*/
if (isset($path_info[1]) && ($tmp_page = clean_input($path_info[1], array("trim")))) {
$PAGE_URL = $tmp_page;
}
}
$query = "\tSELECT a.`community_protected`, b.`allow_public_view`\n FROM `communities` AS a\n LEFT JOIN `community_pages` AS b\n ON b.`community_id` = a.`community_id`\n WHERE `community_url` = " . $db->qstr($COMMUNITY_URL) . "\n AND `page_url` = " . $db->qstr(isset($PAGE_URL) && $PAGE_URL ? $PAGE_URL : "");
$page_permissions = $db->GetRow($query);
$PAGE_PROTECTED = isset($page_permissions) && $page_permissions && ($page_permissions["community_protected"] == 1 || $page_permissions["allow_public_view"] == 0) ? true : false;
if (!$LOGGED_IN && (isset($_GET["auth"]) && $_GET["auth"] == "true")) {
if (!isset($_SERVER["PHP_AUTH_USER"])) {
http_authenticate();
} else {
require_once "Entrada/authentication/authentication.class.php";
$username = clean_input($_SERVER["PHP_AUTH_USER"], "credentials");
$password = clean_input($_SERVER["PHP_AUTH_PW"], "trim");
$auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION);
$auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD);
$auth->setEncryption(AUTH_ENCRYPTION_METHOD);
$auth->setUserAuthentication($username, $password, AUTH_METHOD);
$result = $auth->Authenticate(array("id", "firstname", "lastname", "email", "role", "group", "username", "prefix" . "telephone", "expires", "lastlogin", "privacy_level"));
$ERROR = 0;
if ($result["STATUS"] == "success") {
if ($result["ACCESS_STARTS"] && $result["ACCESS_STARTS"] > time()) {
$ERROR++;
application_log("error", "User[" . $username . "] tried to access account prior to activation date.");
} elseif ($result["ACCESS_EXPIRES"] && $result["ACCESS_EXPIRES"] < time()) {
$ERROR++;
application_log("error", "User[" . $username . "] tried to access account after expiration date.");
} else {
// If $ENTRADA_USER was previously initialized in init.inc.php before the
// session was authorized it is set to false and needs to be re-initialized.
<?php
ob_start();
function getmicrotime()
{
list($usec, $sec) = explode(" ", microtime());
return (double) $usec + (double) $sec;
}
if ($_POST) {
// header ("Content-type: text/xml");
require_once dirname(__FILE__) . "/classes/authentication.class.php";
$auth = new AuthSystem();
$auth->setAppAuthentication($_POST["app_id"], $_POST["script_id"], $_POST["script_pass"]);
$auth->setUserAuthentication($_POST["username"], $_POST["password"]);
$result = $auth->Authenticate($_POST["requested_info"]);
if ($result["STATUS"] == "success") {
$auth->updateLastLogin();
$auth->updateData($_POST["update_fields"]);
}
echo "<pre>";
print_r($result);
echo "</pre>";
} else {
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Testing Authentication Class</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>
*/
header("Location: " . ENTRADA_URL . "/calendars/" . $request_filename);
exit;
}
} else {
/**
* If they are not already authenticated, and they don't have a private
* hash in the URL, then send them through to HTTP authentication.
*/
if (!isset($_SERVER["PHP_AUTH_USER"])) {
http_authenticate();
} else {
require_once "Entrada/authentication/authentication.class.php";
$username = clean_input($_SERVER["PHP_AUTH_USER"], "credentials");
$password = clean_input($_SERVER["PHP_AUTH_PW"], "trim");
$auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION);
$auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD);
$auth->setEncryption(AUTH_ENCRYPTION_METHOD);
$auth->setUserAuthentication($username, $password, AUTH_METHOD);
$result = $auth->Authenticate(array("id", "username", "firstname", "lastname", "email", "role", "group", "organisation_id"));
$ERROR = 0;
if ($result["STATUS"] == "success") {
$user_proxy_id = $result["ID"];
$user_username = $result["USERNAME"];
$user_firstname = $result["FIRSTNAME"];
$user_lastname = $result["LASTNAME"];
$user_email = $result["EMAIL"];
$user_role = $result["ROLE"];
$user_group = $result["GROUP"];
$user_organisation_id = $result["ORGANISATION_ID"];
} else {
// Check for SESSION lockout also
if (isset($_SESSION["auth"]) && isset($_SESSION["auth"]["locked_out_until"])) {
if ($_SESSION["auth"]["locked_out_until"] < time()) {
unset($_SESSION["auth"]["locked_out_until"]);
} else {
add_error("Your access to this system has been locked due to too many failed login attempts. You may try again at " . date("g:iA ", $lockout_result["locked_out_until"]));
application_log("error", "User[" . $username . "] tried to access account after being SESSION locked out.");
}
}
if (isset($_SESSION["auth"]["login_attempts"]) && $_SESSION["auth"]["login_attempts"] > $LOGIN_ATTEMPTS) {
$LOGIN_ATTEMPTS = $_SESSION["auth"]["login_attempts"];
}
}
// Only even try to authorized if not locked out
if ($ERROR === 0) {
$auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION);
$auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD);
$auth->setEncryption(AUTH_ENCRYPTION_METHOD);
$auth->setUserAuthentication($username, $password, AUTH_METHOD);
$result = $auth->Authenticate(array("id", "access_id", "prefix", "firstname", "lastname", "email", "email_alt", "email_updated", "google_id", "telephone", "role", "group", "organisation_id", "access_starts", "access_expires", "last_login", "privacy_level", "copyright", "notifications", "private_hash", "private-allow_podcasting", "acl"));
}
if ($ERROR === 0 && $result["STATUS"] == "success") {
if (isset($USER_ACCESS_ID)) {
if (!$db->Execute("UPDATE `" . AUTH_DATABASE . "`.`user_access` SET `login_attempts` = NULL, `last_login` = " . $db->qstr(time()) . ", `last_ip` = " . $db->qstr(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : 0) . " WHERE `id` = " . (int) $USER_ACCESS_ID . " AND `app_id` = " . $db->qstr(AUTH_APP_ID))) {
application_log("error", "Unable to reset the login attempt counter for user [" . $username . "]. Database said " . $db->ErrorMsg());
}
}
$GUEST_ERROR = false;
if ($result["GROUP"] == "guest") {
$query = "SELECT COUNT(*) AS total\n FROM `community_members`\n WHERE `proxy_id` = " . $db->qstr($result["ID"]) . "\n AND `member_active` = 1";
$community_result = $db->GetRow($query);
