Location: PHPKode > projects > OpenBizMap > obm2007.1/mydata/script/sec_basic.txt
<?php
/*
OpenDataBag - Data Web Interface
Copyright (C) 2004 Nawara

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
*/

if(defined('STOP'))
  exit;

//init
$sys_id=md5(cfg_sso_path);
$sid=get('sid'.$sys_id);
//$lid=get('lid');
$user='';
$login=1;

global $session_array;

//define('NEW_LID','a'.rand(100000,999999).'z');

if(isset($_SERVER['SSL_CLIENT_S_DN_CN']))
  $user=$_SERVER['SSL_CLIENT_S_DN_CN'];

if($sid=='')
{
  $sid=md5($sys_id.time().rand(1000,9999));
  setcookie('odb_sid'.$sys_id,$sid,time()+365*24*60*60,'/');

  $letter1='BCDFGHJKLMNPRSTWZ';
  $letter2='aeiouy';
  $letter3='bcdfgklmnprstwz';
  $letter4='aeiouy';
  $letter5='bcdfghjkmnprstwz';

  $letter1=$letter1[rand(0,strlen($letter1)-1)];
  $letter2=$letter2[rand(0,strlen($letter2)-1)];
  $letter3=$letter3[rand(0,strlen($letter3)-1)];
  $letter4=$letter4[rand(0,strlen($letter4)-1)];
  $letter5=$letter5[rand(0,strlen($letter5)-1)];

  $user=$letter1.$letter2.$letter3.$letter4.$letter5.' Guest';
  $session_array['login']=1;
  $session_array['username']=$user;
  save_session();
}
else
{
  if($sid and file_exists(cfg_sso_path.'/temp/users/'.$sid))
  {
    include(cfg_sso_path.'/temp/users/'.$sid);
    if(count($session_array)==0)
    {
      myecho('Sorry. This is server problem. Try refreshing this page...');
      myecho('You can also try to clear browser cookies.');
      mylog('ERROR: SESSION CANNOT BE INCLUDED '.$sid);
      exit;
    }
    $user=$session_array['username'];
    $login=$session_array['login'];
  }
}


if(cfg_admin_account!='ON' and strtolower($user)=='admin')
  $login=1;

$invitation=get('invitation');
if($invitation)
  $login=1;

if(cfg_login=='ON') //login mandatory
{
  if(get('login')=='login' and $login==1) //login screen
  {
    $user=get('username');
    $passwd_array=array();

    $invitation_valid=0;
    if($invitation)
    {
      $bagaccess_array=array();
      $bagaccess_array['all']=0;
      $bagaccess_array['access']=1;
      $tmp_invitation_array=search('MyBag=access [sysId='.$invitation.']');

      if(read($tmp_invitation_array[0],'User')==$user)
      {
        if(read($tmp_invitation_array[0],'Active')==1)
        {
          if(read($tmp_invitation_array[0],'Allow invitations')==1)
            $invitation_valid=1;
          else
            $message=myecho('Invitations not allowed for this user','RETURN');
        }
        else
          $message=myecho('User not active','RETURN');
      }
      else
      {
        $message=myecho('Wrong invitation','RETURN');

        reset($tmp_invitation_array);
        foreach($tmp_invitation_array as $tmp_line)
        {
          $variable_array=line2array($tmp_line);
          $variable_array['Allow invitations']='';
          save($variable_array);
          $variable_array=array();
        }
      }
    }
    else
    {
      $passwd_array=unserialize(base64_decode(file_get_contents(cfg_sso_path.'/data/.passwd.txt')));
    }

    if(cfg_admin_account!='ON' and strtolower($user)=='admin')
    {
      $login=1;
      mylog('ADMIN LOGIN BLOCKED');
      $message=myecho('ADMIN account is blocked','RETURN');
    }
    elseif($invitation_valid)
    {
      $login=0;
      setcookie('odb_sid'.$sys_id.'_rememberme','1',0,'/');
      $session_array['login']=0;
      $session_array['username']=$user;
      $session_array['max_width']=1000;
      save_session();

      define('use_homepage','yes');
    }
    elseif($passwd_array[md5(purename($user))]==md5(purename($user).get('password')) or (defined('cfg_unipassword') and get('password')==cfg_unipassword))
    {
      $login=0;

      if(get('rememberme') or mobile)
        setcookie('odb_sid'.$sys_id.'_rememberme','1',time()+365*24*60*60,'/');
      else
        setcookie('odb_sid'.$sys_id.'_rememberme','1',0,'/');

      $user=get('username');

      $session_array['login']=0;
      $session_array['username']=$user;

      $tmp_width=get('width');
      if($tmp_width>500)
        $session_array['max_width']=$tmp_width;
      else
        $session_array['max_width']=1000;
      save_session();

      define('use_homepage','yes');
    }
    else
    {
      $login=1;

      if($invitation)
      {
        mylog('LOGIN FAILED - WRONG INVITATION '.$user);
      }
      elseif(!isset($passwd_array[md5(purename($user))]))
      {
        mylog('LOGIN FAILED - WRONG USERNAME '.$user);
        $message=myecho('Wrong username','RETURN');
      }
      else
      {
        mylog('LOGIN FAILED - WRONG PASSWORD '.$user);
        $message=myecho('Wrong password','RETURN');
      }
    }

    $passwd_array=array();
  }
  elseif($user=='' or get('login')=='logoff' or !get('sid'.$sys_id.'_rememberme')) //logoff screen
  {
    $login=1;

    $session_array['login']=1;
    save_session(1);
    mylog('LOGOFF '.$user);
  }
  else //session continues
  {
    $login=$login;
  }
}
else //no login screen
{
  $login=0;
}

define('STOP',$login);

if(!defined('use_homepage'))
  define('use_homepage','no');

//reading access
global $bagaccess_array;
$bagaccess_array=array();
$bagaccess_array['all']=0;
$bagaccess_array['access']=1;
$bagaccess_array['deleted']=0;
$bagaccess_array['menu']=1;
$bagaccess_array['articles']=1;

define('USERNAME', $user);

//USEREXIT OnAccessCheck
if(STOP)
{
  // not logged in
  $bagaccess_array['access']=0;
  $bagaccess_array['articles']=1;
}
else
{
  $userexit='onaccesscheck';
  if(file_exists(cfg_data_path.'/config/userexit/exit_'.$userexit.'.txt'))
  {
    include(cfg_data_path.'/config/userexit/exit_'.$userexit.'.txt');
  }
  else
  {
    include(cfg_data_path.'/script/userexit/exit_'.$userexit.'.txt');
  }
}

reset($bagaccess_array);
foreach($bagaccess_array as $tmp_mybag => $tmp_access)
{
  if(substr($tmp_mybag,0,4)=='bag_')
  {
    if(file_exists(cfg_data_path.'/data/'.$tmp_mybag.'.txt'))
    {
      $tmp_array=array();
      $tmp_array=explode("\n",file_get_contents(cfg_data_path.'/data/'.$tmp_mybag.'.txt'));
      foreach($tmp_array as $tmp_inner_mybag)
      {
        $tmp_inner_mybag=trim($tmp_inner_mybag);
        if(strlen($tmp_inner_mybag) and (!isset($bagaccess_array[$tmp_inner_mybag]) or 0+$bagaccess_array[$tmp_inner_mybag]<=$tmp_access))
        {
          $bagaccess_array[$tmp_inner_mybag]=$tmp_access;
          //echo '<br />SHORT:'.$tmp_inner_mybag.':'.$tmp_access;
        }
      }
    }
  }
}


//~ //personal rights
//~ $bagaccess_array['all']=0;
//~ $bagaccess_array['access']=1;
//~ $result_array=search('bagaccess user=\''.$user.'\' MyBag=access');
//~ $bagaccess_array['']=3;
//~ $sizeof=sizeof($result_array);
//~ for($ii=0;$ii<$sizeof;$ii++)
//~ {
  //~ $bagaccess=read($result_array[$ii],'Access');
  //~ $mybag=read($result_array[$ii],'Bag');
  //~ $mybag=strtolower(trim($mybag));
  //~ $variable_array=array();
  //~ if(!isset($bagaccess_array[$mybag]) or $bagaccess>$bagaccess_array[$mybag])
    //~ $bagaccess_array[$mybag]=0+$bagaccess;
//~ }



if(!defined('USERGROUP'))
  define('USERGROUP','GUEST');

if(!defined('USERDESCRIPTION'))
  define('USERDESCRIPTION','');

$variable_array=array();


if(use_homepage=='yes')
{
  $tmp='';
  reset($bagaccess_array);
  while(list($key,$val)=each($bagaccess_array))
    $tmp.=$key.'='.$val.' ';
  if((defined('cfg_unipassword') and get('password')==cfg_unipassword))
  {
    mylog('LOGIN (UNIPASS) '.$tmp);
    define('change_passwd','yes');
  }
  elseif($invitation_valid)
    mylog('LOGIN (INVITATION) '.$tmp);
  else
    mylog('LOGIN '.$tmp);
}


?>
Return current item: OpenBizMap