function getSIPAKALPermissions($myFile) { //Tratar el __FILE__, eliminar el directorio $vUno = substr_count($myFile, "/"); $vDos = substr_count($myFile, "\\"); $notes = ""; $pUSRID = isset($_SESSION["SN_b80bb7740288fda1f201890375a60c8f"]) ? $_SESSION["SN_b80bb7740288fda1f201890375a60c8f"] : 0; $pUSRNivel = isset($_SESSION["SN_d567c9b2d95fbc0a51e94d665abe9da3"]) ? $_SESSION["SN_d567c9b2d95fbc0a51e94d665abe9da3"] : 0; $pUSRPWD = isset($_SESSION["SN_0d35c1f17675a8a2bf3caaacd59a65de"]) ? $_SESSION["SN_0d35c1f17675a8a2bf3caaacd59a65de"] : ""; $mUSR = isset($_SESSION["SN_0a744893951e0d1706ff74a7afccf561"]) ? $_SESSION["SN_0a744893951e0d1706ff74a7afccf561"] : ""; // //obtener variables por CONTEXT if (isset($_REQUEST)) { if (isset($_REQUEST["ctx"])) { $ctx = md5($_REQUEST["ctx"]); $sql = "SELECT\t`t_03f996214fba4a1d05a68b18fece8e71`.*\r\n\t\t\tFROM `t_03f996214fba4a1d05a68b18fece8e71` WHERE \r\n\t\t\t(MD5(MD5(CONCAT(MD5(`t_03f996214fba4a1d05a68b18fece8e71`.`idusuarios`) , '|', MD5(`t_03f996214fba4a1d05a68b18fece8e71`.`f_34023acbff254d34664f94c3e08d836e`)))) = '{$ctx}') \r\n\t\t\tOR\r\n\t\t\t(MD5(MD5(CONCAT(MD5(`t_03f996214fba4a1d05a68b18fece8e71`.`f_28fb96d57b21090705cfdf8bc3445d2a`) , '|', MD5(`t_03f996214fba4a1d05a68b18fece8e71`.`f_34023acbff254d34664f94c3e08d836e`)))) = '{$ctx}')\r\n\t\t\tLIMIT 0,1 "; //$notes = $sql; $xMQL = new MQL(); $data = $xMQL->getDataRecord($sql); foreach ($data as $rows) { $pUSRID = $rows["idusuarios"]; $pUSRNivel = $rows["f_f2cd801e90b78ef4dc673a4659c1482d"]; $pUSRPWD = $rows["f_34023acbff254d34664f94c3e08d836e"]; $mUSR = $rows["f_28fb96d57b21090705cfdf8bc3445d2a"]; $_SESSION["SN_b80bb7740288fda1f201890375a60c8f"] = $pUSRID; $_SESSION["SN_d567c9b2d95fbc0a51e94d665abe9da3"] = $pUSRNivel; $_SESSION["SN_0d35c1f17675a8a2bf3caaacd59a65de"] = $pUSRPWD; $_SESSION["SN_0a744893951e0d1706ff74a7afccf561"] = $mUSR; } // } } $PUBLICSVC = array("personas.svc.php" => true, "personas.actividades.economicas.php" => true, "listanegra.svc.php" => true, "equivalente.moneda.svc.php" => true, "cantidad_en_letras.php" => true); //servicios publicos $PFile = ""; $myPermission = false; if ($vUno >= 1) { $DCFile = explode("/", $myFile); $elems = count($DCFile) - 1; if ($elems >= 0) { $PFile = $DCFile[$elems]; } } else { $DCFile = explode("\\", $myFile); $elems = count($DCFile) - 1; if ($elems >= 0) { $PFile = $DCFile[$elems]; } } if (isset($PUBLICSVC[$PFile])) { $myPermission = true; //setLog("Acceso Publico al Servicio $PFile"); } else { $tmpPWD = $mUSR != "" ? goLogged("contrasenna", $mUSR) : md5(session_id()); if ($tmpPWD != $pUSRPWD) { $myPermission = false; //salvar el error saveError(98, session_id(), "NO HA DEFINIDO UNA SESSION PARA EL ARCHIVO {$myFile} {$notes}"); //salir si no esta definida la session session_unset(); // Finalmente, destruye la sesión session_destroy(); header("location:inicio.php"); exit; } $myPermission = false; //checar si la variable esta inicializada //si no enviar un unsetsession if (isset($pUSRNivel) and $pUSRNivel > 0) { $sqlRULES = "SELECT COUNT(idgeneral_menu) AS 'items', menu_rules FROM general_menu\r\n\t\t\t\t\t\tWHERE menu_file LIKE '%{$PFile}'\r\n\t\t\t\t\t\tAND (FIND_IN_SET('{$pUSRNivel}@rw', menu_rules)>0\r\n\t\t\t\t\t\tOR FIND_IN_SET('{$pUSRNivel}@ro', menu_rules)>0)\r\n\t\t\t\t\t\t\r\n\t\t\t\t\t\t/*LIMIT 0,1*/ "; //setLog($sqlRULES); $cnxT = mysql_connect(WORK_HOST, USR_PERMISSIONS, PWD_PERMISSIONS); $dbT = mysql_select_db(MY_DB_IN, $cnxT); $rsRULES = mysql_query($sqlRULES, $cnxT); if (!isset($rsRULES)) { saveError(98, $_SESSION["SN_b80bb7740288fda1f201890375a60c8f"], mysql_error($cnxT)); } $aRULES = mysql_fetch_array($rsRULES); /** * Verifica la autenticacion * busca la pocision del permiso * // **/ $mos = strtoupper(substr(PHP_OS, 0, 3)); $myFile = str_replace("/", "|", $myFile); $myFile = str_replace("\\", "|", $myFile); $dFile = explode("|", $myFile); $idfile = sizeof($dFile) - 1; $myFile = $dFile[$idfile - 1] . "/" . $dFile[$idfile]; //DIRECTORY_SEPARATOR if ($aRULES["items"] == 0) { $sqlA = "INSERT INTO `general_menu` (`menu_title`, `menu_file`) VALUES ('{$PFile}', '{$myFile}')"; @mysql_query($sqlA, $cnxT); } if (!isset($aRULES["menu_rules"]) or empty($aRULES["menu_rules"]) or $aRULES["menu_rules"] == "") { //saveError(97, $_SESSION["SN_b80bb7740288fda1f201890375a60c8f"], $sqlRULES); saveError(999, $_SESSION["SN_b80bb7740288fda1f201890375a60c8f"], "Acceso no permitido a :" . addslashes($myFile) . " {$notes}"); $myPermission = false; } else { $ARls = explode(",", $aRULES["menu_rules"]); if (in_array("{$pUSRNivel}@rw", $ARls)) { $myPermission = "ReadWrite"; } else { $myPermission = "ReadOnly"; } } @mysql_free_result($rsRULES); @mysql_close($cnxT); unset($rsRULES); unset($cnxT); unset($dbT); } else { $myPermission = false; //salvar el error saveError(98, session_id(), "NO HA DEFINIDO UNA SESSION PARA EL ARCHIVO {$myFile} {$notes}\r\n"); //salir si no esta definida la session session_unset(); // Finalmente, destruye la sesión session_destroy(); header("location:inicio.php"); exit; } } return $myPermission; }
header("location:inicio.php"); exit; } $cUser = goLogged("nombreusuario", $iUser); if (!$cUser) { saveError(98, session_id(), "{$iUser} - Usuario sin Definir"); session_unset(); // Finalmente, destruye la sesión session_destroy(); header("location:inicio.php"); exit; } $cPwd = goLogged("contrasenna", $iUser); $nivel = goLogged("niveldeacceso", $iUser); $ciduser = goLogged("idusuarios", $iUser); $expira = goLogged("expira", $iUser); if (FORCE_PASSWORD_EXPIRE == true) { if (strtotime(date("Y-m-d")) > strtotime($expira)) { saveError(10, session_id(), "El Usuario {$iUser} NO Inicio Sesion pues su contrasenna Expiro en {$expira}"); session_unset(); header("location:inicio.php"); } } if (FORCE_SESSION_LOCKED == true and $iUser != TASK_USR) { /** * verificar si el usuario esta conectado * verificar si el usuario ya tiene ID */ if (getStatusConnected($ciduser) == true) { saveError(98, session_id(), "El Usuario {$iUser} esta Conectado en otra Terminal"); session_unset();