/** * Loads plugins * * @throws Exception Throws exception if plugin not found */ public function __construct() { $dirs = getdir(PLUGINS_DIR, '^[0-9a-zA-Z]+$'); if (empty($dirs)) { return; } asort($dirs); $plugins_config = ConfigHelper::getConfig('phpui.plugins'); $plugins_tuples = empty($plugins_config) ? array() : preg_split('/[;,\\s\\t\\n]+/', $plugins_config, -1, PREG_SPLIT_NO_EMPTY); $plugin_priorities = array(); foreach ($plugins_tuples as $idx => $plugin_tuple) { $plugin_props = explode(':', $plugin_tuple); $plugin_priorities[$plugin_props[0]] = count($plugin_props) == 2 ? intval($plugin_props[1]) : SubjectInterface::LAST_PRIORITY; $plugins_tuples[$idx] = $plugin_props[0]; } foreach ($dirs as $plugin_name) { if (class_exists($plugin_name)) { $plugin_name::loadLocales(); $plugin_info = array('name' => $plugin_name, 'enabled' => false, 'new_style' => true, 'dbcurrschversion' => null, 'dbschversion' => defined($plugin_name . '::PLUGIN_DBVERSION') ? constant($plugin_name . '::PLUGIN_DBVERSION') : null, 'fullname' => defined($plugin_name . '::PLUGIN_NAME') ? trans(constant($plugin_name . '::PLUGIN_NAME')) : null, 'description' => defined($plugin_name . '::PLUGIN_DESCRIPTION') ? trans(constant($plugin_name . '::PLUGIN_DESCRIPTION')) : null, 'author' => defined($plugin_name . '::PLUGIN_AUTHOR') ? constant($plugin_name . '::PLUGIN_AUTHOR') : null); if (array_key_exists($plugin_name, $plugin_priorities)) { $plugin = new $plugin_name(); if (!$plugin instanceof LMSPlugin) { throw new Exception("Plugin object must be instance of LMSPlugin class"); } $plugin_info = array_merge($plugin_info, array('enabled' => true, 'priority' => $plugin_priorities[$plugin_name], 'dbcurrschversion' => $plugin->getDbSchemaVersion())); $this->registerObserver($plugin, $plugin_info['priority']); } $this->new_style_plugins[$plugin_name] = $plugin_info; } else { writesyslog("Unknown plugin {$plugin_name} at position {$position}", LOG_ERR); continue; } } $files = getdir(LIB_DIR . DIRECTORY_SEPARATOR . 'plugins', '^[0-9a-zA-Z_\\-]+\\.php$'); if (empty($files)) { return; } asort($files); $old_plugins = array_diff($plugins_tuples, array_keys($this->new_style_plugins)); foreach ($files as $plugin_name) { if (!is_readable(LIB_DIR . DIRECTORY_SEPARATOR . 'plugins' . DIRECTORY_SEPARATOR . $plugin_name)) { continue; } $plugin_name = str_replace('.php', '', $plugin_name); $plugin_info = array('name' => $plugin_name, 'enabled' => false, 'new_style' => false); if (array_key_exists($plugin_name, $plugin_priorities)) { $plugin_info['enabled'] = true; } $this->old_style_plugins[$plugin_name] = $plugin_info; } }
function Session(&$DB, $timeout = 600) { global $LMS; session_start(); $this->DB =& $DB; $this->_revision = preg_replace('/^.Revision: ([0-9.]+).*/i', '\\1', $this->_revision); $this->ip = str_replace('::ffff:', '', $_SERVER['REMOTE_ADDR']); if (isset($_GET['override'])) { $loginform = $_GET['loginform']; } elseif (isset($_POST['loginform'])) { $loginform = $_POST['loginform']; } elseif (isset($_POST['remindform'])) { $remindform = $_POST['remindform']; } if (isset($remindform)) { $ten = preg_replace('/-/', '', $remindform['ten']); $params = array($ten, $ten); switch ($remindform['type']) { case 1: if (!check_email($remindform['email'])) { return; } $join = ''; $where = ' AND email = ?'; $params[] = $remindform['email']; break; case 2: if (!preg_match('/^[0-9]+$/', $remindform['phone'])) { return; } $join = 'JOIN customercontacts cc ON cc.customerid = c.id'; $where = ' AND phone = ? AND cc.type & ? = ?'; $params = array_merge($params, array(preg_replace('/ -/', '', $remindform['phone']), CONTACT_MOBILE, CONTACT_MOBILE)); break; default: return; } $customer = $this->DB->GetRow("SELECT c.id, pin FROM customers c {$join} WHERE (REPLACE(ten, '-', '') = ? OR ssn = ?)" . $where, $params); if (!$customer) { $this->error = trans('Credential reminder couldn\'t be sent!'); return; } if ($remindform['type'] == 1) { $subject = ConfigHelper::getConfig('userpanel.reminder_mail_subject'); $body = ConfigHelper::getConfig('userpanel.reminder_mail_body'); } else { $body = ConfigHelper::getConfig('userpanel.reminder_sms_body'); } $body = str_replace('%id', $customer['id'], $body); $body = str_replace('%pin', $customer['pin'], $body); if ($remindform['type'] == 1) { $LMS->SendMail($remindform['email'], array('From' => '<' . ConfigHelper::getConfig('userpanel.reminder_mail_sender') . '>', 'To' => '<' . $remindform['email'] . '>', 'Subject' => $subject), $body); } else { $LMS->SendSMS($remindform['phone'], $body); } $this->error = trans('Credential reminder has been sent!'); return; } if (isset($loginform)) { $this->login = trim($loginform['login']); $this->passwd = trim($loginform['pwd']); $_SESSION['session_timestamp'] = time(); } else { $this->login = isset($_SESSION['session_login']) ? $_SESSION['session_login'] : NULL; $this->passwd = isset($_SESSION['session_passwd']) ? $_SESSION['session_passwd'] : NULL; $this->id = isset($_SESSION['session_id']) ? $_SESSION['session_id'] : 0; } $authdata = $this->VerifyPassword(); if ($authdata != NULL) { $authinfo = GetCustomerAuthInfo($authdata['id']); if ($authinfo != NULL && isset($authinfo['enabled']) && $authinfo['enabled'] == 0 && time() - $authinfo['failedlogindate'] < 600) { $authdata['passwd'] = NULL; } } if ($authdata != NULL && $authdata['passwd'] != NULL && $this->TimeOut($timeout)) { $this->islogged = TRUE; $this->id = $authdata['id']; $_SESSION['session_login'] = $this->login; $_SESSION['session_passwd'] = $this->passwd; $_SESSION['session_id'] = $this->id; if ($this->id) { $authinfo = GetCustomerAuthInfo($this->id); if ($authinfo == NULL || $authinfo['failedlogindate'] == NULL) { $authinfo['failedlogindate'] = 0; $authinfo['failedloginip'] = ''; } $authinfo['id'] = $this->id; $authinfo['lastlogindate'] = time(); $authinfo['lastloginip'] = $this->ip; $authinfo['enabled'] = 3; SetCustomerAuthInfo($authinfo); } } else { $this->islogged = FALSE; if (isset($loginform)) { writesyslog("Bad password for customer ID:" . $this->login, LOG_WARNING); if ($authdata != NULL && $authdata['passwd'] == NULL) { $authinfo = GetCustomerAuthInfo($authdata['id']); if ($authinfo == NULL) { $authinfo['lastlogindate'] = 0; $authinfo['lastloginip'] = ''; $authinfo['failedlogindate'] = 0; } if (time() - $authinfo['failedlogindate'] < 600) { if (isset($authinfo['enabled']) && $authinfo['enabled'] > 0) { $authinfo['enabled'] -= 1; } } else { $authinfo['enabled'] = 2; } $authinfo['id'] = $authdata['id']; $authinfo['failedlogindate'] = time(); $authinfo['failedloginip'] = $this->ip; SetCustomerAuthInfo($authinfo); } $this->error = trans('Access denied!'); } $this->LogOut(); } }
function LogOut() { if ($this->islogged) { writesyslog('User ' . $this->login . ' logged out.', LOG_INFO); } $this->SESSION->finish(); }
public function LogOut() { if ($this->islogged) { writesyslog('User ' . $this->login . ' logged out.', LOG_INFO); if ($this->SYSLOG) { $this->SYSLOG->NewTransaction('auth', $this->id); $this->SYSLOG->AddMessage(SYSLOG_RES_USER, SYSLOG_OPER_USERLOGOUT, array('userid' => $this->id, 'ip' => $this->ip, 'useragent' => $_SERVER['HTTP_USER_AGENT']), array('userid')); } } $this->SESSION->finish(); }
function Session(&$DB, $timeout = 600) { session_start(); $this->DB =& $DB; $this->_revision = preg_replace('/^.Revision: ([0-9.]+).*/i', '\\1', $this->_revision); $this->ip = str_replace('::ffff:', '', $_SERVER['REMOTE_ADDR']); if (isset($_GET['override'])) { $loginform = $_GET['loginform']; } elseif (isset($_POST['loginform'])) { $loginform = $_POST['loginform']; } if (isset($loginform)) { $this->login = trim($loginform['login']); $this->passwd = trim($loginform['pwd']); $_SESSION['session_timestamp'] = time(); } else { $this->login = isset($_SESSION['session_login']) ? $_SESSION['session_login'] : NULL; $this->passwd = isset($_SESSION['session_passwd']) ? $_SESSION['session_passwd'] : NULL; $this->id = isset($_SESSION['session_id']) ? $_SESSION['session_id'] : 0; } $authdata = $this->VerifyPassword(); if ($authdata != NULL) { $authinfo = GetCustomerAuthInfo($authdata['id']); if ($authinfo != NULL && isset($authinfo['enabled']) && $authinfo['enabled'] == 0 && time() - $authinfo['failedlogindate'] < 600) { $authdata['passwd'] = NULL; } } if ($authdata != NULL && $authdata['passwd'] != NULL && $this->TimeOut($timeout)) { $this->islogged = TRUE; $this->id = $authdata['id']; $_SESSION['session_login'] = $this->login; $_SESSION['session_passwd'] = $this->passwd; $_SESSION['session_id'] = $this->id; if ($this->id) { $authinfo = GetCustomerAuthInfo($this->id); if ($authinfo == NULL || $authinfo['failedlogindate'] == NULL) { $authinfo['failedlogindate'] = 0; $authinfo['failedloginip'] = ''; } $authinfo['id'] = $this->id; $authinfo['lastlogindate'] = time(); $authinfo['lastloginip'] = $this->ip; $authinfo['enabled'] = 3; SetCustomerAuthInfo($authinfo); } } else { $this->islogged = FALSE; if (isset($loginform)) { writesyslog("Bad password for customer ID:" . $this->login, LOG_WARNING); if ($authdata != NULL && $authdata['passwd'] == NULL) { $authinfo = GetCustomerAuthInfo($authdata['id']); if ($authinfo == NULL) { $authinfo['lastlogindate'] = 0; $authinfo['lastloginip'] = ''; $authinfo['failedlogindate'] = 0; } if (time() - $authinfo['failedlogindate'] < 600) { if (isset($authinfo['enabled']) && $authinfo['enabled'] > 0) { $authinfo['enabled'] -= 1; } } else { $authinfo['enabled'] = 2; } $authinfo['failedlogindate'] = time(); $authinfo['failedloginip'] = $this->ip; SetCustomerAuthInfo($authinfo); } $this->error = trans('Access denied!'); } $this->LogOut(); } }