/**
* @ignore
* @ajax
*/
public function POST()
{
if (isset($_SESSION["USR"])) {
return "OK";
}
$Qa = "Authorization failed";
$_USR = null;
$USR_ = array("U" => true, "S" => true, "R" => true);
$_PWD = null;
$PWD_ = array("P" => true, "W" => true, "D" => true);
$CRC = null;
foreach ($_POST as $key => $val) {
$sp = str_split($key);
if ($this->match($sp, $USR_)) {
if (strlen($val) == 32 && strlen($key) >= 5) {
$CRC = $key;
$_USR = $val;
}
}
if ($this->match($sp, $PWD_)) {
if (strlen($val) == 32 && !is_null($CRC)) {
$CRC .= $key;
$CRC = md5($CRC);
$_PWD = $val;
}
}
}
if (is_null($_USR) || is_null($_PWD) || sizeof($_COOKIE) == 0) {
return $Qa;
}
if ($_COOKIE["CRC"] != $CRC) {
return "Invalid CRC";
}
$c0 = DB::lookup("vfs", true);
$r0 = $c0->executeQuery("SELECT v.*, p.NAME POSITION FROM vfs_users v LEFT JOIN vfs_positions p ON (v.ID_POSITION=p.ID_POSITION) WHERE v.BEGDA<=CURRENT_DATE AND v.BEGDA IS NOT NULL AND (v.ENDDA>=CURRENT_DATE OR v.ENDDA IS NULL) AND MD5(v.USR)='%s' AND v.PWD='%s'", $_USR, $_PWD);
if ($r0->next()) {
$SHR = $r0->getInt("SHR");
if ($SHR >= 1) {
$rc = ssn()->ch($r0->get("USR"));
if ($rc > $SHR) {
die("This account already have a SESSION");
}
}
$CHK = $r0->getInt("CHK");
if ($CHK >= 1) {
//
// CHECK ADDR FROM CLIENTS TABLE
//
}
$_SESSION["MOBILE"] = self::mobile();
/*$_SESSION["BUS_AREA"] = $r0->get("BUS_AREA");
$_SESSION["COST_CTR"] = $r0->get("COST_CTR");
$_SESSION["PRFT_CTR"] = $r0->get("PRFT_CTR");*/
$_SESSION["EXP"] = false;
if ($r0->get("EXP")) {
$time = strtotime($r0->get("EXP"));
$_now = time();
if ($time <= $_now) {
$_SESSION["EXP"] = true;
}
$_SESSION["ELAPSED"] = ceil(($time - $_now) / (60 * 60 * 24));
}
$this->createNamespace($r0->get("USR"), $r0->get("NAME"), $r0->get("AREA"), $r0->get("AREA_SUB"), $r0->get("POSITION"));
if ($r0->get("DEF")) {
if ($_SESSION["EXP"]) {
req()->context = $_SESSION["CTX"] = "vfs";
} else {
if (isset($_SESSION["context"][$r0->get("DEF")])) {
req()->context = $_SESSION["CTX"] = $r0->get("DEF");
}
}
}
session_regenerate_id();
$Qa = "OK";
}
return $Qa;
}
function sync_user()
{
$rb_mod_list = !($this->users_opt & 524288) && ($is_mod = q_singleval("SELECT id FROM phpgw_fud_mod WHERE user_id={$this->id}")) && q_singleval("SELECT alias FROM phpgw_fud_users WHERE id={$this->id}") == $this->alias;
q("UPDATE phpgw_fud_users SET " . $passwd . "\n\t\t\ticq=" . in($this->icq) . ",\n\t\t\taim=" . ssn(urlencode($this->aim)) . ",\n\t\t\tyahoo=" . ssn(urlencode($this->yahoo)) . ",\n\t\t\tmsnm=" . ssn(urlencode($this->msnm)) . ",\n\t\t\tjabber=" . ssn(htmlspecialchars($this->jabber)) . ",\n\t\t\taffero=" . ssn(urlencode($this->affero)) . ",\n\t\t\tposts_ppg='" . iz($this->posts_ppg) . "',\n\t\t\ttime_zone='" . addslashes($this->time_zone) . "',\n\t\t\tbday=" . iz($this->bday) . ",\n\t\t\tuser_image=" . ssn(htmlspecialchars($this->user_image)) . ",\n\t\t\tlocation=" . ssn(htmlspecialchars($this->location)) . ",\n\t\t\toccupation=" . ssn(htmlspecialchars($this->occupation)) . ",\n\t\t\tinterests=" . ssn(htmlspecialchars($this->interests)) . ",\n\t\t\tavatar=" . iz($this->avatar) . ",\n\t\t\ttheme=" . iz($this->theme) . ",\n\t\t\tavatar_loc=" . ssn($this->avatar_loc) . ",\n\t\t\tsig=" . ssn($this->sig) . ",\n\t\t\thome_page=" . ssn(htmlspecialchars($this->home_page)) . ",\n\t\t\tbio=" . ssn($this->bio) . ",\n\t\t\tusers_opt=" . $this->users_opt . "\n\t\tWHERE id=" . $this->id);
if ($rb_mod_list) {
rebuildmodlist();
}
}
$p = strpos(REQUEST_URI, "?");
$q = $p > 0 ? substr(REQUEST_URI, 0, $p) : REQUEST_URI;
$u = trim($q, FILE_SEPARATOR);
if (!empty($u)) {
if (substr($q, -1) == FILE_SEPARATOR || strpos($u, FILE_SEPARATOR) === false) {
$u .= "/HEAD";
}
$p = strrpos($u, FILE_SEPARATOR);
$methodName = substr($u, $p + 1);
$className = substr($u, 0, $p);
}
$req = req();
$chk = $req->ajax() ? false : REQUEST_METHOD == "POST";
$inc = false;
try {
ssn()->initialize();
if (isset($_SESSION["EXP"]) && $_SESSION["EXP"] === true) {
$req->context = $_SESSION["CTX"];
} else {
if (empty($req->context)) {
$req->context = isset($_SESSION["CTX"]) ? $_SESSION["CTX"] : "vfs";
} else {
if (!ctype_alnum($req->context)) {
throw new Exception($inf->resourceNotFound($req->context));
}
}
}
$serv = Service::get($className, $methodName);
if (!$serv->noted($inf->service) && !$serv->noted($inf->secure_service)) {
throw new Exception($inf->resourceNotFound($className));
}