public static function page_protect()
{
$Session = new SecureSession();
if (Session::available('user_id') and Session::available('user_level')) {
if ($Session->AnalyseFingerPrint($Analysis) !== true) {
return false;
}
return true;
}
return false;
}
function menu_principal()
{
session_start();
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 3;
$ss->regenerate_id = true;
if (!$ss->Check() || !isset($_SESSION['logedinnimbus']) || !$_SESSION['logedinnimbus']) {
$this->login();
} else {
if (isset($_SESSION['usuario']) && $_SESSION['usuario'] != "") {
$datos_menu = $this->main_model->get_menu($_SESSION['usuario']);
$datos_perfil = $this->main_model->get_profile($_SESSION['usuario']);
$city_profile = $this->main_model->get_city_assignment($_SESSION['usuario']);
$category_profile = $this->main_model->get_category_assignment($_SESSION['usuario']);
$aux = ['area_id', 'faculty_id', 'program_id', 'course_id'];
foreach ($datos_perfil as $key => $value) {
foreach ($value as $k => $v) {
if (in_array($k, $aux)) {
$_SESSION[$k][$key] = $v;
} else {
$_SESSION[$k] = $v;
}
}
}
$_SESSION['city'] = $city_profile;
$_SESSION['category'] = $category_profile;
$this->load->view('principal', $datos_menu);
} else {
$this->login();
}
}
}
if (count($domain_parts) == 3 && $domain_parts[0] != "www") {
// make sure a subdomain is called
$user = $domain_parts[0];
$user1 = $domain_parts[1];
}
} else {
$user = "******";
}
require "includes/secure_session.php";
if (substr_count($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip')) {
ob_start("ob_gzhandler");
} else {
ob_start();
}
session_start();
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_aJyeiuLioRhjlP';
$ss->regenerate_id = true;
$debugMode = "off";
// Turn this on for debugging displays. But is not fully functional yet.
$separator = "#~#";
// Separator used between fields when the entry files are created.
$config = array();
$authors = array();
$authorsPass = array();
$authorsEmail = array();
$authorsActCode = array();
$authorsActStatus = array();
$tags = array();
/**
* Performs user sign-in by user name and password hash.
*
* @access public
* @param string $un The user name
* @param string $pw_hash The password hash
* @since 3.0
*
*/
function login($un, $pw_hash)
{
global $_SESSION, $_POST, $SANITIZER, $SecureSession, $CONFIG;
$PL_PW = $CONFIG->secure_login_password;
$str_error = '';
// init
$_POST["remember_me"] = 1;
$remember_me = true;
$sql = "\n\t\t\t\t\t\tSELECT u.id, u.un, u.firstname, u.lastname, u.email, u.web, u.bio\n\t\t\t\t\t\t, GROUP_CONCAT(un.notice_fid ORDER BY un.notice_fid ASC SEPARATOR '|') AS u_notices\n\t\t\t\t\t\tFROM users AS u\n\t\t\t\t\t\tLEFT OUTER JOIN user_notices AS un ON un.user_fid = u.id\n\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\tAND u.deleted IS NULL\n\t\t\t\t\t\tGROUP BY un.user_fid\n\t\t\t\t\t\tLIMIT 0, 1\n\t\t\t\t\t ";
if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
// echo $sql;
}
$result = mysql_query($sql);
$record_count = 0;
if ($result) {
$record_count = MySQL_NUM_ROWS($result);
}
if ($record_count == 1) {
$u_id = mysql_result($result, 0, "u.id");
//ZUser::get($u_id);
$ss = new SecureSession();
$ss->check_browser = true;
$ss->check_ip_blocks = 2;
$ss->secure_word = 'SALT_';
$ss->regenerate_id = true;
$ss->Open();
$_SESSION['logged_in'] = true;
/** Generate a secure user id **/
$_SESSION['u'] = md5($_SESSION['ss_fprint'] . $u_id);
$_SESSION['u_temp'] = $u_id;
$u_un = mysql_result($result, 0, "u.un");
$u_email = mysql_result($result, 0, "u.email");
$u_firstname = mysql_result($result, 0, "u.firstname");
$u_lastname = mysql_result($result, 0, "u.lastname");
$u_web = mysql_result($result, 0, "u.web");
$u_bio = mysql_result($result, 0, "u.bio");
$_SESSION['u_un'] = $u_un;
$_SESSION['u_email'] = $u_email;
if (trim($u_lastname) != "") {
$_SESSION['u_name'] = trim($u_firstname . " " . $u_lastname);
} else {
$_SESSION['u_name'] = trim($u_firstname);
}
$_SESSION['u_web'] = trim($u_web);
$_SESSION['u_bio'] = trim($u_bio);
$u_notices = mysql_result($result, 0, "u_notices");
$u_notices = explode("|", $u_notices);
if (array_search("1", $u_notices) !== false) {
$_SESSION["u_notice_1"] = "checked";
} else {
$_SESSION["u_notice_1"] = "";
}
if (array_search("2", $u_notices) !== false) {
$_SESSION["u_notice_2"] = "checked";
} else {
$_SESSION["u_notice_2"] = "";
}
/** Get user data **/
ZUser::query_user("", $_SESSION['u_temp']);
ZUser::set();
/** Save Session ID if 'Remember Me' activated **/
if (isset($_POST["remember_me"])) {
$pl = MD5($u_id . $PL_PW);
$pl_ssid = md5(uniqid(rand(), true));
@setcookie("pl", $pl, time() + 3600 * 24 * 14, "/");
/* expire in 2 weeks */
@setcookie("pl_ssid", $pl_ssid, time() + 3600 * 24 * 14, "/");
/* expire in 2 weeks */
} else {
$this_session_id = "";
@setcookie("pl", "", time() - 3600);
/* delete cookie */
@setcookie("pl_ssid", "", time() - 3600);
/* delete cookie */
}
/** Save new Persistent Login Session ID **/
$sql = "\n\t\t\t\t\t\t\tUPDATE users AS u\n\t\t\t\t\t\t\tSET u.session_id = '{$pl_ssid}'\n\t\t\t\t\t\t\tWHERE u.un = '{$un}'\n\t\t\t\t\t\t\tAND u.pw = '{$pw_hash}'\n\t\t\t\t\t\t ";
if ($_SERVER["REMOTE_ADDR"] == @$CONFIG->debug_ip) {
//echo $sql;
}
$result2 = mysql_query($sql);
//@header('Location: index.php');
//die();
} else {
@session_destroy();
$str_error .= JText::_('Username and password do not match.') . '<br />';
}
return $str_error;
}
