function auth_require_login() { $realm = $GLOBALS['config']['login_message']; header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('HTTP/1.1 401 Unauthorized'); include $GLOBALS['config']['html_dir'] . '/includes/error-no-perm.inc.php'; session_logout(); die; }
function session_logoutIfNoOpenId() { if (isset($_SESSION['user'])) { $user = $_SESSION['user']; if (!@$user->identity) { session_logout(); } } }
/** * This function forces a login prompt via basic HTTP authentication by making the browser believe * the authentication has failed. Required to log out a basic HTTP auth session. */ function http_auth_require_login() { $realm = $GLOBALS['config']['login_message']; header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('HTTP/1.1 401 Unauthorized'); print_error_permission(); session_logout(); die; }
function radius_authenticate($username, $password) { global $config, $rad; radius_init(); if ($username && $rad) { radius_create_request($rad, RADIUS_ACCESS_REQUEST); radius_put_string($rad, 1, $username); radius_put_string($rad, 2, $password); radius_put_string($rad, 4, $_SERVER['SERVER_ADDR']); $response = radius_send_request($rad); if ($response == RADIUS_ACCESS_ACCEPT) { return 1; } } session_logout(); return 0; }
/** * Initializes the RADIUS connection to the specified server(s). Cycles through all servers, throws error when no server can be reached. * Private function for this RADIUS module only. */ function radius_init() { global $rad, $config; if (!is_resource($rad)) { $success = 0; $rad = radius_auth_open(); foreach ($config['auth_radius_server'] as $server) { if (radius_add_server($rad, $server, $config['auth_radius_port'], $config['auth_radius_secret'], $config['auth_radius_timeout'], $config['auth_radius_retries'])) { $success = 1; } } if (!$success) { print_error("Fatal error: Could not connect to configured RADIUS server(s)."); session_logout(); exit; } } }
function authenticate($username, $password) { $encrypted_old = md5($password); $row = dbFetchRow("SELECT `username`, `password` FROM `users` WHERE `username`= ?", array($username)); if ($row['username'] && $row['username'] == $username) { // Migrate from old, unhashed password if ($row['password'] == $encrypted_old) { $row = dbFetchRow("DESCRIBE `users` `password`"); if ($row['Type'] == 'varchar(34)') { auth_change_password($username, $password); } return 1; } if ($row['password'] == crypt($password, $row['password'])) { return 1; } } session_logout(); return 0; }
/** * logout - Logs out a SOAP client * * @param string sessionkey The session key */ function logout($session_ser) { continue_session($session_ser); session_logout(); return "OK"; }
<?php include "./functions/sessao.php"; session_start(); session_logout(); header('Location: login.php'); die;
/** * session_set() - Re-initialize session for the logged in user * * This function checks that the user is logged in and if so, initialize * internal session environment. * * @return none */ function session_set() { global $G_SESSION; global $session_ser, $session_key; // assume bad session_hash and session. If all checks work, then allow // otherwise make new session $id_is_good = false; // If user says he's logged in (by presenting cookie), check that if ($session_ser) { $user_id = session_check_session_cookie($session_ser); if ($user_id) { $result = session_getdata($user_id); if (db_numrows($result) > 0) { $id_is_good = true; } } } // else (hash does not exist) or (session hash is bad) if ($id_is_good) { $G_SESSION = user_get_object($user_id, $result); if ($G_SESSION) { $G_SESSION->setLoggedIn(true); } } else { $G_SESSION = false; // if there was bad session cookie, kill it and the user cookie // if ($session_ser) { session_logout(); } } }
// Not authenticated $_SESSION['auth_message'] = "Authentication Failed"; session_logout(function_exists('auth_require_login')); } } // Retrieve user ID and permissions if ($_SESSION['authenticated']) { if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) { $_SESSION['userlevel'] = auth_user_level($_SESSION['username']); $_SESSION['user_id'] = auth_user_id($_SESSION['username']); } $level_permissions = auth_user_level_permissions($_SESSION['userlevel']); // If userlevel == 0 - user disabled an can not be logon if (!$level_permissions['permission_access']) { $_SESSION['auth_message'] = 'User login disabled'; session_logout(FALSE, 'User disabled'); header('Location: ' . $config['base_url']); exit; } else { if (!isset($_SESSION['user_limited']) || $_SESSION['user_limited'] != $level_permissions['limited']) { // Store user limited flag, required for quick permissions list generate $_SESSION['user_limited'] = $level_permissions['limited']; } } // Now we can enable debug if required if (defined('OBS_DEBUG_WUI')) { if ($_SESSION['userlevel'] < 7 && !$config['permit_user_debug']) { // DO NOT ALLOW show debug output for users with privilege level less than "global secure read" define('OBS_DEBUG', 0); ini_set('display_errors', 0); ini_set('display_startup_errors', 0);
function ldap_bind_dn($username = "", $password = "") { global $config, $ds; print_debug("LDAP[Bind DN called]"); if ($config['auth_ldap_binddn']) { print_debug("LDAP[Bind][" . $config['auth_ldap_binddn'] . "]"); $bind = ldap_bind($ds, $config['auth_ldap_binddn'], $config['auth_ldap_bindpw']); } else { // Try anonymous bind if configured to do so if ($config['auth_ldap_bindanonymous']) { print_debug("LDAP[Bind][anonymous]"); $bind = ldap_bind($ds); } else { if (($username == '' || $password == '') && isset($_SESSION['password'])) { // Use session credintials $username = $_SESSION['username']; $password = $_SESSION['password']; } print_debug("LDAP[Bind][" . $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'] . "]"); $bind = ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password); } } if ($bind) { return 0; } else { print_debug("Error binding to LDAP server: " . $config['auth_ldap_server'] . ": " . ldap_error($ds)); session_logout(); return 1; } }
// Retrieve user ID and permissions if ($_SESSION['authenticated']) { if (!is_numeric($_SESSION['userlevel']) || !is_numeric($_SESSION['user_id'])) { $_SESSION['userlevel'] = auth_user_level($_SESSION['username']); $_SESSION['user_id'] = auth_user_id($_SESSION['username']); } $permissions = permissions_cache($_SESSION['user_id']); // Add feeds & api keys after first auth if ($mcrypt_exists && !get_user_pref($_SESSION['user_id'], 'atom_key')) { set_user_pref($_SESSION['user_id'], 'atom_key', md5(strgen())); } } else { if (isset($_SESSION['username'])) { $auth_message = "认证失败"; //dbInsert(array('user' => $_SESSION['username'], 'address' => $_SERVER["REMOTE_ADDR"], 'result' => 'Authentication Failure'), 'authlog'); session_logout(function_exists('auth_require_login')); } } if ($config['auth_mechanism'] != 'ldap') { // Duh.. for LDAP still need store password :( unset($_SESSION['password']); // Remove password so that it's not saved in $_SESSION in plaintext on the disk. } if ($auth_success) { // If just logged in go to request uri if (!OBS_DEBUG) { header("位置: " . $_SERVER['REQUEST_URI']); } else { print_message("调试模式禁用重定向到首页; 请点击 <a href=\"" . $_SERVER['REQUEST_URI'] . "\">这里</a> 继续."); } exit;
/** * Bind with either the configured bind DN, the user's configured DN, or anonymously, depending on config. * Private function for this LDAP module only. * * @param string $username Bind username (optional) * @param string $password Bind password (optional) * @return bool FALSE if bind succeeded, TRUE if not */ function ldap_bind_dn($username = "", $password = "") { global $config, $ds, $cache; print_debug("LDAP[Bind DN called]"); // Avoid binding multiple times on one resource, this upsets some LDAP servers. if (isset($cache['ldap_bind_result'])) { return $cache['ldap_bind_result']; } else { if ($config['auth_ldap_binddn']) { print_debug("LDAP[Bind][" . $config['auth_ldap_binddn'] . "]"); $bind = ldap_bind($ds, $config['auth_ldap_binddn'], $config['auth_ldap_bindpw']); } else { // Try anonymous bind if configured to do so if ($config['auth_ldap_bindanonymous']) { print_debug("LDAP[Bind][anonymous]"); $bind = ldap_bind($ds); } else { if (($username == '' || $password == '') && isset($_SESSION['user_encpass'])) { // Use session credintials print_debug("LDAP[Bind][session]"); $username = $_SESSION['username']; if (!isset($_SESSION['mcrypt_required'])) { $password = decrypt($_SESSION['user_encpass'], session_unique_id() . get_unique_id()); } else { // WARNING, requires mcrypt $password = base64_decode($_SESSION['user_encpass'], TRUE); } } print_debug("LDAP[Bind][" . $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'] . "]"); $bind = ldap_bind($ds, $config['auth_ldap_prefix'] . $username . $config['auth_ldap_suffix'], $password); } } } if ($bind) { $cache['ldap_bind_result'] = 0; return FALSE; } else { $cache['ldap_bind_result'] = 1; print_debug("Error binding to LDAP server: " . implode(',', $config['auth_ldap_server']) . ': ' . ldap_error($ds)); session_logout(); return TRUE; } }
public function Logout() { session_logout(); header('location: home.php?action=index'); }