private function _defaultPage($slug)
{
switch ($slug) {
case 'home':
case 'contact':
//init security (crsf and captcha)
$security = Security::getSecurity(Security::TYPE_FORM);
$crsf = $security->getProtection('form1', Form::PROTECTION_CSRF);
$crsf->create();
$captcha = $security->getProtection('form1', Form::PROTECTION_CAPTCHA);
$this->tpl->setVar('captchaImageUrl', $captcha->get('image', true), false, true)->setVar('captchaAudioUrl', $captcha->get('audio', true), false, true)->setVar('captchaRefreshUrl', $captcha->getRefreshUrl(), false, true);
$this->tpl->setVar('token', $crsf->get(), false, true);
//define vars and overwrite template
if ($slug == 'contact') {
$this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'contact.tpl.php');
} elseif ($slug == 'register') {
if (Member::isConnected()) {
Http::redirect($this->router->getUrl('index'));
}
$this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'register.tpl.php');
} else {
$this->tpl->setVar('news', $this->_readAll('new'), false, true);
$this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'index.tpl.php');
}
//set in session
$crsf->set();
break;
case 'news':
$this->tpl->setVar('news', $this->_readAll('new'), false, true);
$this->tpl->setFile('controllers' . DS . 'Pages' . DS . 'news.tpl.php');
default:
break;
}
}
function logout()
{
$_SESSION = array();
session_destroy();
Http::unautorize();
Http::redirect("/");
}
function new_story()
{
$title = StoryTime::titleGenerator();
$uri = StoryTime::URIGenerator();
$story = array('uri' => $uri, 'title' => $title, 'body' => '', 'started_at' => $this->db->now());
$id = $this->db->insert('story', $story);
if (!$id) {
echo $this->db->getLastError();
} else {
Http::redirect('/Main/story/' . $uri);
}
}
private static function _redirect($values)
{
if (isset($values['url']) == false) {
return false;
}
$url = Basic::handle($values['url']);
if (isset($values['ms'])) {
$ms = Basic::handle($values['ms']);
return Http::redirect($url, $ms);
}
return Http::redirect($url);
}
public function update()
{
$group = Http::post("group");
$group_id = Http::post("group_id");
$permissions = Http::post("permission");
$permission_model = DB::loadModel("users/permissions");
$group_model = DB::loadModel("users/groups");
$group_model->updateGroup($group_id, $group);
$pids = array();
foreach ($permissions as $id => $val) {
$pids[] = $id;
}
$permission_model->setPermissions($group_id, $pids);
Http::redirect("/user_groups");
}
public function update()
{
$user = Http::post("user");
$user_id = Http::post("user_id");
$user["is_admin"] = $user["is_admin"] == "on" ? 1 : 0;
$groups = Http::post("groups");
$groups_ids = array();
foreach ($groups as $id => $group) {
$groups_ids[] = $id;
}
$user_model = DB::loadModel("users/user");
$user_groups_model = DB::loadModel("users/groups");
$user_model->update($user_id, $user);
$user_groups_model->setGroups($user_id, $groups_ids);
Http::redirect("/users");
}
function index()
{
$user = $this->registry->get("user");
if (!$user->has_permission("client/maps/search")) {
Http::redirect('/');
exit;
}
$this->registerModule("client/common/client_menu", "left_side");
$this->registerModule("map/map", "center_side");
//$this->registerModule("client/maps/search/maps_search_filter", "right_side");
// $regions_model = DB::loadModel("maps/regions");
// $regions = $regions_model->getAll();
$smarty = $this->registry->get("smarty");
$smarty->assign("regions", $regions);
$smarty->assign("page", "maps_search");
$smarty->assign("title", "Адміністративний пошук");
$this->display();
}
function save()
{
$database = Http::post("database");
$database_external = Http::post("database_external");
$auth = Http::post("auth");
$ad_server = Http::post("ad_server");
if (!is_null($database) && !is_null($database_external) && !is_null($auth) && !is_null($ad_server)) {
$config = new Config();
$config->set("/settings/database/host", $database["host"]);
$config->set("/settings/database/name", $database["name"]);
$config->set("/settings/database/user", $database["user"]);
$config->set("/settings/database/pass", $database["pass"]);
$config->set("/settings/database_external/host", $database_external["host"]);
$config->set("/settings/database_external/name", $database_external["name"]);
$config->set("/settings/database_external/user", $database_external["user"]);
$config->set("/settings/database_external/pass", $database_external["pass"]);
$config->set("/settings/auth/mode", $auth["mode"]);
$config->set("/settings/ad_server/address", $ad_server["address"]);
$config->set("/settings/ad_server/account_sufix", $ad_server["account_sufix"]);
$config->set("/settings/ad_server/base_dn", $ad_server["base_dn"]);
}
Http::redirect("/system");
}
<?php
require 'libraries/start.php';
// install
if (!is_file('install.log')) {
Http::redirect('install.php');
} else {
Http::redirect('xhtml.php');
}
public function do_create($name)
{
if ($this->login()) {
$class = $this->get_class($name);
$tools = new CrudTools($name);
if ($this->isPost()) {
try {
$class->set_model($this->vars());
$class->save();
C($class)->commit();
Http::redirect($tools->link_find());
} catch (Exception $e) {
}
} else {
$this->cp($class);
}
$this->vars("model", $class);
$this->vars("f", $tools);
$this->template(Rhaco::module_path("templates/update.html"));
}
return $this;
}
public function route($app, $action)
{
if (!empty(Core::$user->id)) {
foreach (['edit', 'conf'] as $v) {
if (isset($_REQUEST[$v]) && Core::$user->has($v)) {
$_SESSION['pe_' . substr($v, 0, 1)] = !empty($_REQUEST[$v]);
Http::redirect();
}
}
}
if (Core::$core->app == 'login') {
if (Core::$user->id) {
Http::redirect('/');
}
$A = 'admin';
if (Core::isTry() && !empty($_REQUEST['id'])) {
if ($_REQUEST['id'] == $A && !empty(Core::$core->masterpasswd) && password_verify($_POST['pass'], Core::$core->masterpasswd)) {
$_SESSION['pe_u']->id = -1;
$_SESSION['pe_u']->name = $A;
} else {
Core::event("login", [$_REQUEST['id'], $_POST['pass']]);
}
if (!empty($_SESSION['pe_u']->id)) {
Core::log('A', 'Login ' . $_SESSION['pe_u']->name, 'users');
Http::redirect();
} else {
Core::error(L('Bad username or password'), 'id');
}
}
} elseif (Core::$core->app == 'logout') {
$i = Core::$user->id;
if ($i) {
Core::log('A', 'Logout ' . Core::$user->name, 'users');
if ($i != -1) {
Core::event("logout");
}
}
session_destroy();
Http::redirect('/');
}
}
$_REQUEST['id'] = $thisclient->getTicketId();
require_once(INCLUDE_DIR.'class.ticket.php');
require_once(INCLUDE_DIR.'class.json.php');
$ticket=null;
if($_REQUEST['id']) {
if (!($ticket = Ticket::lookup($_REQUEST['id']))) {
$errors['err']=__('Unknown or invalid ticket ID.');
} elseif(!$ticket->checkUserAccess($thisclient)) {
$errors['err']=__('Unknown or invalid ticket ID.'); //Using generic message on purpose!
$ticket=null;
}
}
if (!$ticket && $thisclient->isGuest())
Http::redirect('view.php');
$tform = TicketForm::objects()->one();
$messageField = $tform->getField('message');
$attachments = $messageField->getWidget()->getAttachments();
//Process post...depends on $ticket object above.
if($_POST && is_object($ticket) && $ticket->getId()):
$errors=array();
switch(strtolower($_POST['a'])){
case 'edit':
if(!$ticket->checkUserAccess($thisclient) //double check perm again!
|| $thisclient->getId() != $ticket->getUserId())
$errors['err']=__('Access Denied. Possibly invalid ticket ID');
elseif (!$cfg || !$cfg->allowClientUpdates())
$errors['err']=__('Access Denied. Client updates are currently disabled');
Jared Hancock <*****@*****.**>
Copyright (c) 2006-2013 osTicket
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require_once 'staff.inc.php';
//Basic url validation + token check.
# PHP < 5.4.7 will not handle a URL like //host.tld/path correctly
if (!($url=trim($_GET['url'])))
Http::response(422, __('Invalid URL'));
$check = (strpos($url, '//') === 0) ? 'http:' . $url : $url;
if (!Validator::is_url($check) || !$ost->validateLinkToken($_GET['auth']))
Http::response(403, __('URL link not authorized'));
elseif (strpos($_SERVER['HTTP_ACCEPT'], 'text/html') === false)
Http::redirect($url);
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<meta http-equiv="refresh" content="0;URL=<?php echo $url; ?>"/>
</head>
<body/>
</html>
function afterForInsert($insert_id)
{
Http::redirect('index.php?c=maintain&a=list');
}
/**
* URLのパターンからTemplateを切り替える
* @param array $urlconf
*/
public function handler(array $urlconf = array())
{
$params = array();
foreach ($urlconf as $pattern => $conf) {
if (is_int($pattern)) {
$pattern = $conf;
$conf = null;
}
if (preg_match("/" . str_replace(array("\\/", "/", "__SLASH__"), array("__SLASH__", "\\/", "\\/"), $pattern) . "/", $this->args(), $params)) {
if ($conf !== null) {
if (is_array($conf)) {
if (isset($conf["class"])) {
$this->class = $conf["class"];
}
if (isset($conf["method"])) {
$this->method = $conf["method"];
}
if (isset($conf["template"])) {
$this->template = $conf["template"];
}
if (isset($conf["name"])) {
$this->name = $conf["name"];
}
} else {
$this->dict($conf);
}
}
self::$match_pattern = empty($this->name) ? $params[0] : $this->name;
if (!empty($this->class)) {
if (false !== strrpos($this->class, ".") || !class_exists($this->class)) {
$this->class = Rhaco::import($this->class);
}
if (empty($this->method) && !empty($pattern)) {
$method_patterns = array();
$patterns = explode("/", $pattern);
if ($patterns[0] == "^") {
array_shift($patterns);
}
foreach ($patterns as $p) {
if (!preg_match("/[\\w_]/", $p)) {
break;
}
$method_patterns[] = $p;
}
if (!empty($method_patterns)) {
$this->method = implode("_", $method_patterns);
}
}
}
if (empty($this->method) && !empty($this->template)) {
$obj = new self();
$obj->copy_module($this, true);
$obj->template($this->template);
} else {
$method = empty($this->method) ? "index" : $this->method;
if (!method_exists($this->class, $method)) {
throw new Exception("Not found " . $this->class . "::" . $method);
}
array_shift($params);
try {
$class = $this->class;
$action = new $class();
$action->copy_module($this, true);
if ($action instanceof self) {
$action->handled();
}
$obj = call_user_func_array(array($action, $method), $params);
} catch (Exception $e) {
Log::debug($e);
$on_error = Rhaco::def("core.Flow@on_error");
if ($on_error === null) {
throw $e;
}
if (isset($on_error[0])) {
Http::status_header((int) $on_error[0]);
}
if (isset($on_error[2])) {
Http::redirect($on_error[2]);
}
if (isset($on_error[1])) {
$template = new Template();
$template->output($on_error[1]);
}
exit;
}
}
if ($obj instanceof self) {
$obj = $obj->templ();
}
if (!$obj instanceof Template) {
throw new Exception("Forbidden " . $this->args());
}
$obj->path($this->path());
$obj->url($this->url());
$this->templ = $obj;
if (!$this->isTemplate()) {
$this->template($obj->filename());
}
if (!$this->isTemplate()) {
$cs = explode(".", $this->class);
$class = array_pop($cs);
$class = implode("/", $cs) . (!empty($cs) ? "/" : "") . strtolower($class[0]) . substr($class, 1);
$this->template($class . "/" . $method . ".html");
}
return $this;
}
}
throw new Exception("no match pattern");
}
/**
* 跳转网址
* @param $url
* @return unknown_type
*/
public static function redirect($url, $mode = 302)
{
Http::redirect($url, $mode);
return;
}
if (!$staff->hasPassword()) {
$msg = 'Unable to reset password. Contact your administrator';
} elseif (!$staff->sendResetEmail()) {
$tpl = 'pwreset.sent.php';
}
} else {
$msg = 'Unable to verify username ' . Format::htmlchars($_POST['userid']);
}
break;
case 'newpasswd':
// TODO: Compare passwords
$tpl = 'pwreset.login.php';
$errors = array();
if ($staff = StaffAuthenticationBackend::processSignOn($errors)) {
$info = array('page' => 'index.php');
Http::redirect($info['page']);
} elseif (isset($errors['msg'])) {
$msg = $errors['msg'];
}
break;
}
} elseif ($_GET['token']) {
$msg = 'Please enter your username or email';
$_config = new Config('pwreset');
if (($id = $_config->get($_GET['token'])) && ($staff = Staff::lookup($id))) {
// TODO: Detect staff confirmation (for welcome email)
$tpl = 'pwreset.login.php';
} else {
header('Location: index.php');
}
} elseif ($cfg->allowPasswordReset()) {
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require 'admin.inc.php';
include_once INCLUDE_DIR . 'class.template.php';
$template = null;
if ($_REQUEST['tpl_id'] && !($template = EmailTemplateGroup::lookup($_REQUEST['tpl_id']))) {
$errors['err'] = sprintf(__('%s: Unknown or invalid'), __('template set'));
} elseif ($_REQUEST['id'] && !($template = EmailTemplate::lookup($_REQUEST['id']))) {
$errors['err'] = sprintf(__('%s: Unknown or invalid %s'), __('template'));
} elseif ($_REQUEST['default_for']) {
$sql = 'SELECT id FROM ' . EMAIL_TEMPLATE_TABLE . ' WHERE tpl_id=' . db_input($cfg->getDefaultTemplateId()) . ' AND code_name=' . db_input($_REQUEST['default_for']);
if ($id = db_result(db_query($sql))) {
Http::redirect('templates.php?a=manage&id=' . db_input($id));
}
}
if ($_POST) {
switch (strtolower($_POST['do'])) {
case 'updatetpl':
if (!$template) {
$errors['err'] = sprintf(__('%s: Unknown or invalid'), __('message template'));
} elseif ($template->update($_POST, $errors)) {
$msg = sprintf(__('Successfully updated %s'), __('this message template'));
// Drop drafts for this template for ALL users
Draft::deleteForNamespace('tpl.' . $template->getCodeName() . '.' . $template->getTplId());
} elseif (!$errors['err']) {
$errors['err'] = sprintf(__('Error updating %s. Try again!'), __('this template'));
}
break;
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
require 'admin.inc.php';
include_once INCLUDE_DIR . 'class.filter.php';
require_once INCLUDE_DIR . 'class.canned.php';
$filter = null;
if ($_REQUEST['id'] && !($filter = Filter::lookup($_REQUEST['id']))) {
$errors['err'] = sprintf(__('%s: Unknown or invalid'), __('ticket filter'));
}
/* NOTE: Banlist has its own interface*/
if ($filter && $filter->isSystemBanlist()) {
Http::redirect('banlist.php');
}
if ($_POST) {
switch (strtolower($_POST['do'])) {
case 'update':
if (!$filter) {
$errors['err'] = sprintf(__('%s: Unknown or invalid'), __('ticket filter'));
} elseif ($filter->update($_POST, $errors)) {
$msg = sprintf(__('Successfully updated %s'), __('this ticket filter'));
} elseif (!$errors['err']) {
$errors['err'] = sprintf(__('Error updating %s. Correct error(s) below and try again.'), __('this ticket filter'));
}
break;
case 'add':
if (Filter::create($_POST, $errors)) {
$msg = sprintf(__('Successfully updated %s'), __('this ticket filter'));
function triggerAuth()
{
parent::triggerAuth();
$cas = $this->cas->triggerAuth($this->getServiceUrl());
Http::redirect(ROOT_PATH . "login.php");
}
function gamePlay($uri)
{
l("Gameplay called\n");
$phrase = g('words');
$user = (new UserModel())->getLoggedInUser();
$this->db->rawQuery("CALL MOVESTORIESFORWARD()");
$story = DBUtil::getOne($this->db->rawQuery('
SELECT
*,
`story`.`id` AS id,
(CASE
WHEN `story`.`current_turn` > 0 THEN
(SELECT MAX(`turn`.`timestamp`) FROM `turn` WHERE `turn`.`FK_story_id` = `story`.`id`)
ELSE
`story`.`started_at`
END) AS turn_start,
NOW() AS now_time
FROM
`story`
INNER JOIN `story_user`
ON `story_user`.`FK_story_id` = `story`.`id`
WHERE
`story`.`uri` = ?
AND `story_user`.`FK_user_id` = ?
AND `story_user`.`turn_order` = `story`.`current_turn` %
(SELECT COUNT(*) FROM `story_user` WHERE `story_user`.`FK_story_id` = `story`.`id`)
AND `story`.`ended_at` IS NULL
', array($uri, $user['id'])));
if (!$story) {
//Not this users turn.
Http::redirect('/Main/index');
}
if ($phrase) {
$this->db->insert('turn', array('FK_story_id' => $story['id'], 'FK_user_id' => $user['id'], 'words' => $phrase, 'timestamp' => $this->db->now()));
$phrase = " " . $phrase;
if ($story['current_turn'] === $story['max_turns'] - 1) {
$this->db->rawQuery("UPDATE story SET body = CONCAT(body, ?), current_turn = current_turn + 1, ended_at = NOW() WHERE uri = ?", array($phrase, $uri));
} else {
$this->db->rawQuery("UPDATE story SET body = CONCAT(body, ?), current_turn = current_turn + 1 WHERE uri = ?", array($phrase, $uri));
}
//send notification to next player
$nextPlayer = $this->_nextPlayer($uri);
if ($nextPlayer['email']) {
$message = "Hi " . $nextPlayer['name'] . ",\n It's your turn to put your own words to the story.\nThanks!";
mail($nextPlayer['email'], "Now it's your turn to play", $message);
}
Http::redirect('/Main/WaitTurn/' . $story['uri']);
return;
}
$story['timeleft'] = $story['time_limit'] - (new DateTime($story['now_time']))->getTimestamp() + (new DateTime($story['turn_start']))->getTimestamp();
load_template('header', array('title' => 'New Story', 'user' => $user));
load_view('GamePlay', $story);
load_template('footer');
}
function loadConfig()
{
#load config info
$configfile = '';
if (file_exists(INCLUDE_DIR . 'ost-config.php')) {
//NEW config file v 1.6 stable ++
$configfile = INCLUDE_DIR . 'ost-config.php';
} elseif (file_exists(ROOT_DIR . 'ostconfig.php')) {
//Old installs prior to v 1.6 RC5
$configfile = ROOT_DIR . 'ostconfig.php';
} elseif (file_exists(INCLUDE_DIR . 'settings.php')) {
//OLD config file.. v 1.6 RC5
$configfile = INCLUDE_DIR . 'settings.php';
//Die gracefully on upgraded v1.6 RC5 installation - otherwise script dies with confusing message.
if (!strcasecmp(basename($_SERVER['SCRIPT_NAME']), 'settings.php')) {
Http::response(500, 'Please rename config file include/settings.php to include/ost-config.php to continue!');
}
} elseif (file_exists(ROOT_DIR . 'setup/')) {
Http::redirect(ROOT_PATH . 'setup/');
}
if (!$configfile || !file_exists($configfile)) {
Http::response(500, '<b>Error loading settings. Contact admin.</b>');
}
require $configfile;
define('CONFIG_FILE', $configfile);
//used in admin.php to check perm.
# This is to support old installations. with no secret salt.
if (!defined('SECRET_SALT')) {
define('SECRET_SALT', md5(TABLE_PREFIX . ADMIN_EMAIL));
}
#Session related
define('SESSION_SECRET', MD5(SECRET_SALT));
//Not that useful anymore...
define('SESSION_TTL', 86400);
// Default 24 hours
}
$errors['err'] = __('Errors configuring your profile. See messages below');
}
}
if (!$errors) {
switch ($_POST['do']) {
case 'create':
$content = Page::lookup(Page::getIdByType('registration-confirm'));
$inc = 'register.confirm.inc.php';
$acct->sendConfirmEmail();
break;
case 'import':
if ($bk = UserAuthenticationBackend::getBackend($_POST['backend'])) {
$cl = new ClientSession(new EndUser($user));
if (!$bk->supportsInteractiveAuthentication()) {
$acct->set('backend', null);
}
$acct->confirm();
if ($user = $bk->login($cl, $bk)) {
Http::redirect('tickets.php');
}
}
break;
}
}
if ($errors && $user && $user != $thisclient) {
$user->delete();
}
}
include CLIENTINC_DIR . 'header.inc.php';
include CLIENTINC_DIR . $inc;
include CLIENTINC_DIR . 'footer.inc.php';
function logout()
{
session_unset();
Http::redirect('/');
}
/**
* xml定義からhandlerを処理する
* @param string $file アプリケーションXMLのファイルパス
*/
public static final function load($file = null)
{
if (!isset($file)) {
$file = App::mode() . App::called_filename();
}
if (!self::$is_app_cache || !Store::has($file)) {
$parse_app = self::parse_app($file, false);
if (self::$is_app_cache) {
Store::set($file, $parse_app);
}
}
if (self::$is_app_cache) {
$parse_app = Store::get($file);
}
if (empty($parse_app['apps'])) {
throw new RuntimeException('undef app');
}
$app_result = null;
$in_app = $match_handle = false;
$app_index = 0;
try {
foreach ($parse_app['apps'] as $app) {
switch ($app['type']) {
case 'handle':
$self = new self('_inc_session_=false');
foreach ($app['modules'] as $module) {
$self->add_module(self::import_instance($module));
}
if ($self->has_module('flow_handle_begin')) {
$self->call_module('flow_handle_begin', $self);
}
try {
if ($self->handler($app['maps'], $app_index++)->is_pattern()) {
$self->cp(self::execute_var($app['vars']));
$src = $self->read();
if ($self->has_module('flow_handle_end')) {
$self->call_module('flow_handle_end', $src, $self);
}
print $src;
$in_app = true;
$match_handle = true;
if (!$parse_app["handler_multiple"]) {
exit;
}
}
} catch (Exception $e) {
Log::warn($e);
if (isset($app['on_error']['status'])) {
Http::status_header((int) $app['on_error']['status']);
}
if (isset($app['on_error']['redirect'])) {
$this->save_exception($e);
$this->redirect($app['on_error']['redirect']);
} else {
if (isset($app['on_error']['template'])) {
if (!$e instanceof Exceptions) {
Exceptions::add($e);
}
$self->output($app['on_error']['template']);
} else {
throw $e;
}
}
}
break;
case 'invoke':
$class_name = isset($app['class']) ? Lib::import($app['class']) : get_class($app_result);
$ref_class = new ReflectionClass($class_name);
foreach ($app['methods'] as $method) {
$invoke_class = $ref_class->getMethod($method['method'])->isStatic() ? $class_name : (isset($app['class']) ? new $class_name() : $app_result);
$args = array();
foreach ($method['args'] as $arg) {
if ($arg['type'] === 'result') {
$args[] =& $app_result;
} else {
$args[] = $arg['value'];
}
}
if (is_object($invoke_class)) {
foreach ($app['modules'] as $module) {
$invoke_class->add_module(self::import_instance($module));
}
}
$app_result = call_user_func_array(array($invoke_class, $method['method']), $args);
$in_app = true;
}
break;
}
}
if (!$match_handle) {
Log::debug("nomatch");
if ($parse_app["nomatch_redirect"] !== null) {
Http::redirect(App::url($parse_app["nomatch_redirect"]));
}
if ($parse_app["nomatch_template"] !== null) {
Http::status_header(404);
$self = new self();
$self->output($parse_app["nomatch_template"]);
}
}
if (!$in_app) {
Http::status_header(404);
}
} catch (Exception $e) {
if (!$e instanceof Exceptions) {
Exceptions::add($e);
}
}
exit;
}
http://www.osticket.com
Released under the GNU General Public License WITHOUT ANY WARRANTY.
See LICENSE.TXT for details.
vim: expandtab sw=4 ts=4 sts=4:
$Id: $
**********************************************************************/
require_once 'client.inc.php';
$errors = array();
// Check if the client is already signed in. Don't corrupt their session!
if ($_GET['auth'] && $thisclient && ($u = TicketUser::lookupByToken($_GET['auth'])) && $u->getUserId() == $thisclient->getId()) {
// Switch auth keys ? (Otherwise the user can never use links for two
// different tickets)
if (($bk = $thisclient->getAuthBackend()) instanceof AuthTokenAuthentication) {
$bk->setAuthKey($u, $bk);
}
Http::redirect('tickets.php?id=' . $u->getTicketId());
} elseif (isset($_GET['auth']) || isset($_GET['t'])) {
// TODO: Consider receiving an AccessDenied object
$user = UserAuthenticationBackend::processSignOn($errors, false);
}
if (@$user && is_object($user) && $user->getTicketId()) {
Http::redirect('tickets.php?id=' . $user->getTicketId());
}
$nav = new UserNav();
$nav->setActiveNav('status');
$inc = 'accesslink.inc.php';
require CLIENTINC_DIR . 'header.inc.php';
require CLIENTINC_DIR . $inc;
require CLIENTINC_DIR . 'footer.inc.php';
$_SESSION['client:lang'] = $_GET['lang'];
}
}
// Bootstrap gettext translations as early as possible, but after attempting
// to sign on the agent
TextDomain::configureForUser($thisclient);
//is the user logged in?
if ($thisclient && $thisclient->getId() && $thisclient->isValid()) {
$thisclient->refreshSession();
} else {
$thisclient = null;
}
/******* CSRF Protectin *************/
// Enforce CSRF protection for POSTS
if ($_POST && !$ost->checkCSRFToken()) {
Http::redirect('index.php');
//just incase redirect fails
die('Action denied (400)!');
}
//Add token to the header - used on ajax calls [DO NOT CHANGE THE NAME]
$ost->addExtraHeader('<meta name="csrf_token" content="' . $ost->getCSRFToken() . '" />');
/* Client specific defaults */
define('PAGE_LIMIT', DEFAULT_PAGE_LIMIT);
$nav = new UserNav($thisclient, 'home');
$exempt = in_array(basename($_SERVER['SCRIPT_NAME']), array('logout.php', 'ajax.php', 'logs.php', 'upgrade.php'));
if (!$exempt && $thisclient && ($acct = $thisclient->getAccount()) && $acct->isPasswdResetForced()) {
$warn = __('Password change required to continue');
require 'profile.php';
//profile.php must request this file as require_once to avoid problems.
exit;
}
$configfile = '';
if (file_exists(ROOT_DIR . 'ostconfig.php')) {
//Old installs prior to v 1.6 RC5
$configfile = ROOT_DIR . 'ostconfig.php';
} elseif (file_exists(INCLUDE_DIR . 'settings.php')) {
//OLD config file.. v 1.6 RC5
$configfile = INCLUDE_DIR . 'settings.php';
//Die gracefully on upgraded v1.6 RC5 installation - otherwise script dies with confusing message.
if (!strcasecmp(basename($_SERVER['SCRIPT_NAME']), 'settings.php')) {
die('Please rename config file include/settings.php to include/ost-config.php to continue!');
}
} elseif (file_exists(INCLUDE_DIR . 'ost-config.php')) {
//NEW config file v 1.6 stable ++
$configfile = INCLUDE_DIR . 'ost-config.php';
} elseif (file_exists(ROOT_DIR . 'setup/')) {
Http::redirect(ROOT_PATH . 'setup/');
}
if (!$configfile || !file_exists($configfile)) {
Http::response(500, '<b>Error loading settings. Contact admin.</b>');
}
require $configfile;
define('CONFIG_FILE', $configfile);
//used in admin.php to check perm.
//Die if root path is not defined
if (!defined('ROOT_PATH') || !ROOT_PATH) {
Http::response(500, "<b>Fatal Error:</b> unknown root path. Define\n it in your 'ost-config.php'");
}
//Path separator
if (!defined('PATH_SEPARATOR')) {
if (strpos($_ENV['OS'], 'Win') !== false || !strcasecmp(substr(PHP_OS, 0, 3), 'WIN')) {
define('PATH_SEPARATOR', ';');
$dest = $dest && (!strstr($dest, 'login.php') && !strstr($dest, 'ajax.php')) ? $dest : 'index.php';
$show_reset = false;
if ($_POST) {
// Lookup support backends for this staff
$username = trim($_POST['userid']);
if ($user = StaffAuthenticationBackend::process($username, $_POST['passwd'], $errors)) {
session_write_close();
Http::redirect($dest);
require_once 'index.php';
//Just incase header is messed up.
exit;
}
$msg = $errors['err'] ? $errors['err'] : 'Invalid login';
$show_reset = true;
} elseif ($_GET['do']) {
switch ($_GET['do']) {
case 'ext':
// Lookup external backend
if ($bk = StaffAuthenticationBackend::getBackend($_GET['bk'])) {
$bk->triggerAuth();
}
}
Http::redirect('login.php');
} elseif (!$thisstaff || !($thisstaff->getId() || $thisstaff->isValid())) {
if (($user = StaffAuthenticationBackend::processSignOn($errors, false)) && $user instanceof StaffSession) {
@header("Location: {$dest}");
}
}
define("OSTSCPINC", TRUE);
//Make includes happy!
include_once INCLUDE_DIR . 'staff/login.tpl.php';
/** adds file and rules to ruleSets and parses all active rules in current file and former files
@param file str file location string
*/
private static function matchRules($path, &$rules)
{
foreach ($rules as $ruleKey => &$rule) {
unset($matched);
if (!isset($rule['flags'])) {
$flags = $rule[2] ? explode(',', $rule[2]) : array();
$rule['flags'] = array_fill_keys(array_values($flags), true);
//parse flags for determining match string
if ($rule['flags']['regex']) {
$rule['match'] = \Tool::pregDelimit($rule[0]);
if ($rule['flags']['caseless']) {
$rule['match'] .= 'i';
}
} else {
if ($rule['flags']['caseless']) {
$rule['match'] = strtolower($rule[0]);
} else {
$rule['match'] = $rule[0];
}
}
}
if ($rule['flags']['caseless']) {
$subject = self::$urlCaselessBase;
} else {
$subject = self::$urlBase;
}
//test match
if ($rule['flags']['regex']) {
if (preg_match($rule['match'], $subject, self::$regexMatch)) {
$matched = true;
}
} else {
if ($rule['match'] == $subject) {
$matched = true;
}
}
if ($matched) {
self::$matchedRules[] = $rule;
//++ apply replacement logic {
if ($rule['flags']['regex']) {
$replacement = preg_replace($rule['match'], $rule[1], self::$urlBase);
} else {
$replacement = $rule[1];
}
//handle redirects
if ($rule['flags']['302']) {
\Http::redirect($replacement, 'head', 302);
}
if ($rule['flags']['303']) {
\Http::redirect($replacement, 'head', 303);
}
//remake url with replacement
self::tokenise($replacement);
self::$parsedUrlTokens = [];
self::$unparsedUrlTokens = array_merge([''], self::$urlTokens);
//++ }
//++ apply parse flag {
if ($rule['flags']['once']) {
unset($rules[$ruleKey]);
} elseif ($rule['flags']['file:last']) {
unset(self::$ruleSets[$path]);
} elseif ($rule['flags']['loop:last']) {
self::$unparsedUrlTokens = [];
}
//++ }
return true;
}
}
unset($rule);
return false;
}
