/** Return true if the user is allowed to see the page */ function checkUserPolicy($userid, $projectid, $onlyreturn = 0) { if ($userid != '' && !is_numeric($userid) || !is_numeric($projectid)) { return; } // If the projectid=0 only admin can access the page if ($projectid == 0 && pdo_num_rows(pdo_query("SELECT admin FROM " . qid("user") . " WHERE id='{$userid}' AND admin='1'")) == 0) { if (!$onlyreturn) { echo "You cannot access this page"; exit(0); } else { return false; } } else { if (@$projectid > 0) { $project = pdo_query("SELECT public FROM project WHERE id='{$projectid}'"); $project_array = pdo_fetch_array($project); // If the project is public we quit if ($project_array["public"] == 1) { return true; } // If the project is private and the user is not logged in we quit if (!$userid && $project_array["public"] != 1) { if (!$onlyreturn) { LoginForm(0); exit(0); } else { return false; } } else { if ($userid) { $user2project = pdo_query("SELECT projectid FROM user2project WHERE userid='{$userid}' AND projectid='{$projectid}'"); if (pdo_num_rows($user2project) == 0) { if (!$onlyreturn) { echo "You cannot access this project"; exit(0); } else { return false; } } } } } } // end project=0 return true; }
$csrfToken = $_SESSION['cdash']['csrfToken']; } } if (is_null($csrfToken)) { // Generate a new random csrf token. // This is used by Google OAuth2 to prevent forged logins. $csrfToken = bin2hex(random_bytes(16)); } session_name('CDash'); session_cache_limiter(@$SessionCachePolicy); session_set_cookie_params($CDASH_COOKIE_EXPIRATION_TIME); @ini_set('session.gc_maxlifetime', $CDASH_COOKIE_EXPIRATION_TIME + 600); session_start(); $sessionArray = array('csrfToken' => $csrfToken); $_SESSION['cdash'] = $sessionArray; LoginForm($loginerror); // display login form $session_OK = 0; } else { // authentication was successful session_regenerate_id(); $session_OK = 1; // Check if we should be redirecting the user to another page. // This happens when they have to change their password because it expired. if (isset($_SESSION['cdash']) && array_key_exists('redirect', $_SESSION['cdash']) && !empty($_SESSION['cdash']['redirect'])) { $destination = $_SESSION['cdash']['redirect']; $dest_page = substr($destination, strrpos($destination, '/') + 1); $pos = strpos($dest_page, '?'); if ($pos !== false) { $dest_page = substr($dest_page, 0, $pos); }
} } else { //print_r($_COOKIE); //echo '.'.$cookie_name; $cookie_name = str_replace(".", "_", $cookie_name); if (isset($_COOKIE[$cookie_name])) { //echo '.'; if ($_COOKIE[$cookie_name] == $salt_id) { //need to add expiration... //echo '.'; $login = true; } } } if ($login == false) { LoginForm(); exit; } //Cookie names: //'niche_login'.$_SERVER['SERVER_NAME'].$_SERVER['SERVER_PORT'].dirname($_SERVER['SCRIPT_NAME']) //with SCRIPT_NAME, it should always be the same as you can't directly execute an addon, so the addon //directory will never be the script path... //echo 'done?'; function SetSessionID() { global $salt_id; $fhan = fopen_per("temp_sid.php", "w"); fputs($fhan, "<" . "?php\n"); //echo $salt_id; fputs($fhan, '$niche_sid=\'' . $salt_id . '\';' . "\n"); fputs($fhan, "?" . ">");
/** * page code function */ function PageCompPageMainCode() { global $site; global $dir; global $tmpl; global $page; global $join_page_check_limit; global $join_pages_num; global $p_arr; global $_page; global $en_aff; global $oTemplConfig; global $newusernotify; $enable_security_image = getParam('enable_security_image'); $autoApproval_ifJoin = isAutoApproval('join'); ob_start(); switch ($page) { // fill inputs with values from precede join pages case $page > 1: $hidden_vals = ''; // inputs with POST values $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); switch ($arrpd['type']) { case 'set': // set of checkboxes $vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY); $p_arr[$fname] = ''; foreach ($vals as $v) { if (strlen(trim($v)) <= 0) { continue; } $hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">'; $p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]); if ($_POST[$fname . "_" . $v] == 'on') { if (strlen($p_arr[$fname])) { $p_arr[$fname] .= ",{$v}"; } else { $p_arr[$fname] .= $v; } } } break; case 'date': $p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']); $hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">'; break; default: if ($arrpd['get_value']) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($func($_POST)); } else { $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($_POST[$fname]); } break; } } // check values $query = "SELECT * FROM ProfilesDesc\n\t\t\t\tWHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit}\n\t\t\t\tORDER BY `join_page` ASC"; $respd = db_res($query); while ($arrpd = mysql_fetch_array($respd)) { if (!strlen($arrpd['check'])) { continue; } $fname = get_input_name($arrpd); $funcbody = $arrpd[check]; $func = create_function('$arg0', $funcbody); if (!$func($p_arr[$fname])) { $add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length'])); } } $page = !$add_on ? $page : $page - 1; break; break; case 'done': // fill array with POST values $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); switch ($arrpd['type']) { case 'set': // set of checkboxes $vals = preg_split("/[,\\']+/", $arrpd['extra'], -1, PREG_SPLIT_NO_EMPTY); $p_arr[$fname] = ''; foreach ($vals as $v) { if (strlen(trim($v)) <= 0) { continue; } $hidden_vals .= '<input type="hidden" name="' . ($fname . "_" . $v) . '" value="' . process_pass_data($_POST[$fname . "_" . $v]) . '">'; $p_arr[$fname . "_" . $v] = process_pass_data($_POST[$fname . "_" . $v]); if ($_POST[$fname . "_" . $v] == 'on') { if (strlen($p_arr[$fname])) { $p_arr[$fname] .= ",{$v}"; } else { $p_arr[$fname] .= $v; } } } break; case 'date': $p_arr[$fname] = sprintf("%04d-%02d-%02d", (int) $_POST[$fname . '_year'], (int) $_POST[$fname . '_month'], (int) $_POST[$fname . '_day']); $hidden_vals .= '<input type="hidden" name="' . $fname . '_year" value="' . (int) $_POST[$fname . '_year'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_month" value="' . (int) $_POST[$fname . '_month'] . '" />'; $hidden_vals .= '<input type="hidden" name="' . $fname . '_day" value="' . (int) $_POST[$fname . '_day'] . '">'; break; default: if ($arrpd['get_value']) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($func($_POST)); } else { $hidden_vals .= '<input type="hidden" name="' . $fname . '" value="' . process_pass_data($_POST[$fname]) . '">'; $p_arr[$fname] = process_pass_data($_POST[$fname]); } break; } } // check values if ($enable_security_image) { if (!isset($_POST['securityImageValue']) || !isset($_COOKIE['strSec']) || md5($_POST['securityImageValue']) != $_COOKIE['strSec']) { $page = $join_pages_num; $add_on .= report_err(_t("_SIMG_ERR")); } } $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} AND `join_page` > 0 ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { if (!strlen(trim($arrpd['check']))) { continue; } $fname = get_input_name($arrpd); $funcbody = $arrpd['check']; $func = create_function('$arg0', $funcbody); if (!$func($p_arr[$fname])) { $page = floor($arrpd['join_page'] / 1000); $add_on .= report_err(_t($arrpd['because'], $arrpd['min_length'], $arrpd['max_length'])); } } break; default: break; } switch ($page) { default: global $tmpl; if ($oTemplConfig->customize['join_page']['showPageText']) { $page_text = _t("_JOIN1", $page); } echo $add_on; break; } switch ($page) { case 'done': // new profile creation $cl_values = "INSERT INTO `Profiles` SET "; $cl_first = 0; $respd = db_res("SELECT * FROM ProfilesDesc WHERE `visible` & 2 AND `to_db` = 1 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_check_limit} ORDER BY `order` ASC"); while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); $dbname = get_field_name($arrpd); $fval = $p_arr[$fname]; if ($dbname == 'zip') { $fval = strtoupper(str_replace(' ', '', $fval)); } switch ($arrpd['type']) { case 'set': // set of checkboxes // set of checkboxes case 'r': // reference to array for combo box // reference to array for combo box case 'a': // text Area // text Area case 'c': // input box // input box case 'rb': // radio buttons // radio buttons case 'e': // enum combo box // enum combo box case 'en': // enum combo box with numbers // enum combo box with numbers case 'eny': // enum combo box with numbers // enum combo box with numbers case 'date': // date $fval = process_db_input($fval, 0, 1); $cl_values .= " `{$dbname}` = '{$fval}'"; $cl_values .= ", "; break; case 'p': $fval = md5(process_pass_data($fval)); $cl_values .= " `{$dbname}` = '{$fval}'"; $cl_values .= ", "; break; } } $cl_values .= " `LastReg` = NOW()"; db_res($cl_values); $IDnormal = mysql_insert_id(); $IDcrypt = crypt($IDnormal, "secret_string"); // encrypted ID for security purposes setcookie("IDc", $IDcrypt, 0, "/"); $_COOKIE['IDc'] = $IDcrypt; // Affiliate and friend checking if ($en_aff && $_COOKIE['idAff']) { $res = db_res("SELECT `ID` FROM `aff` WHERE `ID` = {$_COOKIE['idAff']} AND `Status` = 'active'"); if (mysql_num_rows($res)) { $res = db_res("INSERT INTO `aff_members` (`idAff`,`idProfile`) VALUES ({$_COOKIE['idAff']}, {$IDnormal})"); } } if ($en_aff && $_COOKIE['idFriend']) { $idFriend = getID($_COOKIE['idFriend']); if ($idFriend) { $res = db_res("UPDATE `Profiles` SET `aff_num` = `aff_num` + 1 WHERE `ID` = '{$idFriend}'"); createUserDataFile($idFriend); } } if (strcmp(crypt($IDnormal, 'secret_string'), $_COOKIE['IDc']) != 0) { ob_end_clean(); $_page['header'] = _t("_Error"); $ret = "<table width=\"100%\" cellpadding=4 cellspacing=4><tr><td align=center class=text2>"; $ret .= _t("_MUST_HAVE_COOKIES"); $ret .= "</td></tr></table>"; return $ret; } if (getParam('autoApproval_ifNoConfEmail') == 'on') { if (getParam('autoApproval_ifJoin')) { db_res("UPDATE `Profiles` SET `Status`='Active' WHERE `ID`='{$IDnormal}'"); $page_text = _t("_USER_ACTIVATION_SUCCEEDED") . $ret . $add_on; $message = getParam("t_Activation"); $subject = getParam('t_Activation_subject'); sendMail($p_arr['Email'], $subject, $message, $IDnormal); } else { db_res("UPDATE `Profiles` SET `Status`='Approval' WHERE `ID`='{$IDnormal}'"); $page_text = _t("_USER_CONF_SUCCEEDED") . $add_on; } if ($newusernotify) { $message = "New user {$p_arr['NickName']} with email {$p_arr['Email']} has been confirmed,\nhis/her ID is {$IDnormal}.\n--\n{$site['title']} mail delivery system\n<Auto-generated e-mail, please, do not reply>\n"; $subject = "New user confirmed"; sendMail($site['email_notify'], $subject, $message); } } else { $page_text = _t("_JOIN3") . $add_on; $page_text .= activation_mail($IDnormal); $page_text .= "<br /><br /><br /><br /><center>" . _t("_UPLOAD_WHILE_WAITING", $site['url']) . "</center>"; } modules_add($IDnormal); if (!$autoApproval_ifJoin) { modules_block($IDnormal); } createUserDataFile($IDnormal); // ---------------------------------------------------------- echo "<div id=\"first_column\">"; echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>"; echo "<div align=justify>{$page_text}</div>"; break; default: echo "<div id=\"first_column\">"; echo "<table width=\"100%\" cellpadding=\"0\" cellspacing=\"0\" border=\"0\"><tr><td align=center class=text2>"; //----------------------------------------------------------- do { $join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'"; $query = "SELECT COUNT(*) FROM `ProfilesDesc` WHERE `visible` & 2 {$join_page_limit} AND (FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('3',show_on_page))"; $res = db_res($query); $item_num = mysql_fetch_row($res); if ($item_num[0] <= 0 && $page < $join_pages_num) { $page++; } } while ($item_num[0] <= 0 && $page < $join_pages_num); $join_page_limit = 'done' == $page ? " AND join_page > '" . $join_pages_num * 1000 . "'" : " AND join_page > '" . $page * 1000 . "' AND join_page < '" . ($page + 1) * 1000 . "'"; $hidden_vals .= "<input type=\"hidden\" name=\"page\" value=\"{$page}\" />"; //----------------------------------------------------------- echo "\n\t <form name=\"jform\" method=\"post\" action=\"{$_SERVER['PHP_SELF']}\" " . ($join_pages_num == $page ? "onSubmit=\"return validateJoinForm();\">" : ">") . "\n\n\t {$hidden_vals}\n\n\t <input type=hidden name=\"ID\" value=\"{$IDnormal}\" />\n\n\t <div align=justify>{$page_text}</div>\n<table width=\"100%\" cellspacing=\"2\" cellpadding=\"0\" border=\"0\">"; $first_row = 1; $respd = db_res("SELECT * FROM ProfilesDesc\n\t\t\t WHERE `visible` & 2 AND ( FIND_IN_SET('0',show_on_page) OR FIND_IN_SET('" . (int) $_page['name_index'] . "',show_on_page)) {$join_page_limit}\n\t\t\t ORDER BY `join_page` ASC"); if ($oTemplConfig->customize['join_page']['show_3rd_col']) { $columns = 3; } else { $columns = 2; } while ($arrpd = mysql_fetch_array($respd)) { $fname = get_input_name($arrpd); if ($arrpd['get_value'] && $arrpd['to_db'] == 0) { $funcbody = $arrpd['get_value']; $func = create_function('$arg0', $funcbody); $p_arr[$fname] = $func($p_arr); } $not_first_row = 0; switch ($arrpd['type']) { case 'set': // set of checkboxes echo print_row_set($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'rb': // radio buttons echo print_row_radio_button($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'r': // reference to array for combo box if ($fname == 'Country') { $onchange = "flagImage = document.getElementById('flagImageId'); flagImage.src = '{$site['flags']}' + this.value.toLowerCase() + '.gif';"; if (strlen($p_arr[$fname]) == 0) { $p_arr[$fname] = getParam('default_country'); } $imagecode = '<img id="flagImageId" src="' . ($site['flags'] . strtolower($p_arr[$fname])) . '.gif" alt="flag" />'; } else { $onchange = ''; $imagecode = ''; } echo print_row_ref($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns, '', 0, $onchange, $imagecode); break; case '0': // divider echo print_row_delim($first_row, $arrpd, "panel", $columns); $not_first_row = 1; $first_row = 1; break; case 'e': // enum combo box echo print_row_enum($first_row, $arrpd, $p_arr[$fname], "table", $javascript, 0); break; case 'en': // enum combo box with numbers echo print_row_enum_n($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'eny': // enum combo box with years echo print_row_enum_years($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'date': //date echo print_row_date($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'a': // text Area echo print_row_area($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'c': // input box echo print_row_edit($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; case 'p': // input box password echo print_row_pwd($first_row, $arrpd, $p_arr[$fname], "table", 0, $columns); break; default: $not_first_row = 1; break; } if (!$not_first_row && $first_row == 1) { $first_row = 0; } } echo "</table>"; // show on the last page of join form if ($join_pages_num == $page) { ?> <script language=javascript> <!-- function validateJoinForm() { if ( document.forms['jform'].elements['i_agree'].checked ) return true; alert('<?php echo _t("_CLICK_AGREE"); ?> '); return false; } --> </script> <?php echo "<br /><div class=\"security_image_block\"><center>\n"; if ($enable_security_image) { echo "\n\t\t <img alt=\"Security Image\" src=\"simg/simg.php\" /><br /><br />" . _t("_Enter what you see:") . "<input name=\"securityImageValue\" type=\"text\" size=\"15\"><br /><br />"; } echo "</center>"; $ret = <<<ID \t\t<script type="text/javascript"> \t\t\tfunction id_registration() \t\t\t{ \t\t\t\toCheckBox = document.getElementById( "boonex_id" ); \t\t\t\tif( oCheckBox.checked ) \t\t\t\t\twindow.open( 'http://www.boonex.com/id/', '', 'width=800, height=600, menubar=yes, status=yes, resizable=yes, scrollbars=yes, toolbar=yes, location=yes') \t\t\t} \t\t</script> ID; echo $ret; echo "\n\t\t <div style=\"text-align:center;\"><input type=checkbox name=i_agree id=i_agree /><label for=i_agree>" . _t("_I AGREE", $site['url']) . "</label> </div>\n"; // BoonEx ID implementation // <div style=\"text-align:center;\"><input type=checkbox name=\"boonex_id\" id=\"boonex_id\" /><label for=boonex_id>" . _t("_ID_CREATE", "http://www.boonex.com/id/" ) . "</label> </div>"; } echo "<br /><center><input onclick=\"id_registration();\" type=\"submit\" value=\"" . _t("_Join") . "\" /></center></form></div>"; break; } global $memberID; echo "</td></tr></table>"; echo "</div>"; echo "<div id=\"second_column\">"; echo "<div class=\"member_login\">"; $action = "login"; $text = _t('_Member Login'); $table = "Profiles"; $login_page = "{$site['url']}member.php"; $join_page = "{$site['url']}join_form.php"; $forgot_page = "{$site['url']}forgot.php"; $template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html"; echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template); echo "</div>"; if (getParam('enable_get_boonex_id')) { echo "<div class=\"import_boonex_id\">"; $action = "boonex"; $text = '<div class="boonex_id">' . _t('_Import BoonEx ID') . '</div>'; $table = "Profiles"; $login_page = "{$site['url']}member.php"; $join_page = "{$site['url']}join_form.php"; $forgot_page = ''; $template = "{$dir['root']}templates/tmpl_{$tmpl}/join_login_form.html"; echo LoginForm($text, $action, $table, $login_page, $forgot_page, $template); echo "</div>"; } echo "</div>"; $ret = ob_get_clean(); return $ret; }
} else { header("Location:index2.php"); } /*/header("Location: ".$dest);*/ } } } else { /* Set form defaults. Perhaps you want to pull the username from a cookie you've stored on the user's computer. Maybe you don't want to do anything. */ $s->expire(); $nombre = ""; $password = ""; } LoginForm($act); /* Validate() will validate the form data. You can modify this per your requirements. */ function Validate() { global $nombre, $password, $status_msg; $ret = true; $nombre = strip_tags($_POST['nombre']); if (strlen($nombre) == 0) { $ret = false; $password = ""; $status_msg .= "Ingrese nombre de usuario.<br />"; } $password = strip_tags($_POST['password']);
function Body() { $dr = $GLOBALS['dr']; $wb = $GLOBALS['wb']; global $mi; /* PUT THE MODULE ID IN THE GLOBAL CONTEXT */ $c = "<table align='center' width='780' cellpadding='0' cellspacing='0' border='0' class='plain'>\n"; $c .= "<tr>\n"; $c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/top_left.gif' width='20' height='42'></td>\n"; //$c.="<td width='740' bgcolor='#66CC33'><a href='index.php'></a></td>\n"; $c .= "<td width='740' bgcolor='#66CC33'><a href='index.php'>" . $GLOBALS['site_logo'] . "</a></td>\n"; $c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/top_right.gif' width='20' height='42'></td>\n"; $c .= "</tr>\n"; $c .= "<tr>\n"; $c .= "<td bgcolor='#99CCFF' colspan='3'>\n"; if (isset($_SESSION['user_id'])) { require_once $dr . "include/functions/design/login_bar.php"; $c .= LoginBar(); } else { require_once $dr . "include/functions/design/logout_bar.php"; $c .= LogoutBar(); } $c .= "</td>\n"; $c .= "</tr>\n"; /* NOT LOGGED IN AND NO MODULE IN QUERYSTRING */ if (!isset($_SESSION['user_id']) && !isset($_GET['module'])) { require_once $dr . "modules/core/functions/forms/login_form.php"; $c .= "<tr bgcolor='#ffffff' align='center'>\n"; $c .= "<td colspan='3'>\n"; if (isset($_COOKIE['mvh_username'])) { $c .= LoginFormCookie(); } else { $c .= LoginForm(); } $c .= "</td>\n"; $c .= "</tr>\n"; } elseif (isset($_SESSION['user_id']) && !isset($_GET['module']) && isset($GLOBALS['ui']) && isset($GLOBALS['wui'])) { /* PROCESS THE ACTIVATION AND DEACTIVATION OF MODULES IN THE WORKSPACE HERE AS WE NEED UI TO BE SET */ if (isset($_GET['wtask']) && $_GET['wtask'] == "install_workspace_user_module") { require_once $dr . "modules/workspace/classes/add_remove_user_workspace_module.php"; $aruwm = new AddRemoveUserWorkspaceModule(); $aruwm->SetParameters($_GET['module_id']); $result = $aruwm->AddRemove(); //if (!$result) { echo Alert("3",$at->ShowErrors()); } } /* ACTIVATE THE TEAMSPACE MODULES */ if (isset($_GET['wtask']) && $_GET['wtask'] == "install_teamspace_user_module") { require_once $dr . "modules/teamspace/classes/add_remove_user_teamspace_module.php"; $arutm = new AddRemoveUserTeamspaceModule(); $arutm->SetParameters($_GET['module_id']); $result = $arutm->AddRemove(); //if (!$result) { echo Alert("3",$at->ShowErrors()); } } /* INCLUDE THE MAIN FILES FOR THE WORKSPACE */ require_once $dr . "modules/workspace/functions/browse/non_enterprise_workspace_modules.php"; require_once $dr . "include/functions/design/teamspace_slider.php"; require_once $dr . "include/functions/teamspace/user_teamspaces.php"; /* TODO: CHANGE THIS TO THE WORKSPACE FOLDER */ //require_once($dr."modules/teamspace/functions/browse/user_available_modules.php"); require_once $dr . "modules/teamspace/classes/user_available_modules.php"; // $c .= "<tr>\n"; $c .= "<td colspan='3'>\n"; $c .= "<table cellspacing='0'>\n"; $c .= "<tr>\n"; if (IS_NUMERIC($GLOBALS['teamspace_id'])) { $c .= "<td width='150' valign='top'>" . UserAvailableModules() . "</td>\n"; } else { $obj_uam = new UserAvailableModules(); if ($obj_uam->CountUserAvailableModules() > 0) { $c .= "<td width='150' valign='top'>" . TeamspaceSliderItems() . "</td>\n"; } } $c .= "<td width='630'>" . CurveBox(NonEnterpriseModules($GLOBALS['ui']->WorkspaceID(), $_SESSION['user_id'], $GLOBALS['wui']->RoleID(), True)) . "</td>\n"; $c .= "<td width='150' valign='top'>" . UserTeamspaces() . "</td>\n"; $c .= "</tr>\n"; $c .= "</table>\n"; $c .= "</td>\n"; $c .= "</tr>\n"; } elseif (isset($_SESSION['user_id']) && !isset($_GET['module']) && empty($workspace_id)) { require_once $dr . "modules/workspace/functions/browse/select_workspace.php"; require_once $dr . "modules/workspace/functions/misc/menu.php"; $c .= "<tr>\n"; $c .= "<td colspan='3'>\n"; $c .= "<table cellspacing='0' class='plain_border'>\n"; $c .= "<tr>\n"; $c .= "<td>" . SelectWorkspace() . "</td>\n"; if ($GLOBALS['ui']->GetInfo("default_role") != "y") { $c .= "<td width='150' valign='top'>" . Menu() . "</td>\n"; } $c .= "</tr>\n"; $c .= "</table>\n"; $c .= "</td>\n"; $c .= "</tr>\n"; //$c.=CurveBox(SelectWorkspace()); } elseif (isset($_GET['module']) && file_exists($dr . "modules/" . $_GET['module'] . ".php")) { $module_id = GetColumnValue("module_id", "core_module_master", "name", $_GET['module']); require_once $dr . "modules/" . $_GET['module'] . ".php"; require_once $dr . "classes/modules/module_id.php"; $mi = new ModuleID(); $module_result = $mi->Info($module_id); $anonymous_access = $mi->GetInfo("anonymous_access"); $c .= "<tr>\n"; $c .= "<td colspan='3'>"; /* CHECK FOR ERRORS OR ACCESS DENIED */ if ($module_result && $mi->CheckACL()) { $c .= LoadModule($module_id, $anonymous_access); } else { $c .= CurveBox("Access to module denied"); } $c .= "</td>\n"; $c .= "</tr>\n"; } $c .= "<tr>\n"; $c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/white_bottom_left.gif' width='20' height='20'></td>\n"; $c .= "<td width='780' bgcolor='#ffffff' align='center'>" . $GLOBALS['copyright_notice'] . "</td>\n"; $c .= "<td width='20' bgcolor='#3399CC'><img src='" . $wb . "images/curves/white_bottom_right.gif' width='20' height='20'></td>\n"; $c .= "</tr>\n"; $c .= "</table>\n"; return $c; }
function control_access($nom_script, $infos_login, $id_session, $bd) { //recherche la session $session_courante = get_session($id_session, $bd); //cas 1: la session existe, on verifie sa validite if (is_object($session_courante)) { // la session existe, est-elle valide? if (is_valid_session($session_courante, $bd)) { // on renvoie l'objet session return $session_courante; } else { echo "<B> Your session is not (or no longer) valid.<P></B>\n"; } } // Cas 2.a: La session n'existe pas mais un login et pwd ont ete fournis if (isset($infos_login['visitor_login']) & isset($infos_login['visitor_pwd'])) { // Les login/pwd sont-ils corrects? if (create_session($bd, $infos_login['visitor_login'], $infos_login['visitor_pwd'], $id_session)) { // on renvoie l'object session return get_session($id_session, $bd); } else { echo "<B> Identification failed.<P></B>\n"; } } // Cas 2.b: La session n'existe pas // et il faut afficher le formulaire d'identification LoginForm($nom_script); }
function Refuse() { global $nc_core, $AUTH_TYPE, $admin_mode, $nc_auth; // AJAX call if ($_POST["NC_HTTP_REQUEST"] || NC_ADMIN_ASK_PASSWORD === false) { // issue strange header (actually not RFC2616-compliant) and die header($_SERVER['SERVER_PROTOCOL'] . " 401 Authorization Required"); exit; } switch ($nc_core->AUTHORIZATION_TYPE) { case 'cookie': case 'session': if (!$admin_mode) { if (is_object($nc_auth)) { $nc_auth->login_form(); } } else { LoginFormHeader(); LoginForm(); LoginFormFooter(); } break; default: # по дефолту авторизация 'http' Header("WWW-authenticate: basic realm=Enter your login and password"); Header($_SERVER['SERVER_PROTOCOL'] . ' 401 Unauthorized'); LoginFormHeader(); print CONTROL_AUTH_MSG_MUSTAUTH; LoginFormFooter(); } exit; }