function check_login_success($cgi_classname, $cgi_clientname, $cgi_password, $cgi_key) { global $gbl, $sgbl, $login, $ghtml; if ($cgi_password) { if (check_raw_password($cgi_classname, $cgi_clientname, $cgi_password)) { return true; } else { log_log("error", "Failed Login attempt to {$cgi_clientname} from " . $_SERVER['REMOTE_ADDR']); $ghtml->print_redirect("/login/?frm_emessage=login_error"); return false; } } return false; if ($cgi_key) { $list = lscandir_without_dot_or_underscore("../etc/publickey"); openssl_private_encrypt("string", $encstring, $cgi_key); foreach ($list as $k) { $publickey = lfile_get_contents("../etc/publickey/{$k}"); openssl_public_decrypt($encstring, $rstring, $publickey); if ($rstring === 'string') { return true; } } $ghtml->print_redirect("/login/?frm_emessage=login_error_key"); return false; } return false; }
function webcommandline_main() { global $gbl, $sgbl, $login, $ghtml; global $argv; ob_start(); $opt = $_REQUEST; if ($opt['login-class'] !== 'client' && $opt['login-class'] !== 'auxiliary') { json_print("error", $opt, "__error_only_clients_and_auxiliary_allowed_to_login"); log_log("web_command", "__error_only_clients_and_auxiliary_allowed_to_login"); exit; } log_log("web_command", var_export($opt, true)); //initProgram('admin'); if (!check_raw_password($opt['login-class'], $opt['login-name'], $opt['login-password'])) { json_print("error", $opt, "_error_login_error"); log_log("web_command", "__error_login_error"); exit; } if (check_disable_admin($opt['login-name'])) { json_print("error", $opt, "_error_login_error"); log_log("web_command", "__error_admin_is_disabled"); exit; } $classname = $opt['login-class']; $lobject = new $classname(null, 'localhost', $opt['login-name']); $lobject->get(); if ($lobject->dbaction === 'add') { json_print("error", $opt, "__error_login_error\n"); log_log("web_command", "__error_login_error"); exit; } if ($classname === 'auxiliary') { $login = $lobject->getParentO(); $login->__auxiliary_object = $lobject; } else { $login = $lobject; } if ($opt['action'] === 'simplelist') { $must = array('action', 'resource'); } else { if ($opt['action'] === 'getproperty') { $must = array('action'); } else { $must = array('action', 'class'); } } $pk = array_keys($opt); foreach ($must as $m) { if (!array_search_bool($m, $pk)) { $string = implode("_", $must); json_print("error", $opt, "__error_need_{$string}\n"); log_log("web_command", "__error_need_{$string}"); exit; } } $func = "__cmd_desc_{$opt['action']}"; try { $list = $func($opt); } catch (exception $e) { while (@ob_end_clean()) { } json_print("error", $opt, "__error_{$e->getMessage()}"); log_log("web_command", "__error_{$e->getMessage()}"); exit; } if ($opt['action'] === 'simplelist') { json_print_result($opt, $list); } else { if ($opt['action'] === 'getproperty') { json_print_result($opt, $list); } else { $out = "__success_{$opt['action']}_successful_on_{$opt['class']}_{$opt['name']}"; json_print("success", $opt, $out); } } log_log("web_command", "__success_{$opt['action']}"); exit; }
<?php chdir("../../"); include_once "htmllib/lib/include.php"; if ($ghtml->frm_clientname !== 'admin') { print "__error_clientname_has_to_be_admin\n"; exit; } if (!check_raw_password('client', 'admin', $ghtml->frm_password)) { print "__error_wrong_password\n"; exit; } try { rl_exec_get(null, 'localhost', 'update_self', null); } catch (Exception $e) { print "__error_{$e->getMessage()}\n"; exit; } print "__success_upgrade\n";
function password_contact_check() { global $gbl, $sgbl, $login, $ghtml; if (!$login->isAdmin()) { return; } /* if ($sgbl->dbg > 0) { return; } */ if (csb($ghtml->frm_action, 'update') && $ghtml->frm_subaction === 'password') { return; } if (if_demo()) { return; } if (check_raw_password('client', 'admin', 'admin')) { print "<br> <br> <br> "; if (!isset($ghtml->__http_vars['frm_emessage'])) { $ghtml->__http_vars['frm_emessage'] = 'security_warning'; } $ghtml->print_message(); $gbl->frm_ev_list = "old_password_f"; do_updateform($login, 'password'); exit; } }
function check_login_success($cgi_classname, $cgi_clientname, $cgi_password, $cgi_key) { global $gbl, $sgbl, $login, $ghtml; if ($cgi_password) { if (check_raw_password($cgi_classname, $cgi_clientname, $cgi_password)) { return true; } else { log_log("error", "Failed Login attempt to {$cgi_clientname} from " . $_SERVER['REMOTE_ADDR']); $ghtml->print_redirect("/login/?frm_emessage=login_error"); return false; } } return false; }