function ldap_auth() { $ldap_server = 'ldap://127.0.0.1/'; $ldap_domain = 'dc=rugion,dc=ru'; //$ldap_userbase = 'ou=users,ou=chelyabinsk,' . $ldap_domain; //$ldap_user = '******' . $_SERVER['PHP_AUTH_USER'] . ',' . $ldap_userbase; $ldap_user = '******'; $ldap_pass = $_SERVER['PHP_AUTH_PW']; $ldapconn_s = ldap_connect($ldap_server) or die("Could not connect to LDAP server."); ldap_set_option($ldapconn_s, LDAP_OPT_PROTOCOL_VERSION, 3); if ($ldapconn_s) { $ldapbind_s = @ldap_bind($ldapconn_s); $result = ldap_search($ldapconn_s, $ldap_domain, "(&(uid=" . $_SERVER['PHP_AUTH_USER'] . ")(objectClass=sambaSamAccount)(!(sambaAcctFlags=[DU ])))"); $info = ldap_get_entries($ldapconn_s, $result); $ldap_user = $info[0]["dn"]; } ldap_close($ldapconn_s); // connect to ldap server $ldapconn = ldap_connect($ldap_server) or die("Could not connect to LDAP server."); ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3); if ($ldapconn) { // try to bind/authenticate against ldap $ldapbind = @ldap_bind($ldapconn, $ldap_user, $ldap_pass) || forbidden(); // "LDAP bind successful..."; error_log("success: " . $_SERVER['REMOTE_ADDR'] . ', user: '******'PHP_AUTH_USER']); } ldap_close($ldapconn); }
if (!(resource_access($visible, $public) or isset($status) and $status == USER_TEACHER)) { not_found($downloadDir); } } // Allow unlimited time for creating the archive set_time_limit(0); if ($format == '.dir') { $real_filename = $real_filename . '.zip'; $dload_filename = $webDir . '/courses/temp/' . safe_filename('zip'); zip_documents_directory($dload_filename, $downloadDir, $can_upload); $delete = true; } elseif ($extra_path) { if ($real_path = common_doc_path($extra_path, true)) { // Common document if (!$common_doc_visible) { forbidden($downloadDir); } $dload_filename = $real_path; $delete = false; } else { // External document - redirect to URL redirect($extra_path); } } else { $dload_filename = $basedir . $downloadDir; $delete = false; } send_file_to_client($dload_filename, $real_filename, null, true, $delete); exit; } if ($can_upload) {
<?php // +-------------------------------------------------+ // © 2002-2004 PMB Services / www.sigb.net pmb@sigb.net et contributeurs (voir www.sigb.net) // +-------------------------------------------------+ // $Id: global_vars.inc.php,v 1.9 2008-09-23 22:16:29 dbellamy Exp $ // fichier de configuration générale // prevents direct script access pt_register("SERVER", "REQUEST_URI"); if (preg_match('/global_vars\\.inc\\.php/', $REQUEST_URI)) { require_once './forbidden.inc.php'; forbidden(); } /* VERSION SUPER GLOBALS */ /* on commence par tout unset... */ //$arr = array_merge(&$_ENV, &$_GET, &$_POST, &$_COOKIE, &$_FILES, &$_REQUEST, &$_SERVER); //while(list($__key__PMB) = each($arr)) unset(${$__key__PMB}); //$arr = array_merge(&$HTTP_GET_VARS, &$HTTP_POST_VARS,&$HTTP_POST_FILES,&$HTTP_COOKIE_VARS, &$HTTP_SERVER_VARS, &$HTTP_ENV_VARS ); //while(list($__key__PMB) = each($arr)) unset(${$__key__PMB}); function add_sl(&$var) { if (is_array($var)) { reset($var); while (list($k, $v) = each($var)) { add_sl($var[$k]); } } else { $var = addslashes($var); } } /* on récupère tout sans se poser de question, attention à la sécurité ! */
$db = preg_replace('/[^a-z0-9]/i', '', $db); try { $tt = @Tyrant::connect("/tmp/{$db}.sock", 0); } catch (Tyrant_Exception $e) { include "../lib/spyc.php"; if (!file_exists("../{$db}.yaml")) { forbidden('genome does not exist'); } $genome_config = Spyc::YAMLLoad("../{$db}.yaml"); try { if (!is_array($genome_config['output_tch'])) { throw new Exception("ttserver should be local"); } $tt = @Tyrant::connect($genome_config['output_tch'][0], $genome_config['output_tch'][1]); } catch (Exception $e) { forbidden('Could not connect to ttserver'); } } header('Content-Type: ' . (substr($f, -4) == ".png" ? 'image/png' : 'application/json')); $value = $tt[$f]; if ($value === null) { header('HTTP/1.1 404 Not Found'); } else { header('Expires: ' . gmdate("D, d M Y H:i:s", time() + 60 * 60 * 3) . " GMT"); header('Cache-Control: public, max-age=10800'); if ($value == '-') { echo $tt['.null']; } else { echo $value; } }
require_once 'modules/auth/auth.inc.php'; require_once 'include/lib/hierarchy.class.php'; require_once 'include/lib/user.class.php'; require_once 'modules/admin/custom_profile_fields_functions.php'; $tree = new Hierarchy(); $user = new User(); $toolName = $langMyProfile; $userdata = array(); if (isset($_GET['id']) and isset($_GET['token'])) { $id = intval($_GET['id']); if (!token_validate($id, $_GET['token'], 3600)) { forbidden($_SERVER['REQUEST_URI']); } $pageName = $langUserProfile; } else { $id = $uid; } $userdata = Database::get()->querySingle("SELECT surname, givenname, username, email, status, phone, am, registered_at, has_icon, description, password, email_public, phone_public, am_public FROM user WHERE id = ?d", $id); if ($userdata) { $auth = array_search($userdata->password, $auth_ids); if (!$auth) {
function receive_body($ch, $body_data) { global $header, $header_parsed, $is_track, $body_buffer; $len = strlen($body_data); $content_type = NULL; $header_lines = preg_split('/[\\r\\n]+/', $header); foreach ($header_lines as $index => $line) { if (preg_match('/^\\s*Content-Type\\s*:\\s*(.*)/i', $line, $matches)) { $content_type = $matches[1]; } } if ($content_type !== NULL && strpos($content_type, 'text/plain') === FALSE) { if (!headers_sent()) { forbidden(); } return $len; } if (!headers_sent()) { header('Content-Type: ' . $content_type); } if ($is_track === NULL) { $body_buffer .= $body_data; $is_track = is_track($body_buffer); if ($is_track) { echo $body_buffer; flush(); } } elseif ($is_track === TRUE) { echo $body_data; flush(); } elseif ($is_track === FALSE) { if (!headers_sent()) { forbidden(); } return $len; } return $len; }
function requirelogin() { if (loggedin()) { return; } if (isset($_REQUEST["async"])) { forbidden(); } $_SESSION["nextpage"] = $_SERVER["REQUEST_URI"]; include "content/login.php"; exit; }
include "{$file_reg}"; echo $language['back_topindex']; } elseif ($id == "profile") { echo $language['title_profile']; include "{$file_check_auth}"; include "{$file_profile}"; } else { if ($forum_ext != "") { if ($forums['rights'][$forum_id] <= $user_rights) { if ($vars['log_index'] == "true") { include "{$file_write_log}"; } echo "<center><b>" . $forums['title'][$forum_id] . "</b></center>"; include "{$file_showall}"; } else { forbidden($forums['rights'][$forum_id]); } } else { echo $language['version_1.7'][1]; include "{$file_all_forums}"; } } } else { echo "{$text_error}"; } echo "<hr class=tbl1><center>"; include "{$file_buttons}"; echo "</center><hr class=tbl1>"; if ($vars['show_statistic'] == "true") { include "{$file_statistic}"; }
private function keys() { $pattern = isAke($this->args, 'pattern'); if (!strlen($pattern)) { forbidden('no pattern'); } $keys = glob($this->dir . $pattern); $collection = array(); if (!empty($keys)) { foreach ($keys as $key) { $key = str_replace($this->dir, '', $key); array_push($collection, $key); } } success($collection); }
function rss_check_access() { global $course_code, $course_id, $course_status, $module_id; if (isset($_GET['c'])) { $course_code = $_GET['c']; $course_id = course_code_to_id($course_code); $course_status = course_status($course_id); } else { $course_code = ''; $course_id = false; } if ($course_id === false) { header("HTTP/1.0 404 Not Found"); echo '<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head>', '<title>404 Not Found</title></head><body>', '<h1>Not Found</h1><p>The requested course "', htmlspecialchars($course_code), '" does not exist.</p></body></html>'; exit; } if ($course_status == COURSE_INACTIVE or !visible_module($module_id) or $course_status != COURSE_OPEN and !(isset($_GET['token']) and isset($_GET['uid']) and rss_token_valid($_GET['token'], $_GET['uid']))) { forbidden($_SERVER['REQUEST_URI']); } }
print ' <script src="/js/init.js"></script>' . "\n"; print ' <script src="/js/main.js"></script>' . "\n"; // Plotting tools print ' <script src="/jsplots/plotly-latest.min.js"></script>' . "\n"; print ' <script src="/jsplots/initPlots.js"></script>' . "\n"; print ' <script src="/jsplots/plots.js"></script>' . "\n"; print ' <noscript>' . "\n"; print ' <link rel="stylesheet" href="/css/skel-noscript.css" />' . "\n"; print ' <link rel="stylesheet" href="/css/style.css" />' . "\n"; print ' <link rel="stylesheet" href="/css/style-wide.css" />' . "\n"; print ' </noscript>' . "\n"; print ' <check if="isset({{@css_bundle}})"><link href="{{@css_bundle}}" rel="stylesheet" media="screen"></check>' . "\n"; print ' </head>' . "\n"; print ' <body>' . "\n"; // Check access rights - basics if (forbidden()) { exitAccessError(); } print ' <div id="header" class="skel-panels-fixed">' . "\n"; print ' <div class="top">' . "\n"; print ' <div id="logo" >' . "\n"; print ' <span class="image tapas"><img class="rounded" src="/img/tapas.jpg" alt="" /></span>' . "\n"; print ' <h1 id="title"><a href="/">TAPAS</a></h1>' . "\n"; print ' <hr>' . "\n"; print ' <span class="byline">Teaching Assistants</span>' . "\n"; print ' <span class="byline">Physics department</span>' . "\n"; print ' <span class="byline">Assignment System</span>' . "\n"; print ' <span class="byline">MIT</span>' . "\n"; print ' <hr>' . "\n"; print ' </div>' . "\n"; print ' <nav id="nav">' . "\n";
error($langNoRead); } } $file_info = public_path_to_disk_path($path_components); if (!$is_editor and !resource_access($file_info->visible, $file_info->public)) { error($langNoRead); } if ($file_info->extra_path) { // $disk_path is set if common file link $disk_path = common_doc_path($file_info->extra_path, true); if (!$disk_path) { // external file URL header("Location: {$file_info->extra_path}"); exit; } elseif (!$common_doc_visible) { forbidden(preg_replace('/^.*file\\.php/', '', $uri)); } } else { // Normal file $disk_path = $basedir . $file_info->path; } if (file_exists($disk_path)) { if (!$is_in_playmode) { $valid = $uid || course_status($course_id) == COURSE_OPEN ? true : token_validate($file_info->path, $_GET['token'], 30); if (!$valid) { not_found(preg_replace('/^.*file\\.php/', '', $uri)); exit; } send_file_to_client($disk_path, $file_info->filename); } else { require_once 'include/lib/fileDisplayLib.inc.php';
} $db = urlencode(isset($_GET['db']) ? preg_replace('/[^a-z0-9]/i', '', $_GET['db']) : 'hg18'); // This UCSC CGI expects 0-based coordinates $left = max(intval($_GET['left']) - 1, 0); $right = max(intval($_GET['right']) - 1, 0); if (!file_exists("../{$db}.yaml")) { forbidden('genome does not exist'); } $genome_config = Spyc::YAMLLoad("../{$db}.yaml"); $ucsc_config = Spyc::YAMLLoad("../ucsc.yaml"); if (!$genome_config['bppp_limits']['nts_below']) { forbidden('no nt segments available for this genome'); } $max_length = $genome_config['max_nt_request']; if ($right - $left <= 0 || $right - $left > $max_length) { forbidden('invalid segment length'); } $chr_order = $genome_config['chr_order']; $chr_lengths = $genome_config['chr_lengths']; $dna_url = $ucsc_config['browser_hosts']['local'] . $ucsc_config['browser_urls']['dna']; $pos = 0; $queries = array(); foreach ($chr_order as $chr) { $len = $chr_lengths[$chr]; $next_pos = $pos + $len; if ($left < $next_pos && $right > $pos) { array_push($queries, array($db, $chr, max($left - $pos, 0), min($right - $pos, $len))); } $pos = $next_pos; } $pad_end = max($right - $pos, 0);
$response->getBody()->write(json_encode(array("code" => 200, "message" => "OK"))); return $response; } catch (PDOException $e) { return handleError($e, $response); } }); $app->post('/api/bids/place', function (Request $request, Response $response) { if (!array_key_exists('cst_session_id', $request->getCookieParams())) { logger($this)->addWarning('No contractor session id', getPath($request)); return forbidden($response); } $customerSessionId = $request->getCookieParams()["cst_session_id"]; $customer = getCustomer($customerSessionId); if (!isset($customer)) { logger($this)->addWarning('No contractor found by session id', array('cst_session_id' => $customerSessionId, 'uri' => $request->getUri()->getPath())); return forbidden($response); } $bid = json_decode($request->getBody()); list($product, $amount, $price) = parseBid($bid); if (!isset($product)) { logger($this)->addWarning('Wrong bid', getPath($request)); return badRequest($response); } $customerId = $customer['id']; if ($price > $customer['amount']) { logger($this)->addWarning("Customer doesn't have enough funds to place the bid with price", array('customer_id' => $customerId, 'price' => $price)); return conflict($response); } try { $bidId = insertBid($product, $amount, $price, $customerId); $response->getBody()->write("api/bids/{$bidId}");
/** * Clone an Exercise */ function duplicate() { global $langCopy2, $course_id; $clone_course_id = $_POST['clone_to_course_id']; if (!check_editor(null, $clone_course_id)) { forbidden(); } $id = $this->id; $exercise = $this->exercise.(($clone_course_id == $course_id)? " ($langCopy2)" : ''); $description = standard_text_escape($this->description); $type = $this->type; $startDate = $this->startDate; $endDate = $this->endDate; $tempSave = $this->tempSave; $timeConstraint = $this->timeConstraint; $attemptsAllowed = $this->attemptsAllowed; $random = $this->random; $active = $this->active; $public = $this->public; $results = $this->results; $score = $this->score; $ip_lock = $this->ip_lock; $password_lock = $this->password_lock; $assign_to_specific = $this->assign_to_specific; $clone_id = Database::get()->query("INSERT INTO `exercise` (course_id, title, description, type, start_date, end_date, temp_save, time_constraint, attempts_allowed, random, active, results, score, ip_lock, password_lock, assign_to_specific) VALUES (?d, ?s, ?s, ?d, ?t, ?t, ?d, ?d, ?d, ?d, ?d, ?d, ?d, ?s, ?s, ?d)", $clone_course_id, $exercise, $description, $type, $startDate, $endDate, $tempSave, $timeConstraint, $attemptsAllowed, $random, $active, $results, $score, $ip_lock, $password_lock, $assign_to_specific)->lastInsertID; if ($assign_to_specific) { Database::get()->query("INSERT INTO `exercise_to_specific` (user_id, group_id, exercise_id) SELECT user_id, group_id, ?d FROM `exercise_to_specific` WHERE exercise_id = ?d", $clone_id, $id)->lastInsertID; } if ($clone_course_id != $course_id) { // copy questions and answers to new course question pool Database::get()->queryFunc("SELECT question_id AS id FROM exercise_with_questions WHERE exercise_id = ?d", function ($question) use ($clone_id, $clone_course_id) { $question_clone_id = Database::get()->query("INSERT INTO exercise_question (course_id, question, description, weight, q_position, type, difficulty, category) SELECT ?d, question, description, weight, q_position, type, difficulty, 0 FROM `exercise_question` WHERE id = ?d", $clone_course_id, $question->id)->lastInsertID; Database::get()->query("INSERT INTO exercise_with_questions (question_id, exercise_id) VALUES (?d, ?d)", $question_clone_id, $clone_id); Database::get()->query("INSERT INTO exercise_answer (question_id, answer, correct, comment, weight, r_position) SELECT ?d, answer, correct, comment, weight, r_position FROM exercise_answer WHERE question_id = ?d", $question_clone_id, $question->id); }, $id); } else { // add question to new exercise Database::get()->query("INSERT INTO `exercise_with_questions` (question_id, exercise_id) SELECT question_id, ?d FROM `exercise_with_questions` WHERE exercise_id = ?d", $clone_id, $id); } }
//echo("$user_rights==".$themes_data[$i]['rights']); if ($user_rights < $themes_data[$i]['rights']) { forbidden($themes_data[$i]['rights']); $error = true; } if ($error == false) { if ($themes_data[$i]['names'] != "") { $names = explode(",", $themes_data[$i]['names']); $ok = false; for ($s = 0; $s < count($names); $s++) { if ($names[$s] == $CURRENT_USER["id"]) { $ok = true; } } if ($ok == false && $user_rights < $themes_data[$i]['namesrights']) { forbidden($themes_data[$i]['namesrights']); $error = true; } } } if ($error == false) { $viewed = false; $ipss = array(); $ipss = explode($smb, $themes_data[$i]['ips']); $ip = get_ip_address(); for ($f = 0; $f < count($ipss); $f++) { if ($ip == $ipss[$f]) { $viewed = true; } } if ($viewed == false) {