|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
//------------------------------------------------------------------------------ |
|
4
|
|
|
// |
|
5
|
|
|
// eTraxis - Records tracking web-based system |
|
6
|
|
|
// Copyright (C) 2004-2011 Artem Rodygin |
|
7
|
|
|
// |
|
8
|
|
|
// This program is free software: you can redistribute it and/or modify |
|
9
|
|
|
// it under the terms of the GNU General Public License as published by |
|
10
|
|
|
// the Free Software Foundation, either version 3 of the License, or |
|
11
|
|
|
// (at your option) any later version. |
|
12
|
|
|
// |
|
13
|
|
|
// This program is distributed in the hope that it will be useful, |
|
14
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
15
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
16
|
|
|
// GNU General Public License for more details. |
|
17
|
|
|
// |
|
18
|
|
|
// You should have received a copy of the GNU General Public License |
|
19
|
|
|
// along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
20
|
|
|
// |
|
21
|
|
|
//------------------------------------------------------------------------------ |
|
22
|
|
|
|
|
23
|
|
|
/** |
|
24
|
|
|
* Sessions |
|
25
|
|
|
* |
|
26
|
|
|
* This module implements user sessions in eTraxis. |
|
27
|
|
|
* |
|
28
|
|
|
* @package Engine |
|
29
|
|
|
* @subpackage Sessions |
|
30
|
|
|
*/ |
|
31
|
|
|
|
|
32
|
|
|
/**#@+ |
|
33
|
|
|
* Dependency. |
|
34
|
|
|
*/ |
|
35
|
|
|
require_once('../engine/debug.php'); |
|
36
|
|
|
require_once('../engine/timezone.php'); |
|
37
|
|
|
require_once('../engine/locale.php'); |
|
38
|
|
|
require_once('../engine/cookies.php'); |
|
39
|
|
|
require_once('../engine/dal.php'); |
|
40
|
|
|
require_once('../engine/ldap.php'); |
|
41
|
|
|
require_once('../dbo/accounts.php'); |
|
42
|
|
|
/**#@-*/ |
|
43
|
|
|
|
|
44
|
|
|
//------------------------------------------------------------------------------ |
|
45
|
|
|
// Definitions. |
|
46
|
|
|
//------------------------------------------------------------------------------ |
|
47
|
|
|
|
|
48
|
|
|
/**#@+ |
|
49
|
|
|
* Session variable. |
|
50
|
|
|
*/ |
|
51
|
|
|
define('VAR_ERROR', 'eTraxis_Error'); |
|
52
|
|
|
define('VAR_USERID', 'eTraxis_UserID'); |
|
53
|
|
|
define('VAR_USERNAME', 'eTraxis_UserName'); |
|
54
|
|
|
define('VAR_FULLNAME', 'eTraxis_FullName'); |
|
55
|
|
|
define('VAR_PASSWD_EXPIRE', 'eTraxis_PasswdExpire'); |
|
56
|
|
|
define('VAR_ISADMIN', 'eTraxis_IsAdmin'); |
|
57
|
|
|
define('VAR_LDAPUSER', 'eTraxis_LdapUser'); |
|
58
|
|
|
define('VAR_TIMEZONE', 'eTraxis_Timezone'); |
|
59
|
|
|
define('VAR_TEXTROWS', 'eTraxis_TextRows'); |
|
60
|
|
|
define('VAR_PAGEROWS', 'eTraxis_PageRows'); |
|
61
|
|
|
define('VAR_PAGEBKMS', 'eTraxis_PageBkms'); |
|
62
|
|
|
define('VAR_AUTO_REFRESH', 'eTraxis_AutoRefresh'); |
|
63
|
|
|
define('VAR_DELIMITER', 'eTraxis_Delimiter'); |
|
64
|
|
|
define('VAR_ENCODING', 'eTraxis_Encoding'); |
|
65
|
|
|
define('VAR_LINE_ENDINGS', 'eTraxis_LineEndings'); |
|
66
|
|
|
define('VAR_VIEW', 'eTraxis_View'); |
|
67
|
|
|
define('VAR_THEME_NAME', 'eTraxis_ThemeName'); |
|
68
|
|
|
define('VAR_SEARCH_MODE', 'eTraxis_SearchMode'); |
|
69
|
|
|
define('VAR_SEARCH_TEXT', 'eTraxis_SearchText'); |
|
70
|
|
|
define('VAR_USE_FILTERS', 'eTraxis_UseFilter'); |
|
71
|
|
|
define('VAR_LDAP_ENUMERATION', 'eTraxis_LdapEnumeration'); |
|
72
|
|
|
/**#@-*/ |
|
73
|
|
|
|
|
74
|
|
|
/**#@+ |
|
75
|
|
|
* User level. |
|
76
|
|
|
*/ |
|
77
|
|
|
define('USER_LEVEL_GUEST', 1); |
|
78
|
|
|
define('USER_LEVEL_NORMAL', 2); |
|
79
|
|
|
define('USER_LEVEL_ADMIN', 3); |
|
80
|
|
|
/**#@-*/ |
|
81
|
|
|
|
|
82
|
|
|
/** |
|
83
|
|
|
* ID for guest. |
|
84
|
|
|
*/ |
|
85
|
|
|
define('GUEST_USER_ID', 0); |
|
86
|
|
|
|
|
87
|
|
|
/**#@+ |
|
88
|
|
|
* Type of a page to be loaded. |
|
89
|
|
|
*/ |
|
90
|
|
|
define('LOAD_CONTAINER', 1); |
|
91
|
|
|
define('LOAD_TAB', 2); |
|
92
|
|
|
define('LOAD_INLINE', 3); |
|
93
|
|
|
define('LOAD_RSS', 4); |
|
94
|
|
|
/**#@-*/ |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* Flag that guest is allowed to access a page. |
|
98
|
|
|
*/ |
|
99
|
|
|
define('GUEST_IS_ALLOWED', TRUE); |
|
100
|
|
|
|
|
101
|
|
|
// Encodings. |
|
102
|
|
|
$encodings = array |
|
103
|
|
|
( |
|
104
|
|
|
1 => 'UTF-8', |
|
105
|
|
|
2 => 'UCS-2', |
|
106
|
|
|
3 => 'ISO-8859-1', |
|
107
|
|
|
4 => 'ISO-8859-2', |
|
108
|
|
|
5 => 'ISO-8859-3', |
|
109
|
|
|
6 => 'ISO-8859-4', |
|
110
|
|
|
7 => 'ISO-8859-5', |
|
111
|
|
|
8 => 'ISO-8859-6', |
|
112
|
|
|
9 => 'ISO-8859-7', |
|
113
|
|
|
10 => 'ISO-8859-8', |
|
114
|
|
|
11 => 'ISO-8859-9', |
|
115
|
|
|
12 => 'ISO-8859-10', |
|
116
|
|
|
13 => 'ISO-8859-13', |
|
117
|
|
|
14 => 'ISO-8859-14', |
|
118
|
|
|
15 => 'ISO-8859-15', |
|
119
|
|
|
16 => 'KOI8-R', |
|
120
|
|
|
17 => 'Windows-1251', |
|
121
|
|
|
18 => 'Windows-1252', |
|
122
|
|
|
); |
|
123
|
|
|
|
|
124
|
|
|
// Line endings. |
|
125
|
|
|
$line_endings_names = array |
|
126
|
|
|
( |
|
127
|
|
|
1 => 'Windows', |
|
128
|
|
|
2 => 'Unix', |
|
129
|
|
|
3 => 'Mac', |
|
130
|
|
|
); |
|
131
|
|
|
|
|
132
|
|
|
$line_endings_chars = array |
|
133
|
|
|
( |
|
134
|
|
|
1 => "\r\n", |
|
135
|
|
|
2 => "\n", |
|
136
|
|
|
3 => "\r", |
|
137
|
|
|
); |
|
138
|
|
|
|
|
139
|
|
|
/**#@+ |
|
140
|
|
|
* Default settings. |
|
141
|
|
|
*/ |
|
142
|
|
|
define('DEFAULT_PAGE_ROWS', 20); |
|
143
|
|
|
define('DEFAULT_PAGE_BKMS', 10); |
|
144
|
|
|
define('DEFAULT_AUTO_REFRESH', 0); |
|
145
|
|
|
define('DEFAULT_DELIMITER', 0x2C); |
|
146
|
|
|
define('DEFAULT_ENCODING', 1); |
|
147
|
|
|
define('DEFAULT_LINE_ENDINGS', 1); |
|
148
|
|
|
/**#@-*/ |
|
149
|
|
|
|
|
150
|
|
|
/**#@+ |
|
151
|
|
|
* List size restriction. |
|
152
|
|
|
*/ |
|
153
|
|
|
define('MIN_PAGE_SIZE', 10); |
|
154
|
|
|
define('MAX_PAGE_SIZE', 100); |
|
155
|
|
|
/**#@-*/ |
|
156
|
|
|
|
|
157
|
|
|
/**#@+ |
|
158
|
|
|
* Autorefresh interval restriction (in seconds). |
|
159
|
|
|
*/ |
|
160
|
|
|
define('MIN_AUTO_REFRESH', 0); |
|
161
|
|
|
define('MAX_AUTO_REFRESH', 1440); |
|
162
|
|
|
/**#@-*/ |
|
163
|
|
|
|
|
164
|
|
|
//------------------------------------------------------------------------------ |
|
165
|
|
|
// Functions. |
|
166
|
|
|
//------------------------------------------------------------------------------ |
|
167
|
|
|
|
|
168
|
|
|
/** |
|
169
|
|
|
* Creates (initializes) anonymous session before user is authorized. |
|
170
|
|
|
* |
|
171
|
|
|
* @return string The session ID for the newly created session. |
|
172
|
|
|
*/ |
|
173
|
|
|
function create_session () |
|
174
|
|
|
{ |
|
175
|
|
|
error_reporting(E_ALL); |
|
176
|
|
|
|
|
177
|
|
|
if (DEBUG_MODE == DEBUG_MODE_OFF) |
|
178
|
|
|
{ |
|
179
|
|
|
assert_options(ASSERT_ACTIVE, 0); |
|
180
|
|
|
} |
|
181
|
|
|
else |
|
182
|
|
|
{ |
|
183
|
|
|
assert_options(ASSERT_ACTIVE, 1); |
|
184
|
|
|
assert_options(ASSERT_WARNING, 1); |
|
185
|
|
|
assert_options(ASSERT_BAIL, 0); |
|
186
|
|
|
assert_options(ASSERT_QUIET_EVAL, 0); |
|
187
|
|
|
assert_options(ASSERT_CALLBACK, NULL); |
|
188
|
|
|
} |
|
189
|
|
|
|
|
190
|
|
|
return session_id(); |
|
191
|
|
|
} |
|
192
|
|
|
|
|
193
|
|
|
/** |
|
194
|
|
|
* Opens new session (preliminary created with {@link create_session}) for successfully authorized user (user becomes logged in). |
|
195
|
|
|
* |
|
196
|
|
|
* @param int $userid Account ID of authorized user (see <i>account_id</i> of <i>tbl_accounts</i> database table). |
|
197
|
|
|
* @return string The session ID. |
|
198
|
|
|
*/ |
|
199
|
|
|
function open_session ($userid) |
|
200
|
|
|
{ |
|
201
|
|
|
debug_write_log(DEBUG_TRACE, '[open_session]'); |
|
202
|
|
|
debug_write_log(DEBUG_DUMP, '[open_session] $userid = ' . $userid); |
|
203
|
|
|
|
|
204
|
|
|
global $encodings; |
|
205
|
|
|
global $line_endings_chars; |
|
206
|
|
|
|
|
207
|
|
|
$_SESSION[VAR_USERID] = $userid; |
|
208
|
|
|
$_SESSION[VAR_USERNAME] = get_html_resource(RES_GUEST_ID); |
|
209
|
|
|
$_SESSION[VAR_FULLNAME] = get_html_resource(RES_GUEST_ID); |
|
210
|
|
|
$_SESSION[VAR_PASSWD_EXPIRE] = 0; |
|
211
|
|
|
$_SESSION[VAR_ISADMIN] = FALSE; |
|
212
|
|
|
$_SESSION[VAR_LDAPUSER] = FALSE; |
|
213
|
|
|
$_SESSION[VAR_LOCALE] = get_browser_locale(); |
|
214
|
|
|
$_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
|
215
|
|
|
$_SESSION[VAR_TEXTROWS] = HTML_TEXTBOX_DEFAULT_HEIGHT; |
|
216
|
|
|
$_SESSION[VAR_PAGEROWS] = DEFAULT_PAGE_ROWS; |
|
217
|
|
|
$_SESSION[VAR_PAGEBKMS] = DEFAULT_PAGE_BKMS; |
|
218
|
|
|
$_SESSION[VAR_AUTO_REFRESH] = DEFAULT_AUTO_REFRESH; |
|
219
|
|
|
$_SESSION[VAR_DELIMITER] = chr(DEFAULT_DELIMITER); |
|
220
|
|
|
$_SESSION[VAR_ENCODING] = $encodings[DEFAULT_ENCODING]; |
|
221
|
|
|
$_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[DEFAULT_LINE_ENDINGS]; |
|
222
|
|
|
$_SESSION[VAR_VIEW] = NULL; |
|
223
|
|
|
$_SESSION[VAR_THEME_NAME] = THEME_DEFAULT; |
|
224
|
|
|
$_SESSION[VAR_SEARCH_MODE] = FALSE; |
|
225
|
|
|
$_SESSION[VAR_SEARCH_TEXT] = NULL; |
|
226
|
|
|
$_SESSION[VAR_USE_FILTERS] = FALSE; |
|
227
|
|
|
$_SESSION[VAR_LDAP_ENUMERATION] = NULL; |
|
228
|
|
|
|
|
229
|
|
|
return session_id(); |
|
230
|
|
|
} |
|
231
|
|
|
|
|
232
|
|
|
/** |
|
233
|
|
|
* Closes current session (user becomes logged off). |
|
234
|
|
|
*/ |
|
235
|
|
|
function close_session () |
|
236
|
|
|
{ |
|
237
|
|
|
unset($_SESSION[VAR_ERROR]); |
|
238
|
|
|
unset($_SESSION[VAR_USERID]); |
|
239
|
|
|
unset($_SESSION[VAR_USERNAME]); |
|
240
|
|
|
unset($_SESSION[VAR_FULLNAME]); |
|
241
|
|
|
unset($_SESSION[VAR_PASSWD_EXPIRE]); |
|
242
|
|
|
unset($_SESSION[VAR_ISADMIN]); |
|
243
|
|
|
unset($_SESSION[VAR_LDAPUSER]); |
|
244
|
|
|
unset($_SESSION[VAR_LOCALE]); |
|
245
|
|
|
unset($_SESSION[VAR_TIMEZONE]); |
|
246
|
|
|
unset($_SESSION[VAR_TEXTROWS]); |
|
247
|
|
|
unset($_SESSION[VAR_PAGEROWS]); |
|
248
|
|
|
unset($_SESSION[VAR_PAGEBKMS]); |
|
249
|
|
|
unset($_SESSION[VAR_AUTO_REFRESH]); |
|
250
|
|
|
unset($_SESSION[VAR_DELIMITER]); |
|
251
|
|
|
unset($_SESSION[VAR_ENCODING]); |
|
252
|
|
|
unset($_SESSION[VAR_LINE_ENDINGS]); |
|
253
|
|
|
unset($_SESSION[VAR_VIEW]); |
|
254
|
|
|
unset($_SESSION[VAR_THEME_NAME]); |
|
255
|
|
|
unset($_SESSION[VAR_SEARCH_MODE]); |
|
256
|
|
|
unset($_SESSION[VAR_SEARCH_TEXT]); |
|
257
|
|
|
unset($_SESSION[VAR_USE_FILTERS]); |
|
258
|
|
|
unset($_SESSION[VAR_LDAP_ENUMERATION]); |
|
259
|
|
|
|
|
260
|
|
|
@session_destroy(); |
|
|
|
|
|
|
261
|
|
|
} |
|
262
|
|
|
|
|
263
|
|
|
/** |
|
264
|
|
|
* Tries to log user in eTraxis with specified credentials. |
|
265
|
|
|
* |
|
266
|
|
|
* @param string $username User name. |
|
267
|
|
|
* @param string $passwd Password. |
|
268
|
|
|
* @return int Error code: |
|
269
|
|
|
* <ul> |
|
270
|
|
|
* <li>{@link NO_ERROR} - user is successfully authenticated</li> |
|
271
|
|
|
* <li>{@link ERROR_UNKNOWN_USERNAME} - unknown user name or bad password</li> |
|
272
|
|
|
* <li>{@link ERROR_ACCOUNT_DISABLED} - account is disabled</li> |
|
273
|
|
|
* <li>{@link ERROR_ACCOUNT_LOCKED} - account is locked out</li> |
|
274
|
|
|
* </ul> |
|
275
|
|
|
*/ |
|
276
|
|
|
function login_user ($username, $passwd) |
|
277
|
|
|
{ |
|
278
|
|
|
$error = NO_ERROR; |
|
279
|
|
|
|
|
280
|
|
|
// If '@' is specified at the end of user name, suppress looking for account in eTraxis database. |
|
281
|
|
|
if (usubstr($username, ustrlen($username) - 1, 1) == '@') |
|
282
|
|
|
{ |
|
283
|
|
|
debug_write_log(DEBUG_NOTICE, 'Found @ at the end of login.'); |
|
284
|
|
|
$username = usubstr($username, 0, ustrlen($username) - 1); |
|
285
|
|
|
$account = FALSE; |
|
286
|
|
|
} |
|
287
|
|
|
else |
|
288
|
|
|
{ |
|
289
|
|
|
// Search account in eTraxis database. |
|
290
|
|
|
$account = account_find_username($username . ACCOUNT_SUFFIX); |
|
291
|
|
|
} |
|
292
|
|
|
|
|
293
|
|
|
// If account is not found in eTraxis database (or wasn't searched at all), |
|
294
|
|
|
// try to search it in Active Directory. |
|
295
|
|
|
if (!$account) |
|
296
|
|
|
{ |
|
297
|
|
|
debug_write_log(DEBUG_NOTICE, 'Unknown user name.'); |
|
298
|
|
|
|
|
299
|
|
|
if (ustrlen($passwd) == 0) |
|
300
|
|
|
{ |
|
301
|
|
|
debug_write_log(DEBUG_NOTICE, 'Empty password is submitted.'); |
|
302
|
|
|
$error = ERROR_UNKNOWN_USERNAME; |
|
303
|
|
|
} |
|
304
|
|
|
elseif (LDAP_ENABLED) |
|
305
|
|
|
{ |
|
306
|
|
|
debug_write_log(DEBUG_NOTICE, 'Trying to find Active Directory account.'); |
|
307
|
|
|
|
|
308
|
|
|
$id = account_register_ldapuser($username, $passwd); |
|
309
|
|
|
|
|
310
|
|
|
if (is_null($id)) |
|
311
|
|
|
{ |
|
312
|
|
|
debug_write_log(DEBUG_NOTICE, 'Cannot find Active Directory account.'); |
|
313
|
|
|
$error = ERROR_UNKNOWN_USERNAME; |
|
314
|
|
|
} |
|
315
|
|
|
else |
|
316
|
|
|
{ |
|
317
|
|
|
account_set_token($id); |
|
318
|
|
|
open_session($id); |
|
319
|
|
|
} |
|
320
|
|
|
} |
|
321
|
|
|
else |
|
322
|
|
|
{ |
|
323
|
|
|
debug_write_log(DEBUG_NOTICE, 'LDAP support is disabled.'); |
|
324
|
|
|
$error = ERROR_UNKNOWN_USERNAME; |
|
325
|
|
|
} |
|
326
|
|
|
} |
|
327
|
|
|
else |
|
328
|
|
|
{ |
|
329
|
|
|
debug_write_log(DEBUG_NOTICE, 'User name is found in eTraxis database.'); |
|
330
|
|
|
|
|
331
|
|
|
$account['passwd'] = trim($account['passwd']); |
|
332
|
|
|
|
|
333
|
|
|
// Check status of account and provided password. |
|
334
|
|
|
if ($account['is_disabled']) |
|
335
|
|
|
{ |
|
336
|
|
|
debug_write_log(DEBUG_NOTICE, 'Account is disabled.'); |
|
337
|
|
|
$error = ERROR_ACCOUNT_DISABLED; |
|
338
|
|
|
} |
|
339
|
|
|
elseif (is_account_locked($account['locks_count'], $account['lock_time'])) |
|
340
|
|
|
{ |
|
341
|
|
|
debug_write_log(DEBUG_NOTICE, 'Account is locked out.'); |
|
342
|
|
|
$error = ERROR_ACCOUNT_LOCKED; |
|
343
|
|
|
} |
|
344
|
|
|
elseif ($account['passwd'] != base64_encode(sha1($passwd, TRUE)) && |
|
345
|
|
|
$account['passwd'] != md5($passwd)) |
|
346
|
|
|
{ |
|
347
|
|
|
debug_write_log(DEBUG_NOTICE, 'Bad password.'); |
|
348
|
|
|
account_lock($account['account_id']); |
|
349
|
|
|
$error = ERROR_UNKNOWN_USERNAME; |
|
350
|
|
|
} |
|
351
|
|
|
else |
|
352
|
|
|
{ |
|
353
|
|
|
// Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
|
354
|
|
|
// As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
|
355
|
|
|
// For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
|
356
|
|
|
// but we replace the password with its SHA1-hash. |
|
357
|
|
|
if (strlen($account['passwd']) == 32) |
|
358
|
|
|
{ |
|
359
|
|
|
dal_query('accounts/passwd.sql', |
|
360
|
|
|
$account['account_id'], |
|
361
|
|
|
base64_encode(sha1($passwd, TRUE)), |
|
362
|
|
|
$account['passwd_expire']); |
|
363
|
|
|
} |
|
364
|
|
|
|
|
365
|
|
|
account_unlock($account['account_id']); |
|
366
|
|
|
account_set_token($account['account_id']); |
|
367
|
|
|
open_session($account['account_id']); |
|
368
|
|
|
} |
|
369
|
|
|
} |
|
370
|
|
|
|
|
371
|
|
|
return $error; |
|
372
|
|
|
} |
|
373
|
|
|
|
|
374
|
|
|
/** |
|
375
|
|
|
* Returns current user level. |
|
376
|
|
|
* |
|
377
|
|
|
* @return int User level: |
|
378
|
|
|
* <ul> |
|
379
|
|
|
* <li>{@link USER_LEVEL_GUEST} - user is not logged in and has guest permissions only</li> |
|
380
|
|
|
* <li>{@link USER_LEVEL_NORMAL} - user is logged in with usual permissions</li> |
|
381
|
|
|
* <li>{@link USER_LEVEL_ADMIN} - user is logged in with administrative permissions</li> |
|
382
|
|
|
* </ul> |
|
383
|
|
|
*/ |
|
384
|
|
|
function get_user_level () |
|
385
|
|
|
{ |
|
386
|
|
|
// If somewhy this variable is not set yet, force to set it. |
|
387
|
|
|
if (!isset($_SESSION[VAR_USERID])) |
|
388
|
|
|
{ |
|
389
|
|
|
$_SESSION[VAR_USERID] = 0; |
|
390
|
|
|
} |
|
391
|
|
|
|
|
392
|
|
|
// Now we know for sure that the variable exists even if user is not logged in at all. |
|
393
|
|
|
if ($_SESSION[VAR_USERID] != 0) |
|
394
|
|
|
{ |
|
395
|
|
|
return $_SESSION[VAR_ISADMIN] ? USER_LEVEL_ADMIN : USER_LEVEL_NORMAL; |
|
396
|
|
|
} |
|
397
|
|
|
else |
|
398
|
|
|
{ |
|
399
|
|
|
return USER_LEVEL_GUEST; |
|
400
|
|
|
} |
|
401
|
|
|
} |
|
402
|
|
|
|
|
403
|
|
|
/** |
|
404
|
|
|
* Performs required initialization before execution of any PHP page. |
|
405
|
|
|
* |
|
406
|
|
|
* Must be called once and at the very beginning of each PHP page. |
|
407
|
|
|
* |
|
408
|
|
|
* @param int $page_type Type of the page. |
|
409
|
|
|
* @param int $guest_is_allowed Flag that guest is allowed to access the page. |
|
410
|
|
|
*/ |
|
411
|
|
|
function init_page ($page_type = LOAD_CONTAINER, $guest_is_allowed = FALSE) |
|
412
|
|
|
{ |
|
413
|
|
|
global $timezones; |
|
414
|
|
|
global $encodings; |
|
415
|
|
|
global $line_endings_chars; |
|
416
|
|
|
|
|
417
|
|
|
@session_start(); |
|
|
|
|
|
|
418
|
|
|
|
|
419
|
|
|
if (!isset($_SESSION[VAR_ERROR])) |
|
420
|
|
|
{ |
|
421
|
|
|
$_SESSION[VAR_ERROR] = NO_ERROR; |
|
422
|
|
|
} |
|
423
|
|
|
|
|
424
|
|
|
if (get_magic_quotes_gpc() != 0) |
|
425
|
|
|
{ |
|
426
|
|
|
foreach ($_REQUEST as $key => $value) |
|
427
|
|
|
{ |
|
428
|
|
|
if (is_array($value)) |
|
429
|
|
|
{ |
|
430
|
|
|
foreach ($value as $subkey => $subvalue) |
|
431
|
|
|
{ |
|
432
|
|
|
$_REQUEST[$key][$subkey] = stripslashes($subvalue); |
|
433
|
|
|
} |
|
434
|
|
|
} |
|
435
|
|
|
else |
|
436
|
|
|
{ |
|
437
|
|
|
$_REQUEST[$key] = stripslashes($value); |
|
438
|
|
|
} |
|
439
|
|
|
} |
|
440
|
|
|
} |
|
441
|
|
|
|
|
442
|
|
|
if (get_user_level() == USER_LEVEL_GUEST) |
|
443
|
|
|
{ |
|
444
|
|
|
create_session(); |
|
445
|
|
|
open_session(account_get_token(NULL)); |
|
|
|
|
|
|
446
|
|
|
} |
|
447
|
|
|
|
|
448
|
|
|
if (get_user_level() == USER_LEVEL_GUEST) |
|
449
|
|
|
{ |
|
450
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] User is not authorized.'); |
|
451
|
|
|
|
|
452
|
|
|
// Force the guest to log in |
|
453
|
|
|
if (!$guest_is_allowed) |
|
|
|
|
|
|
454
|
|
|
{ |
|
455
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] Guest must be logged in.'); |
|
456
|
|
|
save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
|
457
|
|
|
|
|
458
|
|
|
if ($page_type == LOAD_CONTAINER) |
|
459
|
|
|
{ |
|
460
|
|
|
header('Location: ' . WEBROOT . 'logon/index.php'); |
|
461
|
|
|
} |
|
462
|
|
|
elseif ($page_type == LOAD_INLINE) |
|
463
|
|
|
{ |
|
464
|
|
|
header('HTTP/1.1 307 ' . WEBROOT . 'logon/index.php'); |
|
465
|
|
|
} |
|
466
|
|
|
elseif ($page_type == LOAD_RSS) |
|
467
|
|
|
{ |
|
468
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] Request for HTTP Basic Auth.'); |
|
469
|
|
|
header('WWW-Authenticate: Basic realm="eTraxis RSS"'); |
|
470
|
|
|
header('HTTP/1.0 401 Unauthorized'); |
|
471
|
|
|
} |
|
472
|
|
|
|
|
473
|
|
|
exit; |
|
474
|
|
|
} |
|
475
|
|
|
} |
|
476
|
|
|
else |
|
477
|
|
|
{ |
|
478
|
|
|
$rs = dal_query('accounts/fndid2.sql', |
|
479
|
|
|
$_SESSION[VAR_USERID], |
|
480
|
|
|
time(), |
|
481
|
|
|
LOCKS_COUNT, |
|
482
|
|
|
time() - LOCKS_TIMEOUT * 60); |
|
483
|
|
|
|
|
484
|
|
|
if ($rs->rows == 0) |
|
|
|
|
|
|
485
|
|
|
{ |
|
486
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] Specified user cannot be authorized.'); |
|
487
|
|
|
open_session(GUEST_USER_ID); |
|
488
|
|
|
} |
|
489
|
|
|
else |
|
490
|
|
|
{ |
|
491
|
|
|
$account = $rs->fetch(); |
|
492
|
|
|
$account['passwd'] = trim($account['passwd']); |
|
493
|
|
|
|
|
494
|
|
|
// Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
|
495
|
|
|
// As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
|
496
|
|
|
// For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
|
497
|
|
|
// but we have to replace the password with its SHA1-hash. |
|
498
|
|
|
// To make user enter his password as soon as possible we are forcing him to log out. |
|
499
|
|
|
if (strlen($account['passwd']) == 32 && |
|
500
|
|
|
!$account['is_ldapuser']) |
|
501
|
|
|
{ |
|
502
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] The password is stored as MD5 hash and must be updated.'); |
|
503
|
|
|
open_session(GUEST_USER_ID); |
|
504
|
|
|
} |
|
505
|
|
|
else |
|
506
|
|
|
{ |
|
507
|
|
|
$_SESSION[VAR_USERNAME] = account_get_username($account['username']); |
|
508
|
|
|
$_SESSION[VAR_FULLNAME] = $account['fullname']; |
|
509
|
|
|
$_SESSION[VAR_PASSWD_EXPIRE] = $account['passwd_expire']; |
|
510
|
|
|
$_SESSION[VAR_ISADMIN] = $account['is_admin']; |
|
511
|
|
|
$_SESSION[VAR_LDAPUSER] = $account['is_ldapuser']; |
|
512
|
|
|
$_SESSION[VAR_LOCALE] = $account['locale']; |
|
513
|
|
|
$_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
|
514
|
|
|
$_SESSION[VAR_TEXTROWS] = $account['text_rows']; |
|
515
|
|
|
$_SESSION[VAR_PAGEROWS] = $account['page_rows']; |
|
516
|
|
|
$_SESSION[VAR_PAGEBKMS] = $account['page_bkms']; |
|
517
|
|
|
$_SESSION[VAR_AUTO_REFRESH] = ustr2int($account['auto_refresh'], MIN_AUTO_REFRESH, MAX_AUTO_REFRESH); |
|
518
|
|
|
$_SESSION[VAR_DELIMITER] = chr($account['csv_delim']); |
|
519
|
|
|
$_SESSION[VAR_ENCODING] = $encodings[$account['csv_encoding']]; |
|
520
|
|
|
$_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[$account['csv_line_ends']]; |
|
521
|
|
|
$_SESSION[VAR_VIEW] = $account['view_id']; |
|
522
|
|
|
$_SESSION[VAR_THEME_NAME] = $account['theme_name']; |
|
523
|
|
|
|
|
524
|
|
|
if ($account['timezone'] > 0 && |
|
525
|
|
|
$account['timezone'] <= count($timezones)) |
|
526
|
|
|
{ |
|
527
|
|
|
$_SESSION[VAR_TIMEZONE] = timezone_offset_get(timezone_open($timezones[$account['timezone']]), date_create()); |
|
528
|
|
|
} |
|
529
|
|
|
|
|
530
|
|
|
save_cookie(COOKIE_AUTH_USERID, $_SESSION[VAR_USERID]); |
|
531
|
|
|
save_cookie(COOKIE_AUTH_TOKEN, $account['auth_token']); |
|
532
|
|
|
|
|
533
|
|
|
dal_query('accounts/settoken2.sql', $_SESSION[VAR_USERID], time() + SESSION_EXPIRE * 60); |
|
534
|
|
|
|
|
535
|
|
|
if ((strpos($_SERVER['PHP_SELF'], '/settings/') === FALSE ) && |
|
536
|
|
|
(PASSWORD_EXPIRATION != 0 ) && |
|
537
|
|
|
($_SESSION[VAR_PASSWD_EXPIRE] + PASSWORD_EXPIRATION * SECS_IN_DAY < time()) && |
|
538
|
|
|
(!$_SESSION[VAR_LDAPUSER] )) |
|
539
|
|
|
{ |
|
540
|
|
|
debug_write_log(DEBUG_NOTICE, '[init_page] Password is expired.'); |
|
541
|
|
|
|
|
542
|
|
|
save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
|
543
|
|
|
|
|
544
|
|
|
if ($page_type == LOAD_CONTAINER) |
|
545
|
|
|
{ |
|
546
|
|
|
header('Location: ' . WEBROOT . 'settings/index.php?tab=3'); |
|
547
|
|
|
} |
|
548
|
|
|
elseif ($page_type == LOAD_INLINE) |
|
549
|
|
|
{ |
|
550
|
|
|
header('HTTP/1.1 307 ' . WEBROOT . 'settings/index.php?tab=3'); |
|
551
|
|
|
} |
|
552
|
|
|
|
|
553
|
|
|
exit; |
|
554
|
|
|
} |
|
555
|
|
|
|
|
556
|
|
|
clear_cookie(COOKIE_URI); |
|
557
|
|
|
} |
|
558
|
|
|
} |
|
559
|
|
|
} |
|
560
|
|
|
} |
|
561
|
|
|
|
|
562
|
|
|
?> |
|
|
|
|
|
|
563
|
|
|
|
etraxis /
etraxis-obsolete
Loading history...
If you suppress an error, we recommend checking for the error condition explicitly: