/** Assumes op=login and login params have been provided if(strlen($HTTP_VARS['uid'])>0 && strlen($HTTP_VARS['passwd'])>0) returns: SITE_IS_DISABLED - if user is not admin and site is diabled FALSE - if login failure TRUE - if login successful Does not perform any redirects */ function perform_login($HTTP_VARS) { $HTTP_VARS['uid'] = strtolower($HTTP_VARS['uid']); // make lowercase if (is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd'])) { if (get_opendb_config_var('site', 'enable') !== FALSE || is_user_granted_permission(PERM_ADMIN_LOGIN)) { register_user_login($HTTP_VARS['uid'], $HTTP_VARS['remember'] == 'true'); opendb_logger(OPENDB_LOG_INFO, __FILE__, __FUNCTION__, 'User logged in', array($HTTP_VARS['uid'])); return TRUE; } else { opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User tried to log in while site is disabled', array($HTTP_VARS['uid'])); return "SITE_IS_DISABLED"; } } else { //if(is_user_active($HTTP_VARS['uid']) && validate_user_passwd($HTTP_VARS['uid'], $HTTP_VARS['passwd'])) opendb_logger(OPENDB_LOG_WARN, __FILE__, __FUNCTION__, 'User failed to login', array($HTTP_VARS['uid'])); return FALSE; } }
function get_admin_announcements_rs() { $announcements_rs = array(); $user_cnt = fetch_user_cnt(NULL, INCLUDE_ROLE_PERMISSIONS, EXCLUDE_CURRENT_USER, INCLUDE_ACTIVATE_USER); if ($user_cnt > 0) { $announcements_rs[] = array(heading => get_opendb_lang_var('activate_users'), message => get_opendb_lang_var('there_are_no_of_users_awaiting_activation', array('no_of_users' => $user_cnt)), link => "user_listing.php?restrict_active_ind=X", link_text => get_opendb_lang_var('activate_users')); } if (validate_user_passwd(get_opendb_session_var('user_id'), 'admin')) { $announcements_rs[] = array(heading => get_opendb_lang_var('change_admin_user_password'), message => get_opendb_lang_var('change_admin_user_password_msg'), link => "user_admin.php?op=change_password&user_id=" . get_opendb_session_var('user_id'), link_text => get_opendb_lang_var('change_my_password')); } if (fetch_user_email(get_opendb_session_var('user_id')) == '*****@*****.**') { $announcements_rs[] = array(heading => get_opendb_lang_var('change_admin_user_email'), message => get_opendb_lang_var('change_admin_user_email_msg'), link => "user_admin.php?op=edit&user_id=" . get_opendb_session_var('user_id'), link_text => get_opendb_lang_var('edit_my_info')); } if (!is_exists_any_item_type()) { $admin_type_r = get_system_admin_tools_menu('s_item_type'); $announcements_rs[] = array(heading => get_opendb_lang_var('no_item_types'), message => get_opendb_lang_var('add_new_item_type_msg'), link => "admin.php?type=s_item_type", link_text => $admin_type_r['link'] . ' Admin Tool'); } if (!is_exists_any_site_plugin()) { $admin_type_r = get_system_admin_tools_menu('s_site_plugin'); $announcements_rs[] = array(heading => get_opendb_lang_var('no_site_plugins'), message => get_opendb_lang_var('add_new_site_plugin_msg'), link => "admin.php?type=s_site_plugin", link_text => $admin_type_r['link'] . ' Admin Tool'); } return $announcements_rs; }
require_once "./include/begin.inc.php"; include_once "./lib/JsonRpcServer.class.php"; // TODO - enable a plugin layer include_once "./lib/jsonrpc/ItemSearch.class.php"; function request_http_basic_auth() { header('WWW-Authenticate: Basic realm="' . htmlspecialchars(get_opendb_title()) . '"'); header('HTTP/1.0 401 Unauthorized'); } if (is_site_enabled()) { if (!isset($_SERVER['PHP_AUTH_USER'])) { request_http_basic_auth(); } else { $userId = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; if (is_user_active($userId) && validate_user_passwd($userId, $password)) { $server = new JsonRpcServer(); // TODO - currently no role based permissions are being performed for these services. $server->registerClass(new ItemSearch()); $server->handle(); } else { request_http_basic_auth(); } } } else { header('HTTP/1.0 503 Service Unavailable'); echo "<h1>" . get_opendb_lang_var('site_is_disabled') . "</h1>"; echo get_opendb_lang_var('site_is_disabled'); } // Cleanup after begin.inc.php require_once "./include/end.inc.php";