require_once "server/classes/class.AJXP_Logger.php";
ConfService::init("server/conf/conf.php");
$confStorageDriver = ConfService::getConfStorageImpl();
require_once $confStorageDriver->getUserClassFileName();
session_name("AjaXplorer");
session_start();
set_error_handler(array("AJXP_XMLWriter", "catchError"), E_ALL & ~E_NOTICE);
if (isset($_GET["tmp_repository_id"])) {
ConfService::switchRootDir($_GET["tmp_repository_id"], true);
}
if (AuthService::usersEnabled()) {
$rememberLogin = "";
$rememberPass = "";
if (isset($_GET["get_action"]) && $_GET["get_action"] == "get_seed") {
header("Content-type:text/plain; charset:UTF-8");
print AuthService::generateSeed();
exit(0);
}
if (isset($_GET["get_action"]) && $_GET["get_action"] == "logout") {
AuthService::disconnect();
$loggingResult = 2;
}
//AuthService::disconnect();
if (isset($_GET["get_action"]) && $_GET["get_action"] == "back") {
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
exit(1);
}
if (isset($_GET["get_action"]) && $_GET["get_action"] == "login") {
$userId = isset($_GET["userid"]) ? $_GET["userid"] : null;
public function switchAction($action, $httpVars, $fileVars)
{
switch ($action) {
case "logout":
AuthService::disconnect();
$loggingResult = 2;
session_destroy();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
AJXP_XMLWriter::close();
break;
case "get_seed":
$seed = AuthService::generateSeed();
if (AuthService::suspectBruteForceLogin()) {
HTMLWriter::charsetHeader('application/json');
print json_encode(array("seed" => $seed, "captcha" => true));
} else {
HTMLWriter::charsetHeader("text/plain");
print $seed;
}
break;
case "get_captcha":
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
CaptchaProvider::sendCaptcha();
//exit(0) ;
break;
case "back":
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
//exit(1);
break;
default:
break;
}
return "";
}
$detectedUser = $matches[1];
}
}
}
try {
ConfService::switchRootDir($optRepoId, true);
} catch (AJXP_Exception $e) {
}
} else {
if ($optStatusFile) {
file_put_contents($optStatusFile, "ERROR:You must pass a -r argument specifying either a repository id or alias");
}
die("You must pass a -r argument specifying either a repository id or alias");
}
if (AuthService::usersEnabled() && !empty($optUser)) {
$seed = AuthService::generateSeed();
if ($seed != -1) {
$optPass = md5(md5($optPass) . $seed);
}
$loggingResult = AuthService::logUser($optUser, $optPass, isset($optToken), false, $seed);
// Check that current user can access current repository, try to switch otherwise.
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null && $detectedUser !== false && $loggedUser->isAdmin()) {
AuthService::disconnect();
AuthService::logUser($detectedUser, "empty", true, false, "");
$loggedUser = AuthService::getLoggedUser();
}
if ($loggedUser != null) {
ConfService::switchRootDir($optRepoId, true);
/*
$res = ConfService::switchUserToActiveRepository($loggedUser, $optRepoId);
public function switchAction($action, $httpVars, $fileVars)
{
if (!isset($this->actions[$action])) {
return;
}
$mess = ConfService::getMessages();
switch ($action) {
case "login":
if (!AuthService::usersEnabled()) {
return;
}
$rememberLogin = "";
$rememberPass = "";
$secureToken = "";
$loggedUser = null;
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
if (AuthService::suspectBruteForceLogin() && (!isset($httpVars["captcha_code"]) || !CaptchaProvider::checkCaptchaResult($httpVars["captcha_code"]))) {
$loggingResult = -4;
} else {
$userId = isset($httpVars["userid"]) ? trim($httpVars["userid"]) : null;
$userPass = isset($httpVars["password"]) ? trim($httpVars["password"]) : null;
$rememberMe = isset($httpVars["remember_me"]) && $httpVars["remember_me"] == "true" ? true : false;
$cookieLogin = isset($httpVars["cookie_login"]) ? true : false;
$loggingResult = AuthService::logUser($userId, $userPass, false, $cookieLogin, $httpVars["login_seed"]);
if ($rememberMe && $loggingResult == 1) {
$rememberLogin = "******";
$rememberPass = "******";
$loggedUser = AuthService::getLoggedUser();
}
if ($loggingResult == 1) {
session_regenerate_id(true);
$secureToken = AuthService::generateSecureToken();
}
if ($loggingResult < 1 && AuthService::suspectBruteForceLogin()) {
$loggingResult = -4;
// Force captcha reload
}
}
$loggedUser = AuthService::getLoggedUser();
if ($loggedUser != null) {
$force = $loggedUser->mergedRole->filterParameterValue("core.conf", "DEFAULT_START_REPOSITORY", AJXP_REPO_SCOPE_ALL, -1);
$passId = -1;
if (isset($httpVars["tmp_repository_id"])) {
$passId = $httpVars["tmp_repository_id"];
} else {
if ($force != "" && $loggedUser->canSwitchTo($force) && !isset($httpVars["tmp_repository_id"]) && !isset($_SESSION["PENDING_REPOSITORY_ID"])) {
$passId = $force;
}
}
$res = ConfService::switchUserToActiveRepository($loggedUser, $passId);
if (!$res) {
AuthService::disconnect();
$loggingResult = -3;
}
}
if ($loggedUser != null && (AuthService::hasRememberCookie() || isset($rememberMe) && $rememberMe == true)) {
AuthService::refreshRememberCookie($loggedUser);
}
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, $rememberLogin, $rememberPass, $secureToken);
AJXP_XMLWriter::close();
break;
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
//------------------------------------
// CHANGE USER PASSWORD
//------------------------------------
case "pass_change":
$userObject = AuthService::getLoggedUser();
if ($userObject == null || $userObject->getId() == "guest") {
header("Content-Type:text/plain");
print "SUCCESS";
break;
}
$oldPass = $httpVars["old_pass"];
$newPass = $httpVars["new_pass"];
$passSeed = $httpVars["pass_seed"];
if (strlen($newPass) < ConfService::getCoreConf("PASSWORD_MINLENGTH", "auth")) {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
if (AuthService::checkPassword($userObject->getId(), $oldPass, false, $passSeed)) {
AuthService::updatePassword($userObject->getId(), $newPass);
if ($userObject->getLock() == "pass_change") {
$userObject->removeLock();
$userObject->save("superuser");
}
} else {
header("Content-Type:text/plain");
print "PASS_ERROR";
break;
}
header("Content-Type:text/plain");
print "SUCCESS";
break;
case "logout":
AuthService::disconnect();
$loggingResult = 2;
session_destroy();
AJXP_XMLWriter::header();
AJXP_XMLWriter::loggingResult($loggingResult, null, null, null);
AJXP_XMLWriter::close();
break;
case "get_seed":
$seed = AuthService::generateSeed();
if (AuthService::suspectBruteForceLogin()) {
HTMLWriter::charsetHeader('application/json');
print json_encode(array("seed" => $seed, "captcha" => true));
} else {
HTMLWriter::charsetHeader("text/plain");
print $seed;
}
//exit(0);
break;
case "get_secure_token":
HTMLWriter::charsetHeader("text/plain");
print AuthService::generateSecureToken();
//exit(0);
break;
case "get_captcha":
include_once AJXP_BIN_FOLDER . "/class.CaptchaProvider.php";
CaptchaProvider::sendCaptcha();
//exit(0) ;
break;
case "back":
AJXP_XMLWriter::header("url");
echo AuthService::getLogoutAddress(false);
AJXP_XMLWriter::close("url");
//exit(1);
break;
default:
break;
}
return "";
}
