private function _defaultPage($slug) { switch ($slug) { case 'home': case 'contact': //init security (crsf and captcha) $security = Security::getSecurity(Security::TYPE_FORM); $crsf = $security->getProtection('form1', Form::PROTECTION_CSRF); $crsf->create(); $captcha = $security->getProtection('form1', Form::PROTECTION_CAPTCHA); $this->tpl->setVar('captchaImageUrl', $captcha->get('image', true), false, true)->setVar('captchaAudioUrl', $captcha->get('audio', true), false, true)->setVar('captchaRefreshUrl', $captcha->getRefreshUrl(), false, true); $this->tpl->setVar('token', $crsf->get(), false, true); //define vars and overwrite template if ($slug == 'contact') { $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'contact.tpl.php'); } elseif ($slug == 'register') { if (Member::isConnected()) { Http::redirect($this->router->getUrl('index')); } $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'register.tpl.php'); } else { $this->tpl->setVar('news', $this->_readAll('new'), false, true); $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'index.tpl.php'); } //set in session $crsf->set(); break; case 'news': $this->tpl->setVar('news', $this->_readAll('new'), false, true); $this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'news.tpl.php'); default: break; } }
function logout() { $_SESSION = array(); session_destroy(); Http::unautorize(); Http::redirect("/"); }
function new_story() { $title = StoryTime::titleGenerator(); $uri = StoryTime::URIGenerator(); $story = array('uri' => $uri, 'title' => $title, 'body' => '', 'started_at' => $this->db->now()); $id = $this->db->insert('story', $story); if (!$id) { echo $this->db->getLastError(); } else { Http::redirect('/Main/story/' . $uri); } }
private static function _redirect($values) { if (isset($values['url']) == false) { return false; } $url = Basic::handle($values['url']); if (isset($values['ms'])) { $ms = Basic::handle($values['ms']); return Http::redirect($url, $ms); } return Http::redirect($url); }
public function update() { $group = Http::post("group"); $group_id = Http::post("group_id"); $permissions = Http::post("permission"); $permission_model = DB::loadModel("users/permissions"); $group_model = DB::loadModel("users/groups"); $group_model->updateGroup($group_id, $group); $pids = array(); foreach ($permissions as $id => $val) { $pids[] = $id; } $permission_model->setPermissions($group_id, $pids); Http::redirect("/user_groups"); }
public function update() { $user = Http::post("user"); $user_id = Http::post("user_id"); $user["is_admin"] = $user["is_admin"] == "on" ? 1 : 0; $groups = Http::post("groups"); $groups_ids = array(); foreach ($groups as $id => $group) { $groups_ids[] = $id; } $user_model = DB::loadModel("users/user"); $user_groups_model = DB::loadModel("users/groups"); $user_model->update($user_id, $user); $user_groups_model->setGroups($user_id, $groups_ids); Http::redirect("/users"); }
function index() { $user = $this->registry->get("user"); if (!$user->has_permission("client/maps/search")) { Http::redirect('/'); exit; } $this->registerModule("client/common/client_menu", "left_side"); $this->registerModule("map/map", "center_side"); //$this->registerModule("client/maps/search/maps_search_filter", "right_side"); // $regions_model = DB::loadModel("maps/regions"); // $regions = $regions_model->getAll(); $smarty = $this->registry->get("smarty"); $smarty->assign("regions", $regions); $smarty->assign("page", "maps_search"); $smarty->assign("title", "Адміністративний пошук"); $this->display(); }
function save() { $database = Http::post("database"); $database_external = Http::post("database_external"); $auth = Http::post("auth"); $ad_server = Http::post("ad_server"); if (!is_null($database) && !is_null($database_external) && !is_null($auth) && !is_null($ad_server)) { $config = new Config(); $config->set("/settings/database/host", $database["host"]); $config->set("/settings/database/name", $database["name"]); $config->set("/settings/database/user", $database["user"]); $config->set("/settings/database/pass", $database["pass"]); $config->set("/settings/database_external/host", $database_external["host"]); $config->set("/settings/database_external/name", $database_external["name"]); $config->set("/settings/database_external/user", $database_external["user"]); $config->set("/settings/database_external/pass", $database_external["pass"]); $config->set("/settings/auth/mode", $auth["mode"]); $config->set("/settings/ad_server/address", $ad_server["address"]); $config->set("/settings/ad_server/account_sufix", $ad_server["account_sufix"]); $config->set("/settings/ad_server/base_dn", $ad_server["base_dn"]); } Http::redirect("/system"); }
<?php require 'libraries/start.php'; // install if (!is_file('install.log')) { Http::redirect('install.php'); } else { Http::redirect('xhtml.php'); }
public function do_create($name) { if ($this->login()) { $class = $this->get_class($name); $tools = new CrudTools($name); if ($this->isPost()) { try { $class->set_model($this->vars()); $class->save(); C($class)->commit(); Http::redirect($tools->link_find()); } catch (Exception $e) { } } else { $this->cp($class); } $this->vars("model", $class); $this->vars("f", $tools); $this->template(Rhaco::module_path("templates/update.html")); } return $this; }
public function route($app, $action) { if (!empty(Core::$user->id)) { foreach (['edit', 'conf'] as $v) { if (isset($_REQUEST[$v]) && Core::$user->has($v)) { $_SESSION['pe_' . substr($v, 0, 1)] = !empty($_REQUEST[$v]); Http::redirect(); } } } if (Core::$core->app == 'login') { if (Core::$user->id) { Http::redirect('/'); } $A = 'admin'; if (Core::isTry() && !empty($_REQUEST['id'])) { if ($_REQUEST['id'] == $A && !empty(Core::$core->masterpasswd) && password_verify($_POST['pass'], Core::$core->masterpasswd)) { $_SESSION['pe_u']->id = -1; $_SESSION['pe_u']->name = $A; } else { Core::event("login", [$_REQUEST['id'], $_POST['pass']]); } if (!empty($_SESSION['pe_u']->id)) { Core::log('A', 'Login ' . $_SESSION['pe_u']->name, 'users'); Http::redirect(); } else { Core::error(L('Bad username or password'), 'id'); } } } elseif (Core::$core->app == 'logout') { $i = Core::$user->id; if ($i) { Core::log('A', 'Logout ' . Core::$user->name, 'users'); if ($i != -1) { Core::event("logout"); } } session_destroy(); Http::redirect('/'); } }
$_REQUEST['id'] = $thisclient->getTicketId(); require_once(INCLUDE_DIR.'class.ticket.php'); require_once(INCLUDE_DIR.'class.json.php'); $ticket=null; if($_REQUEST['id']) { if (!($ticket = Ticket::lookup($_REQUEST['id']))) { $errors['err']=__('Unknown or invalid ticket ID.'); } elseif(!$ticket->checkUserAccess($thisclient)) { $errors['err']=__('Unknown or invalid ticket ID.'); //Using generic message on purpose! $ticket=null; } } if (!$ticket && $thisclient->isGuest()) Http::redirect('view.php'); $tform = TicketForm::objects()->one(); $messageField = $tform->getField('message'); $attachments = $messageField->getWidget()->getAttachments(); //Process post...depends on $ticket object above. if($_POST && is_object($ticket) && $ticket->getId()): $errors=array(); switch(strtolower($_POST['a'])){ case 'edit': if(!$ticket->checkUserAccess($thisclient) //double check perm again! || $thisclient->getId() != $ticket->getUserId()) $errors['err']=__('Access Denied. Possibly invalid ticket ID'); elseif (!$cfg || !$cfg->allowClientUpdates()) $errors['err']=__('Access Denied. Client updates are currently disabled');
Jared Hancock <*****@*****.**> Copyright (c) 2006-2013 osTicket http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require_once 'staff.inc.php'; //Basic url validation + token check. # PHP < 5.4.7 will not handle a URL like //host.tld/path correctly if (!($url=trim($_GET['url']))) Http::response(422, __('Invalid URL')); $check = (strpos($url, '//') === 0) ? 'http:' . $url : $url; if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth'])) Http::response(403, __('URL link not authorized')); elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false) Http::redirect($url); ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/> </head> <body/> </html>
function afterForInsert($insert_id) { Http::redirect('index.php?c=maintain&a=list'); }
/** * URLのパターンからTemplateを切り替える * @param array $urlconf */ public function handler(array $urlconf = array()) { $params = array(); foreach ($urlconf as $pattern => $conf) { if (is_int($pattern)) { $pattern = $conf; $conf = null; } if (preg_match("/" . str_replace(array("\\/", "/", "__SLASH__"), array("__SLASH__", "\\/", "\\/"), $pattern) . "/", $this->args(), $params)) { if ($conf !== null) { if (is_array($conf)) { if (isset($conf["class"])) { $this->class = $conf["class"]; } if (isset($conf["method"])) { $this->method = $conf["method"]; } if (isset($conf["template"])) { $this->template = $conf["template"]; } if (isset($conf["name"])) { $this->name = $conf["name"]; } } else { $this->dict($conf); } } self::$match_pattern = empty($this->name) ? $params[0] : $this->name; if (!empty($this->class)) { if (false !== strrpos($this->class, ".") || !class_exists($this->class)) { $this->class = Rhaco::import($this->class); } if (empty($this->method) && !empty($pattern)) { $method_patterns = array(); $patterns = explode("/", $pattern); if ($patterns[0] == "^") { array_shift($patterns); } foreach ($patterns as $p) { if (!preg_match("/[\\w_]/", $p)) { break; } $method_patterns[] = $p; } if (!empty($method_patterns)) { $this->method = implode("_", $method_patterns); } } } if (empty($this->method) && !empty($this->template)) { $obj = new self(); $obj->copy_module($this, true); $obj->template($this->template); } else { $method = empty($this->method) ? "index" : $this->method; if (!method_exists($this->class, $method)) { throw new Exception("Not found " . $this->class . "::" . $method); } array_shift($params); try { $class = $this->class; $action = new $class(); $action->copy_module($this, true); if ($action instanceof self) { $action->handled(); } $obj = call_user_func_array(array($action, $method), $params); } catch (Exception $e) { Log::debug($e); $on_error = Rhaco::def("core.Flow@on_error"); if ($on_error === null) { throw $e; } if (isset($on_error[0])) { Http::status_header((int) $on_error[0]); } if (isset($on_error[2])) { Http::redirect($on_error[2]); } if (isset($on_error[1])) { $template = new Template(); $template->output($on_error[1]); } exit; } } if ($obj instanceof self) { $obj = $obj->templ(); } if (!$obj instanceof Template) { throw new Exception("Forbidden " . $this->args()); } $obj->path($this->path()); $obj->url($this->url()); $this->templ = $obj; if (!$this->isTemplate()) { $this->template($obj->filename()); } if (!$this->isTemplate()) { $cs = explode(".", $this->class); $class = array_pop($cs); $class = implode("/", $cs) . (!empty($cs) ? "/" : "") . strtolower($class[0]) . substr($class, 1); $this->template($class . "/" . $method . ".html"); } return $this; } } throw new Exception("no match pattern"); }
/** * 跳转网址 * @param $url * @return unknown_type */ public static function redirect($url, $mode = 302) { Http::redirect($url, $mode); return; }
if (!$staff->hasPassword()) { $msg = 'Unable to reset password. Contact your administrator'; } elseif (!$staff->sendResetEmail()) { $tpl = 'pwreset.sent.php'; } } else { $msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']); } break; case 'newpasswd': // TODO: Compare passwords $tpl = 'pwreset.login.php'; $errors = array(); if ($staff = StaffAuthenticationBackend::processSignOn($errors)) { $info = array('page' => 'index.php'); Http::redirect($info['page']); } elseif (isset($errors['msg'])) { $msg = $errors['msg']; } break; } } elseif ($_GET['token']) { $msg = 'Please enter your username or email'; $_config = new Config('pwreset'); if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) { // TODO: Detect staff confirmation (for welcome email) $tpl = 'pwreset.login.php'; } else { header('Location: index.php'); } } elseif ($cfg->allowPasswordReset()) {
Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require 'admin.inc.php'; include_once INCLUDE_DIR . 'class.template.php'; $template = null; if ($_REQUEST['tpl_id'] && !($template = EmailTemplateGroup::lookup($_REQUEST['tpl_id']))) { $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('template set')); } elseif ($_REQUEST['id'] && !($template = EmailTemplate::lookup($_REQUEST['id']))) { $errors['err'] = sprintf(__('%s: Unknown or invalid %s'), __('template')); } elseif ($_REQUEST['default_for']) { $sql = 'SELECT id FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE tpl_id=' . db_input($cfg->getDefaultTemplateId()) . ' AND code_name=' . db_input($_REQUEST['default_for']); if ($id = db_result(db_query($sql))) { Http::redirect('templates.php?a=manage&id=' . db_input($id)); } } if ($_POST) { switch (strtolower($_POST['do'])) { case 'updatetpl': if (!$template) { $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('message template')); } elseif ($template->update($_POST, $errors)) { $msg = sprintf(__('Successfully updated %s'), __('this message template')); // Drop drafts for this template for ALL users Draft::deleteForNamespace('tpl.' . $template->getCodeName() . '.' . $template->getTplId()); } elseif (!$errors['err']) { $errors['err'] = sprintf(__('Error updating %s. Try again!'), __('this template')); } break;
Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: **********************************************************************/ require 'admin.inc.php'; include_once INCLUDE_DIR . 'class.filter.php'; require_once INCLUDE_DIR . 'class.canned.php'; $filter = null; if ($_REQUEST['id'] && !($filter = Filter::lookup($_REQUEST['id']))) { $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('ticket filter')); } /* NOTE: Banlist has its own interface*/ if ($filter && $filter->isSystemBanlist()) { Http::redirect('banlist.php'); } if ($_POST) { switch (strtolower($_POST['do'])) { case 'update': if (!$filter) { $errors['err'] = sprintf(__('%s: Unknown or invalid'), __('ticket filter')); } elseif ($filter->update($_POST, $errors)) { $msg = sprintf(__('Successfully updated %s'), __('this ticket filter')); } elseif (!$errors['err']) { $errors['err'] = sprintf(__('Error updating %s. Correct error(s) below and try again.'), __('this ticket filter')); } break; case 'add': if (Filter::create($_POST, $errors)) { $msg = sprintf(__('Successfully updated %s'), __('this ticket filter'));
function triggerAuth() { parent::triggerAuth(); $cas = $this->cas->triggerAuth($this->getServiceUrl()); Http::redirect(ROOT_PATH . "login.php"); }
function gamePlay($uri) { l("Gameplay called\n"); $phrase = g('words'); $user = (new UserModel())->getLoggedInUser(); $this->db->rawQuery("CALL MOVESTORIESFORWARD()"); $story = DBUtil::getOne($this->db->rawQuery(' SELECT *, `story`.`id` AS id, (CASE WHEN `story`.`current_turn` > 0 THEN (SELECT MAX(`turn`.`timestamp`) FROM `turn` WHERE `turn`.`FK_story_id` = `story`.`id`) ELSE `story`.`started_at` END) AS turn_start, NOW() AS now_time FROM `story` INNER JOIN `story_user` ON `story_user`.`FK_story_id` = `story`.`id` WHERE `story`.`uri` = ? AND `story_user`.`FK_user_id` = ? AND `story_user`.`turn_order` = `story`.`current_turn` % (SELECT COUNT(*) FROM `story_user` WHERE `story_user`.`FK_story_id` = `story`.`id`) AND `story`.`ended_at` IS NULL ', array($uri, $user['id']))); if (!$story) { //Not this users turn. Http::redirect('/Main/index'); } if ($phrase) { $this->db->insert('turn', array('FK_story_id' => $story['id'], 'FK_user_id' => $user['id'], 'words' => $phrase, 'timestamp' => $this->db->now())); $phrase = " " . $phrase; if ($story['current_turn'] === $story['max_turns'] - 1) { $this->db->rawQuery("UPDATE story SET body = CONCAT(body, ?), current_turn = current_turn + 1, ended_at = NOW() WHERE uri = ?", array($phrase, $uri)); } else { $this->db->rawQuery("UPDATE story SET body = CONCAT(body, ?), current_turn = current_turn + 1 WHERE uri = ?", array($phrase, $uri)); } //send notification to next player $nextPlayer = $this->_nextPlayer($uri); if ($nextPlayer['email']) { $message = "Hi " . $nextPlayer['name'] . ",\n It's your turn to put your own words to the story.\nThanks!"; mail($nextPlayer['email'], "Now it's your turn to play", $message); } Http::redirect('/Main/WaitTurn/' . $story['uri']); return; } $story['timeleft'] = $story['time_limit'] - (new DateTime($story['now_time']))->getTimestamp() + (new DateTime($story['turn_start']))->getTimestamp(); load_template('header', array('title' => 'New Story', 'user' => $user)); load_view('GamePlay', $story); load_template('footer'); }
function loadConfig() { #load config info $configfile = ''; if (file_exists(INCLUDE_DIR . 'ost-config.php')) { //NEW config file v 1.6 stable ++ $configfile = INCLUDE_DIR . 'ost-config.php'; } elseif (file_exists(ROOT_DIR . 'ostconfig.php')) { //Old installs prior to v 1.6 RC5 $configfile = ROOT_DIR . 'ostconfig.php'; } elseif (file_exists(INCLUDE_DIR . 'settings.php')) { //OLD config file.. v 1.6 RC5 $configfile = INCLUDE_DIR . 'settings.php'; //Die gracefully on upgraded v1.6 RC5 installation - otherwise script dies with confusing message. if (!strcasecmp(basename($_SERVER['SCRIPT_NAME']), 'settings.php')) { Http::response(500, 'Please rename config file include/settings.php to include/ost-config.php to continue!'); } } elseif (file_exists(ROOT_DIR . 'setup/')) { Http::redirect(ROOT_PATH . 'setup/'); } if (!$configfile || !file_exists($configfile)) { Http::response(500, '<b>Error loading settings. Contact admin.</b>'); } require $configfile; define('CONFIG_FILE', $configfile); //used in admin.php to check perm. # This is to support old installations. with no secret salt. if (!defined('SECRET_SALT')) { define('SECRET_SALT', md5(TABLE_PREFIX . ADMIN_EMAIL)); } #Session related define('SESSION_SECRET', MD5(SECRET_SALT)); //Not that useful anymore... define('SESSION_TTL', 86400); // Default 24 hours }
$errors['err'] = __('Errors configuring your profile. See messages below'); } } if (!$errors) { switch ($_POST['do']) { case 'create': $content = Page::lookup(Page::getIdByType('registration-confirm')); $inc = 'register.confirm.inc.php'; $acct->sendConfirmEmail(); break; case 'import': if ($bk = UserAuthenticationBackend::getBackend($_POST['backend'])) { $cl = new ClientSession(new EndUser($user)); if (!$bk->supportsInteractiveAuthentication()) { $acct->set('backend', null); } $acct->confirm(); if ($user = $bk->login($cl, $bk)) { Http::redirect('tickets.php'); } } break; } } if ($errors && $user && $user != $thisclient) { $user->delete(); } } include CLIENTINC_DIR . 'header.inc.php'; include CLIENTINC_DIR . $inc; include CLIENTINC_DIR . 'footer.inc.php';
function logout() { session_unset(); Http::redirect('/'); }
/** * xml定義からhandlerを処理する * @param string $file アプリケーションXMLのファイルパス */ public static final function load($file = null) { if (!isset($file)) { $file = App::mode() . App::called_filename(); } if (!self::$is_app_cache || !Store::has($file)) { $parse_app = self::parse_app($file, false); if (self::$is_app_cache) { Store::set($file, $parse_app); } } if (self::$is_app_cache) { $parse_app = Store::get($file); } if (empty($parse_app['apps'])) { throw new RuntimeException('undef app'); } $app_result = null; $in_app = $match_handle = false; $app_index = 0; try { foreach ($parse_app['apps'] as $app) { switch ($app['type']) { case 'handle': $self = new self('_inc_session_=false'); foreach ($app['modules'] as $module) { $self->add_module(self::import_instance($module)); } if ($self->has_module('flow_handle_begin')) { $self->call_module('flow_handle_begin', $self); } try { if ($self->handler($app['maps'], $app_index++)->is_pattern()) { $self->cp(self::execute_var($app['vars'])); $src = $self->read(); if ($self->has_module('flow_handle_end')) { $self->call_module('flow_handle_end', $src, $self); } print $src; $in_app = true; $match_handle = true; if (!$parse_app["handler_multiple"]) { exit; } } } catch (Exception $e) { Log::warn($e); if (isset($app['on_error']['status'])) { Http::status_header((int) $app['on_error']['status']); } if (isset($app['on_error']['redirect'])) { $this->save_exception($e); $this->redirect($app['on_error']['redirect']); } else { if (isset($app['on_error']['template'])) { if (!$e instanceof Exceptions) { Exceptions::add($e); } $self->output($app['on_error']['template']); } else { throw $e; } } } break; case 'invoke': $class_name = isset($app['class']) ? Lib::import($app['class']) : get_class($app_result); $ref_class = new ReflectionClass($class_name); foreach ($app['methods'] as $method) { $invoke_class = $ref_class->getMethod($method['method'])->isStatic() ? $class_name : (isset($app['class']) ? new $class_name() : $app_result); $args = array(); foreach ($method['args'] as $arg) { if ($arg['type'] === 'result') { $args[] =& $app_result; } else { $args[] = $arg['value']; } } if (is_object($invoke_class)) { foreach ($app['modules'] as $module) { $invoke_class->add_module(self::import_instance($module)); } } $app_result = call_user_func_array(array($invoke_class, $method['method']), $args); $in_app = true; } break; } } if (!$match_handle) { Log::debug("nomatch"); if ($parse_app["nomatch_redirect"] !== null) { Http::redirect(App::url($parse_app["nomatch_redirect"])); } if ($parse_app["nomatch_template"] !== null) { Http::status_header(404); $self = new self(); $self->output($parse_app["nomatch_template"]); } } if (!$in_app) { Http::status_header(404); } } catch (Exception $e) { if (!$e instanceof Exceptions) { Exceptions::add($e); } } exit; }
http://www.osticket.com Released under the GNU General Public License WITHOUT ANY WARRANTY. See LICENSE.TXT for details. vim: expandtab sw=4 ts=4 sts=4: $Id: $ **********************************************************************/ require_once 'client.inc.php'; $errors = array(); // Check if the client is already signed in. Don't corrupt their session! if ($_GET['auth'] && $thisclient && ($u = TicketUser::lookupByToken($_GET['auth'])) && $u->getUserId() == $thisclient->getId()) { // Switch auth keys ? (Otherwise the user can never use links for two // different tickets) if (($bk = $thisclient->getAuthBackend()) instanceof AuthTokenAuthentication) { $bk->setAuthKey($u, $bk); } Http::redirect('tickets.php?id=' . $u->getTicketId()); } elseif (isset($_GET['auth']) || isset($_GET['t'])) { // TODO: Consider receiving an AccessDenied object $user = UserAuthenticationBackend::processSignOn($errors, false); } if (@$user && is_object($user) && $user->getTicketId()) { Http::redirect('tickets.php?id=' . $user->getTicketId()); } $nav = new UserNav(); $nav->setActiveNav('status'); $inc = 'accesslink.inc.php'; require CLIENTINC_DIR . 'header.inc.php'; require CLIENTINC_DIR . $inc; require CLIENTINC_DIR . 'footer.inc.php';
$_SESSION['client:lang'] = $_GET['lang']; } } // Bootstrap gettext translations as early as possible, but after attempting // to sign on the agent TextDomain::configureForUser($thisclient); //is the user logged in? if ($thisclient && $thisclient->getId() && $thisclient->isValid()) { $thisclient->refreshSession(); } else { $thisclient = null; } /******* CSRF Protectin *************/ // Enforce CSRF protection for POSTS if ($_POST && !$ost->checkCSRFToken()) { Http::redirect('index.php'); //just incase redirect fails die('Action denied (400)!'); } //Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME] $ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />'); /* Client specific defaults */ define('PAGE_LIMIT', DEFAULT_PAGE_LIMIT); $nav = new UserNav($thisclient, 'home'); $exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php', 'ajax.php', 'logs.php', 'upgrade.php')); if (!$exempt && $thisclient && ($acct = $thisclient->getAccount()) && $acct->isPasswdResetForced()) { $warn = __('Password change required to continue'); require 'profile.php'; //profile.php must request this file as require_once to avoid problems. exit; }
$configfile = ''; if (file_exists(ROOT_DIR . 'ostconfig.php')) { //Old installs prior to v 1.6 RC5 $configfile = ROOT_DIR . 'ostconfig.php'; } elseif (file_exists(INCLUDE_DIR . 'settings.php')) { //OLD config file.. v 1.6 RC5 $configfile = INCLUDE_DIR . 'settings.php'; //Die gracefully on upgraded v1.6 RC5 installation - otherwise script dies with confusing message. if (!strcasecmp(basename($_SERVER['SCRIPT_NAME']), 'settings.php')) { die('Please rename config file include/settings.php to include/ost-config.php to continue!'); } } elseif (file_exists(INCLUDE_DIR . 'ost-config.php')) { //NEW config file v 1.6 stable ++ $configfile = INCLUDE_DIR . 'ost-config.php'; } elseif (file_exists(ROOT_DIR . 'setup/')) { Http::redirect(ROOT_PATH . 'setup/'); } if (!$configfile || !file_exists($configfile)) { Http::response(500, '<b>Error loading settings. Contact admin.</b>'); } require $configfile; define('CONFIG_FILE', $configfile); //used in admin.php to check perm. //Die if root path is not defined if (!defined('ROOT_PATH') || !ROOT_PATH) { Http::response(500, "<b>Fatal Error:</b> unknown root path. Define\n it in your 'ost-config.php'"); } //Path separator if (!defined('PATH_SEPARATOR')) { if (strpos($_ENV['OS'], 'Win') !== false || !strcasecmp(substr(PHP_OS, 0, 3), 'WIN')) { define('PATH_SEPARATOR', ';');
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php'; $show_reset = false; if ($_POST) { // Lookup support backends for this staff $username = trim($_POST['userid']); if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) { session_write_close(); Http::redirect($dest); require_once 'index.php'; //Just incase header is messed up. exit; } $msg = $errors['err'] ? $errors['err'] : 'Invalid login'; $show_reset = true; } elseif ($_GET['do']) { switch ($_GET['do']) { case 'ext': // Lookup external backend if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk'])) { $bk->triggerAuth(); } } Http::redirect('login.php'); } elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) { if (($user = StaffAuthenticationBackend::processSignOn($errors, false)) && $user instanceof StaffSession) { @header("Location: {$dest}"); } } define("OSTSCPINC", TRUE); //Make includes happy! include_once INCLUDE_DIR . 'staff/login.tpl.php';
/** adds file and rules to ruleSets and parses all active rules in current file and former files @param file str file location string */ private static function matchRules($path, &$rules) { foreach ($rules as $ruleKey => &$rule) { unset($matched); if (!isset($rule['flags'])) { $flags = $rule[2] ? explode(',', $rule[2]) : array(); $rule['flags'] = array_fill_keys(array_values($flags), true); //parse flags for determining match string if ($rule['flags']['regex']) { $rule['match'] = \Tool::pregDelimit($rule[0]); if ($rule['flags']['caseless']) { $rule['match'] .= 'i'; } } else { if ($rule['flags']['caseless']) { $rule['match'] = strtolower($rule[0]); } else { $rule['match'] = $rule[0]; } } } if ($rule['flags']['caseless']) { $subject = self::$urlCaselessBase; } else { $subject = self::$urlBase; } //test match if ($rule['flags']['regex']) { if (preg_match($rule['match'], $subject, self::$regexMatch)) { $matched = true; } } else { if ($rule['match'] == $subject) { $matched = true; } } if ($matched) { self::$matchedRules[] = $rule; //++ apply replacement logic { if ($rule['flags']['regex']) { $replacement = preg_replace($rule['match'], $rule[1], self::$urlBase); } else { $replacement = $rule[1]; } //handle redirects if ($rule['flags']['302']) { \Http::redirect($replacement, 'head', 302); } if ($rule['flags']['303']) { \Http::redirect($replacement, 'head', 303); } //remake url with replacement self::tokenise($replacement); self::$parsedUrlTokens = []; self::$unparsedUrlTokens = array_merge([''], self::$urlTokens); //++ } //++ apply parse flag { if ($rule['flags']['once']) { unset($rules[$ruleKey]); } elseif ($rule['flags']['file:last']) { unset(self::$ruleSets[$path]); } elseif ($rule['flags']['loop:last']) { self::$unparsedUrlTokens = []; } //++ } return true; } } unset($rule); return false; }