Пример #1
0
 //Register this rule for checking user input with our function, eF_checkParameter
 $form->addElement('text', 'email', _YOUREMAIL, 'class = "inputText"');
 $form->addRule('email', _THEFIELD . ' "' . _EMAIL . '" ' . _ISMANDATORY, 'required');
 $form->addRule('email', _INVALIDFIELDDATA, 'checkParameter', 'email');
 $form->addElement('text', 'message_subject', _MESSAGESUBJECT, 'class = "inputText"');
 //$form -> addRule('message_subject', _INVALIDFIELDDATA, 'checkParameter', 'text');
 $form->addElement('textarea', 'message_body', _TEXT, 'class = "inputText" id = "contact"');
 $form->addElement('submit', 'submit_contact', _SUBMIT, 'class = "flatButton"');
 if ($_GET['limit_reached']) {
     $form->setDefaults(array('message_subject' => _IWANTTOSIGNUPBUTMAXIMUMUSERSLIMITREACHED, 'message_body' => _IWANTTOSIGNUPBUTMAXIMUMUSERSLIMITREACHEDBODY));
 }
 if ($_SESSION['s_login']) {
     $form->setDefaults(array('email' => $currentUser->user['email']));
 }
 if ($form->isSubmitted()) {
     $fields_insert = array('users_LOGIN' => 'visitor', 'timestamp' => time(), 'action' => 'forms', 'comments' => 'contact', 'session_ip' => eF_encodeIP(eF_getRemoteAddress()));
     eF_insertTableData("logs", $fields_insert);
     if ($form->validate()) {
         $to = $form->exportValue("email");
         $subject = $form->exportValue("message_subject");
         $body = $form->exportValue("message_body") . "\r\n\r\n(" . $subject . " [" . _FROM . ": " . $to . "])";
         if (eF_mail($to, $GLOBALS['configuration']['system_email'], $subject . " [" . _FROM . ": " . $to . "]", $body, false, true)) {
             $copied_body = _THANKYOUFORCONTACTINGUSBODY . "<br/><hr/><br/>" . $form->exportValue("message_body");
             eF_mail($GLOBALS['configuration']['system_email'], $to, _THANKYOUFORCONTACTINGUS, $copied_body, false, false);
             $message = _SENDSUCCESS;
             $message_type = 'success';
             eF_redirect(basename($_SERVER['PHP_SELF']) . '?message=' . urlencode($message) . '&message_type=' . $message_type);
         } else {
             $message = _SENDFAILURE;
             $message_type = 'failure';
         }
 /**
  * Login user
  *
  * This function logs the user in the system, using the specified password
  * <br/>Example:
  * <code>
  * $user = EfrontUserFactory :: factory('jdoe');
  * $user -> login('mypass');
  * </code>
  *
  * @param string $password The password to login with
  * @param boolean $encrypted Whether the password is already encrypted
  * @return boolean True if the user logged in successfully
  * @since 3.5.0
  * @access public
  */
 public function login($password, $encrypted = false)
 {
     //If the user is already logged in, log him out
     if ($this->isLoggedIn()) {
         //If the user is logged in right now on the same pc with the same session, return true (nothing to do)
         if ($this->isLoggedIn(session_id())) {
             if (!$encrypted && EfrontUser::createPassword($password) != $this->user['password']) {
                 throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
             } else {
                 if ($encrypted && $password != $this->user['password']) {
                     throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
                 }
             }
             return true;
         } elseif (!$this->allowMultipleLogin()) {
             $this->logout();
         }
     }
     //If we are logged in as another user, log him out
     if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $this->user['login']) {
         try {
             EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id());
         } catch (Exception $e) {
         }
     }
     //Empty session without destroying it
     foreach ($_SESSION as $key => $value) {
         if ($key != 'login_mode' && strpos($key, "facebook") === false) {
             //'login_mode' is used to facilitate lesson registrations
             unset($_SESSION[$key]);
         }
     }
     if ($this->user['pending']) {
         throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING);
     }
     if (!$this->user['active']) {
         throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE);
     }
     if ($this->isLdapUser) {
         //Authenticate LDAP user
         if (!eF_checkUserLdap($this->user['login'], $password)) {
             throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
         }
     } else {
         if (!$encrypted) {
             $password = EfrontUser::createPassword($password);
         }
         if ($password != $this->user['password']) {
             throw new EfrontUserException(_INVALIDPASSWORD, EfrontUserException::INVALID_PASSWORD);
         }
     }
     //if user language is deactivated or deleted, login user with system default language
     if ($GLOBALS['configuration']['onelanguage']) {
         $loginLanguage = $GLOBALS['configuration']['default_language'];
     } else {
         $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true));
         if (in_array($this->user['languages_NAME'], $activeLanguages)) {
             $loginLanguage = $this->user['languages_NAME'];
         } else {
             $loginLanguage = $GLOBALS['configuration']['default_language'];
         }
     }
     //Assign session variables
     $_SESSION['s_login'] = $this->user['login'];
     $_SESSION['s_password'] = $this->user['password'];
     $_SESSION['s_type'] = $this->user['user_type'];
     $_SESSION['s_language'] = $loginLanguage;
     $_SESSION['s_custom_identifier'] = sha1(microtime() . $this->user['login']);
     $_SESSION['s_time_target'] = array(0 => 'system');
     //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair
     //$_SESSION['last_action_timestamp'] = time();	//Initialize first action
     //Insert log entry
     $fields_insert = array('users_LOGIN' => $this->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR']));
     eF_insertTableData("logs", $fields_insert);
     eF_updateTableData("users", array('last_login' => time()), "login='{$this->user['login']}'");
     if ($GLOBALS['configuration']['ban_failed_logins']) {
         eF_deleteTableData("logs", "users_LOGIN='" . $this->user['login'] . "' and action='failed_login'");
     }
     //Insert user times entry
     $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0);
     eF_insertTableData("user_times", $fields);
     return true;
 }
Пример #3
0
         include "module_hcd.php";
     } elseif ($ctg == "emails") {
         include "emails.php";
     } elseif ($ctg == 'users') {
         $_GET['op'] = "employees";
         $currentUser->aspects['hcd'] = EfrontEmployeeFactory::factory($currentUser->login);
         include "module_hcd.php";
     } elseif (sizeof($modules) > 0 && in_array($ctg, array_keys($module_ctgs))) {
         $module_mandatory = eF_getTableData("modules", "mandatory", "name = '" . $ctg . "'");
         if ($module_mandatory[0]['mandatory'] != 'false' || $GLOBALS['currentLesson']->options[$ctg]) {
             include G_MODULESPATH . $ctg . '/module.php';
             $smarty->assign("T_CTG_MODULE", $module_ctgs[$ctg]);
         }
     }
 }
 $fields_log = array('users_LOGIN' => $_SESSION['s_login'], 'timestamp' => time(), 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR']));
 /*
     if (isset($log_comments)) {                                         //If there is a $log_comments variable, it indicates the current action (i.e. the unit that the user saw)
         $fields_log['action']   = $ctg;
         $fields_log['comments'] = $log_comments;
         ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0;
         eF_insertTableData("logs", $fields_log);
     } else {                                                            //Any other move, that has not set the $log_comments variable, is considered a 'lastmove' action
         $fields_log['action']   = "lastmove";
         $fields_log['comments'] = "";
         ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0;
         eF_deleteTableData("logs", "users_LOGIN='".$_SESSION['s_login']."' AND action='lastmove'"); //Only one lastmove action interests us, so delete any other
         eF_insertTableData("logs", $fields_log);
     }
 */
 if (detectBrowser() == 'mobile') {
Пример #4
0
         include "module_hcd.php";
     } elseif ($ctg == "emails") {
         include "emails.php";
     } elseif ($ctg == 'users') {
         $_GET['op'] = "employees";
         $currentUser->aspects['hcd'] = EfrontEmployeeFactory::factory($currentUser->login);
         include "module_hcd.php";
     } elseif (sizeof($modules) > 0 && in_array($ctg, array_keys($module_ctgs))) {
         $module_mandatory = eF_getTableData("modules", "mandatory", "name = '" . $ctg . "'");
         if ($module_mandatory[0]['mandatory'] != 'false' || $GLOBALS['currentLesson']->options[$ctg]) {
             include G_MODULESPATH . $ctg . '/module.php';
             $smarty->assign("T_CTG_MODULE", $module_ctgs[$ctg]);
         }
     }
 }
 $fields_log = array('users_LOGIN' => $_SESSION['s_login'], 'timestamp' => time(), 'session_ip' => eF_encodeIP(eF_getRemoteAddress()));
 /*
     if (isset($log_comments)) {                                         //If there is a $log_comments variable, it indicates the current action (i.e. the unit that the user saw)
         $fields_log['action']   = $ctg;
         $fields_log['comments'] = $log_comments;
         ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0;
         eF_insertTableData("logs", $fields_log);
     } else {                                                            //Any other move, that has not set the $log_comments variable, is considered a 'lastmove' action
         $fields_log['action']   = "lastmove";
         $fields_log['comments'] = "";
         ($_SESSION['s_lessons_ID']) ? $fields_log['lessons_ID'] = $_SESSION['s_lessons_ID'] : $fields_log['lessons_ID'] = 0;
         eF_deleteTableData("logs", "users_LOGIN='".$_SESSION['s_login']."' AND action='lastmove'"); //Only one lastmove action interests us, so delete any other
         eF_insertTableData("logs", $fields_log);
     }
 */
 if (detectBrowser() == 'mobile') {
 private function login($user, $password, $encrypted = false)
 {
     //If we are logged in as another user, log him out
     if (isset($_SESSION['s_login']) && $_SESSION['s_login'] != $user->user['login']) {
         try {
             EfrontUserFactory::factory($_SESSION['s_login'])->logout(session_id());
         } catch (Exception $e) {
         }
     }
     //Empty session without destroying it
     foreach ($_SESSION as $key => $value) {
         if ($key != 'login_mode' && strpos($key, "facebook") === false) {
             //'login_mode' is used to facilitate lesson registrations
             unset($_SESSION[$key]);
         }
     }
     if ($user->user['pending']) {
         throw new EfrontUserException(_USERPENDING, EfrontUserException::USER_PENDING);
     }
     if (!$user->user['active']) {
         throw new EfrontUserException(_USERINACTIVE, EfrontUserException::USER_INACTIVE);
     }
     //if user language is deactivated or deleted, login user with system default language
     if ($GLOBALS['configuration']['onelanguage']) {
         $loginLanguage = $GLOBALS['configuration']['default_language'];
     } else {
         $activeLanguages = array_keys(EfrontSystem::getLanguages(true, true));
         if (in_array($user->user['languages_NAME'], $activeLanguages)) {
             $loginLanguage = $user->user['languages_NAME'];
         } else {
             $loginLanguage = $GLOBALS['configuration']['default_language'];
         }
     }
     //Assign session variables
     $_SESSION['s_login'] = $user->user['login'];
     $_SESSION['s_password'] = $user->user['password'];
     $_SESSION['s_type'] = $user->user['user_type'];
     $_SESSION['s_language'] = $loginLanguage;
     $_SESSION['s_custom_identifier'] = sha1(microtime() . $user->user['login']);
     $_SESSION['s_time_target'] = array(0 => 'system');
     //'s_time_target' is used to signify which of the system's area the user is currently accessing. It is a id => entity pair
     //$_SESSION['last_action_timestamp'] = time();	//Initialize first action
     //Insert log entry
     $fields_insert = array('users_LOGIN' => $user->user['login'], 'timestamp' => time(), 'action' => 'login', 'comments' => session_id(), 'session_ip' => eF_encodeIP(eF_getRemoteAddress()));
     eF_insertTableData("logs", $fields_insert);
     if ($GLOBALS['configuration']['ban_failed_logins']) {
         eF_deleteTableData("logs", "users_LOGIN='" . $user->user['login'] . "' and action='failed_login'");
     }
     //Insert user times entry
     $fields = array("session_timestamp" => time(), "session_id" => session_id(), "session_custom_identifier" => $_SESSION['s_custom_identifier'], "session_expired" => 0, "users_LOGIN" => $_SESSION['s_login'], "timestamp_now" => time(), "time" => 0, "entity" => 'system', "entity_id" => 0);
     eF_insertTableData("user_times", $fields);
     return true;
 }
Пример #6
0
     $first_name = array_shift($name_parts);
     sizeof($name_parts) == 0 ? $last_name = $first_name : ($last_name = implode(" ", $name_parts));
     $form->setDefaults(array("login" => $_GET['login'], "password" => _LDAPACCOUNTPASSWORD, "passrepeat" => _LDAPACCOUNTPASSWORD, "email" => $result[0]['mail'][0], "firstName" => $first_name, "lastName" => $last_name));
     //$form -> freeze(array('login', 'password', 'passrepeat'));
     $smarty->assign("T_LDAP_USER", true);
     if (!$form->isSubmitted()) {
         $message = _VERIFYFOLLOWINGINFOISCORRECT;
         $message_type = 'success';
     }
 } elseif ($configuration['only_ldap']) {
     $message = _ONLYLDAPREGISTRATIONPERMITTED;
     $message_type = 'failure';
     eF_redirect(basename($_SERVER['PHP_SELF']) . "?message=" . urlencode($message) . "&message_type={$message_type}");
 }
 if ($form->isSubmitted()) {
     $fields_insert = array('users_LOGIN' => 'visitor', 'timestamp' => time(), 'action' => 'forms', 'comments' => 'signup', 'session_ip' => eF_encodeIP($_SERVER['REMOTE_ADDR']));
     eF_insertTableData("logs", $fields_insert);
     if ($form->validate()) {
         try {
             if (isset($_SESSION['s_login'])) {
                 //A logged-in user wants to signup: Log him out first
                 $user = EfrontUserFactory::factory($_SESSION['s_login']);
                 $user->logout(session_id());
             }
             $values = $form->exportValues();
             //Get the form values
             //Check the user_type. If it's an id, it means that it's not one of the basic user types; so derive the basic user type and populate the user_types_ID field
             $defaultUserType = $GLOBALS['configuration']['default_type'];
             if (is_numeric($defaultUserType)) {
                 $result = eF_getTableData("user_types", "id, basic_user_type", "id=" . $defaultUserType);
                 if (sizeof($result) > 0) {
Пример #7
0
/**
* Checks if a client is considered as spammer 
*
* This function checks if this IP has tried to access contact forms (contact,signup,password reset) 
* many times in a small time interval. In this case it denies access to the page
*
* @return bool true if the client may not access the system
* @version 1.0
*/
function eF_checkSpam($interval = 300)
{
    $res = eF_getTableData("logs", "*", "users_LOGIN='visitor' AND action='forms' AND session_ip='" . eF_encodeIP($_SERVER['REMOTE_ADDR']) . "' order by timestamp desc limit 10");
    $timeInterval = $res[0]['timestamp'] - $res[sizeof($res) - 1]['timestamp'];
    if (!empty($res) > 1 && $timeInterval < $interval) {
        return true;
    } else {
        return false;
    }
}