//Register this rule for checking user input with our function, eF_checkParameter $form->addElement('text', 'email', _YOUREMAIL, 'class = "inputText"'); $form->addRule('email', _THEFIELD . ' "' . _EMAIL . '" ' . _ISMANDATORY, 'required'); $form->addRule('email', _INVALIDFIELDDATA, 'checkParameter', 'email'); $form->addElement('text', 'message_subject', _MESSAGESUBJECT, 'class = "inputText"'); //$form -> addRule('message_subject', _INVALIDFIELDDATA, 'checkParameter', 'text'); $form->addElement('textarea', 'message_body', _TEXT, 'class = "inputText" id = "contact"'); $form->addElement('submit', 'submit_contact', _SUBMIT, 'class = "flatButton"'); if ($_GET['limit_reached']) { $form->setDefaults(array('message_subject' => _IWANTTOSIGNUPBUTMAXIMUMUSERSLIMITREACHED, 'message_body' => _IWANTTOSIGNUPBUTMAXIMUMUSERSLIMITREACHEDBODY)); } if ($_SESSION['s_login']) { $form->setDefaults(array('email' => $currentUser->user['email'])); } if ($form->isSubmitted()) { $fields_insert = array('users_LOGIN' => 'visitor', 'timestamp' => time(), 'action' => 'forms', 'comments' => 'contact', 'session_ip' => eF_encodeIP(eF_getRemoteAddress())); eF_insertTableData("logs", $fields_insert); if ($form->validate()) { $to = $form->exportValue("email"); $subject = $form->exportValue("message_subject"); $body = $form->exportValue("message_body") . "\r\n\r\n(" . $subject . " [" . _FROM . ": " . $to . "])"; if (eF_mail($to, $GLOBALS['configuration']['system_email'], $subject . " [" . _FROM . ": " . $to . "]", $body, false, true)) { $copied_body = _THANKYOUFORCONTACTINGUSBODY . "<br/><hr/><br/>" . $form->exportValue("message_body"); eF_mail($GLOBALS['configuration']['system_email'], $to, _THANKYOUFORCONTACTINGUS, $copied_body, false, false); $message = _SENDSUCCESS; $message_type = 'success'; eF_redirect(basename($_SERVER['PHP_SELF']) . '?message=' . urlencode($message) . '&message_type=' . $message_type); } else { $message = _SENDFAILURE; $message_type = 'failure'; }
/** * Login user * * This function logs the user in the system, using the specified password * <br/>Example: * <code> * $user = EfrontUserFactory :: factory('jdoe'); * $user -> login('mypass'); * </code> * * @param string $password The password to login with * @param boolean $encrypted Whether the password is already encrypted * @return boolean True if the user logged in successfully * @since 3.5.0 * @access public */ public function login($password, $encrypted = false) { //If the user is already logged in, log him out if ($this->isLoggedIn()) { //If the user is logged in right now on the same pc with the same session, return true (nothing to do) if ($this->isLoggedIn(session_id())) { if (!$encrypted && EfrontUser::createPassword($password) != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } else { if ($encrypted && $password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } return true; } elseif (!$this->allowMultipleLogin()) { $this->logout(); } } //If we are logged in as another user, log him out if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $this->user['login']) { try { EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id()); } catch (Exception $e) { } } //Empty session without destroying it foreach ($_SESSION as $key => $value) { if ($key != 'login_mode' && strpos($key, "facebook") === false) { //'login_mode' is used to facilitate lesson registrations unset($_SESSION[$key]); } } if ($this->user['pending']) { throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING); } if (!$this->user['active']) { throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE); } if ($this->isLdapUser) { //Authenticate LDAP user if (!eF_checkUserLdap($this->user['login'], $password)) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } else { if (!$encrypted) { $password = EfrontUser::createPassword($password); } if ($password != $this->user['password']) { throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD); } } //if user language is deactivated or deleted, login user with system default language if ($GLOBALS['configuration']['onelanguage']) { $loginLanguage = $GLOBALS['configuration']['default_language']; } else { $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true)); if (in_array($this->user['languages_NAME'], $activeLanguages)) { $loginLanguage = $this->user['languages_NAME']; } else { $loginLanguage = $GLOBALS['configuration']['default_language']; } } //Assign session variables $_SESSION['s_login'] = $this->user['login']; $_SESSION['s_password'] = $this->user['password']; $_SESSION['s_type'] = $this->user['user_type']; $_SESSION['s_language'] = $loginLanguage; $_SESSION['s_custom_identifier'] = sha1(microtime() . $this->user['login']); $_SESSION['s_time_target'] = array(0 => 'system'); //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair //$_SESSION['last_action_timestamp'] = time(); //Initialize first action //Insert log entry $fields_insert = array('users_LOGIN' => $this->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR'])); eF_insertTableData("logs", $fields_insert); eF_updateTableData("users", array('last_login' => time()), "login='******'login']}'"); if ($GLOBALS['configuration']['ban_failed_logins']) { eF_deleteTableData("logs", "users_LOGIN='******'login'] . "' and action='failed_login'"); } //Insert user times entry $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0); eF_insertTableData("user_times", $fields); return true; }
include "module_hcd.php"; } elseif ($ctg == "emails") { include "emails.php"; } elseif ($ctg == 'users') { $_GET['op'] = "employees"; $currentUser->aspects['hcd'] = EfrontEmployeeFactory::factory($currentUser->login); include "module_hcd.php"; } elseif (sizeof($modules) > 0 && in_array($ctg, array_keys($module_ctgs))) { $module_mandatory = eF_getTableData("modules", "mandatory", "name = '" . $ctg . "'"); if ($module_mandatory[0]['mandatory'] != 'false' || $GLOBALS['currentLesson']->options[$ctg]) { include G_MODULESPATH . $ctg . '/module.php'; $smarty->assign("T_CTG_MODULE", $module_ctgs[$ctg]); } } } $fields_log = array('users_LOGIN' => $_SESSION['s_login'], 'timestamp' => time(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR'])); /* if (isset($log_comments)) { //If there is a $log_comments variable, it indicates the current action (i.e. the unit that the user saw) $fields_log['action'] = $ctg; $fields_log['comments'] = $log_comments; ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0; eF_insertTableData("logs", $fields_log); } else { //Any other move, that has not set the $log_comments variable, is considered a 'lastmove' action $fields_log['action'] = "lastmove"; $fields_log['comments'] = ""; ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0; eF_deleteTableData("logs", "users_LOGIN='******'s_login']."' AND action='lastmove'"); //Only one lastmove action interests us, so delete any other eF_insertTableData("logs", $fields_log); } */ if (detectBrowser() == 'mobile') {
include "module_hcd.php"; } elseif ($ctg == "emails") { include "emails.php"; } elseif ($ctg == 'users') { $_GET['op'] = "employees"; $currentUser->aspects['hcd'] = EfrontEmployeeFactory::factory($currentUser->login); include "module_hcd.php"; } elseif (sizeof($modules) > 0 && in_array($ctg, array_keys($module_ctgs))) { $module_mandatory = eF_getTableData("modules", "mandatory", "name = '" . $ctg . "'"); if ($module_mandatory[0]['mandatory'] != 'false' || $GLOBALS['currentLesson']->options[$ctg]) { include G_MODULESPATH . $ctg . '/module.php'; $smarty->assign("T_CTG_MODULE", $module_ctgs[$ctg]); } } } $fields_log = array('users_LOGIN' => $_SESSION['s_login'], 'timestamp' => time(), 'session_ip' => eF_encodeIP(eF_getRemoteAddress())); /* if (isset($log_comments)) { //If there is a $log_comments variable, it indicates the current action (i.e. the unit that the user saw) $fields_log['action'] = $ctg; $fields_log['comments'] = $log_comments; ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0; eF_insertTableData("logs", $fields_log); } else { //Any other move, that has not set the $log_comments variable, is considered a 'lastmove' action $fields_log['action'] = "lastmove"; $fields_log['comments'] = ""; ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0; eF_deleteTableData("logs", "users_LOGIN='******'s_login']."' AND action='lastmove'"); //Only one lastmove action interests us, so delete any other eF_insertTableData("logs", $fields_log); } */ if (detectBrowser() == 'mobile') {
private function login($user, $password, $encrypted = false) { //If we are logged in as another user, log him out if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $user->user['login']) { try { EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id()); } catch (Exception $e) { } } //Empty session without destroying it foreach ($_SESSION as $key => $value) { if ($key != 'login_mode' && strpos($key, "facebook") === false) { //'login_mode' is used to facilitate lesson registrations unset($_SESSION[$key]); } } if ($user->user['pending']) { throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING); } if (!$user->user['active']) { throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE); } //if user language is deactivated or deleted, login user with system default language if ($GLOBALS['configuration']['onelanguage']) { $loginLanguage = $GLOBALS['configuration']['default_language']; } else { $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true)); if (in_array($user->user['languages_NAME'], $activeLanguages)) { $loginLanguage = $user->user['languages_NAME']; } else { $loginLanguage = $GLOBALS['configuration']['default_language']; } } //Assign session variables $_SESSION['s_login'] = $user->user['login']; $_SESSION['s_password'] = $user->user['password']; $_SESSION['s_type'] = $user->user['user_type']; $_SESSION['s_language'] = $loginLanguage; $_SESSION['s_custom_identifier'] = sha1(microtime() . $user->user['login']); $_SESSION['s_time_target'] = array(0 => 'system'); //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair //$_SESSION['last_action_timestamp'] = time(); //Initialize first action //Insert log entry $fields_insert = array('users_LOGIN' => $user->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP(eF_getRemoteAddress())); eF_insertTableData("logs", $fields_insert); if ($GLOBALS['configuration']['ban_failed_logins']) { eF_deleteTableData("logs", "users_LOGIN='******'login'] . "' and action='failed_login'"); } //Insert user times entry $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0); eF_insertTableData("user_times", $fields); return true; }
$first_name = array_shift($name_parts); sizeof($name_parts) == 0 ? $last_name = $first_name : ($last_name = implode(" ", $name_parts)); $form->setDefaults(array("login" => $_GET['login'], "password" => _LDAPACCOUNTPASSWORD, "passrepeat" => _LDAPACCOUNTPASSWORD, "email" => $result[0]['mail'][0], "firstName" => $first_name, "lastName" => $last_name)); //$form -> freeze(array('login', 'password', 'passrepeat')); $smarty->assign("T_LDAP_USER", true); if (!$form->isSubmitted()) { $message = _VERIFYFOLLOWINGINFOISCORRECT; $message_type = 'success'; } } elseif ($configuration['only_ldap']) { $message = _ONLYLDAPREGISTRATIONPERMITTED; $message_type = 'failure'; eF_redirect(basename($_SERVER['PHP_SELF']) . "?message=" . urlencode($message) . "&message_type={$message_type}"); } if ($form->isSubmitted()) { $fields_insert = array('users_LOGIN' => 'visitor', 'timestamp' => time(), 'action' => 'forms', 'comments' => 'signup', 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR'])); eF_insertTableData("logs", $fields_insert); if ($form->validate()) { try { if (isset($_SESSION['s_login'])) { //A logged-in user wants to signup: Log him out first $user = EfrontUserFactory::factory($_SESSION['s_login']); $user->logout(session_id()); } $values = $form->exportValues(); //Get the form values //Check the user_type. If it's an id, it means that it's not one of the basic user types; so derive the basic user type and populate the user_types_ID field $defaultUserType = $GLOBALS['configuration']['default_type']; if (is_numeric($defaultUserType)) { $result = eF_getTableData("user_types", "id, basic_user_type", "id=" . $defaultUserType); if (sizeof($result) > 0) {
/** * Checks if a client is considered as spammer * * This function checks if this IP has tried to access contact forms (contact,signup,password reset) * many times in a small time interval. In this case it denies access to the page * * @return bool true if the client may not access the system * @version 1.0 */ function eF_checkSpam($interval = 300) { $res = eF_getTableData("logs", "*", "users_LOGIN='******' AND action='forms' AND session_ip='" . eF_encodeIP($_SERVER['REMOTE_ADDR']) . "' order by timestamp desc limit 10"); $timeInterval = $res[0]['timestamp'] - $res[sizeof($res) - 1]['timestamp']; if (!empty($res) > 1 && $timeInterval < $interval) { return true; } else { return false; } }