Exemplo n.º 1
0
function login_anonymous_session()
{
    $_SESSION["username"] = "******";
    $_SESSION["password"] = "";
    if (!isset($_SESSION["history"])) {
        $_SESSION["history"] = array();
    }
    $_SESSION["groups"] = array();
    $_SESSION["permission_sql"] = "r@right@_users like '%|anonymous|%'";
    $_SESSION["permission_sql_read"] = "rread_users like '%|anonymous|%'";
    $_SESSION["permission_sql_write"] = "rwrite_users like '%|anonymous|%'";
    $_SESSION["permission_sql_exception"] = "(rexception_users!='' and " . sql_regexp("rexception_users", "anonymous", "|@view@:@right@:%s|") . ")";
    $_SESSION["disabled_modules"] = array_flip(explode("|", DISABLED_MODULES));
    $_SESSION["folder_states"] = array();
    $_SESSION["day_begin"] = 25200;
    // 7:00 = 7*3600
    $_SESSION["day_end"] = 64800;
    // 18:00 = 18*3600
    $_SESSION["home_folder"] = "";
    $_SESSION["treevisible"] = true;
    $_SESSION["ip"] = _login_get_remoteaddr();
    $_SESSION["theme"] = "core";
    $_SESSION["tickets"] = array("templates" => array("dbselect", "simple_templates", array("tplcontent", "tplname"), array("tplname like @search@"), "tplname asc"));
    $base = dirname($_SERVER["SCRIPT_FILENAME"]) . "/";
    $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_CACHE . "/preview/");
    foreach (explode(",", SIMPLE_IMPORT) as $folder) {
        if ($folder == "" or !is_dir($folder)) {
            continue;
        }
        if ($folder[0] != "/" and !strpos($folder, ":")) {
            $folder = $base . $folder;
        }
        $_SESSION["ALLOWED_PATH"][] = rtrim(str_replace("\\", "/", $folder), "/") . "/";
    }
    if (!APC_SESSION and $id = session_id() and !db_count("simple_sys_session", array("id=@id@"), array("id" => $id))) {
        db_insert("simple_sys_session", array("expiry" => NOW + LOGIN_TIMEOUT, "id" => $id));
    }
}
Exemplo n.º 2
0
 static function process_login($username, $password = "")
 {
     $id = session_id();
     if (!APC_SESSION and $id and (empty($_SESSION["username"]) or $_SESSION["username"] != $username)) {
         $row = db_select_first("simple_sys_session", array("id", "data", "expiry"), "username=@username@", "lastmodified desc", array("username" => $username));
         if (!empty($row["id"])) {
             $_SESSION = array();
             session_decode(rawurldecode($row["data"]));
             if ($row["expiry"] < NOW) {
                 db_delete("simple_sys_session", array("id=@id@"), array("id" => $row["id"]));
             }
         }
         if (!db_count("simple_sys_session", array("id=@id@"), array("id" => $id))) {
             db_insert("simple_sys_session", array("expiry" => NOW + LOGIN_TIMEOUT, "id" => $id));
         }
     }
     $_SESSION["username"] = $username;
     if ($password != "") {
         $_SESSION["password"] = sys_encrypt($password, $id);
     }
     if (!isset($_SESSION["history"])) {
         $_SESSION["history"] = array();
     }
     $_SESSION["groups"] = array();
     $_SESSION["folder_states"] = array();
     $base = dirname($_SERVER["SCRIPT_FILENAME"]) . "/";
     if (sys_is_super_admin($_SESSION["username"])) {
         $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/", $base . SIMPLE_CACHE . "/debug/", $base . SIMPLE_STORE . "/trash/", $base . SIMPLE_CACHE . "/preview/", $base . SIMPLE_STORE . "/backup/");
     } else {
         $_SESSION["ALLOWED_PATH"] = array($base . SIMPLE_STORE . "/home/" . $_SESSION["username"] . "/", $base . SIMPLE_CACHE . "/preview/");
     }
     foreach (explode(",", SIMPLE_IMPORT) as $folder) {
         if ($folder == "" or !is_dir($folder)) {
             continue;
         }
         if ($folder[0] != "/" and !strpos($folder, ":")) {
             $folder = $base . $folder;
         }
         $_SESSION["ALLOWED_PATH"][] = rtrim(str_replace("\\", "/", $folder), "/") . "/";
     }
     // TODO2 put in extra function and configure it with setup to fetch groups from somewhere else
     if (sys_is_super_admin($_SESSION["username"])) {
         $_SESSION["permission_sql"] = "1=1";
         $_SESSION["permission_sql_exception"] = "1=0";
         $_SESSION["disabled_modules"] = array();
     } else {
         $_SESSION["permission_sql"] = sql_regexp("r@right@_users", array($username, "anonymous"));
         $_SESSION["permission_sql_exception"] = "(rexception_users!='' and " . sql_regexp("rexception_users", array($username, "anonymous"), "|@view@:@right@:%s|") . ")";
         $_SESSION["disabled_modules"] = array_flip(explode("|", DISABLED_MODULES));
         $rows = db_select("simple_sys_groups", "groupname", array("activated=1", "members like @username_sql@"), "", "", array("username_sql" => "%|" . $username . "|%"));
         if (is_array($rows) and count($rows) > 0) {
             foreach ($rows as $val) {
                 $_SESSION["groups"][] = $val["groupname"];
             }
             $_SESSION["permission_sql"] = "(" . $_SESSION["permission_sql"] . " or " . sql_regexp("r@right@_groups", $_SESSION["groups"]) . ")";
             $_SESSION["permission_sql_exception"] = "(" . $_SESSION["permission_sql_exception"] . " or (rexception_groups!='' and " . sql_regexp("rexception_groups", $_SESSION["groups"], "|@view@:@right@:%s|") . "))";
         }
     }
     $_SESSION["permission_sql_read"] = str_replace("@right@", "read", $_SESSION["permission_sql"]);
     $_SESSION["permission_sql_write"] = str_replace("@right@", "write", $_SESSION["permission_sql"]);
     $_SESSION["ip"] = _login_get_remoteaddr();
     $_SESSION["tickets"] = array("templates" => array("dbselect", "simple_templates", array("tplcontent", "tplname"), array("tplname like @search@"), "tplname asc"));
     $_SESSION["treevisible"] = true;
     $row = db_select_first("simple_sys_users", "*", "username=@username@", "", array("username" => $username));
     if (!empty($row["cal_day_begin"])) {
         $_SESSION["day_begin"] = sys_date("G", $row["cal_day_begin"] - 1) * 3600;
         $_SESSION["day_end"] = sys_date("G", $row["cal_day_end"]) * 3600;
     } else {
         $_SESSION["day_begin"] = 25200;
         // 7:00 = 7*3600
         $_SESSION["day_end"] = 64800;
         // 18:00 = 18*3600
     }
     if (!empty($row["enabled_modules"])) {
         $row["enabled_modules"] = array_flip(explode("|", trim($row["enabled_modules"], "|")));
         $_SESSION["disabled_modules"] = array_diff_key($_SESSION["disabled_modules"], $row["enabled_modules"]);
     }
     if (!empty($row["timezone"])) {
         $_SESSION["timezone"] = $row["timezone"];
     } else {
         $_SESSION["timezone"] = "";
     }
     if (!empty($row["theme"])) {
         $_SESSION["theme"] = $row["theme"];
     } else {
         $_SESSION["theme"] = "core";
     }
     if (!empty($row["home_folder"])) {
         $_SESSION["home_folder"] = "index.php?folder=" . rawurlencode($row["home_folder"]);
     } else {
         if (sys_is_super_admin($username)) {
             $anchor = "system";
         } else {
             $anchor = "home_" . $username;
         }
         $_SESSION["home_folder"] = "index.php?folder=^" . $anchor;
     }
     if ($id or isset($_REQUEST["login"])) {
         sys_log_stat("logins", 1);
         sys_log_message_log("login", sprintf("{t}login %s from %s with %s{/t}", $_SESSION["username"], $_SESSION["ip"], sys::$browser));
     }
     trigger::login();
     if (!empty($row["pwdexpires"]) and $row["pwdexpires"] < NOW) {
         sys_warning(sprintf("{t}Password expired. (password of %s has expired){/t}", $username));
         self::_redirect("index.php?view=changepwd&find=asset|simple_sys_users|1|username="******"username"]);
     } else {
         if (!empty($_REQUEST["page"])) {
             if (CMS_REAL_URL) {
                 self::_redirect(CMS_REAL_URL . $_REQUEST["page"]);
             }
             self::_redirect("cms.php/" . $_REQUEST["page"]);
         } else {
             if (!empty($_REQUEST["redirect"])) {
                 self::_redirect($_SESSION["home_folder"]);
             }
         }
     }
 }