function loggedInOrRedirect()
{
startSession();
if (!isset($_SESSION['logged_in']) || $_SESSION['logged_in'] !== true) {
die(header('Location: login.php'));
}
}
function checkFormToken($tokenName, $formTokenValue){
startSession();
if ($formTokenValue != $_SESSION[$tokenName]){
exit('ERROR: invalid form token! Do not submit your form twice.');
}
unset($_SESSION[$tokenName]);
}
function logOut()
{
startSession();
$_SESSION['id'] = '';
$_SESSION['username'] = '';
session_destroy();
header("Location: index.php");
}
function saveSession($email, $usertype, $firstname, $lastname, $userid)
{
startSession();
$_SESSION['userid'] = $userid;
$_SESSION['firstname'] = $firstname;
$_SESSION['lastname'] = $lastname;
$_SESSION['email'] = $email;
$_SESSION['usertype'] = $usertype;
}
function loginAction()
{
$email = $_POST['email'];
$pass = $_POST['password'];
$remember = $_POST['rememberData'];
$result = login($email);
if ($result['message'] == 'OK') {
$key = pack('H*', "bcb04b7e103a05afe34763051cef08bc55abe029fdebae5e1d417e2ffb2a00a3");
$iv_size = mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_CBC);
$iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
# --- DECRYPTION ---
$ciphertext_dec = base64_decode($result['password']);
$iv_dec = substr($ciphertext_dec, 0, $iv_size);
$ciphertext_dec = substr($ciphertext_dec, $iv_size);
$plaintext_dec = mcrypt_decrypt(MCRYPT_RIJNDAEL_128, $key, $ciphertext_dec, MCRYPT_MODE_CBC, $iv_dec);
$count = 0;
$length = strlen($plaintext_dec);
for ($i = $length - 1; $i >= 0; $i--) {
if (ord($plaintext_dec[$i]) === 0) {
$count++;
}
}
$plaintext_dec = substr($plaintext_dec, 0, $length - $count);
if ($plaintext_dec === $pass) {
$response = array('fName' => $result['fName'], 'lName' => $result['lName']);
# Starting the sesion (At the server)
startSession($result['fName'], $result['lName'], $result['email']);
$inTwoMonths = 60 * 60 * 24 * 60 + time();
# Setting the cookies
if ($remember) {
setcookie("cookieUsername", $result['email'], $inTwoMonths);
setcookie("cookiePassword", $result['password'], $inTwoMonths);
} else {
//if (isset($_COOKIE['cookieUsername']) && isset(($_COOKIE['cookiePassword']))) {
unset($_COOKIE['cookieUsername']);
unset($_COOKIE['cookiePassword']);
//}
}
echo json_encode($response);
} else {
die(json_encode(errors(206)));
}
} else {
die(json_encode($result));
}
}
function formulaireIdentification()
{
startSession();
if ($_SESSION["connu"] === true) {
printSession();
} else {
if (!isset($_POST["submit_login"])) {
print_login_form();
} else {
$resultat = login($_POST["mail"], $_POST["mdp"]);
if ($resultat === true) {
printSession();
echo "Authentification réussie.</br>\n";
} else {
print_login_form();
echo "Mauvais mail ou mot de passe.</br>";
}
}
}
}
/**
* shows a quick user message (flash/heads up) to provide user feedback
*
* Uses a Session to store the data until the data is displayed via bootswatchFeedback()
*
* Related feedback() function used to store message
*
* <code>
* echo bootswatchFeedback(); #will show then clear message stored via feedback()
* </code>
*
* @param none
* @return string html & potentially CSS to style feedback
* @see feedback()
* @todo none
*/
function bootswatchFeedback()
{
startSession();
//startSession() does not return true in INTL APP!
$myReturn = "";
//init
if (isset($_SESSION['feedback']) && $_SESSION['feedback'] != "") {
#show message, clear flash
if (isset($_SESSION['feedback-level'])) {
$level = $_SESSION['feedback-level'];
} else {
$level = '';
}
switch ($level) {
case 'warning':
$level = 'warning';
break;
case 'info':
case 'notice':
$level = 'info';
break;
case 'success':
$level = 'success';
break;
case 'error':
case 'danger':
$level = 'danger';
break;
}
$myReturn .= '
<div class="alert alert-dismissable alert-' . $level . '" style="margin-top:.5em;">
<button class="close" data-dismiss="alert" type="button">×</button>
' . $_SESSION['feedback'] . '</div>
';
$_SESSION['feedback'] = "";
#cleared
$_SESSION['feedback-level'] = "";
}
return $myReturn;
//data passed back for printing
}
public static function action()
{
// 注册AUTOLOAD方法
spl_autoload_register(['self', 'autoload']);
define('_DOMAIN_', empty($_SERVER["HTTP_HOST"]) ? 'api.grlend.com' : $_SERVER["HTTP_HOST"]);
ini_set('date.timezone', 'Asia/Shanghai');
// 设置时区
ini_set("display_errors", "On");
error_reporting(E_ALL);
header("Content-type:text/html;charset=utf-8");
header("PowerBy: Han-zi,Liang");
header("F-Version: 1.0");
//框架版本
//载入防xss和sql注入文件
require_once 'waf.php';
//载入系统函数
require_once 'function.php';
startSession();
//启动程序
self::start();
}
function fillSession($array)
{
startSession();
$err = fullCheck($array);
if ($err != "") {
return $err;
}
if (!isset($array["connu"])) {
sessionFillDefault();
return "Pofil inconnu.</br>\n";
}
if ($array["connu"] === false) {
sessionFillDefault();
return;
}
foreach ($varNames as $name) {
//echo '$_SESSION['.$name.'] = $array['.$name.'];</br>\n';
$_SESSION[$name] = $array[$name];
}
$_SESSION["connu"] = $array["connu"];
return "";
}
function validateUser($username, $password)
{
$conn = connectToDataBase();
$sql = "SELECT * FROM User WHERE userName = \"" . $username . "\" AND userPassword = \"" . $password . "\"";
$result = mysqli_query($conn, $sql);
$array = array();
if (mysqli_num_rows($result) > 0) {
$array["response"] = "accepted";
$sql = "SELECT rolId, institutionId\n FROM HasRole hr, WorksInInstitution wi\n WHERE hr.userName = \"" . $username . "\" AND\n hr.userName = wi.userName;";
$result = mysqli_query($conn, $sql);
if ($row = mysqli_fetch_assoc($result)) {
$array["rolId"] = $row["rolId"];
$array["institutionId"] = $row["institutionId"];
$array["userName"] = $username;
startSession($array);
}
} else {
$array["response"] = "declined";
}
closeDb($conn);
echo json_encode($array);
}
/**
* shows a quick user message (flash/heads up) to provide user feedback
*
* Uses a Session to store the data until the data is displayed via showFeedback()
*
* Related feedback() function used to store message
*
* <code>
* echo showFeedback(); #will show then clear message stored via feedback()
* </code>
*
* changed from showFeedback() version 2.10
*
* @param none
* @return string html & potentially CSS to style feedback
* @see feedback()
* @todo none
*/
function showFeedback()
{
startSession();
//startSession() does not return true in INTL APP!
$myReturn = "";
//init
if (isset($_SESSION['feedback']) && $_SESSION['feedback'] != "") {
#show message, clear flash
if (defined('THEME_PHYSICAL') && file_exists(THEME_PHYSICAL . 'feedback.css')) {
//check to see if feedback.css exists - if it does use that
$myReturn .= '<link href="' . THEME_PATH . 'feedback.css" rel="stylesheet" type="text/css" />' . PHP_EOL;
} else {
//create css for feedback
$myReturn .= '
<style type="text/css">
.feedback { /* default style for div */
border: 1px solid #000;
margin:auto;
width:100%;
text-align:center;
font-weight: bold;
}
.error {
color: #000;
background-color: #ee5f5b; /* error color */
}
.warning {
color: #000;
background-color: #f89406; /* warning color */
}
.notice {
color: #000;
background-color: #5bc0de; /* notice color */
}
.success {
color: #000;
background-color: #62c462; /* notice color */
}
</style>
';
}
if (isset($_SESSION['feedback-level'])) {
$level = $_SESSION['feedback-level'];
} else {
$level = 'warning';
}
$myReturn .= '<div class="feedback ' . $level . '">' . $_SESSION['feedback'] . '</div>';
$_SESSION['feedback'] = "";
#cleared
$_SESSION['feedback-level'] = "";
return $myReturn;
//data passed back for printing
}
}
function securePage()
{
global $conf;
// If the sessionID is not present start the session (reading the
// users cookie and loading their settings from disk)
if (ONA_SESSION_ID != "") {
startSession();
}
// Make sure their session is still active
if (!isset($_SESSION['ona']['auth']['user']['username'])) {
//header("Location: {$https}{$baseURL}/login.php?expired=1");
exit;
}
return 0;
}
include 'includes/header.php';
?>
<h1><?php
echo $pageID;
?>
</h1>
<?php
//customer_view.php - shows details of a single customer
if ($Feedback == '') {
//data exists, show it
echo '<p>';
echo 'FirstName: <b>' . $FirstName . '</b> ';
echo 'LastName: <b>' . $LastName . '</b> ';
echo 'Email: <b>' . $Email . '</b> ';
echo '<img src="uploads/customer' . $id . '.jpg" />';
if (startSession() && isset($_SESSION["AdminID"])) {
# only admins can see 'peek a boo' link:
echo '<p align="center"><a href="' . VIRTUAL_PATH . 'upload_form.php?' . $_SERVER['QUERY_STRING'] . '">UPLOAD IMAGE</a></p>';
/*
# if you wish to overwrite any of these options on the view page,
# you may uncomment this area, and provide different parameters:
echo '<div align="center"><a href="' . VIRTUAL_PATH . 'upload_form.php?' . $_SERVER['QUERY_STRING'];
echo '&imagePrefix=customer';
echo '&uploadFolder=upload/';
echo '&extension=.jpg';
echo '&createThumb=TRUE';
echo '&thumbWidth=50';
echo '&thumbSuffix=_thumb';
echo '&sizeBytes=100000';
echo '">UPLOAD IMAGE</a></div>';
*/
<?php
/**
* Created by PhpStorm.
* User: Zerzolar
* Date: 12.3.2016 г.
* Time: 23:09
*/
require_once 'dbClass.php';
require_once "Sessions.php";
$user = $_POST;
foreach ($user as $key => $val) {
$user[$key] = trim($user[$key]);
$user[$key] = mysqli_real_escape_string($db->link, $user[$key]);
}
$query = "SELECT * FROM `users` WHERE `users`.`username` = '" . $user['username'] . "'";
$result = $db->fetchArray($query);
if (count($result) > 0) {
if ($result[0]['password'] == md5($user['password'])) {
startSession($result[0]['id'], $result[0]['username'], $result[0]['email'], $result[0]['firstname'], $result[0]['lastname'], $result[0]['gender'], $result[0]['birthdate'], $result[0]['joindate'], $result[0]['profilePicId']);
echo $result[0]['profilePicId'];
exit;
}
}
echo "error";
function viewRegister()
{
$errors = array();
if (!empty($_POST)) {
//vorm esitati
if (empty($_POST["name"])) {
$errors[] = "Nimi puudub.";
}
//nimi olemas
$u = validateInput($_POST["name"]);
$p1 = '';
$p2 = '';
$userMatch = false;
$sql = "SELECT username FROM rsaarmae_users";
$result = mysqli_query($_SESSION['connection'], $sql);
while ($row = mysqli_fetch_assoc($result)) {
if ($row['username'] == $u) {
$userMatch = true;
$errors[] = "Sellise nimega kasutaja on juba registreeritud, proovige teist nime";
}
}
if (empty($_POST["name"])) {
}
if (empty($_POST["password"])) {
$errors[] = "Salasõna puudub.";
} else {
$p1 = validateInput($_POST["password"]);
}
if (empty($_POST["password_check"])) {
$errors[] = "Salasõna kontroll puudub.";
} else {
$p2 = validateInput($_POST["password_check"]);
}
if ($p1 != $p2) {
$errors[] = "Salasõnad ei ühti.";
}
if (!$userMatch && empty($errors)) {
$salt = sha1($p1 . $u . $p1);
//salasõna räsi tekitamine ja soolamine
$query = "INSERT INTO rsaarmae_users (username, pass) VALUES ('{$u}', '{$salt}');";
mysqli_query($_SESSION['connection'], $query);
startSession();
startSession();
$_SESSION["teade"] = "Registreeritud kasutaja nimega '" . $u . "'.";
header("Location: controller.php?mode=index");
exit(0);
}
}
require_once 'register.php';
}
function registerUser()
{
$userName = $_POST['userName'];
# Verify that the user doesn't exist in the database
$result = verifyUser($userName);
if ($result['status'] == 'COMPLETE') {
$email = $_POST['email'];
$userFirstName = $_POST['userFirstName'];
$userLastName = $_POST['userLastName'];
$userPassword = encryptPassword();
# Make the insertion of the new user to the Database
$result = registerNewUser($userFirstName, $userLastName, $userName, $email, $userPassword);
# Verify that the insertion was successful
if ($result['status'] == 'COMPLETE') {
# Starting the session
startSession($userFirstName, $userLastName, $userName);
echo json_encode($result);
} else {
# Something went wrong while inserting the new user
die(json_encode($result));
}
} else {
# Username already exists
die(json_encode($result));
}
}
function check_anonymous_session($SESSNAME)
{
global $dbh;
global $check_messages;
// par défaut : pas de session ouverte
$checkempr_type_erreur = CHECK_EMPR_NO_SESSION;
// récupère les infos de session dans les cookies
$PHPSESSID = $_COOKIE["{$SESSNAME}-SESSID"];
$PHPSESSLOGIN = $_COOKIE["{$SESSNAME}-LOGIN"];
$PHPSESSNAME = $_COOKIE["{$SESSNAME}-SESSNAME"];
// on récupère l'IP du client
$ip = $_SERVER['REMOTE_ADDR'];
// recherche de la session ouverte dans la table
$query = "SELECT SESSID, login, IP, SESSstart, LastOn, SESSNAME FROM sessions WHERE ";
$query .= "SESSID='{$PHPSESSID}'";
$result = pmb_mysql_query($query, $dbh);
$numlignes = pmb_mysql_num_rows($result);
if (!$numlignes) {
startSession($SESSNAME, "");
} else {
// On remet LAstOn à jour
$t = time();
// on avait bien stocké le sessid, on va pouvoir remettre à jour le laston, avec sessid dans la clause where au lieu de id en outre.
$query = "UPDATE sessions SET LastOn='{$t}' WHERE sessid='{$PHPSESSID}' ";
$result = pmb_mysql_query($query, $dbh);
}
}
function connexion_empr()
{
global $dbh, $msg, $opac_duration_session_auth;
global $time_expired, $erreur_session, $login, $password, $encrypted_password;
global $auth_ok, $lang, $code, $emprlogin;
global $password_key;
global $first_log;
global $erreur_connexion;
global $opac_opac_view_activate, $pmb_opac_view_class, $opac_view_class;
global $opac_default_style;
//a positionner si authentification exterieure
global $ext_auth, $empty_pwd;
global $base_path, $class_path;
global $cms_build_activate;
//a positionner si les vues OPAC sont activées
global $include_path;
$erreur_connexion = 0;
$log_ok = 0;
if (!$_SESSION["user_code"]) {
if (!get_magic_quotes_gpc()) {
$p_login = addslashes($_POST['login']);
} else {
$p_login = $_POST['login'];
}
if ($time_expired == 0) {
// début if ($time_expired==0) 1
//Si pas de session en cours, vérification du login
$verif_query = "SELECT id_empr, empr_cb, empr_nom, empr_prenom, empr_password, empr_lang, empr_date_expiration<sysdate() as isexp, empr_login, empr_ldap,empr_location, allow_opac \n\t\t\t\t\tFROM empr\n\t\t\t\t\tJOIN empr_statut ON empr_statut=idstatut\n\t\t\t\t\tWHERE empr_login='******'";
$verif_result = pmb_mysql_query($verif_query);
// récupération des valeurs MySQL du lecteur et injection dans les variables
while ($verif_line = pmb_mysql_fetch_array($verif_result)) {
$verif_empr_cb = $verif_line['empr_cb'];
$verif_empr_login = $verif_line['empr_login'];
$verif_empr_ldap = $verif_line['empr_ldap'];
$verif_empr_password = $verif_line['empr_password'];
$verif_lang = $verif_line['empr_lang'] ? $verif_line['empr_lang'] : "fr_FR";
$verif_id_empr = $verif_line['id_empr'];
$verif_isexp = $verif_line['isexp'];
$verif_opac = $verif_line['allow_opac'];
$empr_location = $verif_line['empr_location'];
}
$auth_ok = 0;
if ($verif_opac) {
if (!$encrypted_password) {
$encrypted_password = password::gen_hash($password, $verif_id_empr);
}
if ($ext_auth) {
$auth_ok = $ext_auth;
} elseif ($code) {
$auth_ok = connexion_auto();
} elseif ($password_key) {
$auth_ok = connexion_unique();
} elseif ($verif_empr_ldap) {
$auth_ok = auth_ldap($p_login, $password);
} else {
$auth_ok = ($empty_pwd || !$empty_pwd && $verif_empr_password) && $verif_empr_password == stripslashes($encrypted_password) && $verif_empr_login != "";
}
//auth standard
}
if ($auth_ok) {
// début if ($auth_ok) 1
//Si mot de passe correct, enregistrement dans la session de l'utilisateur
startSession("PmbOpac", $verif_empr_login);
$log_ok = 1;
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
//Récupération de l'environnement précédent
$requete = "select session from opac_sessions where empr_id=" . $verif_id_empr;
$res_session = pmb_mysql_query($requete);
if (@pmb_mysql_num_rows($res_session)) {
$temp_session = unserialize(pmb_mysql_result($res_session, 0, 0));
$_SESSION = $temp_session;
} else {
$_SESSION = array();
}
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
$_SESSION["user_code"] = $verif_empr_login;
$_SESSION["id_empr_session"] = $verif_id_empr;
$_SESSION["connect_time"] = time();
$_SESSION["lang"] = $verif_lang;
$_SESSION["empr_location"] = $empr_location;
$req = "select location_libelle from docs_location where idlocation='" . $_SESSION["empr_location"] . "'";
$_SESSION["empr_location_libelle"] = pmb_mysql_result(pmb_mysql_query($req, $dbh), 0, 0);
// change language and charset after login
$lang = $_SESSION["lang"];
set_language($lang);
if (!$verif_isexp) {
recupere_pref_droits($_SESSION["user_code"]);
$_SESSION["user_expired"] = $verif_isexp;
} else {
recupere_pref_droits($_SESSION["user_code"], 1);
$_SESSION["user_expired"] = $verif_isexp;
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
}
if ($opac_opac_view_activate) {
$_SESSION["opac_view"] = 0;
$_SESSION['opac_view_query'] = 0;
if (!$pmb_opac_view_class) {
$pmb_opac_view_class = "opac_view";
}
require_once $base_path . "/classes/" . $pmb_opac_view_class . ".class.php";
$opac_view_class = new $pmb_opac_view_class($_SESSION["opac_view"], $_SESSION["id_empr_session"]);
if ($opac_view_class->id) {
$opac_view_class->set_parameters();
$opac_view_filter_class = $opac_view_class->opac_filters;
$_SESSION["opac_view"] = $opac_view_class->id;
if (!$opac_view_class->opac_view_wo_query) {
$_SESSION['opac_view_query'] = 1;
}
} else {
$_SESSION["opac_view"] = 0;
}
$css = $_SESSION["css"] = $opac_default_style;
}
$first_log = true;
} else {
//Sinon, on détruit la session créée
if ($_SESSION["cms_build_activate"]) {
$cms_build_activate = 1;
}
if ($_SESSION["build_id_version"]) {
$build_id_version = $_SESSION["build_id_version"];
}
@session_destroy();
if ($cms_build_activate) {
session_start();
$_SESSION["cms_build_activate"] = $cms_build_activate;
$_SESSION["build_id_version"] = $build_id_version;
}
if (!$encrypted_password) {
$encrypted_password = password::gen_hash($password, $verif_id_empr);
}
if ($verif_empr_password != stripslashes($encrypted_password) || $verif_empr_login == "" || $verif_empr_ldap || $code) {
// la saisie du mot de passe ou du login est incorrect ou erreur de connexion avec le ldap
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
} elseif ($verif_isexp) {
//Si l'abonnement est expiré
echo "<script>alert(\"" . $msg["empr_expire"] . "\");</script>";
$erreur_connexion = 1;
} elseif (!$verif_opac) {
//Si la connexion à l'opac est interdite
echo "<script>alert(\"" . $msg["empr_connexion_interdite"] . "\");</script>";
$erreur_connexion = 2;
} else {
// Autre cas au cas où...
$erreur_session = $empr_erreur_header;
$erreur_session .= $msg["empr_type_card_number"] . "<br />";
$erreur_session .= $empr_erreur_footer;
$erreur_connexion = 3;
}
$log_ok = 0;
$time_expired = 0;
}
// fin if ($auth_ok) 1
} else {
// la session a expiré, on va le lui dire
echo "<script>alert(\"" . sprintf($msg["session_expired"], round($opac_duration_session_auth / 60)) . "\");</script>";
}
} else {
//Si session en cours, pas de problème...
$log_ok = 1;
$login = $_SESSION["user_code"];
if ($_SESSION["user_expired"]) {
recupere_pref_droits($login, 1);
} else {
recupere_pref_droits($login);
}
if (!$code) {
$_SESSION["connexion_empr_auto"] = 0;
}
}
// pour visualiser une notice issue de DSI avec une connexion auto
if ($_SESSION["connexion_empr_auto"] && $log_ok) {
global $connexion_empr_auto, $tab, $lvl;
$connexion_empr_auto = 1;
if (!$code) {
if (!$tab) {
$tab = "dsi";
}
if (!$lvl) {
$lvl = "bannette";
}
}
}
return $log_ok;
}
if ($SessionToolsResult === false) {
die;
}
startSession($charId, $domainId, $SessionId);
if ($SessionToolsResult === false) {
die;
}
$sessionId = $SessionId;
} else {
$row = mysqli_fetch_assoc($result);
$sessionId = $row['session_id'];
$state = $row['state'];
echo "Found your session: {$sessionId} ({$state})<br>";
if ($state == "ss_planned") {
// First, start the session
startSession($charId, $domainId, $sessionId);
global $SessionId, $SessionToolsResult;
if ($SessionToolsResult === false) {
die("Failed to start the session");
}
$sessionId = $SessionId;
echo "edit_session.php : the session have been started<br>";
}
}
// check that we character have a participation in the session and invite him if needed
$query = "SELECT count(*) FROM session_participant WHERE session_id = {$sessionId} AND char_id = {$charId}";
$result = mysqli_query($link, $query) or die("Can't execute the query: " . $query);
$num = mysqli_num_rows($result);
if ($num != 1) {
die("Invalid result whil checking participation for char {$charId} in session {$sessionId}<br>");
}
break;
default:
$title = THIS_PAGE;
$pageID = "Retro Diner";
}
//end switch
//Here are our navigation pages:
$nav1['index.php'] = 'Home';
$nav1['template.php'] = 'Template';
$nav1['daily.php'] = 'Daily';
$nav1['customers.php'] = 'Customers';
$nav1['contact.php'] = 'Contact';
/*
* adminWidget allows clients to get to admin page from anywhere
* code will show/hide based on logged in status
*/
if (startSession() && isset($_SESSION['AdminID'])) {
#add admin logged in info to sidebar or nav
$adminWidget = '<li><a href="' . ADMIN_PATH . 'admin_dashboard.php">ADMIN</a></li>';
$adminWidget .= '<li><a href="' . ADMIN_PATH . 'admin_logout.php">LOGOUT</a></li>';
} else {
//show login (YOU MAY WANT TO SET TO EMPTY STRING FOR SECURITY)
$adminWidget = '<li><a href="' . ADMIN_PATH . 'admin_login.php">LOGIN</a></li>';
}
/*
* These variables, when added to the header.php and footer.php files,
* allow custom JS or CSS scripts to be loaded into <head> element and
* just before the closing body tag, respectively
*/
$loadhead = '';
$loadfoot = '';
<?php
define('BANK_APP', TRUE);
if ($_SERVER["HTTPS"] != "on") {
header("Location: https://" . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]);
exit;
}
require_once "../app/user.php";
require_once "../app/transaction.php";
startSession(true);
getDBCredentials(getAuthUser()->usertype);
clearCSRFToken();
//generatePDF(8);
$showDownload = "";
// if the logged in user is not an employee
if (getAuthUser()->usertype === 'C') {
$accountId = getAccountByUserId(getAuthUser()->userid)->ID;
$transactions = getTransactionsByAccountId($accountId);
$showDownload = "?download=1";
} else {
//4.8.1
if (isset($_GET['id']) && is_numeric((int) $_GET['id']) && (int) $_GET['id'] > 0) {
$accountId = getAccountByUserId((int) $_GET['id'])->ID;
$transactions = getTransactionsByAccountId($accountId);
$showDownload = "?id=" . $_GET['id'] . "&download=1";
} else {
$transactions = getTransactions();
}
}
if (isset($_GET['download'])) {
$download = $_GET['download'];
function updVSTRule()
{
// this is used for making throwing an invalid argument exception easier.
function updVSTRule_get_named_param($name, $haystack, &$last_used_name)
{
$last_used_name = $name;
return isset($haystack[$name]) ? $haystack[$name] : NULL;
}
global $port_role_options, $sic;
$taglist = genericAssertion('taglist', 'array0');
assertUIntArg('mutex_rev', TRUE);
$data = genericAssertion('template_json', 'json');
$rule_no = 0;
try {
$last_field = '';
foreach ($data as $rule) {
$rule_no++;
if (!isInteger(updVSTRule_get_named_param('rule_no', $rule, $last_field)) or !isPCRE(updVSTRule_get_named_param('port_pcre', $rule, $last_field)) or NULL === updVSTRule_get_named_param('port_role', $rule, $last_field) or !array_key_exists(updVSTRule_get_named_param('port_role', $rule, $last_field), $port_role_options) or NULL === updVSTRule_get_named_param('wrt_vlans', $rule, $last_field) or !preg_match('/^[ 0-9\\-,]*$/', updVSTRule_get_named_param('wrt_vlans', $rule, $last_field)) or NULL === updVSTRule_get_named_param('description', $rule, $last_field)) {
throw new InvalidRequestArgException($last_field, $rule[$last_field], "rule #{$rule_no}");
}
}
commitUpdateVSTRules($_REQUEST['vst_id'], $_REQUEST['mutex_rev'], $data);
} catch (Exception $e) {
// Every case that is soft-processed in process.php, will have the working copy available for a retry.
if ($e instanceof InvalidRequestArgException or $e instanceof RTDatabaseError) {
startSession();
$_SESSION['vst_edited'] = $data;
session_commit();
}
throw $e;
}
rebuildTagChainForEntity('vst', $_REQUEST['vst_id'], buildTagChainFromIds($taglist), TRUE);
showFuncMessage(__FUNCTION__, 'OK');
}
<?php
include_once 'core.php';
include 'skins/' . Config::$theme . '/setup.php';
include_once 'integration/integration.php';
//Pull through user ID
$frontend = new FrontEnd();
setCurrentUser($frontend->getUserId());
startSession(getCurrentUID(), $frontend->getName(getCurrentUID()));
//Check user is in db and run checks.
$frontend->pullUserInfo(getCurrentUID());
$frontend->checkGroups(getCurrentUID(), getCurrentLID());
$frontend->disconnect();
$page = new Lan_pages();
$page->name = GETSafe('page');
$page->find();
if ($page->fetch()) {
$file = 'modules/' . $page->module . '/' . $page->file . '.php';
if (file_exists($file)) {
include $file;
$master->RenderPage($page->module . '.' . $page->file . '.htm');
} else {
$master->AddError("The file for this page does not exist!");
}
} else {
$master->AddError("Unknown page!");
}
if ($master->HasFatalError()) {
$master->RenderPage('error.htm');
}
$master->RenderSite('master.integration.htm');
<?php
require_once dirname(__FILE__) . "/includes/global_deploy_config.php";
require_once dirname(__FILE__) . "/includes/common.inc.php";
require_once dirname(__FILE__) . "/database/users.php";
startSession();
// log session end
$users = new users();
$users->recordLogout($_SESSION['user_id']);
$users->close();
// end PHP session
endSession();
// kill Shibboleth session
header("Location: {$logoutURL}");
exit;
*/
define("SESSION_USERNAME", 'userName');
define("SESSION_USER_ID", 'userID');
$life_time = 5 * 60;
// 5 minutes
//session_name("MicroBlog");
//session_set_cookie_params($lifetime);
//session_save_path(ROOT . '/tmp/session');
//setcookie(session_name(), session_id(), time() + $life_time);
//ini_set('session.cookie_lifetime', $life_time);
//ini_set('session.gc_maxlifetime', $life_time);
//ini_set('session.gc_probability', 1);
//ini_set('session.gc_divisor', 100);
//ini_set('session.cookie_secure', false);
//ini_set('session.use_only_cookies', true);
//session_start();
startSession($life_time);
if (isset($_SESSION[SESSION_USER_ID])) {
$g_userID = $_SESSION[SESSION_USER_ID];
}
function startSession($time = 3600, $ses = TITLE)
{
session_set_cookie_params($time);
session_name($ses);
session_save_path(createPath(ROOT . '/tmp/session'));
session_start();
// Reset the expiration time upon page load
if (isset($_COOKIE[$ses])) {
setcookie(session_name(), session_id(), time() + $time, "/");
}
}
function setDefaultSettings()
{
startSession();
# Start session.
setTimeZone();
# Load Settings
getFirePHPObject()->info("FirePHP Object created");
# Fire PHP - Blue badge will come with this info.
}
public function flashes($type = null)
{
startSession();
if (!isset($_SESSION['__flashes'])) {
return array();
}
if (null === $type) {
$flashes = $_SESSION['__flashes'];
unset($_SESSION['__flashes']);
} elseif (null !== $type) {
$flashes = array();
if (isset($_SESSION['__flashes'][$type])) {
$flashes = $_SESSION['__flashes'][$type];
unset($_SESSION['__flashes'][$type]);
}
}
return $flashes;
}
function renderVSTRulesEditor($vst_id)
{
$vst = spotEntity('vst', $vst_id);
amplifyCell($vst);
if ($vst['rulec']) {
$source_options = array();
} else {
$source_options = array();
foreach (listCells('vst') as $vst_id => $vst_info) {
if ($vst_info['rulec']) {
$source_options[$vst_id] = stringForLabel('(' . $vst_info['rulec'] . ') ' . $vst_info['description']);
}
}
}
addJS('js/vst_editor.js');
echo '<center><h1>' . stringForLabel($vst['description']) . '</h1></center>';
if (count($source_options)) {
startPortlet('clone another template');
printOpFormIntro('clone');
echo '<input type=hidden name="mutex_rev" value="' . $vst['mutex_rev'] . '">';
echo '<table cellspacing=0 cellpadding=5 align=center class=widetable>';
echo '<tr><td>' . getSelect($source_options, array('name' => 'from_id')) . '</td>';
echo '<td>' . getImageHREF('COPY', 'copy from selected', TRUE) . '</td></tr></table></form>';
finishPortlet();
startPortlet('add rules one by one');
}
printOpFormIntro('upd');
echo '<table cellspacing=0 cellpadding=5 align=center class="widetable template-rules">';
echo "<tr><th class=tdright>Tags:</th><td class=tdleft style='border-top: none;'>";
printTagsPicker();
echo "</td></tr>";
echo '<tr><th></th><th>sequence</th><th>regexp</th><th>role</th>';
echo '<th>VLAN IDs</th><th>comment</th><th><a href="#" class="vst-add-rule initial">' . getImageHREF('add', 'Add rule') . '</a></th></tr>';
global $port_role_options;
$row_html = '<td><a href="#" class="vst-del-rule">' . getImageHREF('destroy', 'delete rule') . '</a></td>';
$row_html .= '<td><input type=text name=rule_no value="%s" size=3></td>';
$row_html .= '<td><input type=text name=port_pcre value="%s"></td>';
$row_html .= '<td>%s</td>';
$row_html .= '<td><input type=text name=wrt_vlans value="%s"></td>';
$row_html .= '<td><input type=text name=description value="%s"></td>';
$row_html .= '<td><a href="#" class="vst-add-rule">' . getImageHREF('add', 'Duplicate rule') . '</a></td>';
addJS("var new_vst_row = '" . addslashes(sprintf($row_html, '', '', getSelect($port_role_options, array('name' => 'port_role'), 'anymode'), '', '')) . "';", TRUE);
startSession();
foreach (isset($_SESSION['vst_edited']) ? $_SESSION['vst_edited'] : $vst['rules'] as $item) {
printf('<tr>' . $row_html . '</tr>', $item['rule_no'], htmlspecialchars($item['port_pcre'], ENT_QUOTES), getSelect($port_role_options, array('name' => 'port_role'), $item['port_role']), $item['wrt_vlans'], $item['description']);
}
echo '</table>';
echo '<input type=hidden name="template_json">';
echo '<input type=hidden name="mutex_rev" value="' . $vst['mutex_rev'] . '">';
echo '<center>' . getImageHref('SAVE', 'Save template', TRUE) . '</center>';
echo '</form>';
if (isset($_SESSION['vst_edited'])) {
// draw current template
renderVSTRules($vst['rules'], 'currently saved tamplate');
unset($_SESSION['vst_edited']);
}
session_commit();
if (count($source_options)) {
finishPortlet();
}
}
* @author Bill Newman <*****@*****.**>
* @version 2.014 2015/11/30
* @link http://www.newmanix.com/
* @license http://www.apache.org/licenses/LICENSE-2.0
* @see admin_validate.php
* @see admin_dashboard.php
* @see admin_logout.php
* @see admin_only_inc.php
* @todo none
*/
require 'includes/config.php';
#provides configuration, pathing, error handling, db credentials
$title = 'Admin Login';
#Fills <title> tag
//END CONFIG AREA ----------------------------------------------------------
if (startSession() && isset($_SESSION['red']) && $_SESSION['red'] != 'admin_logout.php') {
//store redirect to get directly back to originating page
$red = $_SESSION['red'];
} else {
//don't redirect to logout page!
$red = '';
}
#required for redirect back to previous page
include INCLUDE_PATH . 'header.php';
#header must appear before any HTML is printed by PHP
echo '
<h1>Admin Login</h1>
<table align="center">
<form action="' . ADMIN_PATH . 'admin_validate.php" method="post">
<tr>
<td align="right">Email:</td>
<?php
require_once '../tools/validate_cookie.php';
include_once '../login/config.php';
include_once '../tools/domain_info.php';
include_once 'ring_session_manager_itf.php';
include_once 'session_tools.php';
$step = 0;
$domainId = -1;
if (!validateCookie($userId, $domainId, $charId)) {
echo "Invalid cookie !";
die;
} else {
echo "Welcome user {$userId}<BR>";
startSession($charId, $domainId, $_POST["sessionId"]);
// inviteOwnerInSession($charId, $domainId, $_POST["sessionId"]);
die;
}
?>
<p><a href="web_start.php">Return to main</a> </p>
