function login_handle_login($save_session = true) { session_set_cookie_params(2592000); // 1 month session_name(SESSION_NAME); if (empty($_REQUEST["iframe"]) and empty($_REQUEST["export"]) and empty($_REQUEST["import"]) and !isset($_REQUEST["plain"]) and $save_session) { session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_write", "_login_session_destroy", "_login_session_none"); register_shutdown_function("session_write_close"); } else { session_set_save_handler("_login_session_none", "_login_session_none", "_login_session_read", "_login_session_none", "_login_session_none", "_login_session_none"); } session_start(); header("Cache-Control: private, max-age=1, must-revalidate"); header("Pragma: private"); if (!empty($_COOKIE[SESSION_NAME]) and empty($_SESSION)) { session_regenerate_id(); } if (!empty($_SESSION["timezone"])) { date_default_timezone_set($_SESSION["timezone"]); } if (file_exists(SIMPLE_STORE . "/maintenance.lck")) { $maintenance = true; } else { $maintenance = false; } if (!DISABLE_BASIC_AUTH and empty($_SESSION["username"]) and !empty($_SERVER["PHP_AUTH_USER"]) and !empty($_SERVER["PHP_AUTH_PW"])) { $_REQUEST["username"] = modify::strip_ntdomain($_SERVER["PHP_AUTH_USER"]); $_REQUEST["password"] = $_SERVER["PHP_AUTH_PW"]; } $ip = _login_get_remoteaddr(); if (!empty($_REQUEST["username"]) and !empty($_REQUEST["password"]) and (!$maintenance or sys_is_super_admin($_REQUEST["username"]))) { if (!isset($_COOKIE[SESSION_NAME]) and !empty($_REQUEST["loginform"])) { sys_die('{t}Please activate cookies.{/t} <a href="index.php?logout">{t}Back{/t}</a>'); } $file = SIMPLE_CACHE . "/ip/" . str_replace(array(".", ":"), "-", $ip); if (file_exists($file . "_3") and $trials = file_get_contents($file . "_3") and strlen($trials) > 3 and filemtime($file . "_3") > time() - 900) { $_REQUEST["logout"] = true; sys_alert("{t}Too many wrong logins. Please wait 15 minutes.{/t}"); } else { if (login::validate_login($_REQUEST["username"], $_REQUEST["password"])) { login::process_login($_REQUEST["username"], $_REQUEST["password"]); } else { touch($file, time() + 3); $_REQUEST["logout"] = true; if (file_exists($file . "_3") and filemtime($file . "_3") < time() - 1800) { unlink($file . "_3"); } sys_file_append($file . "_3", "1"); sys_log_stat("wrong_login", 1); } } } if (!isset($_REQUEST["logout"]) and empty($_SESSION["username"]) and SETUP_AUTH == "htaccess" and !empty($_SERVER["REMOTE_USER"])) { $_SERVER["REMOTE_USER"] = modify::strip_ntdomain($_SERVER["REMOTE_USER"]); if (login::validate_login($_SERVER["REMOTE_USER"], "")) { login::process_login($_SERVER["REMOTE_USER"]); } } if ($maintenance and (empty($_SESSION["username"]) or !sys_is_super_admin($_SESSION["username"]))) { $_REQUEST["logout"] = true; sys_alert("{t}Maintenance mode{/t}: {t}Active{/t}."); } if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS) { login_anonymous_session(); } if (empty($_SESSION["username"]) and ENABLE_ANONYMOUS_CMS and MAIN_SCRIPT == "download.php") { login_anonymous_session(); } if (isset($_REQUEST["logout"]) or empty($_SESSION["username"]) and !ENABLE_ANONYMOUS or isset($_SESSION["ip"]) and $_SESSION["ip"] != $ip and $ip != $_SERVER["SERVER_ADDR"]) { login::show_login(); } }
static function validate_login_ntlm($username, $password) { if (!function_exists("java_get_base")) { require "lib/java/java.php"; } if (!function_exists("java_require")) { sys_log_message_alert("login", sprintf("{t}%s is not compiled / loaded into PHP.{/t}", "PHP/Java Bridge")); return false; } java_require("jcifs-1.3.8_tb.jar"); $conf = new JavaClass("jcifs.Config"); $conf->setProperty("jcifs.smb.client.responseTimeout", "5000"); $conf->setProperty("jcifs.resolveOrder", "LMHOSTS,DNS"); $conf->setProperty("jcifs.smb.client.soTimeout", "10000"); $conf->setProperty("jcifs.smb.lmCompatibility", "0"); $conf->setProperty("jcifs.smb.client.useExtendedSecurity", false); $auth = sys_get_header("Authorization"); $session = new JavaClass("jcifs.smb.SmbSession"); $result = new Java("jcifs.smb.NtlmPasswordAuthentication", "", $username, $password); $username = $result->getUsername(); if (SETUP_AUTH_NTLM_SHARE) { $w = new Java("jcifs.smb.SmbFile", SETUP_AUTH_NTLM_SHARE, $result); $message = $w->canListFiles(); if ($message == "Invalid access to memory location.") { header("Location: index.php"); exit; } } else { $message = $session->logon(SETUP_AUTH_HOSTNAME_NTLM, $result); } if ($message != "" or $username == "") { sys_log_message_alert("login", sprintf("{t}Login failed from %s.{/t} (ntlm) ({t}Username{/t}: %s, %s)", _login_get_remoteaddr(), $username, $message)); return false; } $_SERVER["REMOTE_USER"] = modify::strip_ntdomain($username); if (empty($_REQUEST["folder"])) { $_REQUEST["redirect"] = 1; } return true; }