function userLogin($user, $pass, $rmt, $email = false) { global $db, $maxUserLen, $maxPassLen; // validate user/password sizes if (strlen($user) > $maxUserLen || strlen($pass) > $maxPassLen) { return false; } // fetch the user $sql = 'SELECT u.id, u.name, pass_md5, pass_ph, admin, email FROM "user" u' . " LEFT JOIN role r ON r.id = u.role_id" . " WHERE u.name = " . $db->quote($user); $DATA = $db->query($sql)->fetch(); // remote auth doesn't check pass, but still needs an id stub if ($rmt) { if (!$DATA) { // create a stub user and get the id $sql = 'INSERT INTO "user" (name, role_id, email) VALUES ('; $sql .= $db->quote($user); $sql .= ", (SELECT id FROM role WHERE name = 'user')"; $sql .= ", " . (empty($email) ? 'NULL' : $db->quote($email)); $sql .= ")"; if ($db->exec($sql) != 1) { return false; } // fetch defaults $sql = 'SELECT u.id, u.name, admin, email FROM "user" u'; $sql .= " LEFT JOIN role r ON r.id = u.role_id"; $sql .= " WHERE u.name = " . $db->quote($user); $DATA = $db->query($sql)->fetch(); } return $DATA; } // validate the user $ret = checkPassHash('user', $DATA, $pass); logEvent("login attempt for user {$user}: " . ($ret ? "success" : "fail"), $ret ? LOG_INFO : LOG_ERR); return $ret ? $DATA : false; }
// try to fetch the grant $id = $_REQUEST["g"]; if (!isGrantId($id)) { $id = false; $GRANT = false; } else { $sql = "SELECT * FROM \"grant\" WHERE id = " . $db->quote($id); $GRANT = $db->query($sql)->fetch(); } $ref = "{$masterPath}?g={$id}"; if ($GRANT === false || isGrantExpired($GRANT)) { includeTemplate("{$style}/include/nogrant.php", array('id' => $id)); exit; } if (hasPassHash($GRANT) && !isset($_SESSION['g'][$id])) { if (!empty($_POST['p']) && checkPassHash('"grant"', $GRANT, $_POST['p'])) { // authorize the grant for this session $_SESSION['g'][$id] = array('pass' => $_POST["p"]); } else { include "grantp.php"; exit; } } // upload handler function failUpload($file) { unlink($file); return false; } function handleUpload($GRANT, $FILE) {
// process a ticket require_once "ticketfuncs.php"; // try to fetch the ticket $id = $_REQUEST["t"]; if (!isTicketId($id)) { $id = false; $DATA = false; } else { $sql = "SELECT * FROM ticket WHERE id = " . $db->quote($id); $DATA = $db->query($sql)->fetch(); } $ref = "{$masterPath}?t={$id}"; if ($DATA === false || isTicketExpired($DATA)) { includeTemplate("{$style}/include/noticket.php", array('id' => $id)); exit; } // check for password if (hasPassHash($DATA) && !isset($_SESSION['t'][$id])) { if (!empty($_POST['p']) && checkPassHash('ticket', $DATA, $_POST['p'])) { // authorize the ticket for this session $_SESSION['t'][$id] = array('pass' => $_POST["p"]); } else { include "ticketp.php"; exit; } } // fix IE total crap by moving to a new location containing the resulting file // name in the URL (this could be improved for browsers known to work by // starting to send the file immediately) header("Location: {$dPath}/{$id}/" . rawurlencode($DATA["name"]));