/**
* Log the user in
*
* @param uname $ the name of the user logging in
* @param pass $ the password of the user logging in
* @param whether $ or not to remember this login if not set false
* @return bool true if the user successfully logged in, false otherwise
*/
function pnUserLogIn($uname, $pass, $rememberme = false)
{
$uname = isset($uname) ? $uname : '';
if (!pnVarValidate($uname, 'uname') || !isset($pass)) {
return false;
}
if (!pnUserLoggedIn()) {
// get the database connection
$dbconn =& pnDBGetConn(true);
$pntable =& pnDBGetTables();
// Get user information
$userscolumn =& $pntable['users_column'];
$userstable = $pntable['users'];
$query = "SELECT {$userscolumn['uid']},\n {$userscolumn['pass']}\n FROM {$userstable}\n WHERE {$userscolumn['uname']} = '" . pnVarPrepForStore($uname) . "'";
$result =& $dbconn->Execute($query);
if ($result->EOF) {
return false;
}
list($uid, $realpass) = $result->fields;
$result->Close();
// check if we need to create a session
if (!session_id()) {
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
}
// Confirm that passwords match
if (!comparePasswords($pass, $realpass, $uname, substr($realpass, 0, 2))) {
return false;
}
// Set user session information (new table)
$sessioninfocolumn =& $pntable['session_info_column'];
$sessioninfotable = $pntable['session_info'];
$query = "UPDATE {$sessioninfotable}\n SET {$sessioninfocolumn['uid']} = " . pnVarPrepForStore($uid) . "\n WHERE {$sessioninfocolumn['sessid']} = '" . pnVarPrepForStore(session_id()) . "'";
$dbconn->Execute($query);
// Set session variables
pnSessionSetVar('uid', (int) $uid);
if (!empty($rememberme)) {
pnSessionSetVar('rememberme', 1);
}
// now we've logged in the permissions previously calculated are invalid
$GLOBALS['authinfogathered'] = 0;
}
return true;
}
/**
* Initialise PostNuke
* <br>
* Carries out a number of initialisation tasks to get PostNuke up and
* running.
* @returns void
*/
function pnInit()
{
// proper error_repoting
// e_all for development
// error_reporting(E_ALL);
// without warnings and notices for release
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING & ~E_DEPRECATED);
// Hack for some weird PHP systems that should have the
// LC_* constants defined, but don't
if (!defined('LC_TIME')) {
define('LC_TIME', 'LC_TIME');
}
// ADODB configuration
define('ADODB_DIR', 'pnadodb');
require 'pnadodb/adodb.inc.php';
// Temporary fix for hacking the hlpfile global
// TODO - remove with pre-0.71 code
global $hlpfile;
$hlpfile = '';
// Initialise and load configuration
global $pnconfig, $pndebug;
$pnconfig = array();
include 'config.php';
// Set up multisites
// added this @define for .71, ugly ?
// i guess the E_ALL stuff.
@define('WHERE_IS_PERSO', '');
// Initialise and load pntables
global $pntable;
$pntable = array();
// if a multisite has its own pntables.
if (file_exists(WHERE_IS_PERSO . 'pntables.php')) {
include WHERE_IS_PERSO . 'pntables.php';
} else {
require 'pntables.php';
}
// Decode encoded DB parameters
if ($pnconfig['encoded']) {
$pnconfig['dbuname'] = base64_decode($pnconfig['dbuname']);
$pnconfig['dbpass'] = base64_decode($pnconfig['dbpass']);
$pnconfig['encoded'] = 0;
}
// Connect to database
if (!pnDBInit()) {
die('Database initialisation failed');
}
// debugger if required
if ($pndebug['debug']) {
include_once 'includes/lensdebug.inc.php';
global $dbg, $debug_sqlcalls;
$dbg = new LensDebug();
$debug_sqlcalls = 0;
}
// Build up old config array
pnConfigInit();
// Set compression on if desired
//
if (pnConfigGetVar('UseCompression') == 1) {
ob_start("ob_gzhandler");
}
// Other includes
include 'includes/pnSession.php';
include 'includes/pnUser.php';
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
include 'includes/security.php';
// See if a language update is required
$newlang = pnVarCleanFromInput('newlang');
if (!empty($newlang)) {
$lang = $newlang;
pnSessionSetVar('lang', $newlang);
} else {
$lang = pnSessionGetVar('lang');
}
// Load global language defines
if (isset($lang) && file_exists('language/' . pnVarPrepForOS($lang) . '/global.php')) {
$currentlang = $lang;
} else {
$currentlang = pnConfigGetVar('language');
pnSessionSetVar('lang', $currentlang);
}
include 'language/' . pnVarPrepForOS($currentlang) . '/global.php';
include 'modules/NS-Languages/api.php';
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
$pnAntiCrackerMode = pnConfigGetVar('pnAntiCracker');
if ($pnAntiCrackerMode == 1) {
pnSecureInput();
}
// Banner system
include 'includes/pnBanners.php';
// Other other includes
include 'includes/advblocks.php';
include 'includes/counter.php';
include 'includes/pnHTML.php';
include 'includes/pnMod.php';
include 'includes/queryutil.php';
include 'includes/xhtml.php';
include 'includes/oldfuncs.php';
// Handle referer
if (pnConfigGetVar('httpref') == 1) {
include 'referer.php';
httpreferer();
}
return true;
}
/**
* generate an authorisation key
* <br />
* The authorisation key is used to confirm that actions requested by a
* particular user have followed the correct path. Any stage that an
* action could be made (e.g. a form or a 'delete' button) this function
* must be called and the resultant string passed to the client as either
* a GET or POST variable. When the action then takes place it first calls
* <code>pnSecConfirmAuthKey()</code> to ensure that the operation has
* indeed been manually requested by the user and that the key is valid
*
* @public
* @param modname $ the module this authorisation key is for (optional)
* @return string an encrypted key for use in authorisation of operations
*/
function pnSecGenAuthKey($modname = '')
{
// since we need sessions for authorisation keys we should check
// if a session exists and if not create one
if (!session_id()) {
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
}
if (empty($modname)) {
$modname = pnVarCleanFromInput('module');
}
// get the module info
$modinfo = pnModGetInfo(pnModGetIDFromName($modname));
// Date gives extra security but leave it out for now
// $key = pnSessionGetVar('rand') . $modname . date ('YmdGi');
$key = pnSessionGetVar('rand') . strtolower($modinfo['name']);
// Encrypt key
$authid = md5($key);
// Return encrypted key
return $authid;
}
/**
* Initialise PostNuke
* <br />
* Carries out a number of initialisation tasks to get PostNuke up and
* running.
*
* @returns void
*/
function pnInit()
{
// force register_globals=off
// force register_globals = off
if (!defined('_PNINSTALLVER') && ini_get('register_globals')) {
foreach ($GLOBALS as $s_variable_name => $m_variable_value) {
if (!in_array($s_variable_name, array('GLOBALS', 'argv', 'argc', '_FILES', '_COOKIE', '_POST', '_GET', '_SERVER', '_ENV', '_SESSION', '_REQUEST', 's_variable_name', 'm_variable_value'))) {
unset($GLOBALS[$s_variable_name]);
}
}
unset($GLOBALS['s_variable_name']);
unset($GLOBALS['m_variable_value']);
}
// proper error_repoting
// E_ALL for development
// error_reporting(E_ALL);
// without warnings and notices for release
error_reporting(E_ALL & ~E_NOTICE & ~E_WARNING);
// Hack for some weird PHP systems that should have the
// LC_* constants defined, but don't
if (!defined('LC_TIME')) {
define('LC_TIME', 'LC_TIME');
}
// Initialise and load configuration
$pnconfig = array();
$pndebug = array();
include 'config.php';
$GLOBALS['pnconfig'] = $pnconfig;
$GLOBALS['pndebug'] = $pndebug;
// Initialize the (ugly) additional header array
$GLOBALS['additional_header'] = array();
// load ADODB
pnADODBInit();
// Connect to database
if (!pnDBInit()) {
die('Database initialisation failed');
}
// Set up multisites
// added this @define for .71, ugly ?
// i guess the E_ALL stuff.
@define('WHERE_IS_PERSO', '');
// Initialise and load pntables
pnDBSetTables();
// user and modules system includes
include 'includes/pnUser.php';
include 'includes/pnMod.php';
// Set compression on if desired
if (pnConfigGetVar('UseCompression') == 1) {
ob_start("ob_gzhandler");
}
if (isset($_REQUEST['_SESSION'])) {
die('Attempted pollution of SESSION space via GPC request');
}
// Other includes
include 'includes/pnSession.php';
if (pnConfigGetVar('anonymoussessions') || !empty($_REQUEST['POSTNUKESID'])) {
// Start session
if (!pnSessionSetup()) {
die('Session setup failed');
}
if (!pnSessionInit()) {
die('Session initialisation failed');
}
}
// load security functions.
include 'includes/pnSecurity.php';
include 'includes/pnBlocks.php';
// Load our language files
include 'includes/pnLang.php';
pnLangLoad();
// inclusion of pnrender class -- jn
include 'includes/pnRender.class.php';
include 'includes/pnTheme.php';
include 'includes/pnHTML.php';
// Legacy includes
if (pnConfigGetVar('loadlegacy') == '1') {
include 'includes/legacy/legacy.php';
include 'includes/legacy/queryutil.php';
include 'includes/legacy/xhtml.php';
include 'includes/legacy/oldfuncs.php';
}
// Check for site closed
if (pnConfigGetVar('siteoff') && !pnSecAuthAction(0, 'Settings::', 'SiteOff::', ACCESS_ADMIN)) {
include 'includes/templates/siteoff.htm';
die;
}
// Cross-Site Scripting attack defense - Sent by larsneo
// some syntax checking against injected javascript
if (pnConfigGetVar('pnAntiCracker') == '1') {
include 'includes/pnAntiCracker.php';
pnSecureInput();
}
// load safehtml class for xss filtering
// the XML_HTMLSAX3 define is also needed inside the class so we
// cannot use the path directly in the include.
if (pnConfigGetVar('safehtml') == '1') {
define('XML_HTMLSAX3', 'includes/classes/safehtml/');
include XML_HTMLSAX3 . 'safehtml.php';
}
// Banner system
// TODO - move to banners module
if (pnModAvailable('Banners')) {
include 'includes/pnBanners.php';
}
// Call Stats module counter code if installed
if (pnModAvailable('Stats') && !pnSecAuthAction(0, '.*', '.*', ACCESS_ADMIN)) {
include 'includes/legacy/counter.php';
}
// Handle referer
if (pnModAvailable('Referers') && pnConfigGetVar('httpref') == 1) {
include 'includes/legacy/referer.php';
httpreferer();
}
// Load the theme
pnThemeLoad(pnUserGetTheme());
return true;
}
