示例#1
0
文件: header.php 项目: hughnguy/php
<?php

use Ventus\Utilities\Authentication;
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] === 'https' or isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') {
    header('Strict-Transport-Security: max-age=31536000');
    header('X-Frame-Options: deny');
    header('X-Content-Type-Options: nosniff');
    header('X-XSS-Protection: 1; mode=block');
} else {
    $uri = 'https://' . URL_INTRANET . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING'];
    header('HTTP/1.1 301 Moved Permanently');
    header("Location: {$uri}");
    die;
}
// @TODO move this logic to appropriate controllers
if (!Authentication::isAuthenticated($SESSION, 'internal')) {
    header('Location: https://' . URL_VENTUS . '/index.php?next=' . $_SERVER['PHP_SELF'] . '?' . $_SERVER['QUERY_STRING']);
    exit;
} else {
    Authentication::isAuthorized($SESSION, \Ventus\Utilities\URI::getCurrentURL());
}
header('Content-Type: text/html; charset=utf-8');
header('Content-Language: ' . $l10n->getLanguage());
?>
<!DOCTYPE html>
<html lang='<?php 
echo $l10n->getLanguage();
?>
' class='no-js'>
        <meta charset='utf-8'>
        <meta name='viewport' content='width=device-width,initial-scale=1.0'>
示例#2
0
namespace Ventus\Student;

/**
 * This controller will either grant or refuse a read-only session request to a user
 */
// Session, config
require '../includes/php/bootstrap.php';
$SESSION = new \Zend_Session_Namespace('internal', true);
// Kill existing student session if one exists
\Zend_Session::namespaceUnset('student');
//Models
$model = new StudentProfile($dbo);
$module = \Ventus\Utilities\Functions::getModuleNameFromURL($_SERVER['HTTP_REFERER']);
$module === 'specialist' ? $url = URL_SPECIALIST : ($url = URL_ACCESS_RECEPTION);
//We first check if the employee has a valid session and is authorized to access the Specialist module
\Ventus\Utilities\Authentication::isAuthenticated($SESSION, 'internal');
\Ventus\Utilities\Authentication::isAuthorized($SESSION, 'https://' . $url);
//Check and decrypt read only session key
if (empty($_GET['key']) || empty($_GET['iv'])) {
    //No key exists...we have a problem
    $loggers['audit']->error('Attempted access to student read-only session without key.');
    header('location: https://' . URL_PHP . '/error-external.php?eid=R9001');
    exit;
}
$student = mcrypt_decrypt(MCRYPT_BLOWFISH, hash('md5', HASH_GENERATION_RANDOM_STRING), base64_decode($_GET['key']), MCRYPT_MODE_ECB, base64_decode($_GET['iv']));
$student = unserialize($student);
$log_in = $model->validateUserForReadOnlySession($student);
if (!$log_in) {
    //No student found...we have a problem
    $loggers['audit']->warning("Attempted access to student read-only session for invalid student {$student['student_num']}.");
    header('location: https://' . URL_PHP . '/error-external.php?eid=R9002');