Пример #1
0
if (!include_config_exists('inc_connect')) {
    header('Location: install.php');
    exit;
}
include_lcm('inc_presentation');
include_lcm('inc_login');
global $lcm_lang_right;
lcm_html_start(_T('login_title_login'), 'login');
echo get_optional_html_login();
// Site name: mandatory
$site_name = _T(read_meta('site_name'));
if (!$site_name) {
    $site_name = _T('title_software');
}
// Site description: may be empty
$site_desc = _T(read_meta('site_description'));
echo "\n";
echo "<div align='center'>\n";
echo "<div align='center' id='login_screen'>\n\n";
echo "<h3>" . $site_name;
if ($site_desc) {
    echo "<br /><span style='font-size: 80%; font-weight: normal;'>" . $site_desc . "</span>";
}
echo "</h3>\n\n";
show_login('');
echo "\n\n";
echo "</div>\n";
echo "</div>\n\n";
echo "</body>\n</html>\n\n";
lcm_html_end();
Пример #2
0
function auth()
{
    global $INSECURE, $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS, $REMOTE_USER, $PHP_AUTH_USER, $PHP_AUTH_PW;
    global $auth_can_disconnect;
    global $connect_id_auteur, $connect_nom, $connect_bio, $connect_email;
    global $connect_nom_site, $connect_url_site, $connect_login, $connect_pass;
    global $connect_activer_imessage, $connect_activer_messagerie;
    global $connect_status;
    global $author_session, $prefs;
    global $clean_link;
    // This reloads $GLOBALS['db_ok'], just in case
    include_config('inc_connect');
    // If there is not SQL connection, quit.
    if (!$GLOBALS['db_ok']) {
        include_lcm('inc_presentation');
        lcm_html_start("Technical problem", "install");
        // annoy sql_errno()
        echo "\n<!-- \n";
        echo "\t* Flag connect: " . $GLOBALS['flag_connect'] . "\n\t";
        lcm_query("SELECT count(*) from lcm_meta");
        echo "\n-->\n\n";
        echo "<div align='left' style='width: 600px;' class='box_error'>\n";
        echo "\t<h3>" . _T('title_technical_problem') . "</h3>\n";
        echo "\t<p>" . _T('info_technical_problem_database') . "</p>\n";
        if (lcm_sql_errno()) {
            echo "\t<p><tt>" . lcm_sql_errno() . " " . lcm_sql_error() . "</tt></p>\n";
        } else {
            echo "\t<p><tt>No error diagnostic was provided.</tt></p>\n";
        }
        echo "</div>\n";
        lcm_html_end();
        return false;
    }
    // Initialise variables (avoid URL hacks)
    $auth_login = "";
    $auth_pass = "";
    $auth_pass_ok = false;
    $auth_can_disconnect = false;
    // Fetch identification data from authentication session
    if (isset($_COOKIE['lcm_session'])) {
        if (verifier_session($_COOKIE['lcm_session'])) {
            if ($author_session['status'] == 'admin' or $author_session['status'] == 'normal') {
                $auth_login = $author_session['username'];
                $auth_pass_ok = true;
                $auth_can_disconnect = true;
            }
        }
    } else {
        if ($_REQUEST['privet'] == 'yes') {
            // Failed login attempt: cookie failed
            $link = new Link("lcm_cookie.php?cookie_test_failed=yes");
            $clean_link->delVar('privet');
            $url = str_replace('/./', '/', $clean_link->getUrl());
            $link->addVar('var_url', $url);
            @header("Location: " . $link->getUrl());
            exit;
        }
    }
    // If not authenticated, ask for login / password
    if (!$auth_login) {
        $url = $clean_link->getUrl();
        @header("Location: lcm_login.php?var_url=" . urlencode($url));
        exit;
    }
    //
    // Search for the login in the authors' table
    //
    $auth_login = addslashes($auth_login);
    $query = "SELECT * FROM lcm_author WHERE username='******' AND status !='external' AND status !='6forum'";
    $result = @lcm_query($query);
    if ($row = lcm_fetch_array($result)) {
        $connect_id_auteur = $row['id_author'];
        $connect_nom = $row['name_first'];
        $connect_login = $row['username'];
        $connect_pass = $row['password'];
        $connect_status = $row['status'];
        $connect_activer_messagerie = "non";
        //$row["messagerie"];
        $connect_activer_imessage = "non ";
        //$row["imessage"];
        // Set the users' preferences
        $prefs = unserialize(get_magic_quotes_runtime() ? stripslashes($row['prefs']) : $row['prefs']);
        //
        // Default values for some possibly unset preferences
        //
        if (!isset($prefs['page_rows']) || intval($prefs['page_rows']) < 1) {
            $prefs['page_rows'] = 15;
        }
        if (!isset($prefs['theme']) || !$prefs['theme']) {
            $prefs['theme'] = 'green';
        }
        if (!isset($prefs['screen']) || !$prefs['screen']) {
            $prefs['screen'] = 'wide';
        }
        if (!isset($prefs['font_size']) || !$prefs['font_size']) {
            $prefs['font_size'] = 'medium_font';
        }
        if (!isset($prefs['case_owner']) || !$prefs['case_owner']) {
            $prefs['case_owner'] = 'my';
        }
        if (!isset($prefs['case_period']) || !$prefs['case_period']) {
            $prefs['case_period'] = '91';
        }
        if (!isset($prefs['mode']) || !$prefs['mode']) {
            $prefs['mode'] = 'simple';
        }
        if (!isset($prefs['time_intervals']) || !$prefs['time_intervals']) {
            $prefs['time_intervals'] = 'relative';
            $prefs['time_intervals_notation'] = 'hours_only';
        }
    } else {
        // This case is a strange possibility: the author is authentified
        // OK, but he does not exist in the authors table. Possible cause:
        // the database was restaured and the author does not exist (and
        // the user was authentified by another source, such as LDAP).
        // Note: we use to show a strange error message which would advice
        // to logout, but since it occurs only after db upgrade, just logout
        // brutally (with cookie_admin=no to forget the username).
        lcm_header('Location: lcm_cookie.php?cookie_admin=no&logout=' . $auth_login);
        exit;
    }
    if (!$auth_pass_ok) {
        @header("Location: lcm_login.php?var_erreur=pass");
        exit;
    }
    // [ML] Again, not sure how this is used, but we can ignore it for now
    // TODO (note: nouveau == new)
    if ($connect_status == 'nouveau') {
        $query = "UPDATE lcm_author SET status = 'normal' WHERE id_author = {$connect_id_auteur}";
        $result = lcm_query($query);
        $connect_status = 'normal';
    }
    // PHP sessions are started here, and stopped at logout
    session_start();
    return true;
}
Пример #3
0
function lcm_page_end($credits = '')
{
    global $lcm_version_shown;
    global $connect_id_auteur;
    global $author_session;
    global $find_org_string;
    global $find_case_string;
    global $find_client_string;
    global $prefs;
    //[KM] The bottom of a single page
    //
    echo "\n\t\t\t\t<!-- End of 'main_column' content -->\n\t\t\t\t</div>\n\t\t\t</div>\n\t\t</div>\n";
    // [KM] The right and the left column can be very long, so, we can put here a
    // lot of additional information, some tiny help hints and so.
    echo "<div id=\"prefs_column\">\n";
    echo "<!-- Start of 'prefs_column' content -->\n";
    // Checking for "wide/narrow" user screen
    if ($prefs['screen'] == "wide") {
        echo "<div class=\"prefs_column_menu_head\">\n\t\t\t\t<div class=\"sm_profile\">" . _T('menu_profile') . "</div>\n\t\t\t</div>\n\t\t\t<p class=\"prefs_column_text\">" . '<a href="author_det.php?author=' . $author_session['id_author'] . '" class="prefs_normal_lnk"' . ' title="' . _T('case_tooltip_view_author_details', array('author' => htmlspecialchars(get_person_name($author_session)))) . '">' . get_person_name($author_session) . "</a><br /><br />\n\t\t\t<a href=\"config_author.php\" class=\"prefs_myprefs\">" . _T('menu_profile_preferences') . "</a><br /><br />\n\t\t\t<a href=\"lcm_cookie.php?logout=" . htmlspecialchars($author_session['username']) . "\" class=\"prefs_logout\" title=\"" . _T('menu_profile_logout_tooltip') . "\">" . _T('menu_profile_logout') . "</a>\n\t\t\t</p><br />\n\t\t\t<div class=\"prefs_column_menu_head\">\n\t\t\t\t<div class=\"sm_search\">" . _T('menu_search') . "</div>\n\t\t\t</div>\n";
        //
        // Search/find boxes
        //
        show_find_box('case', $find_case_string, '', 'narrow');
        show_find_box('client', $find_client_string, '', 'narrow');
        show_find_box('org', $find_org_string, '', 'narrow');
        echo "<br />\n\t\t\t<div class=\"prefs_column_menu_head\"><div class=\"sm_font_size\">" . _T('menu_fontsize') . "</div>\n\t\t\t</div>\n\t\t\t<ul class=\"font_size_buttons\">\n\t\t\t\t<li><a href=\"javascript:;\" title=\"Small Text\" onclick=\"setActiveStyleSheet('small_font')\">A-</a></li>\n\t\t\t\t<li><a href=\"javascript:;\" title=\"Normal Text\" onclick=\"setActiveStyleSheet('medium_font')\">A</a></li>\n\t\t\t\t<li><a href=\"javascript:;\" title=\"Large Text\" onclick=\"setActiveStyleSheet('large_font')\">A+</a></li>\n\t\t\t</ul>\n";
    } else {
        // Data from the refs_column - user name, links [My preferences] & [Logout]
        echo "<div id=\"user_info_box_large_screen\">";
        echo "<p class=\"prefs_column_text\">" . '<a href="author_det.php?author=' . $author_session['id_author'] . '" class="prefs_normal_lnk"' . ' title="' . _T('case_tooltip_view_author_details', array('author' => htmlspecialchars(get_person_name($author_session)))) . '">' . get_person_name($author_session) . "</a><br /><br />\n\t\t\t<a href=\"config_author.php\" class=\"prefs_myprefs\">" . _T('menu_profile_preferences') . "</a><br /><br /><a href=\"javascript:;\" title=\"Small Text\" onclick=\"setActiveStyleSheet('small_font')\" class=\"set_fnt_sz\">&nbsp;A-&nbsp;</a>&nbsp;\n\t\t\t\t<a href=\"javascript:;\" title=\"Normal Text\" onclick=\"setActiveStyleSheet('medium_font')\" class=\"set_fnt_sz\">&nbsp;A&nbsp;&nbsp;</a>&nbsp;\n\t\t\t\t<a href=\"javascript:;\" title=\"Large Text\" onclick=\"setActiveStyleSheet('large_font')\" class=\"set_fnt_sz\">&nbsp;A+&nbsp;</a>&nbsp;&nbsp;" . "<a href=\"lcm_cookie.php?logout=" . htmlspecialchars($author_session['username']) . "\" class=\"prefs_logout\" title=\"" . _T('menu_profile_logout_tooltip') . "\">" . _T('menu_profile_logout') . "</a>\n\t\t\t</p>";
        // TRAD (Small, Normal, Large text)
        echo "</div>";
    }
    echo "<!-- End of \"prefs_column\" content -->\n";
    echo "</div>\n";
    //just test...
    echo "<div class=\"clearing\">&nbsp;</div>\n";
    echo "</div>\n";
    if ($prefs['screen'] == "narrow") {
        echo '<div id="footer_narrow">
		<div class="prefs_column_menu_head"><div class="sm_search">' . _T('menu_search') . "</div></div>\n\t\t<table border=\"0\" align=\"center\" width=\"100%\">\n\t\t\t<tr>\n\t\t\t\t<td align=\"left\" width=\"33%\" valign=\"top\">\n";
        //
        // Search/find boxes
        //
        show_find_box('case', $find_case_string, '', 'narrow');
        echo "</td>\n";
        echo '<td align="left" width="33%" valign="top">';
        show_find_box('client', $find_client_string, '', 'narrow');
        echo "</td>\n";
        echo '<td align="left" width="33%" valign="top">';
        show_find_box('org', $find_org_string, '', 'narrow');
        echo "</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t</div><br />\n";
    }
    echo "<div id=\"footer\">" . _T('title_software') . " (" . $lcm_version_shown . ")<br/> ";
    echo _T('info_free_software', array('distributed' => '<a href="http://www.lcm.ngo-bg.org/" class="prefs_normal_lnk">' . _T('info_free_software1') . '</a>', 'license' => lcm_help_string('about_license', _T('info_free_software2')))) . "</div>\n";
    if ($GLOBALS['debug']) {
        echo "<p align='left'>Debug (" . $GLOBALS['debug'] . "): SQL Queries: " . $GLOBALS['db_query_count'] . "</p>\n";
    }
    echo "</body>\n";
    echo "</html>\n";
    // [ML] Off-topic note, seen while removing code:
    // http://www.dynamicdrive.com/dynamicindex11/abox.htm
    lcm_html_end();
}