// Copyright: Copyright (C) 2002-2007 Pristine Communications // Set the include path if (!defined("INCPATH_SET")) { require_once dirname(__FILE__) . "/incpath.inc.php"; } // Referenced subroutines require_once "monica/cgiemu.inc.php"; require_once "monica/chkpriv.inc.php"; require_once "monica/encrypt.inc.php"; require_once "monica/getlang.inc.php"; require_once "monica/guest.inc.php"; require_once "monica/http.inc.php"; require_once "monica/lninfo.inc.php"; require_once "monica/logout.inc.php"; require_once "monica/scptpriv.inc.php"; require_once "monica/sql.inc.php"; require_once "monica/userhome.inc.php"; require_once "monica/usrconst.inc.php"; if (!defined("REMEMBER_COOKIE")) { define("REMEMBER_COOKIE", "qySxnXvjNxv0aDAs"); } if (!defined("FAILURE_DELAY")) { define("FAILURE_DELAY", 5); } // use_users: Use user/membership system function use_users() { // Cache the result static $cache; // Return the cache if (isset($cache)) { return $cache; } // Find in the available tables $cache = in_array("users", sql_tables()); return $cache; } // userinfo_url: The URL to update the user information function userinfo_url() { // Cache the result static $cache; // Return the cache if (isset($cache)) { return $cache; } $is_admin = is_guest()? is_admin_script(): is_admin(); if ($is_admin) { $args = array(); $args[] = "form=cur"; $args[] = "sn=" . urlencode(get_login_sn()); $cache = userhome() . "users.php?" . implode("&", $args); } else { $cache = userhome() . "myinfo.php"; } return $cache; } // get_login_sn: Obtain the user serial number or the current logged-in user function get_login_sn() { return isset($_SESSION) && array_key_exists("usersn", $_SESSION)? $_SESSION["usersn"]: null; } // get_login_id: Obtain the user ID. of the current logged-in user function get_login_id() { return isset($_SESSION) && array_key_exists("userid", $_SESSION)? $_SESSION["userid"]: null; } // get_login_name: Obtain the full name of the current logged-in user function get_login_name() { return isset($_SESSION) && array_key_exists("username", $_SESSION)? $_SESSION["username"]: null; } // get_login_groups: Obtain the groups of the current logged-in user function get_login_groups() { return isset($_SESSION) && array_key_exists("groups", $_SESSION)? $_SESSION["groups"]: array(); } // upd_login_info: Update the logged-in infomation function upd_login_info() { // Return if not logged-in from the web yet if (IS_CGI && is_null(get_login_sn())) { return; } // Lock the necessary tables $locks = array("users" => LOCK_EX, "groups" => LOCK_SH, "usermem" => LOCK_SH, "groupmem" => LOCK_SH); sql_lock($locks); // Begin the SQL transaction sql_begin(); // Lock the necessary tables $locks = array("users" => LOCK_EX, "groups" => LOCK_SH, "usermem" => LOCK_SH, "groupmem" => LOCK_SH); sql_lock($locks); // Web applications save the login information in session as user S/N if (IS_CGI) { // Fetch the user infomation $found = false; if (!preg_match("/^[1-9]\d{8}$/", get_login_sn())) { $found = false; } else { $select = "SELECT * FROM users" . " WHERE sn=" . get_login_sn() . ";\n"; $result = sql_query($select); $found = (sql_num_rows($result) == 1); } // User does not exist anymore if (!$found) { logout(); if ($_SERVER["REQUEST_METHOD"] == "POST") { http_303("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html"); } else { http_307("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html"); } // No need to return exit; } // Act as the current user on the console } else { $pwent = posix_getpwuid(posix_geteuid()); // Password entry is gone for this user if ($pwent === false) { if ($_SERVER["REQUEST_METHOD"] == "POST") { http_303("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html"); } else { http_307("/" . getlang(LN_FILENAME) . "/misc/loginchanged.html"); } } $userid = $pwent["name"]; // Fetch the user infomation $select = "SELECT * FROM users" . " WHERE id='" . sql_esctext($userid) . "';\n"; $result = sql_query($select); // This user is not in the list of the users for the current package if (sql_num_rows($result) != 1) { http_403(); } } $row = sql_fetch_assoc($result); // Remember the user if (array_key_exists("remember", $_SESSION)) { // Remember me if ($_SESSION["remember"]) { setcookie(REMEMBER_COOKIE, encrypt($row["id"]), time() + 86400 * 365, "/"); // Forget me } else { setcookie(REMEMBER_COOKIE, "", time() - 1, "/"); } unset($_SESSION["remember"]); // Update the remembered user ID } elseif (array_key_exists(REMEMBER_COOKIE, $_COOKIE) && decrypt($_COOKIE[REMEMBER_COOKIE]) !== $row["id"]) { setcookie(REMEMBER_COOKIE, encrypt($row["id"]), time() + 86400 * 365, "/"); } // Update the user ID and full name $_SESSION["usersn"] = $row["sn"]; $_SESSION["userid"] = $row["id"]; $_SESSION["username"] = $row["name"]; // Update the preferred language $lang = getlang(); if ($row["lang"] != $lang) { $update = "UPDATE users SET lang='" . sql_esctext($lang) . "'" . " WHERE sn=" . get_login_sn() . ";\n"; sql_query($update); } // Update the groups $_SESSION["groups"] = user_parent_groups(get_login_sn()); $_SESSION["guest"] = in_array(GUEST_GROUP, $_SESSION["groups"]); $_SESSION["admin"] = in_array(ADMIN_GROUP, $_SESSION["groups"]); // Commit the SQL transaction sql_commit(); // Unlock the previously locked SQL tables sql_lock(); return; } ?>