$html = str_replace("<!--function_ticket-->", To::BoolString(empty($_GET["nct"])), $html); $html = str_replace("<!--function_chat-->", To::BoolString(empty($_GET["hfc"])), $html); $html = str_replace("<!--function_knowledgebase-->", To::BoolString(empty($_GET["hfk"]) && !empty(Server::$Configuration->File["gl_knba"])), $html); $html = str_replace("<!--hide_group_select_chat-->", To::BoolString(Communication::GetParameter("hcgs", 0, $nu, FILTER_VALIDATE_INT) == "1" || !empty($_GET[GET_EXTERN_DYNAMIC_GROUP])), $html); $html = str_replace("<!--hide_group_select_ticket-->", To::BoolString(Communication::GetParameter("htgs", 0, $nu, FILTER_VALIDATE_INT) == "1"), $html); $html = str_replace("<!--require_group_selection-->", To::BoolString(Communication::GetParameter("rgs", 0, $nu, FILTER_VALIDATE_INT) == "1"), $html); $html = str_replace("<!--offline_message_pop-->", To::BoolString(!empty(Server::$Configuration->File["gl_om_pop_up"]) || empty(Server::$Configuration->File["gl_om_mode"])), $html); $html = str_replace("<!--dynamic_group-->", !empty(VisitorChat::$DynamicGroup) ? base64_encode(Server::$Groups[VisitorChat::$DynamicGroup]->Descriptions["EN"]) : "", $html); } else { if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame_lgin") { $html = IOStruct::GetFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl"); $html = isset(Server::$Configuration->File["gl_site_name"]) ? str_replace("<!--config_name-->", Server::$Configuration->File["gl_site_name"], $html) : str_replace("<!--config_name-->", "LiveZilla", $html); $html = getChatLoginInputs($html, MAX_INPUT_LENGTH); $html = str_replace("<!--alert-->", getAlertTemplate(), $html); $html = str_replace("<!--com_chats-->", getChatVoucherTemplate(), $html); $html = str_replace("<!--ssl_secured-->", Communication::GetScheme() == SCHEME_HTTP_SECURE && !empty(Server::$Configuration->File["gl_sssl"]) ? "" : "display:none;", $html); $html = str_replace("<!--bgc-->", $color = Communication::ReadParameter("epc", "#73be28"), $html); $html = str_replace("<!--color-->", Colors::TransformHEX($color, 30), $html); } else { if ($_GET[GET_EXTERN_TEMPLATE] == "lz_chat_frame_chat") { $html = IOStruct::GetFile(PATH_FRAMES . $_GET[GET_EXTERN_TEMPLATE] . ".tpl"); $html = str_replace("<!--alert-->", getAlertTemplate(), $html); $tlanguages = ""; if (strlen(Server::$Configuration->File["gl_otrs"]) > 1) { $mylang = LocalizationManager::GetBrowserLocalization(); $tlanguages = getLanguageSelects(LocalizationManager::GetBrowserLocalization()); } $html = str_replace("<!--languages-->", $tlanguages, $html); Server::InitDataBlock(array("GROUPS")); $groupid = $_POST["intgroup"]; if (!empty($groupid) && isset(Server::$Groups[$groupid])) {
define("IN_LIVEZILLA", true); if (!defined("LIVEZILLA_PATH")) { define("LIVEZILLA_PATH", "./"); } header("Content-Type: text/html; charset=UTF-8"); require LIVEZILLA_PATH . "_definitions/definitions.inc.php"; require LIVEZILLA_PATH . "_definitions/definitions.protocol.inc.php"; require LIVEZILLA_PATH . "_lib/functions.global.inc.php"; require LIVEZILLA_PATH . "_definitions/definitions.dynamic.inc.php"; require LIVEZILLA_PATH . "_lib/functions.index.inc.php"; CacheManager::Flush(); LocalizationManager::AutoLoad(); @set_error_handler("handleError"); Server::InitDataProvider(); Server::DefineURL("index.php"); $scheme = Communication::GetScheme(); $html = IOStruct::GetFile(TEMPLATE_HTML_INDEX); $errorbox = null; $errors['write'] = getFolderPermissions(); $errors['php_version'] = getPhpVersion(); $errors['mysql'] = getMySQL(); $errors['disabled'] = getDisabledFunctions(); if (!empty($errors['write']) || !empty($errors['php_version']) || !empty($errors['mysql']) || !empty($errors['disabled'])) { $errorbox = IOStruct::GetFile(TEMPLATE_HTML_INDEX_ERRORS); $errorbox = str_replace("<!--write_access-->", $errors['write'], $errorbox); if (strlen($errors['write']) > 0 && !empty($errors['php_version'])) { $errors['php_version'] = "<br><br>" . $errors['php_version']; } if ((strlen($errors['write']) > 0 || !empty($errors['php_version'])) && !empty($errors['mysql'])) { $errors['mysql'] = "<br><br>" . $errors['mysql']; }
static function DefineURL($_file) { if (!empty($_SERVER['REQUEST_URI']) && !empty(Server::$Configuration->File["gl_root"])) { $parts = parse_url($_SERVER['REQUEST_URI']); $host = Server::$Configuration->File["gl_host"]; $path = @$parts["path"]; } else { $host = @$_SERVER["HTTP_HOST"]; $path = $_SERVER["PHP_SELF"]; } if (!empty($path) && !endsWith(strtolower($path), strtolower($_file)) && strpos(strtolower($path), strtolower($_file)) !== false) { exit("err 888383"); } define("LIVEZILLA_DOMAIN", Communication::GetScheme() . $host); define("LIVEZILLA_URL", LIVEZILLA_DOMAIN . str_replace($_file, "", htmlentities($path, ENT_QUOTES, "UTF-8"))); }
static function Validate($_basic = false) { if (!empty(Server::$Configuration->File["gl_rhts"]) && Communication::GetScheme() != SCHEME_HTTP_SECURE) { define("AUTH_RESULT", LOGIN_REPLY_HTTPS); } else { if (DB_CONNECTION || SERVERSETUP) { if (!empty($_POST[POST_INTERN_AUTHENTICATION_USER])) { foreach (Server::$Operators as $sysId => $operator) { if (strtolower($operator->UserId) == strtolower($_POST[POST_INTERN_AUTHENTICATION_USER])) { if (!$operator->IsBot && $operator->ValidateLoginAttempt()) { if (!empty(CacheManager::$ActiveManager)) { $operator->LoadUnCacheables(); } if ($operator->ValidateLoginAuthentication()) { define("CALLER_SYSTEM_ID", $sysId); if ($_basic) { define("VALIDATED", true); return; } if (!empty($_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID])) { if (empty($_POST["p_db_no_req"]) && !DB_CONNECTION) { define("AUTH_RESULT", LOGIN_REPLY_DB); break; } if (!LOGIN && !SERVERSETUP) { if ($operator->Deactivated) { define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED); break; } if (!$operator->ClientWeb && $operator->LastActive < time() - Server::$Configuration->File["timeout_clients"] && $_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID] == $operator->ClientSystemId) { define("AUTH_RESULT", LOGIN_REPLY_SESSION_TIMEOUT); break; } if ($operator->SignOffRequest || !empty($_POST["p_app_device_id"]) && $operator->AppDeviceId != "LOGIN" && $operator->AppDeviceId != $_POST["p_app_device_id"]) { $operator->SignOff(false); define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST); break; } if (!empty($operator->ClientSystemId) && !empty($_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID]) && $_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID] != $operator->ClientSystemId) { define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION); break; } } else { if (LOGIN && !SERVERSETUP) { $operator->AppClient = !empty($_POST["p_app"]); $operator->ClientWeb = !empty($_POST["p_web"]); if ($operator->ClientWeb) { UserGroup::RemoveFromAllDynamicGroups($sysId); } if (($operator->AppClient || $operator->ClientWeb) && $operator->GetPermission(45, PERMISSION_FULL) == PERMISSION_NONE) { define("AUTH_RESULT", LOGIN_REPLY_NO_MOBILE_ACCESS); break; } else { if ($operator->Deactivated) { define("AUTH_RESULT", LOGIN_REPLY_ACCOUNT_DEACTIVATED); break; } else { if ($operator->SignOffRequest) { $operator->SignOff(false); define("AUTH_RESULT", LOGIN_REPLY_SIGN_OFF_REQUEST); break; } else { if (empty($_POST[POST_INTERN_IGNORE_SIGNED_ON]) && $operator->LastActive > time() - Server::$Configuration->File["timeout_clients"] && !empty($operator->ClientSystemId) && $_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID] != $operator->ClientSystemId) { define("AUTH_RESULT", LOGIN_REPLY_ALREADY_ONLINE); break; } else { if ($operator->PasswordChangeRequest && empty($_POST[POST_INTERN_NEW_PASSWORD])) { define("AUTH_RESULT", LOGIN_REPLY_CHANGE_PASS); break; } } } } } } else { if (SERVERSETUP && $operator->Level != USER_LEVEL_ADMIN) { if (!(in_array(Server::$Configuration->File["gl_host"], $operator->WebsitesUsers) && !empty($_POST[POST_INTERN_GET_MANAGEMENT])) && !(in_array(Server::$Configuration->File["gl_host"], $operator->WebsitesConfig) && empty($_POST[POST_INTERN_GET_MANAGEMENT]))) { define("AUTH_RESULT", LOGIN_REPLY_NOADMIN); break; } } } } define("VALIDATED", true); if (isset($_POST[POST_INTERN_NEW_PASSWORD])) { $operator->ChangePassword($_POST[POST_INTERN_NEW_PASSWORD]); Server::$Response->Authentications = "<val userid=\"" . base64_encode(CALLER_SYSTEM_ID) . "\" />\r\n"; } if (Is::Defined("VALIDATED_FULL_LOGIN") && Is::Defined("LOGIN") && !Is::Defined("SERVERSETUP") && !Is::Defined("MANAGEMENT")) { $operator->ValidateUpdateSession(getId(32), $_POST[POST_INTERN_AUTHENTICATION_CLIENT_SYSTEM_ID]); } else { if (LOGOFF) { $operator->ValidateUpdateSession("", ""); } } define("AUTH_RESULT", LOGIN_REPLY_SUCCEEDED); break; } } else { $operator->DeleteLoginAttempts(); if (!empty($_POST[POST_INTERN_AUTHENTICATION_PASSWORD])) { $operator->SaveLoginAttempt(md5($_POST[POST_INTERN_AUTHENTICATION_PASSWORD])); } break; } } } } } } else { define("AUTH_RESULT", LOGIN_REPLY_DB); } } if (OperatorRequest::IsValidated() && LOGIN) { Server::$Operators[CALLER_SYSTEM_ID]->IP = Communication::GetIP(); Server::$Operators[CALLER_SYSTEM_ID]->FirstActive = time(); Server::$Operators[CALLER_SYSTEM_ID]->VisitorFileSizes = array(); Server::$Operators[CALLER_SYSTEM_ID]->VisitorStaticReload = array(); $isex = !empty(Server::$Operators[CALLER_SYSTEM_ID]->Groups) && Server::$Groups[Server::$Operators[CALLER_SYSTEM_ID]->Groups[0]]->IsExternal; Server::$Response->Login = Server::$Operators[CALLER_SYSTEM_ID]->GetLoginReply($isex, SystemTime::GetTimeDifference($_POST[POST_INTERN_CLIENT_TIME])); } if (!defined("AUTH_RESULT")) { define("AUTH_RESULT", LOGIN_REPLY_BAD_COMBINATION); } }