodisplay" id="login_container">'; echo '<table><tr><td>'; $cmd = common::GetCommand(); switch ($cmd) { case 'send_password': if ($this->SendPassword()) { $this->LoginForm(); } else { $this->FogottenPassword(); } break; case 'forgotten': $this->FogottenPassword(); break; default: $this->LoginForm(); break; } echo '</td></tr></table>'; echo '</div>'; }
/** * Make sure the current user stays logged in after a revert is completed * */ function TransferSession() { global $gpAdmin, $dataDir; $username = $gpAdmin['username']; // get user info include $dataDir . '/data/_site/users.php'; $userinfo =& $users[$username]; $session_id = gpsession::create($userinfo, $username); if (!$session_id) { return; } //set the cookie for the new data $config = gpFiles::Get('_site/config'); $session_cookie = 'gpEasy_' . substr(sha1($config['gpuniq']), 12, 12); gpsession::cookie($session_cookie, $session_id); //set the update gpuniq value for the post_nonce $GLOBALS['config']['gpuniq'] = $config['gpuniq']; }
function LoginForm() { global $langmessage, $gp_index, $page; $page->head .= "\n<script type=\"text/javascript\">var IE_LT_8 = false;</script><!--[if lt IE 8]>\n<script type=\"text/javascript\">IE_LT_8=true;</script>\n<![endif]-->"; $page->head_js[] = '/include/js/login.js'; $page->head_js[] = '/include/js/md5_sha.js'; $page->css_admin[] = '/include/css/login.css'; $_POST += array('username' => ''); $page->admin_js = true; includeFile('tool/sessions.php'); gpsession::cookie('g', 2); $action = 'Admin_Main'; if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) { $action = $_REQUEST['file']; } echo '<div class="req_script nodisplay" id="login_container">'; echo '<div id="browser_warning" class="nodisplay">'; echo '<div><b>' . $langmessage['Browser Warning'] . '</b></div>'; echo '<p>'; echo $langmessage['Browser !Supported']; echo '</p>'; echo '<p>'; echo '<a href="http://www.mozilla.com/">Firefox</a>'; echo '<a href="http://www.google.com/chrome">Chrome</a>'; echo '<a href="http://www.apple.com/safari">Safari</a>'; echo '<a href="http://www.microsoft.com/windows/internet-explorer/default.aspx">Explorer</a>'; echo '</p>'; echo '</div>'; echo '<div id="loginform">'; echo '<p><b>' . $langmessage['LOGIN_REQUIRED'] . '</b></p>'; echo '<div id="login_timeout" class="nodisplay">Log in Timeout: ' . common::Link('Admin_Main', 'Reload to continue...') . '</div>'; echo '<form action="' . common::GetUrl($action) . '" method="post" id="login_form">'; echo '<div>'; echo '<input type="hidden" name="cmd" value="login" />'; if (isset($_REQUEST['file']) && isset($gp_index[$_REQUEST['file']])) { echo '<input type="hidden" name="file" value="' . htmlspecialchars($_REQUEST['file']) . '" />'; } echo '<input type="hidden" name="login_nonce" value="' . htmlspecialchars(common::new_nonce('login_nonce', true, 300)) . '" />'; echo '</div>'; echo '<label>'; echo $langmessage['username']; echo '<input type="text" class="login_text" name="username" value="' . htmlspecialchars($_POST['username']) . '" />'; echo '<input type="hidden" name="user_sha" value="" />'; echo '</label>'; echo '<label>'; echo $langmessage['password']; echo '<input type="password" class="login_text password" name="password" value="" />'; echo '<input type="hidden" name="pass_md5" value="" />'; echo '<input type="hidden" name="pass_sha" value="" />'; echo '</label>'; echo '<input type="submit" class="login_submit" name="aa" value="' . $langmessage['login'] . '" />'; echo '<p>'; echo '<label>'; echo '<input type="checkbox" name="remember" ' . $this->checked('remember') . '/> '; echo '<span>' . $langmessage['remember_me'] . '</span>'; echo '</label> '; echo '<label>'; echo '<input type="checkbox" name="encrypted" ' . $this->checked('encrypted') . '/> '; echo '<span>' . $langmessage['send_encrypted'] . '</span>'; echo '</label>'; echo '</p>'; echo '<p>'; echo '<label>'; $url = common::GetUrl('Admin', 'cmd=forgotten'); echo sprintf($langmessage['forgotten_password'], $url); echo '</label>'; echo '</p>'; echo '</form>'; echo '</div>'; echo '</div>'; echo '<div class="without_script" id="javascript_warning">'; echo '<p><b>' . $langmessage['JAVASCRIPT_REQ'] . '</b></p>'; echo '<p>'; echo $langmessage['INCOMPAT_BROWSER']; echo ' '; echo $langmessage['MODERN_BROWSER']; echo '</p>'; echo '</div>'; }
/** * Determine if $session_id represents a valid session and if so start the session * */ function start($session_id) { global $langmessage, $dataDir, $gp_random, $gp_admin_html; //get the session file $sessions = gpsession::GetSessionIds(); if (!isset($sessions[$session_id])) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (timeout)'); return false; } $sess_info = $sessions[$session_id]; //check ~ip, ~user agent ... if (gp_browser_auth && isset($sess_info['uid'])) { $auth_uid = gpsession::auth_browseruid(); $auth_uid_legacy = gpsession::auth_browseruid(true); //legacy option added to prevent logging users out, added 2.0b2 if ($sess_info['uid'] != $auth_uid && $sess_info['uid'] != $auth_uid_legacy) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (browser auth)'); return false; } } $session_file = $dataDir . '/data/_sessions/' . $sess_info['file_name']; if ($session_file === false || !file_exists($session_file)) { gpsession::cookie(gp_session_cookie, '', time() - 42000); //make sure the cookie is deleted message($langmessage['Session Expired'] . ' (invalid)'); return false; } //lock to prevent conflicting edits $locked = false; $last_sess_id = false; $last_sess_time = 0; $since_last_session = 0; foreach ($sessions as $sess_temp_id => $sess_temp_info) { if (!isset($sess_temp_info['time']) || !$sess_temp_info['time']) { continue; } $diff = (time() - $sess_temp_info['time']) / 60; if ($diff < gp_lock_time && $last_sess_time < $sess_temp_info['time']) { $last_sess_id = $sess_temp_id; $last_sess_time = $sess_temp_info['time']; $since_last_session = time() - $last_sess_time; } } if ($last_sess_id && $last_sess_id != $session_id) { $expires = ceil((gp_lock_time - $since_last_session) / 60); //no longer locked if ($expires > 0) { $locked = true; message($langmessage['site_locked'] . ' ' . sprintf($langmessage['lock_expires_in'], $expires)); } } //prevent browser caching when editing Header('Last-Modified: ' . gmdate('D, j M Y H:i:s') . ' GMT'); Header('Expires: ' . gmdate('D, j M Y H:i:s', time()) . ' GMT'); Header('Cache-Control: no-store, no-cache, must-revalidate'); // HTTP/1.1 Header('Cache-Control: post-check=0, pre-check=0', false); Header('Pragma: no-cache'); // HTTP/1.0 $GLOBALS['gpAdmin'] = gpsession::SessionData($session_file, $checksum); if ($locked) { $GLOBALS['gpAdmin']['locked'] = true; } else { unset($GLOBALS['gpAdmin']['locked']); } register_shutdown_function(array('gpsession', 'close'), $session_file, $checksum); gpsession::SaveSetting(); //update time and move to end of $sessions array if (!$locked && (!$since_last_session || $since_last_session > gp_lock_time / 2)) { $sessions[$session_id]['time'] = time(); gpsession::SaveSessionIds($sessions); } //make sure forms have admin nonce ob_start(array('gpsession', 'AdminBuffer')); //make sure each logged in request has the gp_admin_html area $gp_admin_html = '<div id="gp_admin_html"></div>'; return true; }
/** * Handle admin login/logout/session_start if admin session parameters exist * */ function sessions() { $update_cookies = false; $cmd = ''; if (isset($_GET['cmd']) && $_GET['cmd'] == 'logout') { $cmd = 'logout'; } elseif (isset($_POST['cmd']) && $_POST['cmd'] == 'login') { $cmd = $_POST['cmd']; } elseif (isset($_COOKIE[gp_session_cookie])) { $cmd = 'start'; } elseif (isset($_COOKIE['gpEasy'])) { $_COOKIE[gp_session_cookie] = $_COOKIE['gpEasy']; $update_cookies = true; $cmd = 'start'; } if (empty($cmd)) { return; } includeFile('tool/sessions.php'); includeFile('admin/admin_tools.php'); includeFile('tool/editing.php'); if ($update_cookies) { gpsession::cookie(gp_session_cookie, $_COOKIE['gpEasy']); gpsession::cookie('gpEasy', '', time() - 42000); } switch ($cmd) { case 'logout': gpsession::LogOut(); return; case 'login': gpsession::LogIn(); return; } if (isset($_COOKIE[gp_session_cookie])) { gpsession::CheckPosts($_COOKIE[gp_session_cookie]); gpsession::start($_COOKIE[gp_session_cookie]); } }