protected function _initialize()
{
parent::_initialize();
/*加入用户模块时打开*/
define('UID', is_login());
D('Content')->publishDueContents();
//定时发布
$wap = check_wap();
//访问首页的时候如果是手机用户访问跳转到mobile显示
if ($wap && C('OPEN_WAP_TPL')) {
$this->iswap = true;
layout('layout_wap');
} else {
$this->iswap = false;
}
$this->login_user = session('user_auth');
// set visit
$visit = array('ip' => get_remote_ip(), 'http_user_agent' => htmlspecialchars($_SERVER['HTTP_USER_AGENT']), 'http_referer' => htmlspecialchars($_SERVER['HTTP_REFERER']), 'uri' => htmlspecialchars($_SERVER['REQUEST_URI']), 'module' => strtolower(CONTROLLER_NAME), 'module_id' => I('id'), 'request' => serialize($_REQUEST), 'first_get' => array_shift(I('get.')));
D("Visit")->add($visit);
}
<center>
<p class="alert alert-warning"><?php
__("Warning");
echo "<br/>";
__("The IP and subnet you have here are allowed for ALL users and ALL usages");
?>
</p>
</center>
<br/>
<fieldset>
<legend><?php
__("Add an IP");
?>
- <a href="javascript:edit_ip('','<?php
echo htmlentities(get_remote_ip()) . "','Home IP'";
?>
);" ><?php
echo __("Add my current IP");
?>
</a></legend>
<span id="form_add_ip">
<form method="post" action="adm_authip_whitelist.php" name="main" id="main">
<p id="reset_edit_ip" style="display:none;"><a href="javascript:reset_edit_ip();"><?php
__("Cancel edit");
?>
</a></p>
<input type="hidden" name="id" value="" id="edit_id" />
<p>
<?php
__("Enter here the IP address you want. <br/> <i>IPv4, IPv6 and subnet allowed</i>");
/** Termine une session du bureau virtuel (logout)
* @return boolean TRUE si la session a bien été détruite, FALSE sinon.
*/
function del_session()
{
global $db, $user, $err, $cuid, $classes, $hooks;
$_COOKIE["session"] = addslashes(isset($_COOKIE["session"]) ? $_COOKIE["session"] : '');
setcookie("session", "", 0, "/");
setcookie("oldid", "", 0, "/");
if ($_COOKIE["session"] == "") {
$err->error = 0;
return true;
}
if (strlen($_COOKIE["session"]) != 32) {
$err->raise("mem", _("Cookie incorrect, please accept the session cookie"));
return false;
}
$ip = get_remote_ip();
$db->query("select uid,'{$ip}' as me,ip from sessions where sid='" . $_COOKIE["session"] . "'");
if ($db->num_rows() == 0) {
$err->raise("mem", _("Session unknown, contact the administrator"));
return false;
}
$db->next_record();
if ($db->f("me") != $db->f("ip")) {
$err->raise("mem", _("IP address incorrect, please contact the administrator"));
return false;
}
$cuid = $db->f("uid");
$db->query("delete from sessions where sid='" . $_COOKIE["session"] . "';");
$err->error = 0;
# Invoker le logout dans toutes les autres classes
/*
foreach($classes as $c) {
if (method_exists($GLOBALS[$c],"alternc_del_session")) {
$GLOBALS[$c]->alternc_del_session();
}
}
*/
$hooks->invoke("alternc_del_session");
session_unset();
@session_destroy();
return true;
}
/**
* Envoi un log d'appel d'API dans /var/log/alternc/bureau.log
*
* Cette fonction loggue dans /var/log l'appel à la fonction de l'API
* d'AlternC.
*
* @param integer $clsid Numéro de la classe dont on a appelé une fonction
* @param string $function Nom de la fonction appelée
* @param string $param Paramètre (facultatif) passés à la fonction de l'API.
* @return boolean TRUE si le log a été ajouté, FALSE sinon
*
*/
function log($clsid, $function, $param = "")
{
global $mem, $cuid;
return @file_put_contents($this->logfile, date("d/m/Y H:i:s") . " - " . get_remote_ip() . " - CALL - " . $mem->user["login"] . " - {$clsid} - {$function} - {$param}\n", FILE_APPEND);
}
// We check the cookie's value :
list($newuid, $passcheck) = explode("/", $_COOKIE["oldid"]);
$newuid = intval($newuid);
if (!$newuid) {
$error = _("Your authentication information are incorrect");
include "index.php";
exit;
}
$admin->enabled = true;
$r = $admin->get($newuid);
if ($passcheck != md5($r["pass"])) {
$error = _("Your authentication information are incorrect");
include "index.php";
exit;
}
if ($r['lastip'] != get_remote_ip()) {
$error = _("Your IP is incorrect.");
include "index.php";
exit;
}
// FIXME we should add a peremption date on the cookie
// Ok, so we remove the cookie :
setcookie('oldid', '', 0, '/');
unset($_COOKIE['oldid']);
// And we go back to the former administrator account :
if (!$mem->setid($newuid)) {
$error = $err->errstr();
include "index.php";
exit;
}
include_once "adm_list.php";
if (!isset($_SESSION['last_action']) || empty($_SESSION['last_action'])) {
header("location: logout.php");
die;
}
if (!isset($_SESSION['visits']) || empty($_SESSION['visits'])) {
header("location: logout.php");
die;
}
/*
*---------------------------------------------------------------
* Session time out in seconds
*---------------------------------------------------------------
*
*/
/* verify fingerprint, important for session highjacking */
$IPADDRESS = get_remote_ip();
$USERAGENT = $_SERVER['HTTP_USER_AGENT'];
$FINGERPRINT = md5($_SESSION['USER'] . $_SESSION['IPADDRESS'] . $_SESSION['USERAGENT']);
if ($FINGERPRINT !== $_SESSION['FINGERPRINT']) {
header("location: index.php");
die;
}
/*
*
*---------------------------------------------------------------
* Session time out in seconds
*---------------------------------------------------------------
*
*/
/* Session fixation fix */
if (!isset($_SESSION['initiated'])) {
function set_ip_log()
{
$ip = get_remote_ip();
$url = $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
$query = 'select `num` from access where `ip` = "' . $ip . '"';
$result = mysql_query($query);
while ($row = mysql_fetch_assoc($result)) {
$num = $row['num'];
}
if (!empty($num)) {
$edit_query = 'UPDATE `access` SET `num` = "' . ($num + 1) . '" , `url` = "' . $url . '" WHERE `ip` = "' . $ip . '" ;';
mysql_query($edit_query);
} else {
$add_query = 'INSERT INTO `access` (`ip`, `num`, `url`) VALUES ("' . $ip . '", "1", "' . $url . '");';
mysql_query($add_query);
}
}
