*/ if (isset($path_info[1]) && ($tmp_page = clean_input($path_info[1], array("trim")))) { $PAGE_URL = $tmp_page; } } $query = "\tSELECT a.`community_protected`, b.`allow_public_view`\n FROM `communities` AS a\n LEFT JOIN `community_pages` AS b\n ON b.`community_id` = a.`community_id`\n WHERE `community_url` = " . $db->qstr($COMMUNITY_URL) . "\n AND `page_url` = " . $db->qstr(isset($PAGE_URL) && $PAGE_URL ? $PAGE_URL : ""); $page_permissions = $db->GetRow($query); $PAGE_PROTECTED = isset($page_permissions) && $page_permissions && ($page_permissions["community_protected"] == 1 || $page_permissions["allow_public_view"] == 0) ? true : false; if (!$LOGGED_IN && (isset($_GET["auth"]) && $_GET["auth"] == "true")) { if (!isset($_SERVER["PHP_AUTH_USER"])) { http_authenticate(); } else { require_once "Entrada/authentication/authentication.class.php"; $username = clean_input($_SERVER["PHP_AUTH_USER"], "credentials"); $password = clean_input($_SERVER["PHP_AUTH_PW"], "trim"); $auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION); $auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD); $auth->setEncryption(AUTH_ENCRYPTION_METHOD); $auth->setUserAuthentication($username, $password, AUTH_METHOD); $result = $auth->Authenticate(array("id", "firstname", "lastname", "email", "role", "group", "username", "prefix" . "telephone", "expires", "lastlogin", "privacy_level")); $ERROR = 0; if ($result["STATUS"] == "success") { if ($result["ACCESS_STARTS"] && $result["ACCESS_STARTS"] > time()) { $ERROR++; application_log("error", "User[" . $username . "] tried to access account prior to activation date."); } elseif ($result["ACCESS_EXPIRES"] && $result["ACCESS_EXPIRES"] < time()) { $ERROR++; application_log("error", "User[" . $username . "] tried to access account after expiration date."); } else { // If $ENTRADA_USER was previously initialized in init.inc.php before the // session was authorized it is set to false and needs to be re-initialized.
<?php ob_start(); function getmicrotime() { list($usec, $sec) = explode(" ", microtime()); return (double) $usec + (double) $sec; } if ($_POST) { // header ("Content-type: text/xml"); require_once dirname(__FILE__) . "/classes/authentication.class.php"; $auth = new AuthSystem(); $auth->setAppAuthentication($_POST["app_id"], $_POST["script_id"], $_POST["script_pass"]); $auth->setUserAuthentication($_POST["username"], $_POST["password"]); $result = $auth->Authenticate($_POST["requested_info"]); if ($result["STATUS"] == "success") { $auth->updateLastLogin(); $auth->updateData($_POST["update_fields"]); } echo "<pre>"; print_r($result); echo "</pre>"; } else { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <title>Testing Authentication Class</title> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> </head>
*/ header("Location: " . ENTRADA_URL . "/calendars/" . $request_filename); exit; } } else { /** * If they are not already authenticated, and they don't have a private * hash in the URL, then send them through to HTTP authentication. */ if (!isset($_SERVER["PHP_AUTH_USER"])) { http_authenticate(); } else { require_once "Entrada/authentication/authentication.class.php"; $username = clean_input($_SERVER["PHP_AUTH_USER"], "credentials"); $password = clean_input($_SERVER["PHP_AUTH_PW"], "trim"); $auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION); $auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD); $auth->setEncryption(AUTH_ENCRYPTION_METHOD); $auth->setUserAuthentication($username, $password, AUTH_METHOD); $result = $auth->Authenticate(array("id", "username", "firstname", "lastname", "email", "role", "group", "organisation_id")); $ERROR = 0; if ($result["STATUS"] == "success") { $user_proxy_id = $result["ID"]; $user_username = $result["USERNAME"]; $user_firstname = $result["FIRSTNAME"]; $user_lastname = $result["LASTNAME"]; $user_email = $result["EMAIL"]; $user_role = $result["ROLE"]; $user_group = $result["GROUP"]; $user_organisation_id = $result["ORGANISATION_ID"]; } else {
// Check for SESSION lockout also if (isset($_SESSION["auth"]) && isset($_SESSION["auth"]["locked_out_until"])) { if ($_SESSION["auth"]["locked_out_until"] < time()) { unset($_SESSION["auth"]["locked_out_until"]); } else { add_error("Your access to this system has been locked due to too many failed login attempts. You may try again at " . date("g:iA ", $lockout_result["locked_out_until"])); application_log("error", "User[" . $username . "] tried to access account after being SESSION locked out."); } } if (isset($_SESSION["auth"]["login_attempts"]) && $_SESSION["auth"]["login_attempts"] > $LOGIN_ATTEMPTS) { $LOGIN_ATTEMPTS = $_SESSION["auth"]["login_attempts"]; } } // Only even try to authorized if not locked out if ($ERROR === 0) { $auth = new AuthSystem(defined("AUTH_DEVELOPMENT") && AUTH_DEVELOPMENT != "" ? AUTH_DEVELOPMENT : AUTH_PRODUCTION); $auth->setAppAuthentication(AUTH_APP_ID, AUTH_USERNAME, AUTH_PASSWORD); $auth->setEncryption(AUTH_ENCRYPTION_METHOD); $auth->setUserAuthentication($username, $password, AUTH_METHOD); $result = $auth->Authenticate(array("id", "access_id", "prefix", "firstname", "lastname", "email", "email_alt", "email_updated", "google_id", "telephone", "role", "group", "organisation_id", "access_starts", "access_expires", "last_login", "privacy_level", "copyright", "notifications", "private_hash", "private-allow_podcasting", "acl")); } if ($ERROR === 0 && $result["STATUS"] == "success") { if (isset($USER_ACCESS_ID)) { if (!$db->Execute("UPDATE `" . AUTH_DATABASE . "`.`user_access` SET `login_attempts` = NULL, `last_login` = " . $db->qstr(time()) . ", `last_ip` = " . $db->qstr(isset($_SERVER["REMOTE_ADDR"]) ? $_SERVER["REMOTE_ADDR"] : 0) . " WHERE `id` = " . (int) $USER_ACCESS_ID . " AND `app_id` = " . $db->qstr(AUTH_APP_ID))) { application_log("error", "Unable to reset the login attempt counter for user [" . $username . "]. Database said " . $db->ErrorMsg()); } } $GUEST_ERROR = false; if ($result["GROUP"] == "guest") { $query = "SELECT COUNT(*) AS total\n FROM `community_members`\n WHERE `proxy_id` = " . $db->qstr($result["ID"]) . "\n AND `member_active` = 1"; $community_result = $db->GetRow($query);