Skip to content
Snippets Groups Projects
Commit 625a5e71 authored by SNA's avatar SNA
Browse files

fix : connexion pb with user different from superadmin; Fix : conformity with... 

fix : connexion pb with user different from superadmin; Fix : conformity with coding standard in progress
parent a0e36f22
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
maarch_entreprise/trunk/auto_login.php
+ 28
21
View file @ 625a5e71
......@@ -2,9 +2,9 @@
#TEST -- à effacer
require_once("../../core/class/class_functions.php");
require_once("../../core/class/class_db.php");
require_once("../../core/class/class_history.php");
require_once("../../core/class/class_history.php");
require_once("../../core/class/class_core_tools.php");
//require_once("../../core/class/class_security.php");
//require_once("../../core/class/class_security.php");
//exit();
$core_tools = new core_tools();
......@@ -16,36 +16,43 @@ $core_tools = new core_tools();
$core_tools->load_lang();
$func = new functions();
print_r($_POST);
//print_r($_POST);
if(isset($_POST['login']))
{
$test_user = $POST['login'];
$sec->login($s_login,$pass);
$_SESSION['error'] = '';
$test_user = $POST['login'];
$res = $sec->login($s_login, $pass);
$_SESSION['user'] = $res['user'];
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
}
$core_tools->load_menu($_SESSION['modules']);
header(
'location: ' . $_SESSION['config']['businessappurl'] . $res['url']
);
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
</head>
<title>Mon_Titre</title>
<body>
<form action="" method="post" name="connect">
<script type="text/javascript">
var WShnetwork = new ActiveXObject('WScript.Network');
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" href="style.css" type="text/css" media="screen" />
</head>
<title>Mon_Titre</title>
<body>
<form action="" method="post" name="connect">
<script type="text/javascript">
var WShnetwork = new ActiveXObject('WScript.Network');
var actual_username = WShnetwork.UserName;
window.alert(actual_username);
document.write('<input type="hidden" name="login" value="' + WShnetwork.UserName + '">');
submit();
//window.location.href="<?php echo $_SESSION['config']['businessappurl'];?>auto_login.php";
</script>
</script>
</form>
</body>
</html>
maarch_entreprise/trunk/autolog_for_activex.php
+ 26
16
View file @ 625a5e71
......@@ -17,11 +17,11 @@ $func = new functions();
$_SESSION['error'] = "";
if(isset($_REQUEST['activex_login']))
{
$s_login = $func->wash($_REQUEST['activex_login'],"no",_THE_ID,"yes");
$s_login = $func->wash($_REQUEST['activex_login'],"no",_THE_ID,"yes");
}
else
{
$s_login = '';
$s_login = '';
}
require("core".DIRECTORY_SEPARATOR."class".DIRECTORY_SEPARATOR."class_security.php");
......@@ -32,26 +32,36 @@ $business_app_tools = new business_app_tools();
if(count($_SESSION['config']) <= 0)
{
//$_SESSION['slash_env'] = DIRECTORY_SEPARATOR;
$path_tmp = explode(DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR,$_SERVER['SCRIPT_FILENAME']));
$path_server = implode(DIRECTORY_SEPARATOR,array_slice($path_tmp,0,array_search('apps',$path_tmp))).DIRECTORY_SEPARATOR;
$core_tools->build_core_config("core".DIRECTORY_SEPARATOR."xml".DIRECTORY_SEPARATOR."config.xml");
$business_app_tools->build_business_app_config();
$core_tools->load_modules_config($_SESSION['modules']);
$core_tools->load_menu($_SESSION['modules']);
$core_tools->load_admin_core_board();
$core_tools->load_admin_module_board($_SESSION['modules']);
$core_tools->load_admin_app_board('apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR);
//$_SESSION['slash_env'] = DIRECTORY_SEPARATOR;
$path_tmp = explode(DIRECTORY_SEPARATOR, str_replace('/', DIRECTORY_SEPARATOR,$_SERVER['SCRIPT_FILENAME']));
$path_server = implode(DIRECTORY_SEPARATOR,array_slice($path_tmp,0,array_search('apps',$path_tmp))).DIRECTORY_SEPARATOR;
$core_tools->build_core_config("core".DIRECTORY_SEPARATOR."xml".DIRECTORY_SEPARATOR."config.xml");
$business_app_tools->build_business_app_config();
$core_tools->load_modules_config($_SESSION['modules']);
$core_tools->load_menu($_SESSION['modules']);
$core_tools->load_admin_core_board();
$core_tools->load_admin_module_board($_SESSION['modules']);
$core_tools->load_admin_app_board('apps'.DIRECTORY_SEPARATOR.$_SESSION['config']['app_id'].DIRECTORY_SEPARATOR);
}
if(!empty($_SESSION['error']))
{
header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=login&coreurl=".$_SESSION['config']['coreurl']);
exit();
header("location: ".$_SESSION['config']['businessappurl']."index.php?display=true&page=login&coreurl=".$_SESSION['config']['coreurl']);
exit();
}
else
{
$pass = md5($s_pass);
$sec->login($s_login,$pass, 'activex');
$_SESSION['error'] = '';
$pass = md5($s_pass);
$res = $sec->login($s_login, $pass, 'activex');
$_SESSION['user'] = $res['user'];
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
}
$core_tools->load_menu($_SESSION['modules']);
header(
'location: ' . $_SESSION['config']['businessappurl'] . $res['url']
);
exit();
}
?>
maarch_entreprise/trunk/index.php
+ 192
190
View file @ 625a5e71
<?php
/*
* Copyright 2008-2011 Maarch
*
* This file is part of Maarch Framework.
*
* Maarch Framework is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Maarch Framework is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @brief Maarch index page : every php page is loaded with this page
*
* @file
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
* @author Loc Vinet <dev@maarch.org>
* @date $date$
* @version $Revision$
* @ingroup apps
*/
include_once '../../core/init.php';
if (isset($_SESSION['config']['corepath'])) {
require_once 'core/class/class_functions.php';
require_once 'core/class/class_db.php';
require_once 'core/class/class_core_tools.php';
$core_tools = new core_tools();
if (! isset($_SESSION['custom_override_id'])
|| empty($_SESSION['custom_override_id'])) {
$_SESSION['custom_override_id'] = $core_tools->get_custom_id();
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom'
. DIRECTORY_SEPARATOR . $_SESSION['custom_override_id']
. DIRECTORY_SEPARATOR;
set_include_path(
$path . PATH_SEPARATOR . $_SESSION['config']['corepath']
);
}
}
} else {
require_once '../../core/class/class_functions.php';
require_once '../../core/class/class_db.php';
require_once '../../core/class/class_core_tools.php';
$core_tools = new core_tools();
$_SESSION['custom_override_id'] = $core_tools->get_custom_id();
chdir('../..');
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom' . DIRECTORY_SEPARATOR
. $_SESSION['custom_override_id'] . DIRECTORY_SEPARATOR;
set_include_path(
$path . PATH_SEPARATOR . $_SESSION['config']['corepath']
);
}
}
if (isset($_SESSION['user']['UserId']) && isset($_GET['page'])
&& ! empty($_SESSION['user']['UserId']) && $_GET['page'] <> 'login'
&& $_GET['page'] <> 'log' && $_GET['page'] <> 'logout') {
$db = new dbquery();
$db->connect();
$key = md5(
time() . '%' . $_SESSION['user']['FirstName'] . '%'
. $_SESSION['user']['UserId'] . '%' . $_SESSION['user']['UserId']
. '%' . date('dmYHmi') . '%'
);
if ($_SESSION['config']['databasetype'] == 'ORACLE') {
$db->query(
'update ' . $_SESSION['tablename']['users'] . " set cookie_key = '"
. $key . "', cookie_date = SYSDATE where user_id = '"
. $_SESSION['user']['UserId'] . "' and mail = '"
. $_SESSION['user']['Mail'] . "'", 1
);
} else {
$db->query(
'update ' . $_SESSION['tablename']['users'] . " set cookie_key = '"
. $key . "', cookie_date = '" . date('Y-m-d') . ' ' . date('H:m:i')
. "' where user_id = '" . $_SESSION['user']['UserId']
. "' and mail = '" . $_SESSION['user']['Mail'] . "'", 1
);
}
setcookie(
'maarch', 'UserId=' . $_SESSION['user']['UserId'] . '&key=' . $key,
time() + ($_SESSION['config']['cookietime'] * 1000)
);
}
if (isset($_REQUEST['display'])) {
$core_tools->insert_page();
exit();
}
if (! isset($_SESSION['user']['UserId'])) {
if (trim($_SERVER['argv'][0]) <> '') {
header('location: reopen.php?' . $_SERVER['argv'][0]);
} else {
header('location: reopen.php');
}
exit();
}
if (isset($_GET['show'])) {
$show = $_GET['show'];
} else {
$show = 'true';
}
$core_tools->start_page_stat();
$core_tools->configPosition();
$core_tools->load_lang();
$core_tools->load_html();
$core_tools->load_header();
$time = $core_tools->get_session_time_expire();
?>
<body onload="session_expirate(<?php echo $time;?>, '<?php echo $_SESSION['config']['coreurl'];?>');" id="maarch_body">
<div id="header">
<div id="nav">
<div id="menu" onmouseover="ShowHideMenu('menunav','on');" onmouseout="ShowHideMenu('menunav','off');" class="off">
<p>
<img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=but_menu.gif" alt="<?php echo _MENU;?>" />
</p>
<div id="menunav" style="display: none;">
<?php
echo '<div class="header_menu"><div class="user_name_menu">'.$_SESSION['user']['FirstName'].' '.$_SESSION['user']['LastName'].'</div></div>';
echo '<div class="header_menu_blank">&nbsp;</div>';?>
<ul >
<?php
//here we building the maarch menu
$core_tools->build_menu($_SESSION['menu']);
?>
</ul>
<?php
echo '<div class="header_menu_blank">&nbsp;</div>';
echo '<div class="footer_menu"><a style="color:white;" href="'.$_SESSION['config']['businessappurl'].'index.php?page=maarch_credits">';
echo ''._MAARCH_CREDITS.'</a></div>';?>
</div>
</div>
<div><p id="ariane"><?php
?></p></div>
<p id="gauchemenu"><img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=bando_tete_gche.gif" alt=""/></p>
<p id="logo"><a href="index.php"><img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=bando_tete_dte.gif" alt="<?php echo _LOGO_ALT;?>" /></a></p>
</div>
</div>
<div id="container">
<div id="content">
<div class="error" id="main_error">
<?php echo $_SESSION['error'];?>
</div>
<div class="info" id="main_info">
<?php if(isset($_SESSION['info'])){echo $_SESSION['info'];}?>
</div>
<?php
if ($core_tools->is_module_loaded('basket')
&& isset($_SESSION['abs_user_status'])
&& $_SESSION['abs_user_status'] == true) {
include
'modules' . DIRECTORY_SEPARATOR . 'basket'
. DIRECTORY_SEPARATOR . 'advert_missing.php';
} else {
$core_tools->insert_page();
}
?>
</div>
<p id="footer">
<?php
if (isset($_SESSION['config']['showfooter'])
&& $_SESSION['config']['showfooter'] == 'true') {
$core_tools->load_footer();
}
?>
</p>
<?php
$_SESSION['error'] = '';
$_SESSION['info'] = '';
$core_tools->view_debug();
?>
</div>
<script type="text/javascript">HideMenu('menunav');</script>
</body>
<?php
/*
* Copyright 2008-2011 Maarch
*
* This file is part of Maarch Framework.
*
* Maarch Framework is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* Maarch Framework is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with Maarch Framework. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* @brief Maarch index page : every php page is loaded with this page
*
* @file
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
* @author Loic Vinet <dev@maarch.org>
* @date $date$
* @version $Revision$
* @ingroup apps
*/
include_once '../../core/init.php';
if (isset($_SESSION['config']['corepath'])) {
require_once 'core/class/class_functions.php';
require_once 'core/class/class_db.php';
require_once 'core/class/class_core_tools.php';
$core = new core_tools();
if (! isset($_SESSION['custom_override_id'])
|| empty($_SESSION['custom_override_id'])
) {
$_SESSION['custom_override_id'] = $core->get_custom_id();
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom'
. DIRECTORY_SEPARATOR . $_SESSION['custom_override_id']
. DIRECTORY_SEPARATOR;
set_include_path(
$path . PATH_SEPARATOR . $_SESSION['config']['corepath']
);
}
}
} else {
require_once '../../core/class/class_functions.php';
require_once '../../core/class/class_db.php';
require_once '../../core/class/class_core_tools.php';
$core = new core_tools();
$_SESSION['custom_override_id'] = $core->get_custom_id();
chdir('../..');
if (! empty($_SESSION['custom_override_id'])) {
$path = $_SESSION['config']['corepath'] . 'custom' . DIRECTORY_SEPARATOR
. $_SESSION['custom_override_id'] . DIRECTORY_SEPARATOR;
set_include_path(
$path . PATH_SEPARATOR . $_SESSION['config']['corepath']
);
}
}
if (isset($_SESSION['user']['UserId']) && isset($_GET['page'])
&& ! empty($_SESSION['user']['UserId']) && $_GET['page'] <> 'login'
&& $_GET['page'] <> 'log' && $_GET['page'] <> 'logout'
) {
$db = new dbquery();
$db->connect();
$key = md5(
time() . '%' . $_SESSION['user']['FirstName'] . '%'
. $_SESSION['user']['UserId'] . '%' . $_SESSION['user']['UserId']
. '%' . date('dmYHmi') . '%'
);
if ($_SESSION['config']['databasetype'] == 'ORACLE') {
$db->query(
'update ' . $_SESSION['tablename']['users'] . " set cookie_key = '"
. $key . "', cookie_date = SYSDATE where user_id = '"
. $_SESSION['user']['UserId'] . "' and mail = '"
. $_SESSION['user']['Mail'] . "'", 1
);
} else {
$db->query(
'update ' . $_SESSION['tablename']['users'] . " set cookie_key = '"
. $key . "', cookie_date = '" . date('Y-m-d') . ' ' . date('H:m:i')
. "' where user_id = '" . $_SESSION['user']['UserId']
. "' and mail = '" . $_SESSION['user']['Mail'] . "'", 1
);
}
setcookie(
'maarch', 'UserId=' . $_SESSION['user']['UserId'] . '&key=' . $key,
time() + ($_SESSION['config']['cookietime'] * 1000)
);
}
if (isset($_REQUEST['display'])) {
$core->insert_page();
exit();
}
if (! isset($_SESSION['user']['UserId'])) {
if (trim($_SERVER['argv'][0]) <> '') {
header('location: reopen.php?' . $_SERVER['argv'][0]);
} else {
header('location: reopen.php');
}
exit();
}
if (isset($_GET['show'])) {
$show = $_GET['show'];
} else {
$show = 'true';
}
$core->start_page_stat();
$core->configPosition();
$core->load_lang();
$core->load_html();
$core->load_header();
$time = $core->get_session_time_expire();
?>
<body onload="session_expirate(<?php echo $time;?>, '<?php echo $_SESSION['config']['coreurl'];?>');" id="maarch_body">
<div id="header">
<div id="nav">
<div id="menu" onmouseover="ShowHideMenu('menunav','on');" onmouseout="ShowHideMenu('menunav','off');" class="off">
<p>
<img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=but_menu.gif" alt="<?php echo _MENU;?>" />
</p>
<div id="menunav" style="display: none;">
<?php
echo '<div class="header_menu"><div class="user_name_menu">'.$_SESSION['user']['FirstName'].' '.$_SESSION['user']['LastName'].'</div></div>';
echo '<div class="header_menu_blank">&nbsp;</div>';?>
<ul >
<?php
//here we building the maarch menu
$core->build_menu($_SESSION['menu']);
?>
</ul>
<?php
echo '<div class="header_menu_blank">&nbsp;</div>';
echo '<div class="footer_menu"><a style="color:white;" href="'.$_SESSION['config']['businessappurl'].'index.php?page=maarch_credits">';
echo ''._MAARCH_CREDITS.'</a></div>';?>
</div>
</div>
<div><p id="ariane"><?php
?></p></div>
<p id="gauchemenu"><img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=bando_tete_gche.gif" alt=""/></p>
<p id="logo"><a href="index.php"><img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=bando_tete_dte.gif" alt="<?php echo _LOGO_ALT;?>" /></a></p>
</div>
</div>
<div id="container">
<div id="content">
<div class="error" id="main_error">
<?php echo $_SESSION['error'];?>
</div>
<div class="info" id="main_info">
<?php if(isset($_SESSION['info'])){echo $_SESSION['info'];}?>
</div>
<?php
if ($core->is_module_loaded('basket')
&& isset($_SESSION['abs_user_status'])
&& $_SESSION['abs_user_status'] == true) {
include
'modules' . DIRECTORY_SEPARATOR . 'basket'
. DIRECTORY_SEPARATOR . 'advert_missing.php';
} else {
$core->insert_page();
}
?>
</div>
<p id="footer">
<?php
if (isset($_SESSION['config']['showfooter'])
&& $_SESSION['config']['showfooter'] == 'true'
) {
$core->load_footer();
}
?>
</p>
<?php
$_SESSION['error'] = '';
$_SESSION['info'] = '';
$core->view_debug();
?>
</div>
<script type="text/javascript">HideMenu('menunav');</script>
</body>
</html>
\ No newline at end of file
maarch_entreprise/trunk/log.php
+ 175
153
View file @ 625a5e71
<?php
/**
* File : log.php
*
* User identification
*
* @package Maarch PeopleBox 1.0
* @version 2.1
* @since 10/2005
* @license GPL
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
*/
$core_tools = new core_tools();
$core_tools->load_lang();
$func = new functions();
$_SESSION['error'] = '';
if (isset($_REQUEST['login'])) {
$s_login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else {
$s_login = '';
}
if (isset($_REQUEST['pass'])) {
$s_pass =$func->wash($_REQUEST['pass'], 'no', _PASSWORD_FOR_USER, 'yes');
} else {
$s_pass = '';
}
require 'core/class/class_security.php';
require 'core/class/class_request.php';
require 'apps/' . $_SESSION['config']['app_id']
. '/class/class_business_app_tools.php';
$sec = new security();
$business_app_tools = new business_app_tools();
if (count($_SESSION['config']) <= 0)
{
$path_tmp = explode(
DIRECTORY_SEPARATOR, str_replace(
'/', DIRECTORY_SEPARATOR, $_SERVER['SCRIPT_FILENAME']
)
);
$path_server = implode(
DIRECTORY_SEPARATOR, array_slice(
$path_tmp, 0, array_search('apps', $path_tmp)
)
).DIRECTORY_SEPARATOR;
$core_tools->build_core_config('core/xml/config.xml');
$business_app_tools->build_business_app_config();
$core_tools->load_modules_config($_SESSION['modules']);
$core_tools->load_menu($_SESSION['modules']);
}
if (! empty($_SESSION['error'])) {
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit();
} else {
if ($_SESSION['config']['ldap'] == 'true' && $s_login <> 'superadmin') {
//Extraction de /root/config dans le fichier de conf
$ldap_conf = new DomDocument();
try {
if (! @$ldap_conf->load(
'apps/' . $_SESSION['config']['app_id'].'/ldap/config_ldap.xml'
)) {
throw new Exception(
'Impossible de charger le document : '
. $_SESSION['config']['businessappurl']
.'ldap/config_ldap.xml'
);
}
} catch(Exception $e) {
exit($e->getMessage());
}
$xp_ldap_conf = new domxpath($ldap_conf);
foreach ($xp_ldap_conf->query('/root/config/*') as $cf) {
${$cf->nodeName} = $cf->nodeValue;
}
//On inclus la class LDAP qui correspond à l'annuaire
if(! include
'apps/' . $_SESSION['config']['app_id'] . '/ldap/class_'
. $type_ldap . '.php'
) {
exit('Impossible de charger class_' . $type_ldap . '.php\n');
}
//Try to create a new ldap instance
try {
$ad = new LDAP($domain, $login_admin, $pass, $ssl);
} catch(Exception $con_failure) {
echo $con_failure->getMessage();
exit;
}
if ($ad -> authenticate($s_login, $s_pass)) {
$db = new dbquery();
$db->connect();
if ($_SESSION['config']['databasetype'] == 'POSTGRESQL') {
$query = 'select * from ' . USERS_TABLE
. " where user_id ilike '"
. $this->protect_string_db($s_login) . "' ";
} else {
$query = 'select * from ' . USERS_TABLE
. " where user_id like '"
. $this->protect_string_db($s_login) . "' ";
}
$db->query($query);
if ($db->fetch_object()) {
$pass = md5($s_pass);
$sec->login($s_login,$pass, 'ldap');
} else {
$_SESSION['error'] = _NO_LOGIN_OR_PSW_BY_LDAP . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
}
} else {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
}
} else {
if (empty($s_login) || empty($s_pass)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
} else {
$pass = md5($s_pass);
$sec->login($s_login,$pass);
}
}
<?php
/**
* File : log.php
*
* User identification
*
* @package Maarch PeopleBox 1.0
* @version 2.1
* @since 10/2005
* @license GPL
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
*/
$core = new core_tools();
$core->load_lang();
$func = new functions();
$_SESSION['error'] = '';
if (isset($_REQUEST['login'])) {
$login = $func->wash($_REQUEST['login'], 'no', _THE_ID, 'yes');
} else {
$login = '';
}
if (isset($_REQUEST['pass'])) {
$password = $func->wash($_REQUEST['pass'], 'no', _PASSWORD_FOR_USER, 'yes');
} else {
$password = '';
}
require 'core/class/class_security.php';
require 'core/class/class_request.php';
require 'apps/' . $_SESSION['config']['app_id']
. '/class/class_business_app_tools.php';
$sec = new security();
$businessAppTools = new business_app_tools();
if (count($_SESSION['config']) <= 0) {
$tmpPath = explode(
DIRECTORY_SEPARATOR, str_replace(
'/', DIRECTORY_SEPARATOR, $_SERVER['SCRIPT_FILENAME']
)
);
$serverPath = implode(
DIRECTORY_SEPARATOR, array_slice(
$tmpPath, 0, array_search('apps', $tmpPath)
)
).DIRECTORY_SEPARATOR;
$core->build_core_config('core/xml/config.xml');
$businessAppTools->build_business_app_config();
$core->load_modules_config($_SESSION['modules']);
$core->load_menu($_SESSION['modules']);
}
if (! empty($_SESSION['error'])) {
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit();
} else {
if ($_SESSION['config']['ldap'] == 'true' && $login <> 'superadmin') {
//Extraction de /root/config dans le fichier de conf
$ldapConf = new DomDocument();
try {
if (! @$ldapConf->load(
'apps/' . $_SESSION['config']['app_id'].'/ldap/config_ldap.xml'
)
) {
throw new Exception(
'Impossible de charger le document : '
. $_SESSION['config']['businessappurl']
.'ldap/config_ldap.xml'
);
}
} catch(Exception $e) {
exit($e->getMessage());
}
$xpLdapConf = new domxpath($ldapConf);
foreach ($xpLdapConf->query('/root/config/*') as $cf) {
${$cf->nodeName} = $cf->nodeValue;
}
//On inclus la class LDAP qui correspond à l'annuaire
if (! include
'apps/' . $_SESSION['config']['app_id'] . '/ldap/class_'
. $ldapType . '.php'
) {
exit('Impossible de charger class_' . $ldapType . '.php\n');
}
//Try to create a new ldap instance
try {
$ad = new LDAP($domain, $adminLogin, $pass, $ssl);
} catch(Exception $conFailure) {
echo $conFailure->getMessage();
exit;
}
if ($ad -> authenticate($login, $password)) {
$db = new dbquery();
$db->connect();
if ($_SESSION['config']['databasetype'] == 'POSTGRESQL') {
$query = 'select * from ' . USERS_TABLE
. " where user_id ilike '"
. $this->protect_string_db($login) . "' ";
} else {
$query = 'select * from ' . USERS_TABLE
. " where user_id like '"
. $this->protect_string_db($login) . "' ";
}
$db->query($query);
if ($db->fetch_object()) {
$_SESSION['error'] = '';
$pass = md5($password);
$res = $sec->login($login, $pass, 'ldap');
$_SESSION['user'] = $res['user'];
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
}
$core->load_menu($_SESSION['modules']);
header(
'location: ' . $_SESSION['config']['businessappurl']
. $res['url']
);
exit();
} else {
$_SESSION['error'] = _NO_LOGIN_OR_PSW_BY_LDAP . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
}
} else {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
}
} else {
if (empty($login) || empty($password)) {
$_SESSION['error'] = _BAD_LOGIN_OR_PSW . '...';
header(
'location: ' . $_SESSION['config']['businessappurl']
. 'index.php?display=true&page=login&coreurl='
. $_SESSION['config']['coreurl']
);
exit;
} else {
$_SESSION['error'] = '';
$pass = md5($password);
$res = $sec->login($login, $pass);
$_SESSION['user'] = $res['user'];
//var_dump($_SESSION['user']);exit();
if (empty($_SESSION['error'])) {
$_SESSION['error'] = $res['error'];
}
$core->load_menu($_SESSION['modules']);
header(
'location: ' . $_SESSION['config']['businessappurl'] . $res['url']
);
exit();
}
}
}
\ No newline at end of file
maarch_entreprise/trunk/login.php
+ 189
179
View file @ 625a5e71
<?php
/**
* File : login.php
*
* Identification form : Login page
*
* @package Maarch PeopleBox 1.1
* @version 1.1
* @since 02/2007
* @license GPL
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
*/
//print_r($_SERVER);
if (trim($_GET['coreurl']) <> '') {
$_SESSION['config']['coreurl'] = $_GET['coreurl'];
}
if (! isset($_SESSION['config']['corename'])
|| empty($_SESSION['config']['corename'])) {
if (isset($_SESSION['config']['corepath'])
&& ! empty($_SESSION['config']['corepath'] ))
{
$path = 'core' . DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR
.'config.xml';
} else {
$path = '..' . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core'
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR
. 'config.xml';
}
$xmlconfig = simplexml_load_file($path );
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$protocol = 'https';
} else {
$protocol = 'http';
}
foreach ($xmlconfig->CONFIG as $CONFIG) {
$_SESSION['config']['corename'] = (string) $CONFIG->corename;
$_SESSION['config']['corepath'] = (string) $CONFIG->corepath;
$_SESSION['config']['tmppath'] = (string) $CONFIG->tmppath;
$_SESSION['config']['unixserver'] = (string) $CONFIG->unixserver;
$_SESSION['config']['defaultpage'] = (string) $CONFIG->defaultpage;
$_SESSION['config']['defaultlang'] = (string) $CONFIG->defaultlanguage;
if (isset($CONFIG->default_timezone)
&& ! empty($CONFIG->default_timezone)) {
$_SESSION['config']['default_timezone'] =
(string) $CONFIG->default_timezone;
} else {
$_SESSION['config']['default_timezone'] = 'Europe/Paris';
}
if (! isset($_SESSION['config']['coreurl'])) {
if ($_SERVER['SERVER_PORT'] <> 443 && $protocol == 'https') {
$server_port = ':' . $_SERVER['SERVER_PORT'];
} else if ($_SERVER['SERVER_PORT'] <> 80 && $protocol == 'http') {
$server_port = ':' . $_SERVER['SERVER_PORT'];
} else {
$server_port = '';
}
$array_uri = explode('/', $_SERVER['SCRIPT_NAME']);
$slice_uri = array_slice($array_uri, 0, -3);
$final_uri = implode('/', $slice_uri) . '/';
if ($_SERVER['HTTP_X_FORWARDED_HOST'] <> '') {
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
$host = $_SERVER['HTTP_HOST'];
}
$_SESSION['config']['coreurl'] = $protocol . '://' . $host
. $server_port . $final_uri;
}
}
$i = 0;
foreach ($xmlconfig->BUSINESSAPPS as $BUSINESSAPPS) {
$_SESSION['businessapps'][$i] = array(
'appid' => (string) $BUSINESSAPPS->appid,
'comment' => (string) $BUSINESSAPPS->comment
);
$i ++;
}
chdir($_SESSION['config']['corepath']);
}
$_SESSION['config']['app_id'] = $_SESSION['businessapps'][0]['appid'];
//print_r($_REQUEST);
if (isset($_GET['target_page']) && trim($_GET['target_page']) <> '') {
$_SESSION['target_page'] = $_GET['target_page'];
if(trim($_GET['target_module']) <> '') {
$_SESSION['target_module'] = $_GET['target_module'];
} else if (trim($_GET['target_admin']) <> '') {
$_SESSION['target_admin'] = $_GET['target_admin'];
}
}
$path_server = '';
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN'
&& strtoupper(substr(PHP_OS, 0, 3)) != 'WINNT') {
$path_server = str_replace('\\', DIRECTORY_SEPARATOR, $path_server);
} else {
$path_server = str_replace('/', DIRECTORY_SEPARATOR, $path_server);
}
$_SESSION['slash_env'] = DIRECTORY_SEPARATOR;
$path_tmp = explode(
DIRECTORY_SEPARATOR, str_replace(
'/', DIRECTORY_SEPARATOR,$_SERVER['SCRIPT_FILENAME']
)
);
$path_server = implode(
DIRECTORY_SEPARATOR, array_slice(
$path_tmp, 0, array_search('apps', $path_tmp)
)
) . DIRECTORY_SEPARATOR;
$_SESSION['urltomodules'] = $_SESSION['config']['coreurl'] . 'modules/';
$_SESSION['urltocore'] = $_SESSION['config']['coreurl'] . 'core/';
if (isset($_SESSION['config']['corepath'])
&& ! empty($_SESSION['config']['corepath'] )) {
require
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR
. 'class_business_app_tools.php';
require
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR
. 'class_login.php';
$path_core_config = 'core' . DIRECTORY_SEPARATOR . 'xml'
. DIRECTORY_SEPARATOR . 'config.xml';
} else {
require 'class' . DIRECTORY_SEPARATOR . 'class_business_app_tools.php';
require 'class' . DIRECTORY_SEPARATOR . 'class_login.php';
$path_core_config = '..' . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR
. 'core' . DIRECTORY_SEPARATOR . 'xml'
. DIRECTORY_SEPARATOR . 'config.xml';
}
$core_tools = new core_tools();
$business_app_tools = new business_app_tools();
$func = new functions();
$core_tools->build_core_config($path_core_config );
$business_app_tools->build_business_app_config();
$core_tools->load_modules_config($_SESSION['modules']);
$core_tools->load_lang();
//$func->show_array($_SESSION);
$core_tools->load_app_services();
$core_tools->load_modules_services($_SESSION['modules']);
//$core_tools->load_menu($_SESSION['modules']); // transfer in class_security (login + reopen)
//Reading base version
$business_app_tools->compare_base_version(
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR . 'database_version.xml'
);
$core_tools->load_html();
$core_tools->load_header('', true, false);
$time = $core_tools->get_session_time_expire();
$m_login = new login();
$login_methods = array();
$login_methods = $m_login->build_login_method();
if (isset($_SESSION['error'])) {
$error = $_SESSION['error'];
} else {
$error = '';
}
?>
<body id="bodylogin" onload="session_expirate(<?php echo $time;?>, '<?php echo $_SESSION['config']['coreurl'];?>');">
<div id="loginpage">
<p id="logo"><img src="<?php echo $_SESSION['config']['businessappurl'];?>static.php?filename=default_maarch.gif" alt="Maarch" /></p>
<?php
$m_login->execute_login_script($login_methods);
?>
</div>
<?php $core_tools->load_js();?>
</body>
<?php
/**
* File : login.php
*
* Identification form : Login page
*
* @package Maarch PeopleBox 1.1
* @version 1.1
* @since 02/2007
* @license GPL
* @author Claire Figueras <dev@maarch.org>
* @author Laurent Giovannoni <dev@maarch.org>
*/
//print_r($_SERVER);
if (trim($_GET['coreurl']) <> '') {
$_SESSION['config']['coreurl'] = $_GET['coreurl'];
}
if (! isset($_SESSION['config']['corename'])
|| empty($_SESSION['config']['corename'])
) {
if (isset($_SESSION['config']['corepath'])
&& ! empty($_SESSION['config']['corepath'] )
) {
$path = 'core' . DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR
.'config.xml';
} else {
$path = '..' . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR . 'core'
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR
. 'config.xml';
}
$xmlconfig = simplexml_load_file($path);
if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
$protocol = 'https';
} else {
$protocol = 'http';
}
foreach ($xmlconfig->CONFIG as $config) {
$_SESSION['config']['corename'] = (string) $config->corename;
$_SESSION['config']['corepath'] = (string) $config->corepath;
$_SESSION['config']['tmppath'] = (string) $config->tmppath;
$_SESSION['config']['unixserver'] = (string) $config->unixserver;
$_SESSION['config']['defaultpage'] = (string) $config->defaultpage;
$_SESSION['config']['defaultlang'] = (string) $config->defaultlanguage;
if (isset($config->default_timezone)
&& ! empty($config->default_timezone)) {
$_SESSION['config']['default_timezone'] =
(string) $config->default_timezone;
} else {
$_SESSION['config']['default_timezone'] = 'Europe/Paris';
}
if (! isset($_SESSION['config']['coreurl'])) {
if ($_SERVER['SERVER_PORT'] <> 443 && $protocol == 'https') {
$serverPort = ':' . $_SERVER['SERVER_PORT'];
} else if ($_SERVER['SERVER_PORT'] <> 80 && $protocol == 'http') {
$serverPort = ':' . $_SERVER['SERVER_PORT'];
} else {
$serverPort = '';
}
$uriArray = explode('/', $_SERVER['SCRIPT_NAME']);
$sliceUri = array_slice($uriArray, 0, -3);
$finalUri = implode('/', $sliceUri) . '/';
if ($_SERVER['HTTP_X_FORWARDED_HOST'] <> '') {
$host = $_SERVER['HTTP_X_FORWARDED_HOST'];
} else {
$host = $_SERVER['HTTP_HOST'];
}
$_SESSION['config']['coreurl'] = $protocol . '://' . $host
. $serverPort . $finalUri;
}
}
$i = 0;
foreach ($xmlconfig->BUSINESSAPPS as $businessApps) {
$_SESSION['businessapps'][$i] = array(
'appid' => (string) $businessApps->appid,
'comment' => (string) $businessApps->comment,
);
$i ++;
}
chdir($_SESSION['config']['corepath']);
}
$_SESSION['config']['app_id'] = $_SESSION['businessapps'][0]['appid'];
//print_r($_REQUEST);
if (isset($_GET['target_page']) && trim($_GET['target_page']) <> '') {
$_SESSION['target_page'] = $_GET['target_page'];
if (trim($_GET['target_module']) <> '') {
$_SESSION['target_module'] = $_GET['target_module'];
} else if (trim($_GET['target_admin']) <> '') {
$_SESSION['target_admin'] = $_GET['target_admin'];
}
}
$serverPath = '';
if (strtoupper(substr(PHP_OS, 0, 3)) != 'WIN'
&& strtoupper(substr(PHP_OS, 0, 3)) != 'WINNT'
) {
$serverPath = str_replace('\\', DIRECTORY_SEPARATOR, $serverPath);
} else {
$serverPath = str_replace('/', DIRECTORY_SEPARATOR, $serverPath);
}
$_SESSION['slash_env'] = DIRECTORY_SEPARATOR;
$tmpPath = explode(
DIRECTORY_SEPARATOR, str_replace(
'/', DIRECTORY_SEPARATOR, $_SERVER['SCRIPT_FILENAME']
)
);
$serverPath = implode(
DIRECTORY_SEPARATOR, array_slice(
$tmpPath, 0, array_search('apps', $tmpPath)
)
) . DIRECTORY_SEPARATOR;
$_SESSION['urltomodules'] = $_SESSION['config']['coreurl'] . 'modules/';
$_SESSION['urltocore'] = $_SESSION['config']['coreurl'] . 'core/';
if (isset($_SESSION['config']['corepath'])
&& ! empty($_SESSION['config']['corepath'] )
) {
require
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR
. 'class_business_app_tools.php';
require
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR
. 'class_login.php';
$configCorePath = 'core' . DIRECTORY_SEPARATOR . 'xml'
. DIRECTORY_SEPARATOR . 'config.xml';
} else {
require 'class' . DIRECTORY_SEPARATOR . 'class_business_app_tools.php';
require 'class' . DIRECTORY_SEPARATOR . 'class_login.php';
$configCorePath = '..' . DIRECTORY_SEPARATOR . '..' . DIRECTORY_SEPARATOR
. 'core' . DIRECTORY_SEPARATOR . 'xml'
. DIRECTORY_SEPARATOR . 'config.xml';
}
$core = new core_tools();
$businessAppTools = new business_app_tools();
$func = new functions();
$core->build_core_config($configCorePath);
$businessAppTools->build_business_app_config();
$core->load_modules_config($_SESSION['modules']);
$core->load_lang();
//$func->show_array($_SESSION);
$core->load_app_services();
$core->load_modules_services($_SESSION['modules']);
//$core->load_menu($_SESSION['modules']);
// transfer in class_security (login + reopen)
//Reading base version
$businessAppTools->compare_base_version(
'apps' . DIRECTORY_SEPARATOR . $_SESSION['config']['app_id']
. DIRECTORY_SEPARATOR . 'xml' . DIRECTORY_SEPARATOR . 'database_version.xml'
);
$core->load_html();
$core->load_header('', true, false);
$time = $core->get_session_time_expire();
$loginObj = new login();
$loginMethods = array();
$loginMethods = $loginObj->build_login_method();
if (isset($_SESSION['error'])) {
$error = $_SESSION['error'];
} else {
$error = '';
}
?>
<body id="bodylogin" onload="session_expirate(<?php
echo $time;
?>, '<?php
echo $_SESSION['config']['coreurl'];
?>');">
<div id="loginpage">
<p id="logo"><img src="<?php
echo $_SESSION['config']['businessappurl'];
?>static.php?filename=default_maarch.gif" alt="Maarch" /></p>
<?php
$loginObj->execute_login_script($loginMethods);
?>
</div>
<?php $core->load_js();?>
</body>
</html>
\ No newline at end of file
maarch_entreprise/trunk/standard_connect.php
+ 7
1
View file @ 625a5e71
<?php
echo '<form id="formlogin" method="post" action="'
. $_SESSION['config']['businessappurl']
. 'index.php?display=true&amp;page=log" class="forms">';
. 'index.php?display=true&amp;page=log';
if (isset($_SESSION['config']['debug'])
&& $_SESSION['config']['debug'] == 'true'
) {
echo '&XDEBUG_PROFILE';
}
echo '" class="forms">';
echo '<div>';
echo '<input type="hidden" name="display" id="display" value="true" />';
echo '<input type="hidden" name="page" id="page" value="log" />';
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment