<?php
/*
OpenDataBag - Data Web Interface
Copyright (C) 2004 Nawara
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
if(defined('STOP'))
exit;
//init
$sys_id=md5(cfg_sso_path);
$sid=get('sid'.$sys_id);
//$lid=get('lid');
$user='';
$login=1;
global $session_array;
//define('NEW_LID','a'.rand(100000,999999).'z');
if(isset($_SERVER['SSL_CLIENT_S_DN_CN']))
$user=$_SERVER['SSL_CLIENT_S_DN_CN'];
if($sid=='')
{
$sid=md5($sys_id.time().rand(1000,9999));
setcookie('odb_sid'.$sys_id,$sid,time()+365*24*60*60,'/');
$letter1='BCDFGHJKLMNPRSTWZ';
$letter2='aeiouy';
$letter3='bcdfgklmnprstwz';
$letter4='aeiouy';
$letter5='bcdfghjkmnprstwz';
$letter1=$letter1[rand(0,strlen($letter1)-1)];
$letter2=$letter2[rand(0,strlen($letter2)-1)];
$letter3=$letter3[rand(0,strlen($letter3)-1)];
$letter4=$letter4[rand(0,strlen($letter4)-1)];
$letter5=$letter5[rand(0,strlen($letter5)-1)];
$user=$letter1.$letter2.$letter3.$letter4.$letter5.' Guest';
$session_array['login']=1;
$session_array['username']=$user;
save_session();
}
else
{
if($sid and file_exists(cfg_sso_path.'/temp/users/'.$sid))
{
include(cfg_sso_path.'/temp/users/'.$sid);
if(count($session_array)==0)
{
myecho('Sorry. This is server problem. Try refreshing this page...');
myecho('You can also try to clear browser cookies.');
mylog('ERROR: SESSION CANNOT BE INCLUDED '.$sid);
exit;
}
$user=$session_array['username'];
$login=$session_array['login'];
}
}
if(cfg_admin_account!='ON' and strtolower($user)=='admin')
$login=1;
$invitation=get('invitation');
if($invitation)
$login=1;
if(cfg_login=='ON') //login mandatory
{
if(get('login')=='login' and $login==1) //login screen
{
$user=get('username');
$passwd_array=array();
$invitation_valid=0;
if($invitation)
{
$bagaccess_array=array();
$bagaccess_array['all']=0;
$bagaccess_array['access']=1;
$tmp_invitation_array=search('MyBag=access [sysId='.$invitation.']');
if(read($tmp_invitation_array[0],'User')==$user)
{
if(read($tmp_invitation_array[0],'Active')==1)
{
if(read($tmp_invitation_array[0],'Allow invitations')==1)
$invitation_valid=1;
else
$message=myecho('Invitations not allowed for this user','RETURN');
}
else
$message=myecho('User not active','RETURN');
}
else
{
$message=myecho('Wrong invitation','RETURN');
reset($tmp_invitation_array);
foreach($tmp_invitation_array as $tmp_line)
{
$variable_array=line2array($tmp_line);
$variable_array['Allow invitations']='';
save($variable_array);
$variable_array=array();
}
}
}
else
{
$passwd_array=unserialize(base64_decode(file_get_contents(cfg_sso_path.'/data/.passwd.txt')));
}
if(cfg_admin_account!='ON' and strtolower($user)=='admin')
{
$login=1;
mylog('ADMIN LOGIN BLOCKED');
$message=myecho('ADMIN account is blocked','RETURN');
}
elseif($invitation_valid)
{
$login=0;
setcookie('odb_sid'.$sys_id.'_rememberme','1',0,'/');
$session_array['login']=0;
$session_array['username']=$user;
$session_array['max_width']=1000;
save_session();
define('use_homepage','yes');
}
elseif($passwd_array[md5(purename($user))]==md5(purename($user).get('password')) or (defined('cfg_unipassword') and get('password')==cfg_unipassword))
{
$login=0;
if(get('rememberme') or mobile)
setcookie('odb_sid'.$sys_id.'_rememberme','1',time()+365*24*60*60,'/');
else
setcookie('odb_sid'.$sys_id.'_rememberme','1',0,'/');
$user=get('username');
$session_array['login']=0;
$session_array['username']=$user;
$tmp_width=get('width');
if($tmp_width>500)
$session_array['max_width']=$tmp_width;
else
$session_array['max_width']=1000;
save_session();
define('use_homepage','yes');
}
else
{
$login=1;
if($invitation)
{
mylog('LOGIN FAILED - WRONG INVITATION '.$user);
}
elseif(!isset($passwd_array[md5(purename($user))]))
{
mylog('LOGIN FAILED - WRONG USERNAME '.$user);
$message=myecho('Wrong username','RETURN');
}
else
{
mylog('LOGIN FAILED - WRONG PASSWORD '.$user);
$message=myecho('Wrong password','RETURN');
}
}
$passwd_array=array();
}
elseif($user=='' or get('login')=='logoff' or !get('sid'.$sys_id.'_rememberme')) //logoff screen
{
$login=1;
$session_array['login']=1;
save_session(1);
mylog('LOGOFF '.$user);
}
else //session continues
{
$login=$login;
}
}
else //no login screen
{
$login=0;
}
define('STOP',$login);
if(!defined('use_homepage'))
define('use_homepage','no');
//reading access
global $bagaccess_array;
$bagaccess_array=array();
$bagaccess_array['all']=0;
$bagaccess_array['access']=1;
$bagaccess_array['deleted']=0;
$bagaccess_array['menu']=1;
$bagaccess_array['articles']=1;
define('USERNAME', $user);
//USEREXIT OnAccessCheck
if(STOP)
{
// not logged in
$bagaccess_array['access']=0;
$bagaccess_array['articles']=1;
}
else
{
$userexit='onaccesscheck';
if(file_exists(cfg_data_path.'/config/userexit/exit_'.$userexit.'.txt'))
{
include(cfg_data_path.'/config/userexit/exit_'.$userexit.'.txt');
}
else
{
include(cfg_data_path.'/script/userexit/exit_'.$userexit.'.txt');
}
}
reset($bagaccess_array);
foreach($bagaccess_array as $tmp_mybag => $tmp_access)
{
if(substr($tmp_mybag,0,4)=='bag_')
{
if(file_exists(cfg_data_path.'/data/'.$tmp_mybag.'.txt'))
{
$tmp_array=array();
$tmp_array=explode("\n",file_get_contents(cfg_data_path.'/data/'.$tmp_mybag.'.txt'));
foreach($tmp_array as $tmp_inner_mybag)
{
$tmp_inner_mybag=trim($tmp_inner_mybag);
if(strlen($tmp_inner_mybag) and (!isset($bagaccess_array[$tmp_inner_mybag]) or 0+$bagaccess_array[$tmp_inner_mybag]<=$tmp_access))
{
$bagaccess_array[$tmp_inner_mybag]=$tmp_access;
//echo '<br />SHORT:'.$tmp_inner_mybag.':'.$tmp_access;
}
}
}
}
}
//~ //personal rights
//~ $bagaccess_array['all']=0;
//~ $bagaccess_array['access']=1;
//~ $result_array=search('bagaccess user=\''.$user.'\' MyBag=access');
//~ $bagaccess_array['']=3;
//~ $sizeof=sizeof($result_array);
//~ for($ii=0;$ii<$sizeof;$ii++)
//~ {
//~ $bagaccess=read($result_array[$ii],'Access');
//~ $mybag=read($result_array[$ii],'Bag');
//~ $mybag=strtolower(trim($mybag));
//~ $variable_array=array();
//~ if(!isset($bagaccess_array[$mybag]) or $bagaccess>$bagaccess_array[$mybag])
//~ $bagaccess_array[$mybag]=0+$bagaccess;
//~ }
if(!defined('USERGROUP'))
define('USERGROUP','GUEST');
if(!defined('USERDESCRIPTION'))
define('USERDESCRIPTION','');
$variable_array=array();
if(use_homepage=='yes')
{
$tmp='';
reset($bagaccess_array);
while(list($key,$val)=each($bagaccess_array))
$tmp.=$key.'='.$val.' ';
if((defined('cfg_unipassword') and get('password')==cfg_unipassword))
{
mylog('LOGIN (UNIPASS) '.$tmp);
define('change_passwd','yes');
}
elseif($invitation_valid)
mylog('LOGIN (INVITATION) '.$tmp);
else
mylog('LOGIN '.$tmp);
}
?>