| [ Index ] |
|
Code source de Joomla 1.0.13 |
1 <?php 2 /** 3 * @version $Id: index.php 8078 2007-07-19 06:45:54Z robs $ 4 * @package Joomla 5 * @copyright Copyright (C) 2005 Open Source Matters. All rights reserved. 6 * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL, see LICENSE.php 7 * Joomla! is free software. This version may have been modified pursuant 8 * to the GNU General Public License, and as distributed it includes or 9 * is derivative of works licensed under the GNU General Public License or 10 * other free or open source software licenses. 11 * See COPYRIGHT.php for copyright notices and details. 12 */ 13 14 // Set flag that this is a parent file 15 define( '_VALID_MOS', 1 ); 16 17 if (!file_exists( '../configuration.php' )) { 18 header( 'Location: ../installation/index.php' ); 19 exit(); 20 } 21 22 require ( '../globals.php' ); 23 require_once( '../configuration.php' ); 24 25 // SSL check - $http_host returns <live site url>:<port number if it is 443> 26 $http_host = explode(':', $_SERVER['HTTP_HOST'] ); 27 if( (!empty( $_SERVER['HTTPS'] ) && strtolower( $_SERVER['HTTPS'] ) != 'off' || isset( $http_host[1] ) && $http_host[1] == 443) && substr( $mosConfig_live_site, 0, 8 ) != 'https://' ) { 28 $mosConfig_live_site = 'https://'.substr( $mosConfig_live_site, 7 ); 29 } 30 31 require_once ( '../includes/joomla.php' ); 32 include_once ( $mosConfig_absolute_path . '/language/'. $mosConfig_lang .'.php' ); 33 34 //Installation sub folder check, removed for work with SVN 35 if (file_exists( '../installation/index.php' ) && $_VERSION->SVN == 0) { 36 define( '_INSTALL_CHECK', 1 ); 37 include ($mosConfig_absolute_path .'/offline.php'); 38 exit(); 39 } 40 41 $option = strtolower( strval( mosGetParam( $_REQUEST, 'option', NULL ) ) ); 42 43 // mainframe is an API workhorse, lots of 'core' interaction routines 44 $mainframe = new mosMainFrame( $database, $option, '..', true ); 45 46 if (isset( $_POST['submit'] )) { 47 $usrname = stripslashes( mosGetParam( $_POST, 'usrname', NULL ) ); 48 $pass = stripslashes( mosGetParam( $_POST, 'pass', NULL ) ); 49 50 if($pass == NULL) { 51 echo "<script>alert('Please enter a password'); document.location.href='index.php?mosmsg=Please enter a password'</script>\n"; 52 exit(); 53 } 54 55 $query = "SELECT COUNT(*)" 56 . "\n FROM #__users" 57 . "\n WHERE (" 58 // Administrators 59 . "\n gid = 24" 60 // Super Administrators 61 . "\n OR gid = 25" 62 . "\n )" 63 ; 64 $database->setQuery( $query ); 65 $count = intval( $database->loadResult() ); 66 if ($count < 1) { 67 mosErrorAlert( _LOGIN_NOADMINS ); 68 } 69 70 $my = null; 71 $query = "SELECT u.*, m.*" 72 . "\n FROM #__users AS u" 73 . "\n LEFT JOIN #__messages_cfg AS m ON u.id = m.user_id AND m.cfg_name = 'auto_purge'" 74 . "\n WHERE u.username = " . $database->Quote( $usrname ) 75 . "\n AND u.block = 0" 76 ; 77 $database->setQuery( $query ); 78 $database->loadObject( $my ); 79 80 /** find the user group (or groups in the future) */ 81 if (@$my->id) { 82 $grp = $acl->getAroGroup( $my->id ); 83 $my->gid = $grp->group_id; 84 $my->usertype = $grp->name; 85 86 // Conversion to new type 87 if ((strpos($my->password, ':') === false) && $my->password == md5($pass)) { 88 // Old password hash storage but authentic ... lets convert it 89 $salt = mosMakePassword(16); 90 $crypt = md5($pass.$salt); 91 $my->password = $crypt.':'.$salt; 92 93 // Now lets store it in the database 94 $query = 'UPDATE #__users ' . 95 'SET password = '.$database->Quote($my->password) . 96 'WHERE id = '.(int)$my->id; 97 $database->setQuery($query); 98 if (!$database->query()) { 99 // This is an error but not sure what to do with it ... we'll still work for now 100 } 101 } 102 103 list($hash, $salt) = explode(':', $my->password); 104 $cryptpass = md5($pass.$salt); 105 106 if ( strcmp( $hash, $cryptpass ) || !$acl->acl_check( 'administration', 'login', 'users', $my->usertype ) ) { 107 mosErrorAlert("Incorrect Username, Password, or Access Level. Please try again", "document.location.href='index.php'"); 108 } 109 110 session_name( md5( $mosConfig_live_site ) ); 111 session_start(); 112 113 // construct Session ID 114 $logintime = time(); 115 $session_id = md5( $my->id . $my->username . $my->usertype . $logintime ); 116 117 118 // add Session ID entry to DB 119 $query = "INSERT INTO #__session" 120 . "\n SET time = " . $database->Quote( $logintime ) . ", session_id = " . $database->Quote( $session_id ) . ", userid = " . (int) $my->id . ", usertype = " . $database->Quote( $my->usertype) . ", username = " . $database->Quote( $my->username ) 121 ; 122 $database->setQuery( $query ); 123 if (!$database->query()) { 124 echo $database->stderr(); 125 } 126 127 // check if site designated as a production site 128 // for a demo site allow multiple logins with same user account 129 if ( $_VERSION->SITE == 1 ) { 130 // delete other open admin sessions for same account 131 $query = "DELETE FROM #__session" 132 . "\n WHERE userid = " . (int) $my->id 133 . "\n AND username = " . $database->Quote( $my->username ) 134 . "\n AND usertype = " . $database->Quote( $my->usertype ) 135 . "\n AND session_id != " . $database->Quote( $session_id ) 136 // this ensures that frontend sessions are not purged 137 . "\n AND guest = 1" 138 . "\n AND gid = 0" 139 ; 140 $database->setQuery( $query ); 141 if (!$database->query()) { 142 echo $database->stderr(); 143 } 144 } 145 146 $_SESSION['session_id'] = $session_id; 147 $_SESSION['session_user_id'] = $my->id; 148 $_SESSION['session_username'] = $my->username; 149 $_SESSION['session_usertype'] = $my->usertype; 150 $_SESSION['session_gid'] = $my->gid; 151 $_SESSION['session_logintime'] = $logintime; 152 $_SESSION['session_user_params'] = $my->params; 153 $_SESSION['session_userstate'] = array(); 154 155 session_write_close(); 156 157 $expired = 'index2.php'; 158 159 // check if site designated as a production site 160 // for a demo site disallow expired page functionality 161 if ( $_VERSION->SITE == 1 && @$mosConfig_admin_expired === '1' ) { 162 $file = $mainframe->getPath( 'com_xml', 'com_users' ); 163 $params =& new mosParameters( $my->params, $file, 'component' ); 164 165 $now = time(); 166 167 // expired page functionality handling 168 $expired = $params->def( 'expired', '' ); 169 $expired_time = $params->def( 'expired_time', '' ); 170 171 // if now expired link set or expired time is more than half the admin session life set, simply load normal admin homepage 172 $checktime = ( $mosConfig_session_life_admin ? $mosConfig_session_life_admin : 1800 ) / 2; 173 if (!$expired || ( ( $now - $expired_time ) > $checktime ) ) { 174 $expired = 'index2.php'; 175 } 176 // link must also be a Joomla link to stop malicious redirection 177 if ( strpos( $expired, 'index2.php?option=com_' ) !== 0 ) { 178 $expired = 'index2.php'; 179 } 180 181 // clear any existing expired page data 182 $params->set( 'expired', '' ); 183 $params->set( 'expired_time', '' ); 184 185 // param handling 186 if (is_array( $params->toArray() )) { 187 $txt = array(); 188 foreach ( $params->toArray() as $k=>$v) { 189 $txt[] = "$k=$v"; 190 } 191 $saveparams = implode( "\n", $txt ); 192 } 193 194 // save cleared expired page info to user data 195 $query = "UPDATE #__users" 196 . "\n SET params = " . $database->Quote( $saveparams ) 197 . "\n WHERE id = " . (int) $my->id 198 . "\n AND username = " . $database->Quote( $my->username ) 199 . "\n AND usertype = " . $database->Quote( $my->usertype ) 200 ; 201 $database->setQuery( $query ); 202 $database->query(); 203 } 204 205 // check if auto_purge value set 206 if ( $my->cfg_name == 'auto_purge' ) { 207 $purge = $my->cfg_value; 208 } else { 209 // if no value set, default is 7 days 210 $purge = 7; 211 } 212 // calculation of past date 213 $past = date( 'Y-m-d H:i:s', time() - $purge * 60 * 60 * 24 ); 214 215 // if purge value is not 0, then allow purging of old messages 216 if ($purge != 0) { 217 // purge old messages at day set in message configuration 218 $query = "DELETE FROM #__messages" 219 . "\n WHERE date_time < " . $database->Quote( $past ) 220 . "\n AND user_id_to = " . (int) $my->id 221 ; 222 $database->setQuery( $query ); 223 if (!$database->query()) { 224 echo $database->stderr(); 225 } 226 } 227 228 /** cannot using mosredirect as this stuffs up the cookie in IIS */ 229 // redirects page to admin homepage by default or expired page 230 echo "<script>document.location.href='$expired';</script>\n"; 231 exit(); 232 } else { 233 mosErrorAlert("Incorrect Username, Password, or Access Level. Please try again", "document.location.href='index.php?mosmsg=Incorrect Username, Password, or Access Level. Please try again'"); 234 } 235 } else { 236 initGzip(); 237 $path = $mosConfig_absolute_path . '/administrator/templates/' . $mainframe->getTemplate() . '/login.php'; 238 require_once( $path ); 239 doGzip(); 240 } 241 ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Wed Nov 21 14:43:32 2007 | par Balluche grâce à PHPXref 0.7 |
|
|