This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | //------------------------------------------------------------------------------ |
||
4 | // |
||
5 | // eTraxis - Records tracking web-based system |
||
6 | // Copyright (C) 2004-2011 Artem Rodygin |
||
7 | // |
||
8 | // This program is free software: you can redistribute it and/or modify |
||
9 | // it under the terms of the GNU General Public License as published by |
||
10 | // the Free Software Foundation, either version 3 of the License, or |
||
11 | // (at your option) any later version. |
||
12 | // |
||
13 | // This program is distributed in the hope that it will be useful, |
||
14 | // but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
15 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
16 | // GNU General Public License for more details. |
||
17 | // |
||
18 | // You should have received a copy of the GNU General Public License |
||
19 | // along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
20 | // |
||
21 | //------------------------------------------------------------------------------ |
||
22 | |||
23 | /** |
||
24 | * Sessions |
||
25 | * |
||
26 | * This module implements user sessions in eTraxis. |
||
27 | * |
||
28 | * @package Engine |
||
29 | * @subpackage Sessions |
||
30 | */ |
||
31 | |||
32 | /**#@+ |
||
33 | * Dependency. |
||
34 | */ |
||
35 | require_once('../engine/debug.php'); |
||
36 | require_once('../engine/timezone.php'); |
||
37 | require_once('../engine/locale.php'); |
||
38 | require_once('../engine/cookies.php'); |
||
39 | require_once('../engine/dal.php'); |
||
40 | require_once('../engine/ldap.php'); |
||
41 | require_once('../dbo/accounts.php'); |
||
42 | /**#@-*/ |
||
43 | |||
44 | //------------------------------------------------------------------------------ |
||
45 | // Definitions. |
||
46 | //------------------------------------------------------------------------------ |
||
47 | |||
48 | /**#@+ |
||
49 | * Session variable. |
||
50 | */ |
||
51 | define('VAR_ERROR', 'eTraxis_Error'); |
||
52 | define('VAR_USERID', 'eTraxis_UserID'); |
||
53 | define('VAR_USERNAME', 'eTraxis_UserName'); |
||
54 | define('VAR_FULLNAME', 'eTraxis_FullName'); |
||
55 | define('VAR_PASSWD_EXPIRE', 'eTraxis_PasswdExpire'); |
||
56 | define('VAR_ISADMIN', 'eTraxis_IsAdmin'); |
||
57 | define('VAR_LDAPUSER', 'eTraxis_LdapUser'); |
||
58 | define('VAR_TIMEZONE', 'eTraxis_Timezone'); |
||
59 | define('VAR_TEXTROWS', 'eTraxis_TextRows'); |
||
60 | define('VAR_PAGEROWS', 'eTraxis_PageRows'); |
||
61 | define('VAR_PAGEBKMS', 'eTraxis_PageBkms'); |
||
62 | define('VAR_AUTO_REFRESH', 'eTraxis_AutoRefresh'); |
||
63 | define('VAR_DELIMITER', 'eTraxis_Delimiter'); |
||
64 | define('VAR_ENCODING', 'eTraxis_Encoding'); |
||
65 | define('VAR_LINE_ENDINGS', 'eTraxis_LineEndings'); |
||
66 | define('VAR_VIEW', 'eTraxis_View'); |
||
67 | define('VAR_THEME_NAME', 'eTraxis_ThemeName'); |
||
68 | define('VAR_SEARCH_MODE', 'eTraxis_SearchMode'); |
||
69 | define('VAR_SEARCH_TEXT', 'eTraxis_SearchText'); |
||
70 | define('VAR_USE_FILTERS', 'eTraxis_UseFilter'); |
||
71 | define('VAR_LDAP_ENUMERATION', 'eTraxis_LdapEnumeration'); |
||
72 | /**#@-*/ |
||
73 | |||
74 | /**#@+ |
||
75 | * User level. |
||
76 | */ |
||
77 | define('USER_LEVEL_GUEST', 1); |
||
78 | define('USER_LEVEL_NORMAL', 2); |
||
79 | define('USER_LEVEL_ADMIN', 3); |
||
80 | /**#@-*/ |
||
81 | |||
82 | /** |
||
83 | * ID for guest. |
||
84 | */ |
||
85 | define('GUEST_USER_ID', 0); |
||
86 | |||
87 | /**#@+ |
||
88 | * Type of a page to be loaded. |
||
89 | */ |
||
90 | define('LOAD_CONTAINER', 1); |
||
91 | define('LOAD_TAB', 2); |
||
92 | define('LOAD_INLINE', 3); |
||
93 | define('LOAD_RSS', 4); |
||
94 | /**#@-*/ |
||
95 | |||
96 | /** |
||
97 | * Flag that guest is allowed to access a page. |
||
98 | */ |
||
99 | define('GUEST_IS_ALLOWED', TRUE); |
||
100 | |||
101 | // Encodings. |
||
102 | $encodings = array |
||
103 | ( |
||
104 | 1 => 'UTF-8', |
||
105 | 2 => 'UCS-2', |
||
106 | 3 => 'ISO-8859-1', |
||
107 | 4 => 'ISO-8859-2', |
||
108 | 5 => 'ISO-8859-3', |
||
109 | 6 => 'ISO-8859-4', |
||
110 | 7 => 'ISO-8859-5', |
||
111 | 8 => 'ISO-8859-6', |
||
112 | 9 => 'ISO-8859-7', |
||
113 | 10 => 'ISO-8859-8', |
||
114 | 11 => 'ISO-8859-9', |
||
115 | 12 => 'ISO-8859-10', |
||
116 | 13 => 'ISO-8859-13', |
||
117 | 14 => 'ISO-8859-14', |
||
118 | 15 => 'ISO-8859-15', |
||
119 | 16 => 'KOI8-R', |
||
120 | 17 => 'Windows-1251', |
||
121 | 18 => 'Windows-1252', |
||
122 | ); |
||
123 | |||
124 | // Line endings. |
||
125 | $line_endings_names = array |
||
126 | ( |
||
127 | 1 => 'Windows', |
||
128 | 2 => 'Unix', |
||
129 | 3 => 'Mac', |
||
130 | ); |
||
131 | |||
132 | $line_endings_chars = array |
||
133 | ( |
||
134 | 1 => "\r\n", |
||
135 | 2 => "\n", |
||
136 | 3 => "\r", |
||
137 | ); |
||
138 | |||
139 | /**#@+ |
||
140 | * Default settings. |
||
141 | */ |
||
142 | define('DEFAULT_PAGE_ROWS', 20); |
||
143 | define('DEFAULT_PAGE_BKMS', 10); |
||
144 | define('DEFAULT_AUTO_REFRESH', 0); |
||
145 | define('DEFAULT_DELIMITER', 0x2C); |
||
146 | define('DEFAULT_ENCODING', 1); |
||
147 | define('DEFAULT_LINE_ENDINGS', 1); |
||
148 | /**#@-*/ |
||
149 | |||
150 | /**#@+ |
||
151 | * List size restriction. |
||
152 | */ |
||
153 | define('MIN_PAGE_SIZE', 10); |
||
154 | define('MAX_PAGE_SIZE', 100); |
||
155 | /**#@-*/ |
||
156 | |||
157 | /**#@+ |
||
158 | * Autorefresh interval restriction (in seconds). |
||
159 | */ |
||
160 | define('MIN_AUTO_REFRESH', 0); |
||
161 | define('MAX_AUTO_REFRESH', 1440); |
||
162 | /**#@-*/ |
||
163 | |||
164 | //------------------------------------------------------------------------------ |
||
165 | // Functions. |
||
166 | //------------------------------------------------------------------------------ |
||
167 | |||
168 | /** |
||
169 | * Creates (initializes) anonymous session before user is authorized. |
||
170 | * |
||
171 | * @return string The session ID for the newly created session. |
||
172 | */ |
||
173 | function create_session () |
||
174 | { |
||
175 | error_reporting(E_ALL); |
||
176 | |||
177 | if (DEBUG_MODE == DEBUG_MODE_OFF) |
||
178 | { |
||
179 | assert_options(ASSERT_ACTIVE, 0); |
||
180 | } |
||
181 | else |
||
182 | { |
||
183 | assert_options(ASSERT_ACTIVE, 1); |
||
184 | assert_options(ASSERT_WARNING, 1); |
||
185 | assert_options(ASSERT_BAIL, 0); |
||
186 | assert_options(ASSERT_QUIET_EVAL, 0); |
||
187 | assert_options(ASSERT_CALLBACK, NULL); |
||
188 | } |
||
189 | |||
190 | return session_id(); |
||
191 | } |
||
192 | |||
193 | /** |
||
194 | * Opens new session (preliminary created with {@link create_session}) for successfully authorized user (user becomes logged in). |
||
195 | * |
||
196 | * @param int $userid Account ID of authorized user (see <i>account_id</i> of <i>tbl_accounts</i> database table). |
||
197 | * @return string The session ID. |
||
198 | */ |
||
199 | function open_session ($userid) |
||
200 | { |
||
201 | debug_write_log(DEBUG_TRACE, '[open_session]'); |
||
202 | debug_write_log(DEBUG_DUMP, '[open_session] $userid = ' . $userid); |
||
203 | |||
204 | global $encodings; |
||
205 | global $line_endings_chars; |
||
206 | |||
207 | $_SESSION[VAR_USERID] = $userid; |
||
208 | $_SESSION[VAR_USERNAME] = get_html_resource(RES_GUEST_ID); |
||
209 | $_SESSION[VAR_FULLNAME] = get_html_resource(RES_GUEST_ID); |
||
210 | $_SESSION[VAR_PASSWD_EXPIRE] = 0; |
||
211 | $_SESSION[VAR_ISADMIN] = FALSE; |
||
212 | $_SESSION[VAR_LDAPUSER] = FALSE; |
||
213 | $_SESSION[VAR_LOCALE] = get_browser_locale(); |
||
214 | $_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
||
215 | $_SESSION[VAR_TEXTROWS] = HTML_TEXTBOX_DEFAULT_HEIGHT; |
||
216 | $_SESSION[VAR_PAGEROWS] = DEFAULT_PAGE_ROWS; |
||
217 | $_SESSION[VAR_PAGEBKMS] = DEFAULT_PAGE_BKMS; |
||
218 | $_SESSION[VAR_AUTO_REFRESH] = DEFAULT_AUTO_REFRESH; |
||
219 | $_SESSION[VAR_DELIMITER] = chr(DEFAULT_DELIMITER); |
||
220 | $_SESSION[VAR_ENCODING] = $encodings[DEFAULT_ENCODING]; |
||
221 | $_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[DEFAULT_LINE_ENDINGS]; |
||
222 | $_SESSION[VAR_VIEW] = NULL; |
||
223 | $_SESSION[VAR_THEME_NAME] = THEME_DEFAULT; |
||
224 | $_SESSION[VAR_SEARCH_MODE] = FALSE; |
||
225 | $_SESSION[VAR_SEARCH_TEXT] = NULL; |
||
226 | $_SESSION[VAR_USE_FILTERS] = FALSE; |
||
227 | $_SESSION[VAR_LDAP_ENUMERATION] = NULL; |
||
228 | |||
229 | return session_id(); |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * Closes current session (user becomes logged off). |
||
234 | */ |
||
235 | function close_session () |
||
236 | { |
||
237 | unset($_SESSION[VAR_ERROR]); |
||
238 | unset($_SESSION[VAR_USERID]); |
||
239 | unset($_SESSION[VAR_USERNAME]); |
||
240 | unset($_SESSION[VAR_FULLNAME]); |
||
241 | unset($_SESSION[VAR_PASSWD_EXPIRE]); |
||
242 | unset($_SESSION[VAR_ISADMIN]); |
||
243 | unset($_SESSION[VAR_LDAPUSER]); |
||
244 | unset($_SESSION[VAR_LOCALE]); |
||
245 | unset($_SESSION[VAR_TIMEZONE]); |
||
246 | unset($_SESSION[VAR_TEXTROWS]); |
||
247 | unset($_SESSION[VAR_PAGEROWS]); |
||
248 | unset($_SESSION[VAR_PAGEBKMS]); |
||
249 | unset($_SESSION[VAR_AUTO_REFRESH]); |
||
250 | unset($_SESSION[VAR_DELIMITER]); |
||
251 | unset($_SESSION[VAR_ENCODING]); |
||
252 | unset($_SESSION[VAR_LINE_ENDINGS]); |
||
253 | unset($_SESSION[VAR_VIEW]); |
||
254 | unset($_SESSION[VAR_THEME_NAME]); |
||
255 | unset($_SESSION[VAR_SEARCH_MODE]); |
||
256 | unset($_SESSION[VAR_SEARCH_TEXT]); |
||
257 | unset($_SESSION[VAR_USE_FILTERS]); |
||
258 | unset($_SESSION[VAR_LDAP_ENUMERATION]); |
||
259 | |||
260 | @session_destroy(); |
||
261 | } |
||
262 | |||
263 | /** |
||
264 | * Tries to log user in eTraxis with specified credentials. |
||
265 | * |
||
266 | * @param string $username User name. |
||
267 | * @param string $passwd Password. |
||
268 | * @return int Error code: |
||
269 | * <ul> |
||
270 | * <li>{@link NO_ERROR} - user is successfully authenticated</li> |
||
271 | * <li>{@link ERROR_UNKNOWN_USERNAME} - unknown user name or bad password</li> |
||
272 | * <li>{@link ERROR_ACCOUNT_DISABLED} - account is disabled</li> |
||
273 | * <li>{@link ERROR_ACCOUNT_LOCKED} - account is locked out</li> |
||
274 | * </ul> |
||
275 | */ |
||
276 | function login_user ($username, $passwd) |
||
277 | { |
||
278 | $error = NO_ERROR; |
||
279 | |||
280 | // If '@' is specified at the end of user name, suppress looking for account in eTraxis database. |
||
281 | if (usubstr($username, ustrlen($username) - 1, 1) == '@') |
||
282 | { |
||
283 | debug_write_log(DEBUG_NOTICE, 'Found @ at the end of login.'); |
||
284 | $username = usubstr($username, 0, ustrlen($username) - 1); |
||
285 | $account = FALSE; |
||
286 | } |
||
287 | else |
||
288 | { |
||
289 | // Search account in eTraxis database. |
||
290 | $account = account_find_username($username . ACCOUNT_SUFFIX); |
||
291 | } |
||
292 | |||
293 | // If account is not found in eTraxis database (or wasn't searched at all), |
||
294 | // try to search it in Active Directory. |
||
295 | if (!$account) |
||
296 | { |
||
297 | debug_write_log(DEBUG_NOTICE, 'Unknown user name.'); |
||
298 | |||
299 | if (ustrlen($passwd) == 0) |
||
300 | { |
||
301 | debug_write_log(DEBUG_NOTICE, 'Empty password is submitted.'); |
||
302 | $error = ERROR_UNKNOWN_USERNAME; |
||
303 | } |
||
304 | elseif (LDAP_ENABLED) |
||
305 | { |
||
306 | debug_write_log(DEBUG_NOTICE, 'Trying to find Active Directory account.'); |
||
307 | |||
308 | $id = account_register_ldapuser($username, $passwd); |
||
309 | |||
310 | if (is_null($id)) |
||
311 | { |
||
312 | debug_write_log(DEBUG_NOTICE, 'Cannot find Active Directory account.'); |
||
313 | $error = ERROR_UNKNOWN_USERNAME; |
||
314 | } |
||
315 | else |
||
316 | { |
||
317 | account_set_token($id); |
||
318 | open_session($id); |
||
319 | } |
||
320 | } |
||
321 | else |
||
322 | { |
||
323 | debug_write_log(DEBUG_NOTICE, 'LDAP support is disabled.'); |
||
324 | $error = ERROR_UNKNOWN_USERNAME; |
||
325 | } |
||
326 | } |
||
327 | else |
||
328 | { |
||
329 | debug_write_log(DEBUG_NOTICE, 'User name is found in eTraxis database.'); |
||
330 | |||
331 | $account['passwd'] = trim($account['passwd']); |
||
332 | |||
333 | // Check status of account and provided password. |
||
334 | if ($account['is_disabled']) |
||
335 | { |
||
336 | debug_write_log(DEBUG_NOTICE, 'Account is disabled.'); |
||
337 | $error = ERROR_ACCOUNT_DISABLED; |
||
338 | } |
||
339 | elseif (is_account_locked($account['locks_count'], $account['lock_time'])) |
||
340 | { |
||
341 | debug_write_log(DEBUG_NOTICE, 'Account is locked out.'); |
||
342 | $error = ERROR_ACCOUNT_LOCKED; |
||
343 | } |
||
344 | elseif ($account['passwd'] != base64_encode(sha1($passwd, TRUE)) && |
||
345 | $account['passwd'] != md5($passwd)) |
||
346 | { |
||
347 | debug_write_log(DEBUG_NOTICE, 'Bad password.'); |
||
348 | account_lock($account['account_id']); |
||
349 | $error = ERROR_UNKNOWN_USERNAME; |
||
350 | } |
||
351 | else |
||
352 | { |
||
353 | // Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
||
354 | // As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
||
355 | // For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
||
356 | // but we replace the password with its SHA1-hash. |
||
357 | if (strlen($account['passwd']) == 32) |
||
358 | { |
||
359 | dal_query('accounts/passwd.sql', |
||
360 | $account['account_id'], |
||
361 | base64_encode(sha1($passwd, TRUE)), |
||
362 | $account['passwd_expire']); |
||
363 | } |
||
364 | |||
365 | account_unlock($account['account_id']); |
||
366 | account_set_token($account['account_id']); |
||
367 | open_session($account['account_id']); |
||
368 | } |
||
369 | } |
||
370 | |||
371 | return $error; |
||
372 | } |
||
373 | |||
374 | /** |
||
375 | * Returns current user level. |
||
376 | * |
||
377 | * @return int User level: |
||
378 | * <ul> |
||
379 | * <li>{@link USER_LEVEL_GUEST} - user is not logged in and has guest permissions only</li> |
||
380 | * <li>{@link USER_LEVEL_NORMAL} - user is logged in with usual permissions</li> |
||
381 | * <li>{@link USER_LEVEL_ADMIN} - user is logged in with administrative permissions</li> |
||
382 | * </ul> |
||
383 | */ |
||
384 | function get_user_level () |
||
385 | { |
||
386 | // If somewhy this variable is not set yet, force to set it. |
||
387 | if (!isset($_SESSION[VAR_USERID])) |
||
388 | { |
||
389 | $_SESSION[VAR_USERID] = 0; |
||
390 | } |
||
391 | |||
392 | // Now we know for sure that the variable exists even if user is not logged in at all. |
||
393 | if ($_SESSION[VAR_USERID] != 0) |
||
394 | { |
||
395 | return $_SESSION[VAR_ISADMIN] ? USER_LEVEL_ADMIN : USER_LEVEL_NORMAL; |
||
396 | } |
||
397 | else |
||
398 | { |
||
399 | return USER_LEVEL_GUEST; |
||
400 | } |
||
401 | } |
||
402 | |||
403 | /** |
||
404 | * Performs required initialization before execution of any PHP page. |
||
405 | * |
||
406 | * Must be called once and at the very beginning of each PHP page. |
||
407 | * |
||
408 | * @param int $page_type Type of the page. |
||
409 | * @param int $guest_is_allowed Flag that guest is allowed to access the page. |
||
410 | */ |
||
411 | function init_page ($page_type = LOAD_CONTAINER, $guest_is_allowed = FALSE) |
||
412 | { |
||
413 | global $timezones; |
||
414 | global $encodings; |
||
415 | global $line_endings_chars; |
||
416 | |||
417 | @session_start(); |
||
418 | |||
419 | if (!isset($_SESSION[VAR_ERROR])) |
||
420 | { |
||
421 | $_SESSION[VAR_ERROR] = NO_ERROR; |
||
422 | } |
||
423 | |||
424 | if (get_magic_quotes_gpc() != 0) |
||
425 | { |
||
426 | foreach ($_REQUEST as $key => $value) |
||
427 | { |
||
428 | if (is_array($value)) |
||
429 | { |
||
430 | foreach ($value as $subkey => $subvalue) |
||
431 | { |
||
432 | $_REQUEST[$key][$subkey] = stripslashes($subvalue); |
||
433 | } |
||
434 | } |
||
435 | else |
||
436 | { |
||
437 | $_REQUEST[$key] = stripslashes($value); |
||
438 | } |
||
439 | } |
||
440 | } |
||
441 | |||
442 | if (get_user_level() == USER_LEVEL_GUEST) |
||
443 | { |
||
444 | create_session(); |
||
445 | open_session(account_get_token(NULL)); |
||
446 | } |
||
447 | |||
448 | if (get_user_level() == USER_LEVEL_GUEST) |
||
449 | { |
||
450 | debug_write_log(DEBUG_NOTICE, '[init_page] User is not authorized.'); |
||
451 | |||
452 | // Force the guest to log in |
||
453 | if (!$guest_is_allowed) |
||
454 | { |
||
455 | debug_write_log(DEBUG_NOTICE, '[init_page] Guest must be logged in.'); |
||
456 | save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
||
457 | |||
458 | if ($page_type == LOAD_CONTAINER) |
||
459 | { |
||
460 | header('Location: ' . WEBROOT . 'logon/index.php'); |
||
461 | } |
||
462 | elseif ($page_type == LOAD_INLINE) |
||
463 | { |
||
464 | header('HTTP/1.1 307 ' . WEBROOT . 'logon/index.php'); |
||
465 | } |
||
466 | elseif ($page_type == LOAD_RSS) |
||
467 | { |
||
468 | debug_write_log(DEBUG_NOTICE, '[init_page] Request for HTTP Basic Auth.'); |
||
469 | header('WWW-Authenticate: Basic realm="eTraxis RSS"'); |
||
470 | header('HTTP/1.0 401 Unauthorized'); |
||
471 | } |
||
472 | |||
473 | exit; |
||
474 | } |
||
475 | } |
||
476 | else |
||
477 | { |
||
478 | $rs = dal_query('accounts/fndid2.sql', |
||
479 | $_SESSION[VAR_USERID], |
||
480 | time(), |
||
481 | LOCKS_COUNT, |
||
482 | time() - LOCKS_TIMEOUT * 60); |
||
483 | |||
484 | if ($rs->rows == 0) |
||
0 ignored issues
–
show
|
|||
485 | { |
||
486 | debug_write_log(DEBUG_NOTICE, '[init_page] Specified user cannot be authorized.'); |
||
487 | open_session(GUEST_USER_ID); |
||
488 | } |
||
489 | else |
||
490 | { |
||
491 | $account = $rs->fetch(); |
||
492 | $account['passwd'] = trim($account['passwd']); |
||
493 | |||
494 | // Up to version 3.6.7 passwords were stored as MD5 hashes which took 32 chars. |
||
495 | // As of 3.6.8 passwords are stored as base64-encoded SHA1 hashes which take 28 chars. |
||
496 | // For backward compatibility we let user authenticate if his password is stored as MD5-hash, |
||
497 | // but we have to replace the password with its SHA1-hash. |
||
498 | // To make user enter his password as soon as possible we are forcing him to log out. |
||
499 | if (strlen($account['passwd']) == 32 && |
||
500 | !$account['is_ldapuser']) |
||
501 | { |
||
502 | debug_write_log(DEBUG_NOTICE, '[init_page] The password is stored as MD5 hash and must be updated.'); |
||
503 | open_session(GUEST_USER_ID); |
||
504 | } |
||
505 | else |
||
506 | { |
||
507 | $_SESSION[VAR_USERNAME] = account_get_username($account['username']); |
||
508 | $_SESSION[VAR_FULLNAME] = $account['fullname']; |
||
509 | $_SESSION[VAR_PASSWD_EXPIRE] = $account['passwd_expire']; |
||
510 | $_SESSION[VAR_ISADMIN] = $account['is_admin']; |
||
511 | $_SESSION[VAR_LDAPUSER] = $account['is_ldapuser']; |
||
512 | $_SESSION[VAR_LOCALE] = $account['locale']; |
||
513 | $_SESSION[VAR_TIMEZONE] = intval(date('Z')); |
||
514 | $_SESSION[VAR_TEXTROWS] = $account['text_rows']; |
||
515 | $_SESSION[VAR_PAGEROWS] = $account['page_rows']; |
||
516 | $_SESSION[VAR_PAGEBKMS] = $account['page_bkms']; |
||
517 | $_SESSION[VAR_AUTO_REFRESH] = ustr2int($account['auto_refresh'], MIN_AUTO_REFRESH, MAX_AUTO_REFRESH); |
||
518 | $_SESSION[VAR_DELIMITER] = chr($account['csv_delim']); |
||
519 | $_SESSION[VAR_ENCODING] = $encodings[$account['csv_encoding']]; |
||
520 | $_SESSION[VAR_LINE_ENDINGS] = $line_endings_chars[$account['csv_line_ends']]; |
||
521 | $_SESSION[VAR_VIEW] = $account['view_id']; |
||
522 | $_SESSION[VAR_THEME_NAME] = $account['theme_name']; |
||
523 | |||
524 | if ($account['timezone'] > 0 && |
||
525 | $account['timezone'] <= count($timezones)) |
||
526 | { |
||
527 | $_SESSION[VAR_TIMEZONE] = timezone_offset_get(timezone_open($timezones[$account['timezone']]), date_create()); |
||
528 | } |
||
529 | |||
530 | save_cookie(COOKIE_AUTH_USERID, $_SESSION[VAR_USERID]); |
||
531 | save_cookie(COOKIE_AUTH_TOKEN, $account['auth_token']); |
||
532 | |||
533 | dal_query('accounts/settoken2.sql', $_SESSION[VAR_USERID], time() + SESSION_EXPIRE * 60); |
||
534 | |||
535 | if ((strpos($_SERVER['PHP_SELF'], '/settings/') === FALSE ) && |
||
536 | (PASSWORD_EXPIRATION != 0 ) && |
||
537 | ($_SESSION[VAR_PASSWD_EXPIRE] + PASSWORD_EXPIRATION * SECS_IN_DAY < time()) && |
||
538 | (!$_SESSION[VAR_LDAPUSER] )) |
||
539 | { |
||
540 | debug_write_log(DEBUG_NOTICE, '[init_page] Password is expired.'); |
||
541 | |||
542 | save_cookie(COOKIE_URI, $_SERVER['REQUEST_URI']); |
||
543 | |||
544 | if ($page_type == LOAD_CONTAINER) |
||
545 | { |
||
546 | header('Location: ' . WEBROOT . 'settings/index.php?tab=3'); |
||
547 | } |
||
548 | elseif ($page_type == LOAD_INLINE) |
||
549 | { |
||
550 | header('HTTP/1.1 307 ' . WEBROOT . 'settings/index.php?tab=3'); |
||
551 | } |
||
552 | |||
553 | exit; |
||
554 | } |
||
555 | |||
556 | clear_cookie(COOKIE_URI); |
||
557 | } |
||
558 | } |
||
559 | } |
||
560 | } |
||
561 | |||
562 | ?> |
||
563 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.