This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2004-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Sessions |
||
25 | * |
||
26 | * This module implements user sessions in eTraxis. |
||
27 | * |
||
28 | * @package Engine |
||
29 | * @subpackage Sessions |
||
30 | */ |
||
31 | |||
32 | /**#@+ |
||
33 | * Dependency. |
||
34 | */ |
||
35 | require_once('../engine/debug.php'); |
||
36 | require_once('../engine/timezone.php'); |
||
37 | require_once('../engine/locale.php'); |
||
38 | require_once('../engine/cookies.php'); |
||
39 | require_once('../engine/dal.php'); |
||
40 | require_once('../engine/ldap.php'); |
||
41 | require_once('../dbo/accounts.php'); |
||
42 | /**#@-*/ |
||
43 | |||
44 | //------------------------------------------------------------------------------ |
||
45 | // Definitions. |
||
46 | //------------------------------------------------------------------------------ |
||
47 | |||
48 | /**#@+ |
||
49 | * Session variable. |
||
50 | */ |
||
51 | define('VAR_ERROR', 'eTraxis_Error'); |
||
52 | define('VAR_USERID', 'eTraxis_UserID'); |
||
53 | define('VAR_USERNAME', 'eTraxis_UserName'); |
||
54 | define('VAR_FULLNAME', 'eTraxis_FullName'); |
||
55 | define('VAR_PASSWD_EXPIRE', 'eTraxis_PasswdExpire'); |
||
56 | define('VAR_ISADMIN', 'eTraxis_IsAdmin'); |
||
57 | define('VAR_LDAPUSER', 'eTraxis_LdapUser'); |
||
58 | define('VAR_TIMEZONE', 'eTraxis_Timezone'); |
||
59 | define('VAR_TEXTROWS', 'eTraxis_TextRows'); |
||
60 | define('VAR_PAGEROWS', 'eTraxis_PageRows'); |
||
61 | define('VAR_PAGEBKMS', 'eTraxis_PageBkms'); |
||
62 | define('VAR_AUTO_REFRESH', 'eTraxis_AutoRefresh'); |
||
63 | define('VAR_DELIMITER', 'eTraxis_Delimiter'); |
||
64 | define('VAR_ENCODING', 'eTraxis_Encoding'); |
||
65 | define('VAR_LINE_ENDINGS', 'eTraxis_LineEndings'); |
||
66 | define('VAR_VIEW', 'eTraxis_View'); |
||
67 | define('VAR_THEME_NAME', 'eTraxis_ThemeName'); |
||
68 | define('VAR_SEARCH_MODE', 'eTraxis_SearchMode'); |
||
69 | define('VAR_SEARCH_TEXT', 'eTraxis_SearchText'); |
||
70 | define('VAR_USE_FILTERS', 'eTraxis_UseFilter'); |
||
71 | define('VAR_LDAP_ENUMERATION', 'eTraxis_LdapEnumeration'); |
||
72 | /**#@-*/ |
||
73 | |||
74 | /**#@+ |
||
75 | * User level. |
||
76 | */ |
||
77 | define('USER_LEVEL_GUEST', 1); |
||
78 | define('USER_LEVEL_NORMAL', 2); |
||
79 | define('USER_LEVEL_ADMIN', 3); |
||
80 | /**#@-*/ |
||
81 | |||
82 | /** |
||
83 | * ID for guest. |
||
84 | */ |
||
85 | define('GUEST_USER_ID', 0); |
||
86 | |||
87 | /**#@+ |
||
88 | * Type of a page to be loaded. |
||
89 | */ |
||
90 | define('LOAD_CONTAINER', 1); |
||
91 | define('LOAD_TAB', 2); |
||
92 | define('LOAD_INLINE', 3); |
||
93 | define('LOAD_RSS', 4); |
||
94 | /**#@-*/ |
||
95 | |||
96 | /** |
||
97 | * Flag that guest is allowed to access a page. |
||
98 | */ |
||
99 | define('GUEST_IS_ALLOWED', TRUE); |
||
100 | |||
101 | // Encodings. |
||
102 | $encodings = array |
||
103 | ( |
||
104 | 1 => 'UTF-8', |
||
105 | 2 => 'UCS-2', |
||
106 | 3 => 'ISO-8859-1', |
||
107 | 4 => 'ISO-8859-2', |
||
108 | 5 => 'ISO-8859-3', |
||
109 | 6 => 'ISO-8859-4', |
||
110 | 7 => 'ISO-8859-5', |
||
111 | 8 => 'ISO-8859-6', |
||
112 | 9 => 'ISO-8859-7', |
||
113 | 10 => 'ISO-8859-8', |
||
114 | 11 => 'ISO-8859-9', |
||
115 | 12 => 'ISO-8859-10', |
||
116 | 13 => 'ISO-8859-13', |
||
117 | 14 => 'ISO-8859-14', |
||
118 | 15 => 'ISO-8859-15', |
||
119 | 16 => 'KOI8-R', |
||
120 | 17 => 'Windows-1251', |
||
121 | 18 => 'Windows-1252', |
||
122 | ); |
||
123 | |||
124 | // Line endings. |
||
125 | $line_endings_names = array |
||
126 | ( |
||
127 | 1 => 'Windows', |
||
128 | 2 => 'Unix', |
||
129 | 3 => 'Mac', |
||
130 | ); |
||
131 | |||
132 | $line_endings_chars = array |
||
133 | ( |
||
134 | 1 => "\r\n", |
||
135 | 2 => "\n", |
||
136 | 3 => "\r", |
||
137 | ); |
||
138 | |||
139 | /**#@+ |
||
140 | * Default settings. |
||
141 | */ |
||
142 | define('DEFAULT_PAGE_ROWS', 20); |
||
143 | define('DEFAULT_PAGE_BKMS', 10); |
||
144 | define('DEFAULT_AUTO_REFRESH', 0); |
||
145 | define('DEFAULT_DELIMITER', 0x2C); |
||
146 | define('DEFAULT_ENCODING', 1); |
||
147 | define('DEFAULT_LINE_ENDINGS', 1); |
||
148 | /**#@-*/ |
||
149 | |||
150 | /**#@+ |
||
151 | * List size restriction. |
||
152 | */ |
||
153 | define('MIN_PAGE_SIZE', 10); |
||
154 | define('MAX_PAGE_SIZE', 100); |
||
155 | /**#@-*/ |
||
156 | |||
157 | /**#@+ |
||
158 | * Autorefresh interval restriction (in seconds). |
||
159 | */ |
||
160 | define('MIN_AUTO_REFRESH', 0); |
||
161 | define('MAX_AUTO_REFRESH', 1440); |
||
162 | /**#@-*/ |
||
163 | |||
164 | //------------------------------------------------------------------------------ |
||
165 | // Functions. |
||
166 | //------------------------------------------------------------------------------ |
||
167 | |||
168 | /** |
||
169 | * Creates (initializes) anonymous session before user is authorized. |
||
170 | * |
||
171 | * @return string The session ID for the newly created session. |
||
172 | */ |
||
173 | function create_session () |
||
174 | { |
||
175 | error_reporting(E_ALL); |
||
176 | |||
177 | if (DEBUG_MODE == DEBUG_MODE_OFF) |
||
178 | { |
||
179 | assert_options(ASSERT_ACTIVE, 0); |
||
180 | } |
||
181 | else |
||
182 | { |
||
183 | assert_options(ASSERT_ACTIVE, 1); |
||
184 | assert_options(ASSERT_WARNING, 1); |
||
185 | assert_options(ASSERT_BAIL, 0); |
||
186 | assert_options(ASSERT_QUIET_EVAL, 0); |
||
187 | assert_options(ASSERT_CALLBACK, NULL); |
||
188 | } |
||
189 | |||
190 | return session_id(); |
||
191 | } |
||
192 | |||
193 | /** |
||
194 | * Opens new session (preliminary created with {@link create_session}) for successfully authorized user (user becomes logged in). |
||
195 | * |
||
196 | * @param int $userid Account ID of authorized user (see <i>account_id</i> of <i>tbl_accounts</i> database table). |
||
197 | * @return string The session ID. |
||
198 | */ |
||
199 | function open_session ($userid) |
||
200 | { |
||
201 | debug_write_log(DEBUG_TRACE, '[open_session]'); |
||
202 | debug_write_log(DEBUG_DUMP, '[open_session] $userid = ' . $userid); |
||
203 | |||
204 | global $encodings; |
||
205 | global $line_endings_chars; |
||
206 | |||
207 | $_SESSION[VAR_USERID] = $userid; |
||
208 | $_SESSION[VAR_USERNAME] = get_html_resource(RES_GUEST_ID); |
||
209 | $_SESSION[VAR_FULLNAME] = get_html_resource(RES_GUEST_ID); |
||
210 | $_SESSION[VAR_PASSWD_EXPIRE] = 0; |
||
211 | $_SESSION[VAR_ISADMIN] = FALSE; |
||
212 | $_SESSION[VAR_LDAPUSER] = FALSE; |
||
213 | $_SESSION[VAR_LOCALE] = get_browser_locale(); |
||
214 | $_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
||
215 | $_SESSION[VAR_TEXTROWS] = HTML_TEXTBOX_DEFAULT_HEIGHT; |
||
216 | $_SESSION[VAR_PAGEROWS] = DEFAULT_PAGE_ROWS; |
||
217 | $_SESSION[VAR_PAGEBKMS] = DEFAULT_PAGE_BKMS; |
||
218 | $_SESSION[VAR_AUTO_REFRESH] = DEFAULT_AUTO_REFRESH; |
||
219 | $_SESSION[VAR_DELIMITER] = chr(DEFAULT_DELIMITER); |
||
220 | $_SESSION[VAR_ENCODING] = $encodings[DEFAULT_ENCODING]; |
||
221 | $_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[DEFAULT_LINE_ENDINGS]; |
||
222 | $_SESSION[VAR_VIEW] = NULL; |
||
223 | $_SESSION[VAR_THEME_NAME] = THEME_DEFAULT; |
||
224 | $_SESSION[VAR_SEARCH_MODE] = FALSE; |
||
225 | $_SESSION[VAR_SEARCH_TEXT] = NULL; |
||
226 | $_SESSION[VAR_USE_FILTERS] = FALSE; |
||
227 | $_SESSION[VAR_LDAP_ENUMERATION] = NULL; |
||
228 | |||
229 | return session_id(); |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * Closes current session (user becomes logged off). |
||
234 | */ |
||
235 | function close_session () |
||
236 | { |
||
237 | unset($_SESSION[VAR_ERROR]); |
||
238 | unset($_SESSION[VAR_USERID]); |
||
239 | unset($_SESSION[VAR_USERNAME]); |
||
240 | unset($_SESSION[VAR_FULLNAME]); |
||
241 | unset($_SESSION[VAR_PASSWD_EXPIRE]); |
||
242 | unset($_SESSION[VAR_ISADMIN]); |
||
243 | unset($_SESSION[VAR_LDAPUSER]); |
||
244 | unset($_SESSION[VAR_LOCALE]); |
||
245 | unset($_SESSION[VAR_TIMEZONE]); |
||
246 | unset($_SESSION[VAR_TEXTROWS]); |
||
247 | unset($_SESSION[VAR_PAGEROWS]); |
||
248 | unset($_SESSION[VAR_PAGEBKMS]); |
||
249 | unset($_SESSION[VAR_AUTO_REFRESH]); |
||
250 | unset($_SESSION[VAR_DELIMITER]); |
||
251 | unset($_SESSION[VAR_ENCODING]); |
||
252 | unset($_SESSION[VAR_LINE_ENDINGS]); |
||
253 | unset($_SESSION[VAR_VIEW]); |
||
254 | unset($_SESSION[VAR_THEME_NAME]); |
||
255 | unset($_SESSION[VAR_SEARCH_MODE]); |
||
256 | unset($_SESSION[VAR_SEARCH_TEXT]); |
||
257 | unset($_SESSION[VAR_USE_FILTERS]); |
||
258 | unset($_SESSION[VAR_LDAP_ENUMERATION]); |
||
259 | |||
260 | @session_destroy(); |
||
261 | } |
||
262 | |||
263 | /** |
||
264 | * Tries to log user in eTraxis with specified credentials. |
||
265 | * |
||
266 | * @param string $username User name. |
||
267 | * @param string $passwd Password. |
||
268 | * @return int Error code: |
||
269 | * <ul> |
||
270 | * <li>{@link NO_ERROR} - user is successfully authenticated</li> |
||
271 | * <li>{@link ERROR_UNKNOWN_USERNAME} - unknown user name or bad password</li> |
||
272 | * <li>{@link ERROR_ACCOUNT_DISABLED} - account is disabled</li> |
||
273 | * <li>{@link ERROR_ACCOUNT_LOCKED} - account is locked out</li> |
||
274 | * </ul> |
||
275 | */ |
||
276 | function login_user ($username, $passwd) |
||
277 | { |
||
278 | $error = NO_ERROR; |
||
279 | |||
280 | // If '@' is specified at the end of user name, suppress looking for account in eTraxis database. |
||
281 | if (usubstr($username, ustrlen($username) - 1, 1) == '@') |
||
282 | { |
||
283 | debug_write_log(DEBUG_NOTICE, 'Found @ at the end of login.'); |
||
284 | $username = usubstr($username, 0, ustrlen($username) - 1); |
||
285 | $account = FALSE; |
||
286 | } |
||
287 | else |
||
288 | { |
||
289 | // Search account in eTraxis database. |
||
290 | $account = account_find_username($username . ACCOUNT_SUFFIX); |
||
291 | } |
||
292 | |||
293 | // If account is not found in eTraxis database (or wasn't searched at all), |
||
294 | // try to search it in Active Directory. |
||
295 | if (!$account) |
||
296 | { |
||
297 | debug_write_log(DEBUG_NOTICE, 'Unknown user name.'); |
||
298 | |||
299 | if (ustrlen($passwd) == 0) |
||
300 | { |
||
301 | debug_write_log(DEBUG_NOTICE, 'Empty password is submitted.'); |
||
302 | $error = ERROR_UNKNOWN_USERNAME; |
||
303 | } |
||
304 | elseif (LDAP_ENABLED) |
||
305 | { |
||
306 | debug_write_log(DEBUG_NOTICE, 'Trying to find Active Directory account.'); |
||
307 | |||
308 | $id = account_register_ldapuser($username, $passwd); |
||
309 | |||
310 | if (is_null($id)) |
||
311 | { |
||
312 | debug_write_log(DEBUG_NOTICE, 'Cannot find Active Directory account.'); |
||
313 | $error = ERROR_UNKNOWN_USERNAME; |
||
314 | } |
||
315 | else |
||
316 | { |
||
317 | account_set_token($id); |
||
318 | open_session($id); |
||
319 | } |
||
320 | } |
||
321 | else |
||
322 | { |
||
323 | debug_write_log(DEBUG_NOTICE, 'LDAP support is disabled.'); |
||
324 | $error = ERROR_UNKNOWN_USERNAME; |
||
325 | } |
||
326 | } |
||
327 | else |
||
328 | { |
||
329 | debug_write_log(DEBUG_NOTICE, 'User name is found in eTraxis database.'); |
||
330 | |||
331 | $account['passwd'] = trim($account['passwd']); |
||
332 | |||
333 | // Check status of account and provided password. |
||
334 | if ($account['is_disabled']) |
||
335 | { |
||
336 | debug_write_log(DEBUG_NOTICE, 'Account is disabled.'); |
||
337 | $error = ERROR_ACCOUNT_DISABLED; |
||
338 | } |
||
339 | elseif (is_account_locked($account['locks_count'], $account['lock_time'])) |
||
340 | { |
||
341 | debug_write_log(DEBUG_NOTICE, 'Account is locked out.'); |
||
342 | $error = ERROR_ACCOUNT_LOCKED; |
||
343 | } |
||
344 | elseif ($account['passwd'] != base64_encode(sha1($passwd, TRUE)) && |
||
345 | $account['passwd'] != md5($passwd)) |
||
346 | { |
||
347 | debug_write_log(DEBUG_NOTICE, 'Bad password.'); |
||
348 | account_lock($account['account_id']); |
||
349 | $error = ERROR_UNKNOWN_USERNAME; |
||
350 | } |
||
351 | else |
||
352 | { |
||
353 | // Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
||
354 | // As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
||
355 | // For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
||
356 | // but we replace the password with its SHA1-hash. |
||
357 | if (strlen($account['passwd']) == 32) |
||
358 | { |
||
359 | dal_query('accounts/passwd.sql', |
||
360 | $account['account_id'], |
||
361 | base64_encode(sha1($passwd, TRUE)), |
||
362 | $account['passwd_expire']); |
||
363 | } |
||
364 | |||
365 | account_unlock($account['account_id']); |
||
366 | account_set_token($account['account_id']); |
||
367 | open_session($account['account_id']); |
||
368 | } |
||
369 | } |
||
370 | |||
371 | return $error; |
||
372 | } |
||
373 | |||
374 | /** |
||
375 | * Returns current user level. |
||
376 | * |
||
377 | * @return int User level: |
||
378 | * <ul> |
||
379 | * <li>{@link USER_LEVEL_GUEST} - user is not logged in and has guest permissions only</li> |
||
380 | * <li>{@link USER_LEVEL_NORMAL} - user is logged in with usual permissions</li> |
||
381 | * <li>{@link USER_LEVEL_ADMIN} - user is logged in with administrative permissions</li> |
||
382 | * </ul> |
||
383 | */ |
||
384 | function get_user_level () |
||
385 | { |
||
386 | // If somewhy this variable is not set yet, force to set it. |
||
387 | if (!isset($_SESSION[VAR_USERID])) |
||
388 | { |
||
389 | $_SESSION[VAR_USERID] = 0; |
||
390 | } |
||
391 | |||
392 | // Now we know for sure that the variable exists even if user is not logged in at all. |
||
393 | if ($_SESSION[VAR_USERID] != 0) |
||
394 | { |
||
395 | return $_SESSION[VAR_ISADMIN] ? USER_LEVEL_ADMIN : USER_LEVEL_NORMAL; |
||
396 | } |
||
397 | else |
||
398 | { |
||
399 | return USER_LEVEL_GUEST; |
||
400 | } |
||
401 | } |
||
402 | |||
403 | /** |
||
404 | * Performs required initialization before execution of any PHP page. |
||
405 | * |
||
406 | * Must be called once and at the very beginning of each PHP page. |
||
407 | * |
||
408 | * @param int $page_type Type of the page. |
||
409 | * @param int $guest_is_allowed Flag that guest is allowed to access the page. |
||
410 | */ |
||
411 | function init_page ($page_type = LOAD_CONTAINER, $guest_is_allowed = FALSE) |
||
412 | { |
||
413 | global $timezones; |
||
414 | global $encodings; |
||
415 | global $line_endings_chars; |
||
416 | |||
417 | @session_start(); |
||
418 | |||
419 | if (!isset($_SESSION[VAR_ERROR])) |
||
420 | { |
||
421 | $_SESSION[VAR_ERROR] = NO_ERROR; |
||
422 | } |
||
423 | |||
424 | if (get_magic_quotes_gpc() != 0) |
||
425 | { |
||
426 | foreach ($_REQUEST as $key => $value) |
||
427 | { |
||
428 | if (is_array($value)) |
||
429 | { |
||
430 | foreach ($value as $subkey => $subvalue) |
||
431 | { |
||
432 | $_REQUEST[$key][$subkey] = stripslashes($subvalue); |
||
433 | } |
||
434 | } |
||
435 | else |
||
436 | { |
||
437 | $_REQUEST[$key] = stripslashes($value); |
||
438 | } |
||
439 | } |
||
440 | } |
||
441 | |||
442 | if (get_user_level() == USER_LEVEL_GUEST) |
||
443 | { |
||
444 | create_session(); |
||
445 | open_session(account_get_token(NULL)); |
||
0 ignored issues
–
show
|
|||
446 | } |
||
447 | |||
448 | if (get_user_level() == USER_LEVEL_GUEST) |
||
449 | { |
||
450 | debug_write_log(DEBUG_NOTICE, '[init_page] User is not authorized.'); |
||
451 | |||
452 | // Force the guest to log in |
||
453 | if (!$guest_is_allowed) |
||
454 | { |
||
455 | debug_write_log(DEBUG_NOTICE, '[init_page] Guest must be logged in.'); |
||
456 | save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
||
457 | |||
458 | if ($page_type == LOAD_CONTAINER) |
||
459 | { |
||
460 | header('Location: ' . WEBROOT . 'logon/index.php'); |
||
461 | } |
||
462 | elseif ($page_type == LOAD_INLINE) |
||
463 | { |
||
464 | header('HTTP/1.1 307 ' . WEBROOT . 'logon/index.php'); |
||
465 | } |
||
466 | elseif ($page_type == LOAD_RSS) |
||
467 | { |
||
468 | debug_write_log(DEBUG_NOTICE, '[init_page] Request for HTTP Basic Auth.'); |
||
469 | header('WWW-Authenticate: Basic realm="eTraxis RSS"'); |
||
470 | header('HTTP/1.0 401 Unauthorized'); |
||
471 | } |
||
472 | |||
473 | exit; |
||
474 | } |
||
475 | } |
||
476 | else |
||
477 | { |
||
478 | $rs = dal_query('accounts/fndid2.sql', |
||
479 | $_SESSION[VAR_USERID], |
||
480 | time(), |
||
481 | LOCKS_COUNT, |
||
482 | time() - LOCKS_TIMEOUT * 60); |
||
483 | |||
484 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
The property
$rows is declared protected in CRecordset . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
485 | { |
||
486 | debug_write_log(DEBUG_NOTICE, '[init_page] Specified user cannot be authorized.'); |
||
487 | open_session(GUEST_USER_ID); |
||
488 | } |
||
489 | else |
||
490 | { |
||
491 | $account = $rs->fetch(); |
||
492 | $account['passwd'] = trim($account['passwd']); |
||
493 | |||
494 | // Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
||
495 | // As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
||
496 | // For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
||
497 | // but we have to replace the password with its SHA1-hash. |
||
498 | // To make user enter his password as soon as possible we are forcing him to log out. |
||
499 | if (strlen($account['passwd']) == 32 && |
||
500 | !$account['is_ldapuser']) |
||
501 | { |
||
502 | debug_write_log(DEBUG_NOTICE, '[init_page] The password is stored as MD5 hash and must be updated.'); |
||
503 | open_session(GUEST_USER_ID); |
||
504 | } |
||
505 | else |
||
506 | { |
||
507 | $_SESSION[VAR_USERNAME] = account_get_username($account['username']); |
||
508 | $_SESSION[VAR_FULLNAME] = $account['fullname']; |
||
509 | $_SESSION[VAR_PASSWD_EXPIRE] = $account['passwd_expire']; |
||
510 | $_SESSION[VAR_ISADMIN] = $account['is_admin']; |
||
511 | $_SESSION[VAR_LDAPUSER] = $account['is_ldapuser']; |
||
512 | $_SESSION[VAR_LOCALE] = $account['locale']; |
||
513 | $_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
||
514 | $_SESSION[VAR_TEXTROWS] = $account['text_rows']; |
||
515 | $_SESSION[VAR_PAGEROWS] = $account['page_rows']; |
||
516 | $_SESSION[VAR_PAGEBKMS] = $account['page_bkms']; |
||
517 | $_SESSION[VAR_AUTO_REFRESH] = ustr2int($account['auto_refresh'], MIN_AUTO_REFRESH, MAX_AUTO_REFRESH); |
||
518 | $_SESSION[VAR_DELIMITER] = chr($account['csv_delim']); |
||
519 | $_SESSION[VAR_ENCODING] = $encodings[$account['csv_encoding']]; |
||
520 | $_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[$account['csv_line_ends']]; |
||
521 | $_SESSION[VAR_VIEW] = $account['view_id']; |
||
522 | $_SESSION[VAR_THEME_NAME] = $account['theme_name']; |
||
523 | |||
524 | if ($account['timezone'] > 0 && |
||
525 | $account['timezone'] <= count($timezones)) |
||
526 | { |
||
527 | $_SESSION[VAR_TIMEZONE] = timezone_offset_get(timezone_open($timezones[$account['timezone']]), date_create()); |
||
528 | } |
||
529 | |||
530 | save_cookie(COOKIE_AUTH_USERID, $_SESSION[VAR_USERID]); |
||
531 | save_cookie(COOKIE_AUTH_TOKEN, $account['auth_token']); |
||
532 | |||
533 | dal_query('accounts/settoken2.sql', $_SESSION[VAR_USERID], time() + SESSION_EXPIRE * 60); |
||
534 | |||
535 | if ((strpos($_SERVER['PHP_SELF'], '/settings/') === FALSE ) && |
||
536 | (PASSWORD_EXPIRATION != 0 ) && |
||
537 | ($_SESSION[VAR_PASSWD_EXPIRE] + PASSWORD_EXPIRATION * SECS_IN_DAY < time()) && |
||
538 | (!$_SESSION[VAR_LDAPUSER] )) |
||
539 | { |
||
540 | debug_write_log(DEBUG_NOTICE, '[init_page] Password is expired.'); |
||
541 | |||
542 | save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
||
543 | |||
544 | if ($page_type == LOAD_CONTAINER) |
||
545 | { |
||
546 | header('Location: ' . WEBROOT . 'settings/index.php?tab=3'); |
||
547 | } |
||
548 | elseif ($page_type == LOAD_INLINE) |
||
549 | { |
||
550 | header('HTTP/1.1 307 ' . WEBROOT . 'settings/index.php?tab=3'); |
||
551 | } |
||
552 | |||
553 | exit; |
||
554 | } |
||
555 | |||
556 | clear_cookie(COOKIE_URI); |
||
557 | } |
||
558 | } |
||
559 | } |
||
560 | } |
||
561 | |||
562 | ?> |
||
563 |
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignore
PhpDoc annotation to the duplicate definition and it will be ignored.