Exemplo n.º 1
0
 public function onClickUnblock($sender)
 {
     $this->captcha_error_obj->emptyObject();
     if ($this->captcha->check()) {
         WspBannedVisitors::resetBannedIP($this->getRemoteIP());
         $this->refreshPage();
     } else {
         $error = new Label(__(ERROR_CAPTCHA));
         $error->setColor("red");
         $this->captcha_error_obj->add($error);
     }
 }
Exemplo n.º 2
0
 public function Load()
 {
     $dialog_update = new DialogBox(__(UPDATE_FRAMEWORK), new Url($this->getBaseLanguageURL() . "wsp-admin/update/update-framework.call?update=" . $_GET['update'] . "&parent_dialog_level=" . DialogBox::getCurrentDialogBoxLevel()));
     $dialog_update->displayFormURL()->modal();
     $button_yes = new Button($this);
     $button_yes->onClickJs($dialog_update->render())->setValue(__(UPDATE_FRAMEWORK_YES));
     $button_no = new Button($this);
     $button_no->onClickJs(DialogBox::closeAll())->setValue(__(UPDATE_FRAMEWORK_NO));
     $table_yes_no = new Table();
     $table_yes_no->addRowColumns($button_yes, " ", $button_no);
     if ($_GET['update'] == "update-wsp") {
         $warning_lbl = new Label(__(UPDATE_FRAMEWORK_WSP_WARNING));
         $warning_lbl->setColor("red")->setItalic();
         $this->render = new Object(__(UPDATE_FRAMEWORK_CONFIRM, $_GET['text']), "<br/><br/>", $warning_lbl, "<br/><br/>", $table_yes_no);
     } else {
         $this->render = new Object(__(UPDATE_FRAMEWORK_CONFIRM, $_GET['text']), "<br/><br/>", $table_yes_no);
     }
     $this->render->setAlign(Object::ALIGN_CENTER);
 }
Exemplo n.º 3
0
 public function createAction()
 {
     $this->haveAccess();
     $O_label = new Label();
     $O_label->setLabel($_POST['label']);
     $O_label->setModel($_POST['model']);
     $O_label->setReference($_POST['reference']);
     $O_label->setDescription($_POST['description']);
     $O_label->setLifetime($_POST['lifetime']);
     $O_label->setControlCycle($_POST['control_cycle']);
     $O_label->setNotice($_POST['notice']);
     $O_label->setProcedure($_POST['procedure']);
     $O_label->setImage($_POST['image']);
     $O_label->setSize($_POST['size']);
     $O_label->setColor($_POST['color']);
     $O_label->setCategoryEpiId($_POST['category_epi_id']);
     $O_labelMapper = new LabelMapper();
     $I_labelId = $O_labelMapper->insert($O_label);
     die(header('Location:/label/paginate/1'));
 }
Exemplo n.º 4
0
 /**
  * Method userIsAuthentificated
  * @access protected
  * @param mixed $strUserRights 
  * @param mixed $redirect 
  * @param mixed $redirect_url 
  * @since 1.1.11
  */
 protected function userIsAuthentificated($strUserRights, $redirect, $redirect_url)
 {
     $this->page_object->setUserRights($strUserRights);
     $_SESSION['wsp-login'] = $this->getLogin();
     if ($redirect) {
         if ($this->authentication_msg) {
             $str_msg = new Label(__(AUTHENTICATION_LOGIN_OK_REDIRECT));
             $str_msg->setStyle("text-shadow:#888888 1px 1px 1px;");
             $this->error_obj->add($str_msg->setColor($this->color_ok));
         }
         if ($redirect_url == "") {
             $this->page_object->redirect($this->page_object->getBaseLanguageURL() . WSP_ADMIN_URL . "/admin.html");
         } else {
             if (strtoupper($redirect_url) == "REFERER") {
                 if ($this->getReferer() != "") {
                     $this->page_object->redirect($this->getReferer());
                 } else {
                     $this->page_object->redirect($this->page_object->getBaseLanguageURL() . WSP_ADMIN_URL . "/admin.html");
                 }
             } else {
                 $this->page_object->redirect($redirect_url);
             }
         }
     } else {
         if ($this->authentication_msg) {
             $str_msg = new Label(__(AUTHENTICATION_LOGIN_OK));
             $str_msg->setStyle("text-shadow:#888888 1px 1px 1px;");
             $this->error_obj->add($str_msg->setColor($this->color_ok));
         }
     }
 }
Exemplo n.º 5
0
 public function Load()
 {
     header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found");
     parent::$PAGE_TITLE = __(ERROR_PAGE) . " - " . __(SITE_NAME);
     parent::$PAGE_META_ROBOTS = "noindex, nofollow";
     // check if URL is not bad, but could be a good URL
     if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") {
         $url_to_check = trim($_GET['error-redirect-url']);
     } else {
         $url_to_check = trim($this->getCurrentUrl());
     }
     $base_url_tmp = BASE_URL;
     if ($base_url_tmp[strlen($base_url_tmp) - 1] == "/") {
         $base_url_tmp = substr($base_url_tmp, 0, strlen($base_url_tmp) - 1);
     }
     $url_to_check = str_replace("%22", "\"", str_replace("%5C", "\\", str_replace("%5c", "\\", str_replace("%27", "'", $url_to_check))));
     $redirect_bad_url_to = "";
     if (preg_match("@" . $base_url_tmp . "([^?]*)/'(http://|https://|http:/|https:/)(.+)/'@i", $url_to_check, $matches) == 1) {
         // url detect with /' in the end
         $redirect_bad_url_to = $matches[3];
         $redirect_bad_url_to_http = $matches[2];
     } else {
         if (preg_match("@" . $base_url_tmp . "([^?]*)/'(http://|https://|http:/|https:/)(.+)'@i", $url_to_check, $matches) == 1) {
             // url detect with '
             $redirect_bad_url_to = $matches[3];
             $redirect_bad_url_to_http = $matches[2];
         } else {
             if (preg_match("@" . $base_url_tmp . "([^?]*)/\\\\'(http://|https://|http:/|https:/)(.+)\\\\'@i", $url_to_check, $matches) == 1) {
                 // url detect with \'
                 $redirect_bad_url_to = $matches[3];
                 $redirect_bad_url_to_http = $matches[2];
             } else {
                 if (preg_match("@" . $base_url_tmp . "([^?]*)/\"(http://|https://|http:/|https:/)(.+)\"@i", $url_to_check, $matches) == 1) {
                     // url detect with "
                     $redirect_bad_url_to = $matches[3];
                     $redirect_bad_url_to_http = $matches[2];
                 } else {
                     if (preg_match("@" . $base_url_tmp . "([^?]*)/(http://|https://|http:/|https:/)(.+)@i", $url_to_check, $matches) == 1) {
                         // url detect without no '
                         $redirect_bad_url_to = $matches[3];
                         $redirect_bad_url_to_http = $matches[2];
                     } else {
                         if (preg_match("@" . BASE_URL . "combine-css/'/(.+)'@i", $url_to_check, $matches) == 1) {
                             // combine-css url with '
                             $redirect_bad_url_to = BASE_URL . $matches[1];
                             $redirect_bad_url_to_http = "";
                         }
                     }
                 }
             }
         }
     }
     // check apple icon
     if ($redirect_bad_url_to == "" && find($url_to_check, "apple-touch-icon") > 0) {
         if ($url_to_check == BASE_URL . "apple-touch-icon.png" || $url_to_check == BASE_URL . "apple-touch-icon-precomposed.png") {
             if (defined('SITE_META_IPHONE_IMAGE_114PX')) {
                 $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_114PX;
             } else {
                 if (defined('SITE_META_IPHONE_IMAGE_72PX')) {
                     $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_72PX;
                 } else {
                     if (defined('SITE_META_IPHONE_IMAGE_57PX')) {
                         $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_57PX;
                     }
                 }
             }
         } else {
             if ($url_to_check == BASE_URL . "apple-touch-icon-57x57.png" || $url_to_check == BASE_URL . "apple-touch-icon-57x57-precomposed.png") {
                 if (defined('SITE_META_IPHONE_IMAGE_57PX')) {
                     $redirect_bad_url_to = SITE_META_IPHONE_IMAGE_57PX;
                 }
             }
         }
         if ($redirect_bad_url_to != "") {
             if (strtoupper(substr($redirect_bad_url_to, 0, 7)) != "HTTP://" && strtoupper(substr($redirect_bad_url_to, 0, 8)) != "HTTPS://") {
                 $redirect_bad_url_to = BASE_URL . $redirect_bad_url_to;
             }
         }
     }
     // End check if URL is not bad
     if ($redirect_bad_url_to != "") {
         // if URL is detect as bad but can be redirect to good URL
         if ($redirect_bad_url_to_http != "") {
             $redirect_bad_url_to = str_replace(":/", "", str_replace("://", "", $redirect_bad_url_to_http)) . "://" . $redirect_bad_url_to;
         }
         $this->redirect($redirect_bad_url_to);
         $msg_redirect = new Label(__(REDIRECT_URL_TO, $redirect_bad_url_to, $redirect_bad_url_to));
         $this->render = new ErrorTemplate($msg_redirect, parent::$PAGE_TITLE);
     } else {
         // display the error page if the URL is correct
         $error_msg_title = "";
         $array_code_error = array(401, 403, 404, 500);
         if (in_array($_GET['error-redirect'], $array_code_error)) {
             $_SESSION['calling_page'] = "";
             $error_msg = constant("ERROR_" . $_GET['error-redirect'] . "_MSG");
             parent::$PAGE_TITLE = constant("ERROR_" . $_GET['error-redirect'] . "_MSG") . " - " . __(SITE_NAME);
             $error_msg_title = constant("ERROR_" . $_GET['error-redirect'] . "_MSG");
         } else {
             if ($_SESSION['calling_page'] == "error-page") {
                 if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") {
                     $error_msg = __(ERROR_PAGE_MSG, $_GET['error-redirect-url']);
                 } else {
                     if ($this->getRefererURL() != "") {
                         $error_msg = __(ERROR_PAGE_MSG, $this->getRefererURL());
                     } else {
                         $error_msg = __(ERROR_PAGE_MSG, "");
                     }
                 }
             } else {
                 $error_msg = __(ERROR_PAGE_MSG, $_SESSION['calling_page']);
             }
             $error_msg_title = __(ERROR_PAGE);
         }
         $error_msg = new Label($error_msg, true);
         $obj_error_msg = new Object(new Picture("wsp/img/warning.png", 48, 48, 0, "absmidlle"), "<br/>", $error_msg->setColor("red"));
         $obj_error_msg->add("<br/><br/>", __(MAIN_PAGE_GO_BACK), new Link(BASE_URL, Link::TARGET_NONE, __(SITE_NAME)));
         $this->render = new ErrorTemplate($obj_error_msg, $error_msg_title);
         // check if URL is not banned
         if (!isset($_GET['banned_url'])) {
             if (file_exists(dirname(__FILE__) . "/../../wsp/config/banned_url.cnf")) {
                 $list_banned_url = file_get_contents(dirname(__FILE__) . "/../../wsp/config/banned_url.cnf");
                 $array_banned_url = explode("\n", str_replace("\r", "", $list_banned_url));
             } else {
                 $array_banned_url = array();
             }
             if (find($this->getCurrentUrl(), $this->getBaseLanguageURL()) > 0) {
                 $url_without_base = str_replace($this->getBaseLanguageURL(), "", $this->getCurrentUrl());
             } else {
                 $url_without_base = str_replace($this->getBaseURL(), "", $this->getCurrentUrl());
             }
             if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") {
                 if (find($_GET['error-redirect-url'], $this->getBaseLanguageURL()) > 0) {
                     $url_without_base = str_replace($this->getBaseLanguageURL(), "", $_GET['error-redirect-url']);
                 } else {
                     $url_without_base = str_replace($this->getBaseURL(), "", $_GET['error-redirect-url']);
                 }
             }
             if ($url_without_base[0] != '/') {
                 $url_without_base = "/" . $url_without_base;
             }
             $url_without_base_array = split("\\?", $url_without_base);
             $url_without_base = $url_without_base_array[0];
             if (in_array(trim($url_without_base), $array_banned_url)) {
                 $_GET['banned_url'] = "true";
             }
         }
         $nb_user_bad_url_access = 0;
         if ($_GET['banned_url'] == "true" && !$this->isCrawlerBot()) {
             WspBannedVisitors::addIP($this->getRemoteIP());
             $nb_user_bad_url_access = WspBannedVisitors::getIpNbBadAccess($this->getRemoteIP());
         }
         // send error by mail
         if (defined('SEND_ERROR_BY_MAIL') && SEND_ERROR_BY_MAIL == true && !isLocalDebug()) {
             $send_error_mail = true;
             // Check if we have enougth information to send a mail
             if (in_array($_GET['error-redirect'], $array_code_error)) {
                 if ($this->getRefererURL() == "") {
                     if (!isset($_GET['error-redirect-referer']) || $_GET['error-redirect-referer'] == "") {
                         if (!isset($_GET['error-redirect-url']) || $_GET['error-redirect-url'] == "") {
                             $send_error_mail = false;
                             // not enougth information to treat the error
                         }
                     }
                 }
             }
             // Check if file need to send a mail
             $array_files_ex = array();
             // list of files without error email
             $array_file_no_mail = array("", "crossdomain.xml", "sitemap.xml", "error-page.html", "undefined", "&", "browserconfig.xml", "favicon.gif", "favicon.png", "ui.item.id;", "url;", "javascript:void(0);");
             if (defined('SEND_BY_MAIL_FILE_EX') && SEND_BY_MAIL_FILE_EX != "") {
                 $array_files_ex = explode(',', SEND_BY_MAIL_FILE_EX);
             }
             $array_file_no_mail = array_merge($array_file_no_mail, $array_files_ex);
             if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") {
                 $tmp_current_url = explode('?', $_GET['error-redirect-url']);
             } else {
                 $tmp_current_url = explode('?', $this->getCurrentUrl());
             }
             $current_url = $tmp_current_url[0];
             $array_current_url = explode('/', $current_url);
             $filename = $array_current_url[sizeof($array_current_url) - 1];
             if (in_array($filename, $array_file_no_mail)) {
                 $send_error_mail = false;
             } else {
                 if ($this->getBrowserName() == "Firefox" && ($this->getBrowserVersion() == "3.6" || $this->getBrowserVersion() == "3.5") && (substr($filename, strlen($filename) - 6, 6) == "%5C%27" || substr($filename, strlen($filename) - 3, 3) == "%22" || substr($filename, strlen($filename) - 3, 3) == "%5C")) {
                     // Interpretation error by firefox 3.6 and 3.5
                     $send_error_mail = false;
                 } else {
                     if ($this->getBrowserName() == "IE" && $this->getBrowserVersion() < 7) {
                         // Error with IE <= 6.0
                         $send_error_mail = false;
                     } else {
                         if ($this->getBrowserName() == "BlackBerry" && $this->getBrowserVersion() == 0) {
                             // Error with BlackBerry version 0
                             $send_error_mail = false;
                         } else {
                             // no mail for some referers (html transformed or base href not take into account)
                             $array_exluded_referer = array("translate.googleusercontent.com", "webcache.googleusercontent.com");
                             $array_referer_url = explode('/', str_replace("http://", "", str_replace("https://", "", $this->getRefererURL())));
                             $base_referer_url = $array_referer_url[0];
                             if (in_array($base_referer_url, $array_exluded_referer)) {
                                 $send_error_mail = false;
                             } else {
                                 // test if there is regexp in the administrator exclude list
                                 for ($i = 0; $i < sizeof($array_files_ex); $i++) {
                                     if (is_regexp($array_files_ex[$i], true)) {
                                         $path_or_filename = $filename;
                                         if (find($array_files_ex[$i], "\\/") > 0) {
                                             // detect is regex on a path
                                             $path_or_filename = str_replace(BASE_URL, "", $current_url);
                                         }
                                         if (preg_match($array_files_ex[$i], $path_or_filename)) {
                                             $send_error_mail = false;
                                             break;
                                         }
                                     }
                                 }
                             }
                         }
                     }
                 }
             }
             // send mail
             if ($send_error_mail) {
                 $debug_mail = $error_msg->render();
                 $debug_mail .= "<br/><br/><b>General information:</b><br/>";
                 if (isset($_GET['error-redirect-url']) && $_GET['error-redirect-url'] != "") {
                     $debug_mail .= "URL : " . $_GET['error-redirect-url'] . "<br/>";
                 } else {
                     $debug_mail .= "URL : " . $this->getCurrentUrl() . "<br/>";
                 }
                 if (isset($_GET['error-redirect-referer']) && $_GET['error-redirect-referer'] != "") {
                     $debug_mail .= "Referer : " . $_GET['error-redirect-referer'] . "<br/>";
                 } else {
                     $debug_mail .= "Referer : " . $this->getRefererURL() . "<br/>";
                 }
                 $debug_mail .= "IP : <a href='http://www.infosniper.net/index.php?ip_address=" . $this->getRemoteIP() . "' target='_blank'>" . $this->getRemoteIP() . "</a><br/>";
                 $debug_mail .= "Browser : ";
                 if ($this->getBrowserName() == "Default Browser") {
                     $debug_mail .= $this->getBrowserUserAgent();
                 } else {
                     $debug_mail .= $this->getBrowserName() . " (version: " . $this->getBrowserVersion() . ")";
                 }
                 $debug_mail .= "<br/>";
                 $debug_mail .= "Crawler : " . ($this->isCrawlerBot() ? "true" : "false") . "<br/>";
                 if ($_GET['banned_url'] == "true" && $nb_user_bad_url_access > 0) {
                     $debug_mail .= "<br/><font color='red'>This user already tried to access to " . $nb_user_bad_url_access . " forbidden URL.</font><br/>";
                     $debug_mail .= "(User will be blocked with captcha code after " . MAX_BAD_URL_BEFORE_BANNED . " attempts)<br/>";
                 }
                 try {
                     $mail = new SmtpMail(SEND_ERROR_BY_MAIL_TO, __(SEND_ERROR_BY_MAIL_TO), "ERROR on " . __(SITE_NAME) . " !!!", __($debug_mail), SMTP_MAIL, __(SMTP_NAME));
                     $mail->setPriority(SmtpMail::PRIORITY_HIGH);
                     $mail->send();
                 } catch (Exception $e) {
                 }
             }
         }
     }
 }
Exemplo n.º 6
0
 /**
  * Change axis and axis title color
  *
  * @param awColor $color
  */
 public function setColor(awColor $color)
 {
     $this->color = $color;
     $this->title->setColor($color);
 }
 /**
  * Method connect
  * @access public
  * @param boolean $redirect [default value: true]
  * @param string $redirect_url [default value: REFERER]
  * @return boolean
  * @since 1.1.11
  */
 public function connect($redirect = true, $redirect_url = 'REFERER')
 {
     $ldap = @ldap_connect($this->ldap_host, $this->ldap_port);
     // doit être un serveur LDAP valide !
     if ($ldap !== false) {
         $r = @ldap_bind($ldap, $this->getLogin() . $this->ldap_user_domain, $this->getPassword());
         if ($r !== false) {
             $filter = "(sAMAccountName=" . $this->getLogin() . ")";
             $result = @ldap_search($ldap, $this->ldap_dn, $filter);
             if ($result !== false) {
                 $strUserRights = $this->default_right;
                 $info = ldap_get_entries($ldap, $result);
                 if (isset($info[0])) {
                     $this->ldap_user_info = $info[0];
                     if (isset($info[0]["memberof"])) {
                         $rights_exists = false;
                         for ($i = 0; $i < sizeof($info[0]["memberof"]); $i++) {
                             $tmp_rights = $info[0]["memberof"][$i];
                             foreach ($this->rights_mapping as $key => $value) {
                                 if ($this->rights_mapping[$i][0] == $key) {
                                     $strUserRights = $value;
                                     $rights_exists = true;
                                     break;
                                 }
                             }
                             if ($rights_exists == true) {
                                 break;
                             }
                         }
                     }
                     $this->userIsAuthentificated($strUserRights, $redirect, $redirect_url);
                 } else {
                     $str_msg = new Label(__(AUTHENTICATION_ERROR_LOGIN_PASS));
                     $str_msg->setStyle("text-shadow:#888888 1px 1px 1px;");
                     $this->error_obj->add($str_msg->setColor($this->color_error));
                     return false;
                 }
             } else {
                 throw new NewException("Unable to search on LDAP server", 0, getDebugBacktrace(1));
             }
         } else {
             $str_msg = new Label(__(AUTHENTICATION_ERROR_LOGIN_PASS));
             $str_msg->setStyle("text-shadow:#888888 1px 1px 1px;");
             $this->error_obj->add($str_msg->setColor($this->color_error));
             return false;
         }
         ldap_unbind($ldap);
         ldap_close($ldap);
         return true;
     } else {
         throw new NewException("Unable to connect on LDAP server", 0, getDebugBacktrace(1));
     }
 }
Exemplo n.º 8
0
 /**
  * Change axis and axis title color
  *
  * @param $color
  */
 function setColor($color)
 {
     $this->color = $color;
     $this->title->setColor($color);
 }