function sc_lm_password_input($parm = '') { $pref = e107::getPref(); $t_password = "******" . LAN_PASSWORD . "' required='required' name='userpass' id='userpass' size='15' value='' maxlength='30' />\n"; if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) { $t_password .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n"; } return $t_password; }
function sc_login_table_password($parm = '') { $pref = e107::getPref(); $text = "<input class='tbox form-control input-block-level' type='password' name='userpass' id='userpass' size='40' maxlength='100' placeholder=\"" . LAN_LOGIN_2 . "\" />"; if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) { $text .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n"; } return $text; }
public function tryProviderSession($deniedAs) { // don't allow if main admin browse front-end or there is already user session if (!$deniedAs && $this->getSessionDataAs() || null !== $this->_session_data || !e107::getPref('social_login_active', false)) { return $this; } try { // detect all currently connected providers $hybrid = e107::getHybridAuth(); // init the auth class $connected = Hybrid_Auth::getConnectedProviders(); } catch (Exception $e) { e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true); $session = e107::getSession(); $session->set('HAuthError', true); $connected = false; } // no active session found if (!$connected) { return $this; } // query DB $sql = e107::getDb(); $where = array(); foreach ($connected as $providerId) { $adapter = Hybrid_Auth::getAdapter($providerId); if (!$adapter->getUserProfile()->identifier) { continue; } $id = $providerId . '_' . $adapter->getUserProfile()->identifier; $where[] = "user_xup='" . $sql->escape($id) . "'"; } $where = implode(' OR ', $where); if ($sql->db_Select('user', 'user_id, user_password, user_xup', $where)) { $user = $sql->db_Fetch(); e107::getUserSession()->makeUserCookie($user); $this->setSessionData(); } return $this; }
function e_install() { // notice removal, required from various core routines define('USERID', 1); define('USER', true); define('ADMIN', true); // session instance $this->session = e107::getSession(); $this->logFile = ''; if (MAKE_INSTALL_LOG) { if (is_writable(dirname(__FILE__))) { $this->logFile = dirname(__FILE__) . '/e107InstallLog.log'; } } // $this->logLine('Query string: '); $this->template = new SimpleTemplate(); while (@ob_end_clean()) { } global $e107; $this->e107 = $e107; if (isset($_POST['previous_steps'])) { $this->previous_steps = unserialize(base64_decode($_POST['previous_steps'])); unset($_POST['previous_steps']); } else { $this->previous_steps = array(); } $this->get_lan_file(); $this->post_data = $_POST; $this->template->SetTag('required', ''); if (isset($this->previous_steps['language'])) { define("e_LANGUAGE", $this->previous_steps['language']); include_lan(e_LANGUAGEDIR . e_LANGUAGE . "/admin/lan_admin.php"); } }
/** * Add a comment to an item * e-token POST value should be always valid when using this method. * * @param string|array $data - $author_name or array of all values. * @param unknown_type $comment * @param unknown_type $table * @param integer $id - reference of item in source table to which comment is linked * @param unknown_type $pid - parent comment id when it's a reply to a specific comment. t * @param unknown_type $subject * @param unknown_type $rateindex */ function enter_comment($data, $comment = '', $table = '', $id = '', $pid = '', $subject = '', $rateindex = FALSE) { //rateindex : the posted value from the rateselect box (without the urljump) (see function rateselect()) if ($this->engine != 'e107') { return; } if (is_array($data)) { $table = $data['comment_type']; $id = intval($data['comment_item_id']); $pid = intval($data['comment_pid']); $subject = $data['comment_subject']; $comment = $data['comment_comment']; $author_name = $data['comment_author_name']; $comment_share = intval($data['comment_share']); $comment_datestamp = $data['comment_datestamp']; } else { $author_name = $data; //BC Fix. } global $e107, $rater; $sql = e107::getDb(); $sql2 = e107::getDb('sql2'); $tp = e107::getParser(); $pref = e107::getPref(); if ($this->getCommentPermissions() != 'rw') { return; } if ($user_func = e107::getOverride()->check($this, 'enter_comment')) { return call_user_func($user_func, array('data' => $data, 'comment' => $comment, 'table' => $table, 'id' => $id, 'pid' => $pid, 'subject' => $subject, 'rateindex' => $rateindex)); } if (!isset($_POST['e-token'])) { $_POST['e-token'] = ''; } // check posted token if (!e107::getSession()->check(false)) { return false; } // This will return false on error if (isset($_GET['comment']) && $_GET['comment'] == 'edit') { $eaction = 'edit'; $editpid = $_GET['comment_id']; } elseif (strstr(e_QUERY, "edit")) { $eaction = "edit"; $tmp = explode(".", e_QUERY); $count = 0; foreach ($tmp as $t) { if ($t == "edit") { $editpid = $tmp[$count + 1]; break; } $count++; } } $type = $this->getCommentType($table); $comment = $tp->toDB($comment); $subject = $tp->toDB($subject); $cuser_id = 0; $cuser_name = 'Anonymous'; // Preset as an anonymous comment if (!$sql->select("comments", "*", "comment_comment='" . $comment . "' AND comment_item_id='" . intval($id) . "' AND comment_type='" . $tp->toDB($type, true) . "' ")) { if ($_POST['comment']) { if (USER == TRUE) { $cuser_id = USERID; $cuser_name = USERNAME; $cuser_mail = USEREMAIL; } elseif ($_POST['author_name'] != '') { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' ")) { if ($sql2->select("user", "*", "user_name='" . $tp->toDB($_POST['author_name']) . "' AND user_ip='" . $tp->toDB($ip, true) . "' ")) { //list($cuser_id, $cuser_name) = $sql2->db_Fetch(); $tmp = $sql2->fetch(); $cuser_id = $tmp['user_id']; $cuser_name = $tmp['user_name']; $cuser_mail = $tmp['user_email']; } else { define("emessage", COMLAN_310); } } else { $cuser_name = $tp->toDB($author_name); } } if (!defined("emessage")) { $ip = $e107->getip(); // Store IP 'in the raw' - could be IPv4 or IPv6. Its always returned in a normalised form $_t = time(); if ($editpid) { $comment .= "\n[ " . COMLAN_319 . " [time=short]" . time() . "[/time] ]"; $sql->update("comments", "comment_comment='{$comment}' WHERE comment_id='" . intval($editpid) . "' "); e107::getCache()->clear("comment"); return; } //FIXME - don't sanitize, pass raw data to e_event, use DB array (inner db sanitize) $edata_li = array('comment_pid' => intval($pid), 'comment_item_id' => $id, 'comment_subject' => $subject, 'comment_author_id' => $cuser_id, 'comment_author_name' => $cuser_name, 'comment_author_email' => $tp->toDB($cuser_mail), 'comment_datestamp' => $_t, 'comment_comment' => $comment, 'comment_blocked' => $this->moderateComment($pref['comments_moderate']) ? 2 : 0, 'comment_ip' => $ip, 'comment_type' => $tp->toDB($type, true), 'comment_lock' => 0, 'comment_share' => $comment_share); //SecretR: new event 'prepostcomment' - allow plugin hooks - e.g. Spam Check $edata_li_hook = array_merge($edata_li, array('comment_nick' => $cuser_id . '.' . $cuser_name, 'comment_time' => $_t)); if (e107::getEvent()->trigger("prepostcomment", $edata_li_hook)) { return false; //3rd party code interception } //allow 3rd party code to modify insert data if (is_array($edata_li_hook)) { foreach (array_keys($edata_li) as $k) { if (isset($edata_li_hook[$k])) { $edata_li[$k] = $edata_li_hook[$k]; //sanitize? continue; } if ($k === 'break') { $break = $edata_li_hook[$k]; } } } unset($edata_li_hook); if (!($inserted_id = $sql->insert("comments", $edata_li))) { //echo "<b>".COMLAN_323."</b> ".COMLAN_11; if (e_AJAX_REQUEST) { return "Error"; } e107::getMessage()->addStack(COMLAN_11, 'postcomment', E_MESSAGE_ERROR); } else { if (USER == true) { $sql->update("user", "user_comments=user_comments+1, user_lastpost='" . time() . "' WHERE user_id='" . USERID . "' "); } // Next item for backward compatibility $edata_li["comment_nick"] = $cuser_id . '.' . $cuser_name; $edata_li["comment_time"] = $_t; $edata_li["comment_id"] = $inserted_id; //Why? /*unset($edata_li['comment_pid']); unset($edata_li['comment_author_email']); unset($edata_li['comment_ip']);*/ e107::getEvent()->trigger("postcomment", $edata_li); e107::getCache()->clear("comment"); if ((empty($type) || $type == "news") && !$this->moderateComment($pref['comments_moderate'])) { $sql->update("news", "news_comment_total=news_comment_total+1 WHERE news_id=" . intval($id)); } //if rateindex is posted, enter the rating from this user // if ($rateindex) // { // $rater->enterrating($rateindex); // } return $inserted_id; // return the ID number so it can be used. true; } } } } else { define("emessage", COMLAN_312); } if (defined("emessage")) { if (e_AJAX_REQUEST) { return emessage; } message_handler("ALERT", emessage); } return false; }
/** * Checks user password againt preferences set etc * Assumes that $this->userData array already set up * * @param string $username - the user name string as entered (might not relate to the intended user at this stage) * @param string $userpass - as entered * @param string $response - received string if CHAP used * @param boolean $forceLogin - TRUE if login is being forced from clicking signup link; normally FALSE * @return TRUE if valid password * otherwise FALSE */ protected function checkUserPassword($username, $userpass, $response, $forceLogin) { $pref = e107::getPref(); if ($forceLogin === 'provider') { return true; } if ($this->lookEmail && vartrue($pref['passwordEncoding'])) { $tmp = e107::getArrayStorage()->unserialize($this->userData['user_prefs']); if (!$tmp && $this->userData['user_prefs']) { $tmp = unserialize($this->userData['user_prefs']); } // try old storage type $requiredPassword = varset($tmp['email_password'], $this->userData['user_password']); // Use email-specific password if set. Otherwise, 'normal' one might work unset($tmp); } else { $requiredPassword = $this->userData['user_password']; } // FIXME - [SecretR] $username is not set and I really can't get the idea. //$username = $this->userData['user_loginname']; // TODO for Steve - temporary fix, where $username comes from? // Now check password if ($forceLogin) { if (md5($this->userData['user_name'] . $this->userData['user_password'] . $this->userData['user_join']) != $userpass) { return $this->invalidLogin($username, LOGIN_BAD_PW); } } else { $session = e107::getSession(); $gotChallenge = $session->is('challenge'); //$aLogVal = "U: {$username}, P: ******, C: ".$session->get('challenge')." R:{$response} S: {$this->userData['user_password']} Prf: {$pref['password_CHAP']}/{$gotChallenge}"; if ($pref['password_CHAP'] > 0 && ($response && $gotChallenge) && $response != $session->get('challenge') || $pref['password_CHAP'] == 2) { // Verify using CHAP //$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","CHAP login",$aLogVal, FALSE, LOG_TO_ROLLING); if (($pass_result = $this->userMethods->CheckCHAP($session->get('challenge'), $response, $username, $requiredPassword)) === PASSWORD_INVALID) { return $this->invalidLogin($username, LOGIN_CHAP_FAIL); } } else { // Plaintext password //$this->e107->admin_log->e_log_event(4,__FILE__."|".__FUNCTION__."@".__LINE__,"DBG","Plaintext login",$aLogVal, FALSE,LOG_TO_ROLLING); if (($pass_result = $this->userMethods->CheckPassword($userpass, $this->lookEmail ? $this->userData['user_loginname'] : $username, $requiredPassword)) === PASSWORD_INVALID) { return $this->invalidLogin($username, LOGIN_BAD_PW); } } $this->passResult = $pass_result; } return TRUE; }
/** * Admin auth check * @param string $authname, entered name * @param string $authpass, entered pass * @param object $authresponse [optional] * @return boolean if fail, else result array */ public function authcheck($authname, $authpass, $authresponse = '') { $pref = e107::getPref(); $tp = e107::getParser(); $sql_auth = e107::getDb('sql_auth'); $user_info = e107::getUserSession(); $reason = ''; $authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname))); $authpass = trim($authpass); if ($authpass == '' && $authresponse == '' || $authname == '') { $reason = 'np'; } if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) { $reason = 'lu'; } if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && $row['user_id']) { $session = e107::getSession(); if ($authresponse && $session->is('prevchallenge') && $authresponse != $session->get('prevchallenge')) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) /* $title = 'Login via admin'; $extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password']; $text = 'CHAP: '.$username.' ('.$extra_text.')'; $title = e107::getParser()->toDB($title); $text = e107::getParser()->toDB($text); e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING); $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp); */ if (($pass_result = $user_info->CheckCHAP($session->get('prevchallenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } else { // Plaintext password /* $title = 'Login via admin'; $extra_text = 'C: '.$session->get('challenge').' PC: '.$session->get('prevchallenge').' PPC: '.$session->get('prevprevchallenge').' R:'.$authresponse.' P:'.$row['user_password']; $text = 'STD: '.$username.' ('.$extra_text.')'; $title = e107::getParser()->toDB($title); $text = e107::getParser()->toDB($text); e107::getAdminLog()->e_log_event(4, __FILE__."|".__FUNCTION__."@".__LINE__, "LOGIN", $title, $text, FALSE, LOG_TO_ROLLING); // $logfp = fopen(e_LOG.'authlog.txt', 'a+'); fwrite($logfp, $title.': '.$text."\n"); fclose($logfp); */ if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason" => $reason); }
$id = varset($tmp[2]); unset($tmp); } elseif (!getperms('0')) { $action = 'tools'; } if (isset($_POST['submit_prefs']) && isset($_POST['mainsitelanguage']) && getperms('0')) { unset($temp); $changes = array(); $temp['multilanguage'] = $_POST['multilanguage']; $temp['multilanguage_subdomain'] = $_POST['multilanguage_subdomain']; $temp['multilanguage_domain'] = $_POST['multilanguage_domain']; $temp['sitelanguage'] = $_POST['mainsitelanguage']; $temp['adminlanguage'] = $_POST['mainadminlanguage']; $temp['noLanguageSubs'] = $_POST['noLanguageSubs']; e107::getConfig()->setPref($temp)->save(true); e107::getSession()->clear('e_language'); } // ----------------- delete tables --------------------------------------------- if (isset($_POST['del_existing']) && $_POST['lang_choices'] && getperms('0')) { $lang = strtolower($_POST['lang_choices']); foreach ($tabs as $del_table) { if ($sql->db_Table_exists($lang . "_" . $del_table, TRUE)) { // echo $del_table." exists<br />"; $qry = "DROP TABLE " . $mySQLprefix . "lan_" . $lang . "_" . $del_table; if (mysql_query($qry)) { $msg = $tp->lanVars(LANG_LAN_100, $_POST['lang_choices'] . ' ' . $del_table); $message .= $msg . '[!br!]'; $mes->addSuccess($msg); } else { $msg = $tp->lanVars(LANG_LAN_101, $_POST['lang_choices'] . ' ' . $del_table); $message .= $msg . '[!br!]';
/** * Get session handler * @return eMessage */ public function getSessionHandler() { if (null === $this->_session_handler) { $session = e107::getSession(); if (!$session->has($this->_session_id)) { $session->set($this->_session_id, array()); } $this->_session_handler = $session; } return $this->_session_handler; }
} // v2 Custom language File Path. $customLan2 = e_SYSTEM . '/lans/' . e_LANGUAGE . '_custom.php'; if (is_readable($customLan2)) { include $customLan2; } unset($customLan, $customLan2); $sql->db_Mark_Time('Start: Global Language Files'); if (isset($pref['lan_global_list'])) { foreach ($pref['lan_global_list'] as $path) { e107::plugLan($path, 'global', true); } } $sql->db_Mark_Time('Start: CHAP challenge'); $die = e_AJAX_REQUEST == true ? false : true; e107::getSession()->challenge()->check($die); // Token protection unset($die); // // N: misc setups: online user tracking, cache // $sql->db_Mark_Time('Start: Misc resources. Online user tracking, cache'); /** * @deprecated BC, call the method only when needed, $e107->ecache caught by __get() */ $e107cache = e107::getCache(); //TODO - find & replace $e107cache, $e107->ecache //DEPRECATED, BC, call the method only when needed, $e107->override caught by __get() $override = e107::getSingleton('override', true); //TODO - find & replace $override, $e107->override //DEPRECATED, BC, call the method only when needed, $e107->user_class caught by __get()
/** * Handle the Ajax quick-reply. */ function ajaxQuickReply() { $tp = e107::getParser(); if (!isset($_POST['e_token'])) { $_POST['e_token'] = ''; } if (!e107::getSession()->check(false) || !$this->checkPerm($_POST['post'], 'post')) { //$ret['status'] = 'ok'; // $ret['msg'] = "Token Error"; // echo json_encode($ret); exit; } if (varset($_POST['action']) == 'quickreply' && vartrue($_POST['text'])) { $postInfo = array(); $postInfo['post_ip'] = e107::getIPHandler()->getIP(FALSE); if (USER) { $postInfo['post_user'] = USERID; } else { $postInfo['post_user_anon'] = $_POST['anonname']; } $postInfo['post_entry'] = $_POST['text']; $postInfo['post_forum'] = intval($_POST['post']); $postInfo['post_datestamp'] = time(); $postInfo['post_thread'] = intval($_POST['thread']); $postInfo['post_id'] = $this->postAdd($postInfo); // save it. $postInfo['user_name'] = USERNAME; $postInfo['user_email'] = USEREMAIL; $postInfo['user_image'] = USERIMAGE; $postInfo['user_signature'] = USERSIGNATURE; if ($_POST['insert'] == 1) { $tmpl = e107::getTemplate('forum', 'forum_viewtopic', 'replies'); $sc = e107::getScBatch('view', 'forum'); $sc->setScVar('postInfo', $postInfo); $ret['html'] = $tp->parseTemplate($tmpl, true, $sc) . "\n"; } else { $ret['html'] = false; } $ret['status'] = 'ok'; $ret['msg'] = "Your post has been added"; //echo $ret; echo json_encode($ret); } e107::getSession()->reset(); exit; }
$core_pref->update($key, $newValue); /*if($newValue != $core_pref->get($key)) { // Changed value $core_pref->set($key, $newValue); $prefChanges[$key] = $newValue; }*/ } $core_pref->save(false); // special case, do session cleanup, logout, redirect to login screen if ($sessionRegenerate) { // reset cookie cookie($core_pref->get('cookie_name'), $_COOKIE[e_COOKIE], time() + 3600 * 24 * 30, e_HTTP, e107::getLanguage()->getCookieDomain()); cookie(e_COOKIE, null, null); // regenerate session $s = $_SESSION; e107::getSession()->destroy(); $session = new e_core_session(array('name' => $core_pref->get('cookie_name'))); $_SESSION = $s; } } if (e107::isInstalled('alt_auth')) { $authlist[] = "e107"; $handle = opendir(e_PLUGIN . "alt_auth"); while ($file = readdir($handle)) { if (preg_match("/^(.*)_auth\\.php/", $file, $match)) { $authlist[] = $match[1]; } } } function sendTest() {
/** * Redirect to the given URI * * @param string $url * @param boolean $replace - default TRUE * @param integer|null $http_response_code - default NULL * @return void */ public function redirect($url, $replace = TRUE, $http_response_code = NULL) { if (session_id()) { e107::getSession()->end(); } if (null === $http_response_code) { header('Location: ' . $url, $replace); } else { header('Location: ' . $url, $replace, $http_response_code); } // Safari endless loop fix. header('Content-Length: 0'); // write session if needed //if(session_id()) session_write_close(); exit; }
/** * Redirect to the given URI * * @param string $url or error code number. eg. 404 = Not Found. If left empty SITEURL will be used. * @param boolean $replace - default TRUE * @param integer|null $http_response_code - default NULL * @param boolean $preventCache * @return void */ public function go($url = '', $replace = TRUE, $http_response_code = NULL, $preventCache = true) { $url = str_replace("&", "&", $url); // cleanup when using e_QUERY in $url; if (empty($url)) { $url = SITEURL; } if ($url == 'admin') { $url = SITEURLBASE . e_ADMIN_ABS; } if (defset('e_DEBUG') === 'redirect') { $error = debug_backtrace(); e107::getLog()->addDebug("URL: " . $url . "\nFile: " . $error[1]['file'] . "\nLine: " . $error[1]['line'] . "\nClass: " . $error[1]['class'] . "\nFunction: " . $error[1]['function'] . "\n\n"); e107::getLog()->toFile('redirect.log', true); echo "debug active"; return; } if (session_id()) { e107::getSession()->end(); } if ($preventCache) { header('Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0', true); header('Expires: Sat, 26 Jul 1997 05:00:00 GMT', true); } if (null === $http_response_code) { header('Location: ' . $url, $replace); } else { header('Location: ' . $url, $replace, $http_response_code); } // Safari endless loop fix. header('Content-Length: 0'); // write session if needed //if(session_id()) session_write_close(); exit; }
/** * Set Language-specific Constants * FIXME - language detection is a mess - db handler, mysql handler, session handler and language handler + constants invlolved, * SIMPLIFY, test, get feedback * @param string $language * @return */ function setDefs() { global $pref; $language = $this->e_language; //$session = e107::getSession(); // SecretR - don't register lanlist in session, confusions, save it as class property (lan class is singleton) e107::getSession()->set('language-list', null); // cleanup test installs, will be removed soon /*if(!$session->is('language-list')) { $session->set('language-list', implode(',',$this->installed())); }*/ //define('e_LANLIST', $session->get('language-list')); define('e_LANLIST', implode(',', $this->installed())); define('e_LANGUAGE', $language); define('USERLAN', $language); // Keep USERLAN for backward compatibility $iso = $this->convert($language); define("e_LAN", $iso); // Below is for BC if (defined('e_LANCODE') && varset($pref['multilanguage']) && $language != $pref['sitelanguage']) { define("e_LANQRY", "[" . $iso . "]"); } else { define("e_LANCODE", ''); define("e_LANQRY", FALSE); } }
function Show_PATH($force = false) { if (!E107_DBG_PATH && $force === false) { return FALSE; } global $e107; $sql = e107::getDb(); $text = "<table class='fborder table table-striped table-condensed debug-footer' style='width:100%'>\n\t\t<colgroup>\n\t\t<col style='width:20%' />\n\t\t<col style='width:auto' />\n\t\t</colgroup>\n\t\t<thead>\n\t\t\t<tr>\n\t\t\t\t<th class='fcaption debug-footer-caption left' colspan='2'><b>Paths & Variables</b></th>\n\t\t\t</tr>\n\t\t</thead>\n\t\t<tbody>\n"; $inc = array('BOOTSTRAP', 'HEADERF', 'FOOTERF', 'FILE_UPLOADS', 'FLOODPROTECT', 'FLOODTIMEOUT', 'CHARSET', 'GUESTS_ONLINE', 'MEMBERS_ONLINE', 'PAGE_NAME', 'STANDARDS_MODE', 'TIMEOFFSET', 'TOTAL_ONLINE', 'THEME', 'THEME_ABS', 'THEME_LAYOUT', 'THEME_STYLE', 'META_OG', 'META_DESCRIPTION', 'MPREFIX', 'VIEWPORT', 'BODYTAG', 'CSSORDER'); $userCon = get_defined_constants(true); ksort($userCon['user']); foreach ($userCon['user'] as $k => $v) { if (E107_DBG_ALLERRORS || in_array($k, $inc) || substr($k, 0, 5) == 'ADMIN' || substr($k, 0, 2) == 'E_' || substr($k, 0, 2) == 'e_' || substr($k, 0, 4) == 'E107' || substr($k, 0, 4) == 'SITE' || substr($k, 0, 4) == 'USER' || substr($k, 0, 4) == 'CORE') { $text .= "\n\t\t\t\t<tr>\n\t\t\t\t\t<td class='forumheader3'>" . $k . "</td>\n\t\t\t\t\t<td class='forumheader3'>" . htmlspecialchars($v) . "</td>\n\t\t\t\t</tr>"; } } $sess = e107::getSession(); $text .= "\n\t\t\t\n\t\t\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>SQL Language</td>\n\t\t\t\t<td class='forumheader3'>" . $sql->mySQLlanguage . "</td>\n\t\t\t</tr>\n\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' colspan='2'><pre>" . htmlspecialchars(print_r($e107, TRUE)) . "</pre></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='fcaption' colspan='2'><h2>Session</h2></td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session lifetime</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getOption('lifetime') . " seconds</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session domain</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getOption('domain') . "</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3'>Session save method</td>\n\t\t\t\t<td class='forumheader3'>" . $sess->getSaveMethod() . "</td>\n\t\t\t</tr>\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t<tr>\n\t\t\t\t<td class='forumheader3' colspan='2'><pre>" . htmlspecialchars(print_r($_SESSION, TRUE)) . "</pre></td>\n\t\t\t</tr>\n\t\t\t\n\t\t</tbody>\n\t\t</table>"; return $text; }
/** * Admin auth check * @param string $authname, entered name * @param string $authpass, entered pass * @param object $authresponse [optional] * @return boolean if fail, else result array */ public function authcheck($authname, $authpass, $authresponse = '') { global $pref; $tp = e107::getParser(); $sql_auth = e107::getDb('sql_auth'); $user_info = e107::getUserSession(); $reason = ''; $authname = $tp->toDB(preg_replace("/\\sOR\\s|\\=|\\#/", "", trim($authname))); $authpass = trim($authpass); if ($authpass == '' || $authname == '') { $reason = 'np'; } if (strlen($authname) > varset($pref['loginname_maxlength'], 30)) { $reason = 'lu'; } if (!$reason) { if ($sql_auth->db_Select("user", "*", "user_loginname='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); } elseif ($sql_auth->db_Select("user", "*", "user_name='{$authname}' AND user_admin='1' ")) { $row = $sql_auth->db_Fetch(); $authname = $row['user_loginname']; } else { $reason = 'iu'; } } if (!$reason && $row['user_id']) { $session = e107::getSession(); if ($authresponse && $session->is('challenge') && $authresponse != $session->get('challenge')) { // Verify using CHAP (can't handle login by email address - only loginname - although with this code it does still work if the password is stored unsalted) if (($pass_result = $user_info->CheckCHAP($session->get('challenge'), $authresponse, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return ${$row}; } } else { // Plaintext password if (($pass_result = $user_info->CheckPassword($authpass, $authname, $row['user_password'])) !== PASSWORD_INVALID) { return $row; } } } return array("authfail", "reason" => $reason); }
/** * Destroy cookie/session data, self destroy * @return e_user */ public final function logout() { if ($this->hasProvider()) { $this->getProvider()->logout(); } $this->logoutAs()->_destroySession(); parent::destroy(); //if(session_id()) session_destroy(); e107::getSession()->destroy(); e107::setRegistry('core/e107/current_user', null); return $this; }
if ($use_imagecode) { require_once e_HANDLER . "secure_img_handler.php"; $sec_img = new secure_image(); } if (!USER) { require_once e_HANDLER . "form_handler.php"; $rs = new form(); $text = ""; $allowEmailLogin = varset($pref['allowEmailLogin'], 0); $ulabel = array(LAN_LOGIN_1, LAN_LOGIN_28, LAN_LOGIN_29); $LOGIN_USERNAME_LABEL = $ulabel[$allowEmailLogin]; $LOGIN_TABLE_LOGINMESSAGE = LOGINMESSAGE; $LOGIN_TABLE_USERNAME = "******"; $LOGIN_TABLE_PASSWORD = "******"; if (!USER && e107::getSession()->is('challenge') && varset($pref['password_CHAP'], 0)) { $LOGIN_TABLE_PASSWORD .= "<input type='hidden' name='hashchallenge' id='hashchallenge' value='" . e107::getSession()->get('challenge') . "' />\n\n"; } if ($use_imagecode) { $LOGIN_TABLE_SECIMG_LAN = LAN_LOGIN_13; $LOGIN_TABLE_SECIMG_HIDDEN = "<input type='hidden' name='rand_num' value='" . $sec_img->random_number . "' />"; $LOGIN_TABLE_SECIMG_SECIMG = $sec_img->r_image(); $LOGIN_TABLE_SECIMG_TEXTBOC = "<input class='tbox' type='text' name='code_verify' size='15' maxlength='20' />"; } $LOGIN_TABLE_AUTOLOGIN = "******"; $LOGIN_TABLE_AUTOLOGIN_LAN = LAN_LOGIN_8; $LOGIN_TABLE_SUBMIT = "<input class='button' type='submit' name='userlogin' value=\"" . LAN_LOGIN_9 . "\" />"; if (!isset($LOGIN_TABLE) || !$LOGIN_TABLE) { if (file_exists(THEME . 'login_template.php')) { require_once THEME . 'login_template.php'; } else { require_once e_BASE . $THEMES_DIRECTORY . "templates/login_template.php";
/** * Basic implementation of Browser cache control per user session. Awaiting improvement in future versions * If no argument is passed it returns * boolean (if current page is cacheable). * If string is passed, it's asumed to be aboslute request path (e_REQUEST_URI alike) * If true is passed, e_REQUEST_URI is registered * @param null $set * @return bool|void */ public static function canCache($set = null) { $_data = e107::getSession()->get('__sessionBrowserCache'); if (!is_array($_data)) { $_data = array(); } if (null === $set) { return in_array(e_REQUEST_URI, $_data); } // remove e_REQUEST_URI from the set if (false === $set) { $check = array_search(e_REQUEST_URI, $_data); if (false !== $check) { unset($_data[$check]); e107::getSession()->set('__sessionBrowserCache', $_data); return; } } if (true === $set) { $set = e_REQUEST_URI; } if (empty($set) || !is_string($set) || in_array($set, $_data)) { return; } $_data[] = $set; e107::getSession()->set('__sessionBrowserCache', array_unique($_data)); }
* GNU General Public License (http://www.gnu.org/licenses/gpl.txt) * * Default footer for user pages * * $URL$ * $Id$ * */ if (!defined('e107_INIT')) { exit; } $In_e107_Footer = TRUE; // For registered shutdown function global $error_handler, $db_time, $FOOTER; // Clean session shutdown e107::getSession()->shutdown(); // System browser CACHE control - defaults to no cache; override in e107_config or on the fly // This is temporary solution, we'll implement more flexible way for cache control override // per page, more investigation needed about cache related headers, browser quirks etc // Auto-detect from session (registered per page, per user session) if (!defined('e_NOCACHE')) { define('e_NOCACHE', !e107::canCache()); } // // SHUTDOWN SEQUENCE // // The following items have been carefully designed so page processing will finish properly // Please DO NOT re-order these items without asking first! You WILL break something ;) // These letters match the ADMIN footer (that's why there is B.1,B.2) // // A Ensure sql and traffic objects exist
public function actionEndpoint() { require_once e_HANDLER . "hybridauth/Hybrid/Auth.php"; require_once e_HANDLER . "hybridauth/Hybrid/Endpoint.php"; try { Hybrid_Endpoint::process(); } catch (Exception $e) { e107::getMessage()->addError('[' . $e->getCode() . ']' . $e->getMessage(), 'default', true); $session = e107::getSession(); $session->set('HAuthError', true); } }