/** * Locks page to non-authenticated browsers * */ public static function blockPageToVisitors() { openRailwayCore::dbConnect(); if (isset($_SESSION['session_id'])) { $result = openRailwayCore::dbQuery("SELECT `session_id` FROM " . SESSIONS_TABLE . " WHERE `session_id` = '" . $_SESSION['session_id'] . "'"); if (mysql_num_rows($result) == 0) { goto login; } } if (!isset($_SESSION['session_id'])) { login: openRailwayCore::pageHeader("Access not authorised"); $template = new Template(); $template->set_custom_template(FROOT . 'theme/' . STYLE, 'default'); if (isset($_GET['l']) && $_GET['l'] == 'fail') { $template->assign_block_vars('if_login_failed', array()); } if (isset($_GET['l']) && $_GET['l'] == "logout") { $template->assign_block_vars('if_logged_out', array()); } if (isset($_GET['l']) && $_GET['l'] == "flogout") { $template->assign_block_vars('if_force_logged_out', array()); } if (isset($_GET['l']) && $_GET['l'] == 'reauth') { $template->assign_block_vars('if_reauth', array()); } else { $template->assign_block_vars('if_not_reauth', array()); } $template->assign_var('ROOT', ROOT); $template->set_filenames(array('body' => 'login.html')); $template->display('body'); openRailwayCore::pageFooter(); die; } // Check to see if user agent has changed since login, if so log out if ($_SESSION['user_agent'] != $_SERVER['HTTP_USER_AGENT']) { $interaction = openRailwayCore::createInteractionIdentifier(); openRailwayCore::logEvent(time(), $interaction, $_SESSION['user_id'], 5, 1, "User agent (UID: " . $_SESSION['user_id'] . ") change detected"); Authentication::suspendUser($_SESSION['user_id'], $interaction, 1); } }
<?php include "config.php"; session_start(); openRailwayCore::initialisation(); openRailwayCore::dbConnect(); Authentication::blockPageToVisitors(); // Process login info section $ipAddr = $_SESSION['user_ip']; $loginTime = date('l jS F Y H:i:s T', $_SESSION['log_in_time']); use phpbrowscap\Browscap; $bc = new Browscap(FROOT . "cache"); // $browser = $bc->getBrowser(); COMMENTED OUT AS XAMPP DOES NOT SUPPORT openRailwayCore::pageHeader("Your dashboard"); $template = new Template(); $template->set_custom_template("theme/" . STYLE, 'default'); $template->assign_var('IP_ADDR', $ipAddr); $template->assign_var('LOGTIME', $loginTime); if (isset($browser['parent']) && isset($browser['platform'])) { $template->assign_var('BRWSR', $browser['parent'] . " on " . $browser['platform']); } $template->set_filenames(array('body' => 'home.html')); $template->display('body'); openRailwayCore::pageFooter();
$active_var = "LOG_ACT"; break; case "log_err": $title = "Security Logs"; $active_var = "LOG_ERR"; break; default: $title = "Statistics"; $active_var = "STATS"; break; } if (!isset($active_var)) { $active_var = "error"; } // Load layout openRailwayCore::pageHeader($title . " | Control Panel"); $template = new Template(); $template->set_custom_template("includes/", 'default'); $template->assign_var('ROOT', ROOT); $template->assign_var($active_var, "active"); $template->assign_var('MAIN_TITLE', $title); $template->set_filenames(array('layout' => 'layout.html')); $template->display('layout'); if (file_exists(strtolower($active_var) . ".php")) { include $active_var . ".php"; } else { $main = new Template(); $main->set_custom_template("includes/", 'default'); $main->assign_var('ROOT', ROOT); $main->set_filenames(array('main' => "error.html")); $main->display('main');
} Authentication::blockPageToVisitors(); break; case "logout": Authentication::logUserOut(); break; } } break; case "suspended": if (isset($_SESSION['user_id_suspended'])) { $sql = "SELECT * FROM `users` WHERE user_id = '" . $_SESSION['user_id_suspended'] . "'"; $result = openRailwayCore::dbQuery($sql); $user = mysql_fetch_assoc($result); if ($user['suspended'] == 1) { openRailwayCore::pageHeader("Account suspended"); $template = new Template(); $template->set_custom_template(FROOT . "theme/" . STYLE, 'default'); $template->set_filenames(array('body' => 'suspended.html')); $template->display('body'); openRailwayCore::pageFooter(); } else { header("Location: " . ROOT . "index.php"); } } else { header("Location: " . ROOT . "index.php"); } break; default: Authentication::blockPageToVisitors(); // If invalid mode, redirect to account