function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = stripslashes(@$_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
$password = md5($password);
$config['user']->doLogin($username, $password);
if ($config['user']->isOk() && getVar('error') == '') {
// success
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
}
public static function getToken()
{
if (!self::isEnabled()) {
return '';
}
session_init();
if (!isset($_SESSION[self::SESSION_KEY]) || empty($_SESSION[self::SESSION_KEY])) {
$_SESSION[self::SESSION_KEY] = self::GenerateToken();
}
return $_SESSION[self::SESSION_KEY];
}
public function getAccessForm()
{
session_init();
$objSecurity = new Security();
$objSecurity->setCompany(request_var("company"));
$objSecurity->setOffice(request_var("office"));
$objSecurity->setUserId(request_var("uid"));
$objSecurity->setForm(request_var("forma"));
$page = $objSecurity->getAccessForm();
//set_session_var(VAR_MAINPAGE, "../view/{$page}.php");
set_session_var(VAR_MAINPAGE, "../controller/laboratory/controlOrder.php");
send_redirect("../view/main/master.php");
}
function util_initEverything()
{
// smarty < session_start/end : smarty caches the person's nickname.
util_defineRootPath();
util_defineWwwRoot();
util_requireOtherFiles();
util_defineConstants();
db_init();
session_init();
mc_init();
FlashMessage::restoreFromSession();
SmartyWrap::init();
DebugInfo::init();
}
function util_initEverything()
{
// smarty < session_start/end : smarty caches the person's nickname.
util_defineRootPath();
util_defineWwwRoot();
// At this point the server preferences are loaded (when
// util_requireOtherFiles() includes serverPreferences.php)
util_requireOtherFiles();
util_defineConstants();
db_init();
session_init();
mc_init();
FlashMessage::restoreFromSession();
smarty_init();
}
public function configureUser()
{
$_response = User::login(request_var('cmbCompany'), request_var('userId'));
if (is_array($_response) && count($_response)) {
session_init();
$objUser = new User();
$objUser->setId($_response["ParticipanteId"]);
$objUser->setIdentification($_response["Identificacion"]);
$objUser->setFirstName($_response["Nombre"]);
$objUser->setLastName($_response["Apellido"]);
$objUser->setFullName($_response["Nombre"] . " " . $_response["Apellido"]);
$objUser->setUsername($_response["UsuarioId"]);
$objUser->setCompany(request_var('cmbCompany'));
$objUser->setOffice(request_var("cmbOffice"));
set_session_var(VAR_USER, $objUser);
send_redirect("../view/main/master.php");
}
}
function main()
{
require_once ROOT . 'config.php';
$plugin_file = 'plugins/' . $config['plugin'] . '/' . $config['plugin'] . '.module';
if (file_exists(ROOT . $plugin_file)) {
require_once ROOT . $plugin_file;
$function = $config['plugin'] . '_init';
$bridge = $function($config['plugin_conf']);
} else {
return fwrite(STDERR, "Plugin <{$plugin_file}> not found.\n");
}
if (!empty($config['session'])) {
require_once 'plugins/session/session.module';
$session = session_init($config['session']);
} else {
$session = NULL;
}
(new EjabberdAuth($config, $bridge, $session))->run();
}
function doChangePassword()
{
global $config;
if (!isset($_POST[CHANGEPASS_FORM_PASSWORD]) || !isset($_POST[CHANGEPASS_FORM_CONFIRM])) {
return NULL;
}
$password = trim(stripslashes(@$_POST[CHANGEPASS_FORM_PASSWORD]));
$confirm = trim(stripslashes(@$_POST[CHANGEPASS_FORM_CONFIRM]));
unset($_POST[CHANGEPASS_FORM_PASSWORD]);
unset($_POST[CHANGEPASS_FORM_CONFIRM]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check passwords match
if ($password !== $confirm) {
$_SESSION['error'][] = 'Passwords don\'t match. Please try again.';
return FALSE;
}
// check password length
if (strlen($password) < 6) {
$_SESSION['error'][] = 'Password is to short, must be at least 6 characters long.';
return FALSE;
}
// update password in database
$result = $config['user']->ChangePassword(md5($password));
// successful change
if ($result !== FALSE) {
// password has been changed
$_SESSION['Temp Pass'] = FALSE;
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE || strpos($lastpage, 'changepass') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
return FALSE;
}
function doCheckLogin()
{
global $config;
if (!isset($_POST[LOGIN_FORM_USERNAME]) || !isset($_POST[LOGIN_FORM_PASSWORD])) {
return NULL;
}
$username = trim(stripslashes(@$_POST[LOGIN_FORM_USERNAME]));
$password = trim(stripslashes(@$_POST[LOGIN_FORM_PASSWORD]));
unset($_POST[LOGIN_FORM_PASSWORD]);
session_init();
if (CSRF::isEnabled() && !isset($_SESSION[CSRF::SESSION_KEY])) {
echo '<p style="color: red;">PHP Session seems to have failed!</p>';
CSRF::ValidateToken();
exit;
}
CSRF::ValidateToken();
// check hashed password
$result = $config['user']->doLogin($username, md5($password));
// try temporary password
if ($result !== TRUE && strlen($password) < 32) {
// unset($_GET['error']);
$result = $config['user']->doLogin($username, $password);
if ($result === TRUE && $config['user']->isOk() && getVar('error') == '') {
$_SESSION['Temp Pass'] = TRUE;
unset($_SESSION['error']);
}
}
// successful login
if ($result !== FALSE && $config['user']->isOk() && getVar('error') == '') {
$lastpage = getLastPage();
if (strpos($lastpage, 'login') !== FALSE) {
$lastpage = './';
}
ForwardTo($lastpage);
exit;
}
unset($username, $password);
return TRUE;
}
}
/**
* Delete a session variable.
* @param string Session variable name
*/
function session_delete( $p_name ) {
global $g_session;
$g_session->delete( $p_name );
}
/**
* Destroy the session entirely.
*/
function session_clean() {
global $g_session;
$g_session->destroy();
}
# Initialize the session
if ( PHP_CGI == php_mode() ) {
$t_session_id = gpc_get_string( 'session_id', '' );
if ( empty( $t_session_id ) ) {
session_init();
} else {
session_init( $t_session_id );
}
}
/**
* Log the current user out
*
* @return bool
*/
function logout()
{
global $CONFIG;
if (isset($_SESSION['user'])) {
if (!elgg_trigger_event('logout', 'user', $_SESSION['user'])) {
return false;
}
$_SESSION['user']->code = "";
$_SESSION['user']->save();
}
unset($_SESSION['username']);
unset($_SESSION['name']);
unset($_SESSION['code']);
unset($_SESSION['guid']);
unset($_SESSION['id']);
unset($_SESSION['user']);
setcookie("elggperm", "", time() - 86400 * 30, "/");
// pass along any messages
$old_msg = $_SESSION['msg'];
session_destroy();
// starting a default session to store any post-logout messages.
session_init(NULL, NULL, NULL);
$_SESSION['msg'] = $old_msg;
return TRUE;
}
* @copyright Copyright (C) 2010-2012 Ian Moore (imoore76 at yahoo dot com)
* @version $Id: screen.php 465 2012-10-19 22:52:30Z imooreyahoo@gmail.com $
* @package phpVirtualBox
*
*/
# Turn off PHP notices
error_reporting(E_ALL & ~E_NOTICE & ~E_STRICT & ~E_WARNING);
require_once dirname(__FILE__) . '/lib/config.php';
require_once dirname(__FILE__) . '/lib/utils.php';
require_once dirname(__FILE__) . '/lib/vboxconnector.php';
// Allow caching of some screenshot data
@Header('ETag: "' . $_REQUEST['vm'] . '_' . $_REQUEST['randid'] . '"');
session_cache_limiter('private_no_expire');
// Check for valid session
global $_SESSION;
session_init();
if (!@$_SESSION['valid']) {
return;
}
// Clean request
$_REQUEST = array_merge(@$_GET, @$_POST);
$settings = new phpVBoxConfigClass();
$vbox = new vboxconnector();
$vbox->connect();
// Set width. Else assume we want real time updates if VM is running below
if ($_REQUEST['width']) {
$force_width = $_REQUEST['width'];
}
try {
// Is VM Specified
if (!$_REQUEST['vm']) {
public function doLogout()
{
global $config;
session_init();
$_SESSION[$config['session name']] = '';
$_SESSION[CSRF::SESSION_KEY] = '';
}
// reader doesn't need authentication
if ($role == "reader") {
return;
}
session_start();
if ($_SESSION["role"] == "writer") {
return;
}
require_access();
}
$from_me = basename($_SERVER["PHP_SELF"]) == "access.php";
if ($from_me && $_GET["access"] == "logout") {
session_start();
$_SESSION["role"] = "";
require_access();
}
if ($from_me && isset($_POST["submit"])) {
if ($_POST["username"] != $g_username || $_POST["password"] != $g_password) {
require_access("Invalid username or password.");
}
session_start();
$_SESSION["role"] = "writer";
}
if (!isset($access_role)) {
$access_role = "writer";
}
session_init($access_role);
if ($from_me) {
header("Location: " . dirname($_SERVER["PHP_SELF"]) . "/status.php");
exit;
}
// Include Files
include "includes.inc.php";
if (!isset($_POST['submit'])) {
login("");
} elseif (empty($_POST['name'])) {
login("Please enter username!");
} elseif (empty($_POST['pass'])) {
login("Please enter password!");
} else {
$result = sql_query("SELECT * FROM perihelion.u_users WHERE login_name LIKE \"" . $_POST['name'] . "\"");
$row = sql_fetchrow($result);
if (!empty($row)) {
$result = sql_query("SELECT PASSWORD(\"" . $_POST['pass'] . "\")");
$row2 = sql_fetchrow($result);
if ($row2[0] == $row['login_pass']) {
session_init($row);
// Send to server
comm_init_server();
$data['id'] = $row['id'];
$data['sess_id'] = session_id();
comm_s2s("LOGIN", $data);
comm_fini_server();
// And go to index page
passtrough($_CONFIG['URL'] . "/index.php");
} else {
login("Wrong password!");
}
} else {
login("User does not exist!");
}
}
