print "Not logged in"; exit(0); } $parms = new Parameters(); // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { print "Invalid user"; exit(0); } elseif (!$user->isAdmin() && !$user->isSupervisor()) { print "Insufficient permission"; exit(0); } // read in parameters $filter = $parms->getParm('filter'); if ($filter == '') { $filter = 'access'; } $start = $parms->getParm('start'); if ($start == '') { $start = 0; } /* maxlines not recommended for ajax as it could result in gaps in log view although can be used to prevent excessive log entries killing browser session*/ /* Instead maxlines should be used on original, but allow multiple additional entries */ /* If used then will restrict number of lines returned within getlog */ $maxlines = $parms->getParm('maxlines'); if ($maxlines == '') { $maxlines = 0; } $order = $parms->getParm('order');
//$get_values = getPostParms(); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // php session - we don't check for login status if come to this page we need to relogin $session = new DashboardSession(); //Get parameters - check safe and return as array // all values are included in array - even if not on url $parms = new Parameters(); // Allow messages to be sent to the web page $message = ''; // If we have a username & password then login attempt, if not then prompt /** logging in **/ // First check that the password is correct - as otherwise we won't allow anything // $password is already md5 encoded, as is the value in get_values so just do direct compare if ($parms->getParm('user') != '' && $parms->getParm('password') != '') { $username = $parms->getParm('user'); $password = $parms->getParm('password'); if ($debug) { print "Login attempt {$username} / {$password}"; } // gets user object based on username $user = $kdb->getUserUsername($username); // check we got a user back if ($user == null) { if ($debug) { print "No matching user found\n"; } loginFail('usernamepassword'); } // Get username and password and check - first check shouldn't hit but additional check
//If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=password.php"); exit(0); } // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=password.php&message=notuser"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters(); // Do we have a password (old, new and repeat new) if ($parms->getParm('password') != '') { $password = $parms->getParm('password'); // check that password is correct if (md5($password) != $user->getPassword()) { passwordChg("Incorrect password"); } // check password matches if ($parms->getParm('newpassword') != $parms->getParm('repeatpassword')) { passwordChg("Passwords do not match"); } $newpassword = $parms->getParm('newpassword'); // set password in database $kdb->setUserPassword($username, md5($newpassword)); // redirect to dashboard page - with message password changed header("Location: dashboard.php?message=newpass"); } else {
include 'inc/' . $class_name . '.php'; } /*** Connect to database ***/ $db = new Database($dbsettings); $kdb = new KidsafeDB($db); //Get parameters - check safe and return as object // all values are included in array - even if not on url $parms = new Parameters(); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // If we have a password then adding entry, if not then prompt what to add /** Adding entry **/ // First check that the password is correct - as otherwise we won't allow anything // $password is already md5 encoded, as is the value in get_values so just do direct compare if ($parms->getParm('add') == 'stage2') { // gets user object based on username $user = $kdb->getUserUsername($parms->getParm('username')); // check we got a user back if ($user == null) { if ($debug) { print "User doesn't exist " . $parms->getParm('username') . "\n"; } loginFail(); } // Get username and password and check - first check shouldn't hit but additional check if ($user->getUsername() != $parms->getParm('username') || md5($parms->getParm('password')) != $user->getPassword()) { if ($debug) { print "Login failure user: "******" password: "******" \n"; } loginFail();
// create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } elseif (!$user->isAdmin()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters($parms_allowed); // valid messages // newpass, nopermission if ($parms->getParm('action') == 'save') { // create rule object with defaults - populate below $rule = new Rule(); // This is user entered - so needs to be vetted // need better error message $website = $parms->getParm('website'); if ($website == '') { if ($debug) { print "Website needs to be specified\n"; } $err = Errors::getInstance(); $err->errorEvent(ERROR_PARAMETER, "Website needs to be specified"); } // check to see if this is a url rather than a domain / regexp // basic check looking for :// (could be http / https) if (preg_match('#://#', $website)) {
// create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } elseif (!$user->isAdmin()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters(); // valid messages // newpass, nopermission if ($parms->getParm('action') == 'save') { // Saved changed entry $this_username = $parms->getParm('username'); // if not supplied id then go to dashboard if ($this_username == "") { header("Location: dashboard.php?message=parameter"); exit(0); } // returns user object - use to check that username is valid $this_user = $kdb->getUserUsername($this_username); if ($this_user == null) { header("Location: dashboard.php?message=parameter"); exit(0); } // confirmed that user exists $this_user->setFullname($parms->getParm('fullname'));
$kdb = new KidsafeDB($db); $session_file = new SessionFile($sessionfilename); //Get parameters - check safe and return as array // all values are included in array - even if not on url $parms = new Parameters(); //$get_values = getPostParms(); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // Allow messages to be sent to the web page $message = ''; // If we have a username & password then login attempt, if not then prompt /** logging in **/ // First check that the password is correct - as otherwise we won't allow anything // $password is already md5 encoded, as is the value in get_values so just do direct compare if ($parms->getParm('user') != '' && $parms->getParm('password') != '') { $username = $parms->getParm('user'); $password = $parms->getParm('password'); if ($debug) { print "Login attempt {$username} / {$password}"; } // gets user object based on username $user = $kdb->getUserUsername($username); // check we got a user back if ($user == null) { if ($debug) { print "No matching user found\n"; } loginFail('usernamepassword'); } // Get username and password and check - first check shouldn't hit but additional check
die("Unable to connect to the database"); } // used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=listrules.php"); exit(0); } $parms = new Parameters(); // valid messages if ($parms->getParm('message') == 'unknownuser') { $user_messages .= "User invalid\n"; } // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=listusers.php&message=notuser"); exit(0); } elseif (!$user->isAdmin() && !$user->isSupervisor()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $all_users = $kdb->getUsersAll();
// create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } elseif (!$user->isAdmin()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters(); // valid messages // newpass, nopermission if ($parms->getParm('action') == 'save') { // Saved changed entry $this_id = $parms->getParm('id'); // if not supplied id then go to dashboard if ($this_id == "") { header("Location: dashboard.php?message=parameter"); exit(0); } // returns ruleobject $this_rule - use to check that id is valid $rule = $kdb->getRuleRuleid($this_id); if ($rule == null) { header("Location: dashboard.php?message=parameter"); exit(0); } // confirmed that rule exists - now update the rule with the new details // don't check if it's changed - just overwrite with new details
} // used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=dashboard.php"); exit(0); } $parms = new Parameters(); // valid messages // newpass, nopermission, parameter if ($parms->getParm('message') == 'newpass') { $user_messages .= "Password successfully changed\n"; } elseif ($parms->getParm('message') == 'nopermission') { $user_messages .= "Insufficient permission\n"; } elseif ($parms->getParm('message') == 'parameter') { $user_messages .= "Missing or invalid parameter\n"; } // create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } // Username used to display back to user $username = $user->getUsername();
function __autoload($class_name) { include 'inc/' . $class_name . '.php'; } /*** Connect to database ***/ $db = new Database($dbsettings); $kdb = new KidsafeDB($db); //Get parameters - check safe and return as object $parms = new Parameters(); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // used to set messages to provide to the user (eg. 'proxy not disabled for local network'); // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; if ($parms->getParm('url') == '') { $user_messages .= 'No website specified in the redirect. <br>'; } // Do we have an IP address from the parms - if so use that, if not try and find from the server (only if no proxy set for local connections) if ($parms->getParm('source') != '') { $ip = $parms->getParm('source'); } else { // note need to check that ip is not the same as the proxy (in which case they haven't set bypass for local $ip = $_SERVER['REMOTE_ADDR']; if ($ip == $_SERVER['SERVER_ADDR']) { // if nolocal then don't allow login if ($nolocal == True) { $ip = ''; } // if nolocal false then allow tunnelled proxy connections // We add warning in either case which can prompt user if it doesn't work
{ include 'inc/' . $class_name . '.php'; } /*** Connect to database ***/ $db = new Database($dbsettings); $kdb = new KidsafeDB($db); if ($db->getStatus() != 1) { die("Unable to connect to the database"); } // Get parameters - check safe and return as object // all values are included in array - even if not on url $parms = new Parameters(); // used to set messages to provide to the user // including <br> on the end of each message will keep the messages separate for the user $user_messages = ''; if ($parms->getParm('message') == 'passwordmatch') { $user_message .= 'Passwords do not match<br>'; } /** Check for login - or redirect to login.php **/ $session = new DashboardSession(); // are we logged in already? if ($session->getUsername() == '') { //If not redirect to login page - then redirect here header("Location: dashboardlogin.php?redirect=adduser.php"); exit(0); } // create user object - this is local user - not the one we are adding $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=password.php&message=notuser");
// create user object $user = $kdb->getUserUsername($session->getUsername()); // check we have valid user if ($user == null) { header("Location: dashboardlogin.php?redirect=dashboard.php&message=notuser"); exit(0); } elseif (!$user->isAdmin()) { header("Location: dashboard.php?message=nopermission"); exit(0); } // Username used to display back to user $username = $user->getUsername(); $parms = new Parameters(); // valid messages // newpass, nopermission if ($parms->getParm('action') == 'save') { // Saved changed entry $this_id = $parms->getParm('id'); // if not supplied id then go to dashboard if ($this_id == "") { header("Location: dashboard.php?message=parameter"); exit(0); } // returns ruleobject $this_rule - use to check that id is valid $site = $kdb->getSiteSiteid($this_id); if ($site == null) { header("Location: dashboard.php?message=parameter"); exit(0); } // confirmed that site exists $site->setId($this_id);