/** * Get list of pages that user can access * * IS THE SAME FUNCTION OF USERS LIBRARY !!!! */ function sumo_get_user_accesspoints($id = NULL, $html = FALSE) { if ($id) { global $SUMO, $language; $user_data = sumo_get_user_info($id, 'id', FALSE); $num_groups = count($user_data['group']); $group_query = ''; if (!in_array('sumo', $user_data['group'])) { $group_query = " WHERE "; for ($g = 0; $g < $num_groups; $g++) { $group_query .= "usergroup='" . $user_data['group'][$g] . "' OR \n\t\t\t\t\t\t\t usergroup LIKE '" . $user_data['group'][$g] . ";%' OR\n\t\t\t\t\t\t\t usergroup LIKE '%;" . $user_data['group'][$g] . ";%'"; if ($g < $num_groups - 1) { $group_query .= " OR "; } } } $query = "SELECT * FROM " . SUMO_TABLE_ACCESSPOINTS . " \n\t\t\t\t " . $group_query . " \n\t\t\t\t ORDER BY name"; $rs = $SUMO['DB']->Execute($query); $ap = array(); while ($tab = $rs->FetchRow()) { $ap[] = $tab; } // html output if ($html) { if (in_array('sumo', $user_data['group'])) { return $language['AllAccessPoints']; } $list = ''; $num_ap = count($ap); if ($num_ap > 0) { $list = "<table cellspacing='0' class='tab'>\n" . " <tr>\n" . " <td class='tab-title'>" . $language['Page'] . "</td>\n" . " <td class='tab-title'>" . $language['Path'] . "</td>\n" . " </tr>\n"; for ($p = 0; $p < $num_ap; $p++) { $style = sumo_alternate_str('tab-row-on', 'tab-row-off'); // Format group string to display it $group = preg_replace("/sumo:7/", "<b><font color='#BB0000'>sumo:7</font></b>", $ap[$p]['usergroup']); $group = preg_replace("/sumo:/", "<font color='#BB0000'>sumo</font>:", $group); $group = str_replace(';', '; ', $group); $group = strlen(strip_tags($group)) > 50 ? substr($group, 0, 50) . '...' : $group; // Format path string to display it $path = strlen($ap[$p]['path']) > 50 ? substr($ap[$p]['path'], 0, 50) . '...' : $ap[$p]['path']; $path = "<a href='" . $ap[$p]['path'] . "' target='_blank'>" . $path . "</a>"; $name = sumo_get_accesspoint_name($ap[$p]['name'], $_COOKIE['language']); $list .= "<tr>\n" . " <td class='" . $style . "'>" . $name . "</td>\n" . " <td class='" . $style . "'>" . $path . "</td>\n" . "</tr>\n"; } $list .= "</table>"; } $ap = $list; } return $ap; } else { return FALSE; } }
$tot = $rs->PO_RecordCount(); $rs = $SUMO['DB']->SelectLimit($query2, $_SESSION['rows_relationship_group2accesspoints'], $_SESSION['start_relationship_group2accesspoints']); $vis = $rs->PO_RecordCount(); /** * Create list */ $list = sumo_get_table_header($table['data']['group2accesspoints']); while ($tab = $rs->FetchRow()) { $style = sumo_alternate_str('tab-row-on', 'tab-row-off'); $query = "SELECT id,node,path,name FROM " . SUMO_TABLE_ACCESSPOINTS . "\n\t\t\t WHERE (\n\t\t\t \t\t usergroup LIKE '" . $tab['usergroup'] . "' \n\t\t\t\t\t OR usergroup LIKE '" . $tab['usergroup'] . ";%'\n\t\t\t\t\t OR usergroup LIKE '%;" . $tab['usergroup'] . "'\n\t\t\t\t\t OR usergroup LIKE '%;" . $tab['usergroup'] . ";%'\n\t\t\t\t\t )\n\t\t\t ORDER BY node,name,path"; $rs2 = $SUMO['DB']->Execute($query); $ap = "<table width='100%'>"; $a = 0; while ($tab2 = $rs2->FetchRow()) { $style2 = sumo_alternate_str('tab-row-on', 'tab-row-off', $tab['usergroup']); $tab2['name'] = sumo_get_accesspoint_name($tab2['name'], $_COOKIE['language']); $ap .= "<tr>" . "<td width='100%' class='" . $style2 . "' nowrap>" . "<a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=edit&id=" . $tab2['id'] . "\");'>" . $tab2['name'] . "</a>" . "</td>" . "<td class='" . $style2 . "'>" . "<a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=edit&id=" . $tab2['id'] . "\");'>" . $tab2['path'] . "</a>" . "</td>" . "</tr>\n"; $a++; } $ap .= "</table>"; if ($search) { $tab['usergroup'] = sumo_color_match_string($field['usergroup'][1], $tab['usergroup']); } $width = $a > 5 ? " width='450'" : ''; $list .= "<tr>\n" . " <td class='" . $style . "'><b>" . "<a href='javascript:sumo_ajax_get(\"groups\",\"?module=groups&action=edit&id=" . $tab['id'] . "\");'>" . $tab['usergroup'] . "</a>" . "</b>" . "<br>({$a} " . $language['accesspoints'] . ")</td>\n"; if ($_SESSION['relationship']['group2accesspoints']['col'][100]) { $list .= " <td>" . $ap . "</td>\n"; } if ($_SESSION['relationship']['group2accesspoints']['col'][101]) { $list .= " <td style='border-bottom:1px solid #DCDCDC'><img onclick='javascript:window.open(\"services.php?module=relationship&service=relationship&cmd=GET_GROUP2ACCESSPOINTS&id=" . $tab['id'] . "\",\"group2accesspoints\",\"height=200,width=500,resizable=yes,scrollbars=yes\");' " . " src='services.php?module=relationship&service=relationship&cmd=GET_GROUP2ACCESSPOINTS&id=" . $tab['id'] . "' alt=''{$width}></td>\n" . "</tr>\n"; }
* @author Alberto Basso <*****@*****.**> * @copyright Copyright © 2003-2009, Alberto Basso * @package SUMO * @category Console */ $id = isset($_GET['id']) ? $_GET['id'] : ''; $tab = sumo_get_accesspoint_info($id, 'id', FALSE); $checked['http_auth'] = $tab['http_auth'] ? " checked='checked'" : ""; $checked['filtering'] = $tab['filtering'] ? " checked='checked'" : ""; $checked['pwd_encrypt'] = $tab['pwd_encrypt'] ? " checked='checked'" : ""; $checked['change_pwd'] = $tab['change_pwd'] ? " checked='checked'" : ""; $checked['registration'] = $tab['registration'] ? " checked='checked'" : ""; $form_name = 'AddAccesspoints'; $tpl['GET:ID'] = $tab['id']; $tpl['GET:AddForm'] = sumo_get_form_req('', 'add', 'id=' . $tab['id']); $tpl['PUT:Node'] = sumo_put_node($tab['node']); $tpl['PUT:Theme'] = sumo_put_themes($tab['theme']); $tpl['PUT:Groups'] = sumo_put_accesspoint_group($tab['id']); $tpl['PUT:AddGroup'] = sumo_add_accesspoint_group(); $tpl['PUT:AddRegGroup'] = sumo_add_accesspoint_group('', 'reg_group'); $tpl['PUT:Name'] = sumo_put_accesspoint_name($form_name, sumo_get_accesspoint_name($tab['name'])); $tpl['PUT:Path'] = "<input type='text' size='35' name='path' value='" . $tab['path'] . "' />"; $tpl['PUT:HTTPAuth'] = "<input type='checkbox' name='http_auth' " . $checked['http_auth'] . " onclick='if(document.{$form_name}.http_auth.checked==true && document.{$form_name}.pwd_encrypt.disabled==false){document.{$form_name}.pwd_encrypt.checked=false;}' />"; $tpl['PUT:Filtering'] = "<input type='checkbox' name='filtering' " . $checked['filtering'] . " />"; $tpl['PUT:PwdEncrypt'] = "<input type='checkbox' name='pwd_encrypt' " . $checked['pwd_encrypt'] . " onclick='if(document.{$form_name}.pwd_encrypt.checked==true){document.{$form_name}.http_auth.checked=false;}' />"; $tpl['PUT:ChangePwd'] = "<input type='checkbox' name='change_pwd' " . $checked['change_pwd'] . " />"; $tpl['PUT:Registration'] = "<input type='checkbox' name='registration' " . $checked['registration'] . " " . "onclick='if(document.{$form_name}.registration.checked==true){document.{$form_name}.reg_group.disabled=false;}else{document.{$form_name}.reg_group.disabled=true;}' />"; $tpl['LINK:Add'] = sumo_get_action_icon("", "add"); $tpl['LINK:Edit'] = sumo_get_action_icon("", "edit"); $tpl['LINK:Remove'] = sumo_get_action_icon("", "remove"); $tpl['BUTTON:Back'] = "<input type='button' class='button-red' value='" . $language["Back"] . "' onclick='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=list\");'>";
$msg = sumo_get_simple_rand_string(4, "123456789"); $delete = "<div class='sub-module-icon' " . "onmouseover='this.style.outline=\"1px solid #999999\";this.style.background=\"#FFFFFF\"' " . "onmouseout='this.style.outline=\"\";this.style.background=\"\"'>" . "<a href=\"javascript:" . "sumo_show_message('msg{$msg}', '" . htmlspecialchars(sumo_get_message('AreYouSureDelete', array($tab['path'], htmlspecialchars(sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']), ENT_QUOTES)))) . "', \n\t\t\t\t\t\t'h', 0, \n\t\t\t\t\t\t'" . base64_encode(sumo_get_form_req('', 'delete', 'id=' . $tab['id'])) . "',\n\t\t\t\t\t\t'" . base64_encode('') . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='button' value='" . $language['Cancel'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "',\n\t\t\t\t\t\t'" . base64_encode("<input type='submit' value='" . $language['Ok'] . "' onclick='javascript:sumo_remove_window(\"msg{$msg}\");' class='button'>") . "'\n\t\t\t\t);\">" . "<img src='themes/" . $SUMO['page']['theme'] . "/images/modules/accesspoints/remove.png' vspace='4'><br>" . $language['Remove'] . "</a>" . "</div>"; } else { $delete = sumo_get_action_icon("", "remove"); } $node = sumo_get_node_info($tab['node']); $tpl['GET:ID'] = $tab['id']; $tpl['GET:RegGroup'] = $tab['reg_group']; $tpl['GET:Updated'] = sumo_get_human_date($tab['updated']); $tpl['GET:Created'] = sumo_get_human_date($tab['created']); $tpl['GET:Created'] = sumo_get_human_date($tab['created']); $tpl['GET:Node'] = $node['name']; $tpl['GET:Groups'] = implode(", ", $tab['usergroup']); $tpl['GET:RegGroup'] = $tab['reg_group']; $tpl['GET:Theme'] = ucfirst($tab['theme']); $tpl['GET:Name'] = sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']); $tpl['GET:Filtering'] = "<input type='checkbox' name='filtering' " . $checked['filtering'] . " disabled />"; $tpl['GET:ChangePwd'] = "<input type='checkbox' name='change_pwd' " . $checked['change_pwd'] . " disabled />"; $tpl['GET:Registration'] = "<input type='checkbox' name='registration' " . $checked['registration'] . " disabled />"; $tpl['GET:Path'] = "<input type='text' size='50' name='path' value='" . $tab['path'] . "' disabled />"; $tpl['GET:HTTPAuth'] = "<input type='checkbox' name='http_auth' " . $checked['http_auth'] . " disabled />"; $tpl['GET:PwdEncrypt'] = "<input type='checkbox' name='pwd_encrypt' " . $checked['pwd_encrypt'] . " disabled />"; $tpl['LINK:Add'] = sumo_verify_permissions(5, 'sumo') ? sumo_get_action_icon("", "add", "accesspoints.content", "?module=accesspoints&action=new&decoration=false") : sumo_get_action_icon("", "add"); $tpl['LINK:Edit'] = sumo_verify_permissions(4, 'sumo') ? sumo_get_action_icon("", "edit", "accesspoints.content", "?module=accesspoints&action=edit&id=" . $tab['id'] . "&decoration=false") : sumo_get_action_icon("", "edit"); $tpl['LINK:Remove'] = $delete; $tpl['BUTTON:Back'] = "<input type='button' class='button-red' value='" . $language["Back"] . "' onclick='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=list\");'>"; // Use REQUEST method because when delete a group on AP // the command came from a link $visibility['SecurityOptions'] = $_REQUEST['SecurityOptions_visibility'] ? true : false; $visibility['LayoutOptions'] = $_REQUEST['LayoutOptions_visibility'] ? true : false; $tpl['LINK:SecurityOptions'] = sumo_get_action_link($form_name, 'SecurityOptions', $visibility['SecurityOptions']);
/** * Enable new password * * @author Alberto Basso */ function sumo_activate_new_password($code = '') { if (preg_match('/^[a-z0-9]{40}$/i', $code)) { global $SUMO; $query1 = "SELECT * FROM " . SUMO_TABLE_USERS_TEMP . " \r\n\t\t\t\t WHERE reg_code='" . $code . "' \r\n\t\t\t\t AND action=2"; $rs = $SUMO['DB']->Execute($query1); $tab = $rs->FetchRow(); $query2 = "UPDATE " . SUMO_TABLE_USERS . " \r\n\t\t\t\t SET password='******'password'] . "' \r\n\t\t\t\t WHERE username='******'username'] . "' \r\n\t\t\t\t AND username<>'sumo'"; sumo_delete_user_temp(); // Delete old temp users sumo_delete_user_temp($tab['email'], 2); $SUMO['DB']->Execute($query2); // Send notify e-mail to user if (!$SUMO['config']['server']['admin']['email']) { sumo_write_log('E06000X', '', '0,1', 2, 'system', FALSE); } else { $name = sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']); $m = new Mail(); $m->From($SUMO['config']['server']['admin']['email']); $m->To($tab['email']); $m->Subject(sumo_get_message('I00012C')); $m->Body(sumo_get_message("I00105M", array($tab['username'], date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format'], $SUMO['server']['time']), "\"" . $name . "\"")), SUMO_CHARSET); $m->Priority(3); $m->Send(); } $logto = $SUMO['config']['accounts']['registration']['notify']['reg'] ? 3 : '0,1'; sumo_write_log('I00004X', array($tab['username'], $tab['email']), $logto, 2); } }
$color = 'orange'; } if ($tab['expire'] < $SUMO['server']['time'] + 300) { $color = 'red'; } $country = explode('-', $tab['country_name']); $country[0] = ucwords(strtolower($country[0])); $country[1] = strtolower($country[1]); $flag = trim($country[1]) ? trim($country[1]) . ".png" : "blank.png"; if (!$country[1]) { $country[1] = 'blank'; } $user = $search ? sumo_color_match_string($field['user'][1], $tab['username']) : $tab['username']; $username = sumo_get_username($tab['username']); $apinfo = sumo_get_accesspoint_info(sumo_get_normalized_accesspoint($tab['url']), 'path'); $apname = sumo_get_accesspoint_name($apinfo['name'], $_COOKIE['language']); $list .= "<tr>\n"; if ($col[1]) { $list .= " <td class='" . $style . "'><img src='themes/" . $SUMO['page']['theme'] . "/images/modules/sessions/status_" . $color . ".gif' class='session-status'> " . $tab['id'] . "</td>\n"; } if ($col[4]) { $list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"users\",\"?module=users&action=view&id=" . $tab['id_user'] . "\");" . "' title='" . $language['ViewUser'] . ": " . $username . "'>" . $user . "</a></td>\n"; } if ($col[2]) { $list .= " <td class='" . $style . "' align='right'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_node&id=" . $node[$tab['node']]['id'] . "\");'>" . $node[$tab['node']]['name'] . "</a></td>\n"; } //if($col[2]) $list .= " <td class='".$style."'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=nlist\");'>".$node[$tab['node']]['name']."</a></td>\n"; if ($col[7]) { $list .= " <td class='" . $style . "' align='right'>" . $tab['ip'] . "</td>\n"; } if ($col[8]) {
<?php // Fix PNG images if client browser is Internet Explorer $pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "javascript:PNGFix()" : ""; $url_req = ""; // Filter URL query string if ($_SERVER['QUERY_STRING']) { $_GET = sumo_array_combine(array_keys($_GET), sumo_array_filter(array_values($_GET))); $get_data = array_keys($_GET); $url_req = "?"; for ($k = 0; $k < count($get_data); $k++) { $url_req .= $get_data[$k] . "=" . $_GET[$get_data[$k]] . "&"; } } $tpl_array = array("LANG:User" => $sumo_lang_core['User'], "LANG:Password" => $sumo_lang_core['Password'], "LANG:RegistrationForm" => $sumo_lang_core['RegistrationForm'], "LANG:RegistrationInfo" => $sumo_lang_core['RegistrationInfo'], "LANG:EraseAccount" => $sumo_lang_core['EraseAccount'], "LANG:EraseAccountInfo" => $sumo_lang_core['EraseAccountInfo'], "LANG:PasswordLost" => $sumo_lang_core['PasswordLost'], "LANG:PasswordLostInfo" => $sumo_lang_core['PasswordLostInfo'], "LANG:ConfirmRegistration" => $sumo_lang_core['ConfirmRegistration'], "LANG:ConfirmRegistrationInfo" => $sumo_lang_core['ConfirmRegistrationInfo'], "LANG:ConfirmEraseAccount" => $sumo_lang_core['ConfirmEraseAccount'], "LANG:ConfirmEraseAccountInfo" => $sumo_lang_core['ConfirmEraseAccountInfo'], "LANG:Email" => $sumo_lang_core['Email'], "LANG:Language" => $sumo_lang_core['Language'], "LANG:RegUser" => "<font color='red'>*</font> " . $sumo_lang_core['User'], "LANG:RegEmail" => "<font color='red'>*</font> " . $sumo_lang_core['Email'], "LANG:RegPassword" => "<font color='red'>*</font> " . $sumo_lang_core['Password'], "LANG:RegRepPassword" => "<font color='red'>*</font> " . $sumo_lang_core['RepPassword'], "LINK:Register" => sumo_get_link_registration(), "LINK:PasswordLost" => sumo_get_link_pwdlost(), "LINK:UnRegister" => sumo_get_link_registration(0), "GET:SumoVersion" => SUMO_VERSION, "GET:charset" => $SUMO['config']['server']['charset'], "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageTheme" => $SUMO['page']['theme'], "GET:ConfirmRegUser" => $sumo_reg_data['reg_user'], "GET:ConfirmRegEmail" => $sumo_reg_data['reg_email'], "GET:ConfirmLanguage" => $sumo_reg_data['reg_language'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:ScriptLoginFocus" => sumo_get_script_tag('login_focus.js'), "GET:ScriptRegistrationFocus" => sumo_get_script_tag('registration_focus.js'), "GET:ScriptLogin" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('check_login.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n", "GET:ScriptResubmit" => sumo_get_script_tag('resubmit.js'), "GET:ScriptNoRightClick" => sumo_get_script_tag('no_right_click.js'), "GET:OnLoad" => "onload='" . $pngfix . "'", "GET:Note" => $sumo_lang_core["PoweredBy"] . " <b>SUMO Access Manager</b> " . SUMO_VERSION . "<br>© Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "GET:NoteShort" => $sumo_lang_core["PoweredBy"] . "<br><b><a href='http://sumoam.sourceforge.net' target='_blank'>SUMO Access Manager</a></b>", "GET:LoginForm" => "<form method='POST' name='SumoAuth' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}else{sumo_pwd.value=hex_hmac_sha1(\"" . $SUMO['connection']['security_string'] . "\",hex_sha1(sumo_pwd.value));}'>", "GET:Message" => $sumo_message, "GET:Redirect" => "<meta http-equiv='refresh' content='10; " . $SUMO['page']['url'] . "'>", "PUT:RegUser" => "<input type='text' size='16' name='reg_user' value='" . $sumo_reg_data['reg_user'] . "' />" . "<input type='hidden' name='reg_group' value='" . $SUMO['page']['group'] . "' />", "PUT:RegEmail" => "<input type='text' size='16' name='reg_email' value='" . $sumo_reg_data['reg_email'] . "' />", "PUT:RegPassword" => "<input type='password' size='16' name='reg_password' autocomplete='off' />", "PUT:RegRepPassword" => "<input type='password' size='16' name='rep_reg_password' autocomplete='off' />", "PUT:User" => "<input type='text' size='16' name='sumo_user' class='username' />", "PUT:Password" => "<input type='password' size='16' name='sumo_pwd' class='password' autocomplete='off' />", "PUT:LanguageLogin" => sumo_get_available_languages(1, 1, $_COOKIE['language'], 'sumo_lang'), "PUT:Language" => sumo_get_available_languages(1), "BUTTON:Submit" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "' />", "BUTTON:BackLogin" => "<form action='" . $SUMO['page']['url'] . "' method='POST'><input type='submit' class='button' value='" . $sumo_lang_core['Back'] . "'></form>", "BUTTON:Back" => "<input type='button' class='button' value='" . $sumo_lang_core['Back'] . "' onclick='javascript:history.go(-1);' />"); // Disable password encryption (for LDAP server) if (!$SUMO['page']['pwd_encrypt'] && !in_array($sumo_action, array('registration', 'regconfirmed'))) { $tpl_array['GET:ScriptSHA1'] = ""; $tpl_array['GET:LoginForm'] = "<form name='SumoAuth' method='POST' action='" . $SUMO['page']['url'] . $url_req . "' onsubmit='check(document.SumoAuth);if((error==1)||(error==2)){return false;}'>"; }
// Prevent destroy valid session // on others nodes if sessions replica is enabled if (!SUMO_SESSIONS_REPLICA) { session_destroy(); } break; case 'USERNOTEXIST': $update_req = TRUE; $sumo_message = sumo_get_message('W00001C', $_SESSION['user']['user']); sumo_write_log('W00042X', array($_SESSION['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url'], sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language'])), '0,1', 2, 'errors'); session_destroy(); break; case 'USERNOTACTIVE': $update_req = TRUE; $sumo_message = sumo_get_message('W00002C', $SUMO['client']['user']); sumo_write_log('W00043X', array($SUMO['user']['user'], $SUMO['page']['url'], sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language'])), '0,1', 2, 'errors'); session_destroy(); break; case 'CANNOTAUTHENTICATE': $sumo_message = sumo_get_message('W00034C'); sumo_write_log('W00100X', array($SUMO['page']['url'], $SUMO['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country']), '0,1', 2, 'system'); session_destroy(); break; case 'PASSWORDERROR': $update_req = TRUE; $sumo_message = sumo_get_message('W00003C'); sumo_write_log('W00044X', array($SUMO['user']['user'], $SUMO['client']['ip'], $SUMO['client']['country'], $SUMO['page']['url']), '0,1', 2, 'errors'); session_destroy(); break; case 'LDAPMODULEERROR': $sumo_message = sumo_get_message('E00119X');
/** * Get a "paranoic" message for WARNING e-mail * * @global resource $SUMO * @param string $error * @param string $code * @param string $method * @author Alberto Basso <*****@*****.**> */ function sumo_get_paranoic_message($error, $code, $method) { global $SUMO; return "\n---------------------------------------\n" . " " . sumo_get_message($error) . ":\n\n" . " Date: " . date($SUMO['config']['server']['date_format'] . " " . $SUMO['config']['server']['time_format']) . "\n" . " IP: " . $SUMO['client']['ip'] . "\n" . " Host: " . $SUMO['client']['name'] . "\n" . " Request Method: " . $method . "\n" . " Request URI: " . $SUMO['page']['url'] . " \"" . sumo_get_accesspoint_name($SUMO['page']['name'], 'en') . "\"\n\n" . " Detected Code:\r\n\r\n" . $code . "\r\n" . "\n---------------------------------------\n"; }
$tpl['IMG:server.language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $conf['server']['language'] . ".png' alt='" . ucwords($conf['server']['language']) . "' class='flag'>"; $tpl['PUT:server.date_format'] = "<input type='text' size='5' name='config[server][date_format]' value='" . $conf['server']['date_format'] . "'>"; $tpl['PUT:server.time_format'] = "<input type='text' size='5' name='config[server][time_format]' value='" . $conf['server']['time_format'] . "'>"; $tpl['PUT:server.admin.name'] = "<input type='text' size='30' name='config[server][admin][name]' value='" . $conf['server']['admin']['name'] . "'>"; $tpl['PUT:server.admin.email'] = "<input type='text' size='30' name='config[server][admin][email]' value='" . $conf['server']['admin']['email'] . "'>"; $tpl['PUT:iptocountry.enabled'] = $conf['iptocountry']['enabled'] ? "<input type='checkbox' name='config[iptocountry][enabled]' checked='checked'>" : "<input type='checkbox' name='config[iptocountry][enabled]'>"; $tpl['GET:iptocountry.updater'] = "<a href='services.php?service=updater&cmd=UPDATE_IP2C' target='_new'>" . $language['iptocountry.updater'] . "</a>"; // Console $tpl['PUT:console.tip'] = $conf['console']['tip'] ? "<input type='checkbox' name='config[console][tip]' checked='checked'>" : "<input type='checkbox' name='config[console][tip]'>"; // Security $tpl['PUT:security.max_login_attempts'] = "<input type='text' size='5' name='config[security][max_login_attempts]' value='" . $conf['security']['max_login_attempts'] . "'>"; $tpl['PUT:security.banned_time'] = "<input type='text' size='5' name='config[security][banned_time]' value='" . $conf['security']['banned_time'] . "'>"; $tpl['PUT:security.access_violations'] = $conf['security']['access_violations'] ? "<input type='checkbox' name='config[security][access_violations]' checked='checked'>" : "<input type='checkbox' name='config[security][access_violations]'>"; // Accesspoints $tpl['PUT:accesspoints.stats.enabled'] = $conf['accesspoints']['stats']['enabled'] ? "<input type='checkbox' name='config[accesspoints][stats][enabled]' checked='checked'>" : "<input type='checkbox' name='config[accesspoints][stats][enabled]'>"; $tpl['PUT:accesspoints.def_name'] = sumo_put_accesspoint_name('ModifySettings', sumo_get_accesspoint_name($conf['accesspoints']['def_name'])); $tpl['PUT:accesspoints.def_group'] = sumo_put_accesspoint_group($conf['accesspoints']['def_group']); $tpl['PUT:accesspoints.def_theme'] = sumo_put_themes($conf['accesspoints']['def_theme'], 'config[accesspoints][def_theme]'); // Accounts $tpl['PUT:accounts.life'] = "<input type='text' size='5' name='config[accounts][life]' value='" . $conf['accounts']['life'] . "'>"; $tpl['PUT:accounts.registration.enabled'] = $conf['accounts']['registration']['enabled'] ? "<input type='checkbox' name='config[accounts][registration][enabled]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][enabled]'>"; $tpl['PUT:accounts.registration.life'] = "<input type='text' size='5' name='config[accounts][registration][life]' value='" . $conf['accounts']['registration']['life'] . "'>"; $tpl['PUT:accounts.registration.notify.reg'] = $conf['accounts']['registration']['notify']['reg'] ? "<input type='checkbox' name='config[accounts][registration][notify][reg]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][notify][reg]'>"; $tpl['PUT:accounts.registration.notify.unreg'] = $conf['accounts']['registration']['notify']['unreg'] ? "<input type='checkbox' name='config[accounts][registration][notify][unreg]' checked='checked'>" : "<input type='checkbox' name='config[accounts][registration][notify][unreg]'>"; $tpl['PUT:accounts.password.life'] = "<input type='text' size='5' name='config[accounts][password][life]' value='" . $conf['accounts']['password']['life'] . "'>"; $tpl['PUT:accounts.notify.updates'] = $conf['accounts']['notify']['updates'] ? "<input type='checkbox' name='config[accounts][notify][updates]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][updates]'>"; $tpl['PUT:accounts.notify.status'] = $conf['accounts']['notify']['status'] ? "<input type='checkbox' name='config[accounts][notify][status]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][status]'>"; $tpl['PUT:accounts.notify.expired'] = $conf['accounts']['notify']['expired'] ? "<input type='checkbox' name='config[accounts][notify][expired]' checked='checked'>" : "<input type='checkbox' name='config[accounts][notify][expired]'>"; // Log to file format //$tpl['PUT:logs.format'] = $conf['logs']['format'] ? $conf['logs']['format'] : "[".$SUMO['config']['server']['date_format']." ".$SUMO['config']['server']['time_format']. " O]"; // Log Manager: System
sumo_add_banned(); } } } // Create SSO if ($sumo_access == 'LOGIN' && SUMO_SESSIONS_REPLICA) { sumo_create_session_id(); } // Display Login or Message box if ($sumo_access != 'CONTINUE' && $sumo_access != 'LOGIN') { $SUMO['connection'] = sumo_get_connection_info(); // HTTP Basic Authentication if (!empty($SUMO['page']['http_auth'])) { $sumo_template = 'message'; $sumo_message = $sumo_access == 'LOGOUT' ? sumo_get_message('I00006C') : sumo_get_message('W00100C'); $sumo_page_name = sumo_get_accesspoint_name($SUMO['page']['name'], $SUMO['config']['server']['language']); header('WWW-Authenticate: Basic realm="' . $sumo_page_name . '"'); header('HTTP/1.0 401 Unauthorized'); header('status: 401 unauthorized'); header('Content/Type: text/html; charset=' . SUMO_CHARSET); } // Load base Template Library $tpl_lib = SUMO_PATH . "/libs/lib.template.login.php"; $tpl_lib_ext = SUMO_PATH . "/libs/lib.template.login." . $SUMO['page']['theme'] . ".php"; $tpl_file = SUMO_PATH . "/themes/" . $SUMO['page']['theme'] . "/" . $sumo_template . ".tpl"; if (sumo_verify_file($tpl_lib)) { require $tpl_lib; } if (file_exists($tpl_lib_ext)) { require $tpl_lib_ext; }
$tpl['GET:server.admin.name'] = $conf['server']['admin']['name']; $tpl['GET:server.admin.email'] = $conf['server']['admin']['email']; $tpl['GET:server.language'] = ucwords(sumo_get_string_languages($conf['server']['language'])); $tpl['IMG:server.language'] = "<img src='themes/" . $SUMO['page']['theme'] . "/images/flags/" . $conf['server']['language'] . ".png' alt='" . $tpl['GET:server.language'] . "' class='flag'>"; $tpl['GET:server.date_format'] = $conf['server']['date_format']; $tpl['GET:server.time_format'] = $conf['server']['time_format']; $tpl['GET:iptocountry.enabled'] = $conf['iptocountry']['enabled'] ? $yes : $no; // Console $tpl['GET:console.tip'] = $conf['console']['tip'] ? $yes : $no; // Security $tpl['GET:security.max_login_attempts'] = $conf['security']['max_login_attempts']; $tpl['GET:security.banned_time'] = sumo_convert_sec2hms($conf['security']['banned_time']); $tpl['GET:security.access_violations'] = $conf['security']['access_violations'] ? $yes : $no; // Accesspoints $tpl['GET:accesspoints.stats.enabled'] = $conf['accesspoints']['stats']['enabled'] ? $yes : $no; $tpl['GET:accesspoints.def_name'] = sumo_get_accesspoint_name($conf['accesspoints']['def_name'], $_COOKIE['language']); $tpl['GET:accesspoints.def_group'] = $conf['accesspoints']['def_group']; $tpl['GET:accesspoints.def_theme'] = ucwords($conf['accesspoints']['def_theme']); // Accounts $tpl['GET:accounts.life'] = $conf['accounts']['life']; $tpl['GET:accounts.registration.enabled'] = $conf['accounts']['registration']['enabled'] ? $yes : $no; $tpl['GET:accounts.registration.life'] = $conf['accounts']['registration']['life']; $tpl['GET:accounts.registration.notify.reg'] = $conf['accounts']['registration']['notify']['reg'] ? $yes : $no; $tpl['GET:accounts.registration.notify.unreg'] = $conf['accounts']['registration']['notify']['unreg'] ? $yes : $no; $tpl['GET:accounts.password.life'] = $conf['accounts']['password']['life']; $tpl['GET:accounts.notify.updates'] = $conf['accounts']['notify']['updates'] ? $yes : $no; $tpl['GET:accounts.notify.status'] = $conf['accounts']['notify']['status'] ? $yes : $no; $tpl['GET:accounts.notify.expired'] = $conf['accounts']['notify']['expired'] ? $yes : $no; // Log Manager $tpl['GET:logs.life'] = "<input type='text' size='5' name='logs[life]' value='" . $conf['logs']['life'] . "' >"; // Log Manager: System
* @link http://sumoam.sourceforge.net SUMO Access Manager * @author Alberto Basso <*****@*****.**> * @copyright Copyright © 2003-2009, Alberto Basso * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @package SUMO * @category Console */ // Fix PNG images if client browser is Internet Explorer $pngfix = preg_match("/Internet Explorer/i", $SUMO['client']['browser']) ? "PNGFix();" : ""; // Create IP2Country table for first installation (1min available before timeout) $ip2country = !file_exists(SUMO_PATH . '/tmp/iptocountry') && $SUMO['server']['db_type'] != 'sqlite' ? "sumo_ajax_get_bg(\"services.php?service=updater&cmd=UPDATE_IP2C\");" : ""; // If user is "sumo" display access level if (sumo_verify_current_group('sumo')) { if ($SUMO['user']['group_level']['sumo'] >= 1) { $ul_color = 'green'; } if ($SUMO['user']['group_level']['sumo'] >= 4) { $ul_color = 'orange'; } if ($SUMO['user']['group_level']['sumo'] > 5) { $ul_color = 'red'; } $ul_graph = sumo_get_graph($SUMO['user']['group_level']['sumo'], 7, 0, $ul_color, 50, 2); } else { $ul_graph = ""; } // Clock $clock = explode(':', $SUMO['config']['server']['time_format']); $clock = date(intval($clock[0]) . ':' . $clock[1]); $console['template'] = array("GET:SumoVersion" => SUMO_VERSION, "GET:UserName" => "<iframe name='CSID' src='' style='visibility:hidden;width:0px;height:0px;display:none'></iframe>" . "<a style='color:black;' href='javascript:sumo_ajax_get(\"users\",\"?module=users&action=view&id=" . $SUMO['user']['id'] . "\");'>" . $SUMO['user']['user'] . $ul_graph . "</a>", "GET:PagePath" => $SUMO['page']['web_path'], "GET:PageUrl" => $SUMO['page']['url'], "GET:PageName" => sumo_get_accesspoint_name($SUMO['page']['name'], $_COOKIE['language']), "GET:PageTheme" => $SUMO['page']['theme'], "GET:charset" => $SUMO['config']['server']['charset'], "GET:Date" => "<a href='javascript:opacity(\"settings_view_clock\", 0, 100, 300);" . "sumo_ajax_get(\"settings_view_clock\", \"?module=settings&action=view_clock&decoration=false\")'>" . date($SUMO['config']['server']['date_format']) . "</a>", "GET:Clock" => "<a href='javascript:opacity(\"settings_view_clock\", 0, 100, 300);" . "sumo_ajax_get(\"settings_view_clock\", \"?module=settings&action=view_clock&decoration=false\")'>" . "<span id='clock'>" . $clock . "</span>" . "</a>", "GET:ScriptTooltip" => sumo_get_script_tag('wz_tooltip.js') . "\n" . sumo_get_script_tag('tip_centerwindow.js'), "GET:ScriptDragDrop" => sumo_get_script_tag('wz_dragdrop.js'), "GET:ScriptLibraries" => "<script language='javascript' type='text/javascript'>\n" . "var sumo_theme='" . $SUMO['page']['theme'] . "';\n" . "</script>\n" . sumo_get_script_tag('ajax.js') . "\n" . sumo_get_script_tag('sumo_common.js') . "\n" . sumo_get_script_tag('sumo_crypt.js') . "\n" . sumo_get_script_tag('sumo_ajax.js') . "\n" . sumo_get_script_tag('sumo_gui.js') . "\n" . sumo_get_script_tag('sumo_menu.js') . "\n" . sumo_get_script_tag('calendar.php?sumo_lang=' . $_COOKIE['language']) . "\n" . sumo_get_script_tag('clock.php?sumo_lang=' . $_COOKIE['language']) . "\n" . sumo_get_script_tag("messages.php?id=" . $SUMO['user']['id'] . "&loggedin=" . intval($_COOKIE['loggedin']) . "&group=" . base64_encode(implode(";", $SUMO['user']['group']))) . "\n", "GET:OnLoad" => "onload='javascript:startClock();opacity(\"menuConsole\", 100, 88, 1);opacity(\"menuLanguages\", 100, 88, 1);" . $pngfix . $ip2country . "'", "GET:Note" => $sumo_lang_core['PoweredBy'] . " <b>SUMO " . SUMO_VERSION . "</b> − © Copyright 2003-" . date("Y") . " by <b>Basso Alberto</b><br>" . $sumo_lang_core['ProjectPage'] . " <b><a href='http://sumoam.sourceforge.net' target='_blank'>http://sumoam.sourceforge.net</a></b>", "LINK:Console" => "<a href='javascript:void(0)' onClick='return clickreturnvalue()' onMouseover='dropdownmenu(this, event, \"menuConsole\");' title='" . $console['language']['ConsoleTitle'] . "'>" . $console['language']['Console'] . "</a>", "LINK:Clean" => "<a href='" . $SUMO['page']['url'] . "' title='" . $console['language']['CleanTitle'] . "'><img src='" . $SUMO['page']['web_path'] . "/themes/" . $SUMO['page']['theme'] . "/images/desktop.png' alt='" . $console['language']['Clean'] . "'></a>", "LINK:LogOut" => "<a href='javascript:sumo_user_logout();' title='" . $console['language']['LogOutTitle'] . "'>" . $console['language']['LogOut'] . "</a>", "LINK:Help" => sumo_get_module_link('help', '', $console['language']['help'], false), "BUTTON:Ok" => "<input type='submit' class='button' value='" . $sumo_lang_core["Ok"] . "'>", "BUTTON:Submit" => "<input id='ok' type='submit' class='button-green' value='" . $sumo_lang_core["Ok"] . "'>", "BUTTON:Save" => "<input id='save' type='submit' class='button-green' value='" . $console['language']["Save"] . "'>", "BUTTON:Back" => "<input type='button' class='button-red' value='" . $console['language']["Back"] . "' onclick='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"?module=" . $_SESSION['module'] . "&decoration=false\");'>", "BUTTON:Cancel" => "<input id='cancel' type='button' class='button-red' value='" . $console['language']["Cancel"] . "' onclick='javascript:sumo_ajax_get(\"" . $_SESSION['module'] . ".content\",\"?module=" . $_SESSION['module'] . "&decoration=false\");'>");
/** * Update accesspoint data */ function sumo_update_accesspoint_data($data = array()) { if (!empty($data)) { global $SUMO; $id = intval($data['id']); $node = $data['node'] ? intval($data['node']) : "NULL"; $path = $data['path']; $group = $data['group']; $reg_group = $data['reg_group']; $theme = $data['theme']; $http_auth = $data['http_auth'] == 'on' || $data['http_auth'] == 1 ? 1 : 0; $filtering = $data['filtering'] == 'on' || $data['filtering'] == 1 ? 1 : 0; $pwd_encrypt = $data['pwd_encrypt'] == 'on' || $data['pwd_encrypt'] == 1 ? 1 : 0; $change_pwd = $data['change_pwd'] == 'on' || $data['change_pwd'] == 1 ? 1 : 0; $registration = $data['registration'] == 'on' || $data['registration'] == 1 ? 1 : 0; // AP names $languages = sumo_get_available_languages(); $names = ""; for ($l = 0; $l < count($languages); $l++) { $names[$l] = $languages[$l] . ":" . $data['name'][$languages[$l]]; } $name = implode(";", $names); $filtering = sumo_verify_is_console($path) ? 1 : $filtering; /** * Kill all sessions at path where pwd_encrypt * or http_auth it has been changed */ $accesspoint = sumo_get_accesspoint_info($id, 'id', FALSE); $nodeinfo = sumo_get_node_info($node); if ($accesspoint['pwd_encrypt'] != $pwd_encrypt || $accesspoint['http_auth'] != $http_auth) { $query = "DELETE FROM " . SUMO_TABLE_SESSIONS . " \r\n\t\t\t\t\t WHERE node='" . $nodeinfo['ip'] . "' AND url LIKE '%" . $path . "'"; $SUMO['DB']->Execute($query); } // Delete cached data #if($path) $SUMO['DB']->CacheFlush("SELECT * FROM ".SUMO_TABLE_ACCESSPOINTS." # WHERE path='".$path."'"); if ($node >= 1) { $record['node'] = "node=" . $node; } if ($path) { $record['path'] = "path='" . $path . "'"; } if ($name) { $record['name'] = "name='" . $name . "'"; } if ($group) { $record['group'] = "usergroup='" . sumo_get_ordered_groups($group) . "'"; } if ($reg_group) { $record['reg_group'] = "reg_group='" . $reg_group . "'"; } if ($theme) { $record['theme'] = "theme='" . $theme . "'"; } $record['http_auth'] = "http_auth=" . $http_auth; $record['filtering'] = "filtering=" . $filtering; $record['pwd_encrypt'] = "pwd_encrypt=" . $pwd_encrypt; $record['change_pwd'] = "change_pwd=" . $change_pwd; $record['registration'] = "registration=" . $registration; $record['updated'] = "updated=" . $SUMO['server']['time']; // Create fields for query $new_record = array_values($record); for ($r = 0; $r < count($new_record); $r++) { if ($new_record[$r]) { $records[$r] = $new_record[$r]; } } $update = implode(', ', $records); $select = implode(' AND ', $records); // create query $query = "UPDATE " . SUMO_TABLE_ACCESSPOINTS . " \r\n\t\t\t\t SET " . $update . " \r\n\t\t\t\t WHERE id=" . $id; $SUMO['DB']->CacheFlush(); $SUMO['DB']->Execute($query); // verify query success $query = "SELECT COUNT(id) FROM " . SUMO_TABLE_ACCESSPOINTS . " \r\n\t\t\t\t WHERE id=" . $id . " \r\n\t\t\t\t AND " . $select; $rs = $SUMO['DB']->Execute($query); $tab = $rs->FetchRow(); // if updated: if ($tab[0] == 1) { if ($nodeinfo['ip'] == '') { $nodeinfo['ip'] = 'UNDEFINED'; } $apname = sumo_get_accesspoint_name($name, $SUMO['config']['server']['language']); sumo_write_log('I07000X', array($id, $apname, $nodeinfo['ip'], $SUMO['user']['user']), 3, 3, 'system', FALSE); return TRUE; } else { return FALSE; } } }
$list = sumo_get_table_header($table['data']['stats']); while ($tab = $rs->FetchRow()) { $query2 = "SELECT MAX(access) FROM " . SUMO_TABLE_ACCESSPOINTS_STATS; $query3 = "SELECT MAX(activity) FROM " . SUMO_TABLE_ACCESSPOINTS_STATS; $style = sumo_alternate_str('tab-row-on', 'tab-row-off'); $rs2 = $SUMO['DB']->CacheExecute(15, $query2); $rs3 = $SUMO['DB']->CacheExecute(15, $query3); $max2 = $rs2->FetchRow(); $max3 = $rs3->FetchRow(); $path2 = $tab['path']; $path3 = sumo_get_accesspoint_name($tab['name'], $_COOKIE['language']); $max_access = $max2[0]; $max_activity = $max3[0]; if ($search) { $path2 = sumo_color_match_string($field['path'][1], $tab['path']); $path3 = sumo_color_match_string($field['name'][1], sumo_get_accesspoint_name($tab['name'], $_COOKIE['language'])); } // verify if user is current node/path if ($SUMO['page']['node'] == $tab['node'] && $SUMO['page']['path'] == $tab['path']) { $style = 'tab-row-highlight'; } $list .= "<tr>\n"; if ($_SESSION['accesspoints']['stats']['col'][3]) { $list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=view&id=" . $tab['id_page'] . "\");'>" . $path3 . "</a></td>\n"; } if ($_SESSION['accesspoints']['stats']['col'][1]) { $list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"network\",\"?module=network&action=view_node&id=" . $tab['node'] . "\");'>" . $node[$tab['node']]['name'] . "</a></td>\n"; } if ($_SESSION['accesspoints']['stats']['col'][4]) { $list .= " <td class='" . $style . "'><a href='javascript:sumo_ajax_get(\"accesspoints\",\"?module=accesspoints&action=view&id=" . $tab['id_page'] . "\");'>" . $path2 . "</a></td>\n"; }