Changeset 485 for trunk/phpbms/include/session.php
- Timestamp:
- 04/07/09 11:44:18 (3 years ago)
- Files:
-
- 1 modified
-
trunk/phpbms/include/session.php (modified) (9 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/phpbms/include/session.php
r402 r485 37 37 +-------------------------------------------------------------------------+ 38 38 */ 39 40 // Turn on/or off debugging 39 41 @ define("APP_DEBUG",true); 40 42 if(APP_DEBUG) 41 43 error_reporting(E_ALL); 42 44 45 46 // Error Class - This class reports errors. It can also log these errors 47 // to the phpBMS log table in some cases. 43 48 class appError{ 49 44 50 var $number=0; 45 51 var $title=""; … … 48 54 var $logerror=true; 49 55 var $format="xhtml"; 50 56 57 //init 51 58 function appError($number=0,$details="",$title="",$display=false,$stop=true,$logerror=true,$format="xhtml"){ 59 52 60 $this->title = $title; 53 54 55 61 $this->details = $details; 56 57 62 $this->stop = $stop; 58 63 59 64 $this->logerror = $logerror; 60 65 $this->format = $format; 61 66 $this->number = $number; 62 67 68 // find a predetermined title; 63 69 if($this->number<0){ 70 64 71 switch($number){ 72 case -300: 73 $this->title = "settings.php file not readable"; 74 $this->details = 75 'If this is the initial installation of the program, 76 you may wan to run the installer. Use your web browser to navigate to:<br /><br /> 77 78 <a href="'.APP_PATH.'install">phpBMS Installation</a><br /><br /> 79 80 If your application already has a settings.php file in the main phpbms directory, you may need to give your web server rights to read the file.'; 81 break; 65 82 case -400: 66 83 case -410: … … 71 88 case -460: 72 89 $this->title="Database Error"; 73 break; 74 } 75 } 76 90 break; 91 }//end case; 92 93 }//endif this->number 94 77 95 if($display || APP_DEBUG) $this->display($format); 78 96 if($logerror) $this->logError(); 79 97 if($this->stop) exit; 80 } 81 82 function display($format=NULL){ 83 84 if($format==NULL) 85 $format=$this->format; 86 98 99 }//eend function init 100 101 102 //This function outputs the error to screen either in 103 // XHTML, plain text, or JSON format 104 function display($format = NULL){ 105 106 if($format == NULL) 107 $format = $this->format; 108 87 109 switch(strtolower($format)){ 110 88 111 case "json": 89 112 90 echo "{\n"; 91 echo "\"error\" : { \"id\" : ".$this->number; 92 if($this->title) 93 echo ", \"title\" : \"".addslashes($this->title)."\""; 94 if($this->details) 95 echo ", \"details\" : \"".addslashes($this->details)."\""; 96 echo "\n}"; 97 98 break; 99 113 $return["id"] = $this->number; 114 $return["title"] = $this->title; 115 $return["details"] = $this->details; 116 117 echo json_encode($return); 118 119 break; 120 100 121 case "xhtml": 101 122 102 $this->details = str_replace("\n","<br />", htmlspecialchars($this->details,ENT_COMPAT,"UTF-8")); 123 // Unsure if this line is needed, as it limits what we can do with detail print out 124 //$this->details = str_replace("\n","<br />", htmlspecialchars($this->details,ENT_COMPAT,"UTF-8")); 103 125 104 126 if(defined("APP_PATH")){ 127 105 128 if(!defined("STYLESHEET")) 106 129 define("STYLESHEET","mozilla"); 107 ?><link href="<?php echo APP_PATH ?>common/stylesheet/<?php echo STYLESHEET ?>/base.css" rel="stylesheet" type="text/css" /><?php 130 131 ?><link href="<?php echo APP_PATH ?>common/stylesheet/<?php echo STYLESHEET ?>/base.css" rel="stylesheet" type="text/css" /><?php 132 108 133 } else { 109 //if the app_path is not defined, we can try including the mozilla stylesheet, relative to 134 135 //if the app_path is not defined, we can try including the mozilla stylesheet, relative to 110 136 // the assumed phpbms root 111 ?><link href="common/stylesheet/mozilla/base.css" rel="stylesheet" type="text/css" /><?php 137 ?><link href="common/stylesheet/mozilla/base.css" rel="stylesheet" type="text/css" /><?php 138 112 139 }//end if 140 113 141 ?><div class="bodyline"> 114 142 <h1><span>phpBMS Error: <?php echo $this->number; if($this->title) echo " ".$this->title?></span></h1> … … 118 146 </div> 119 147 <?php } //end if?> 120 </div><?php 121 122 break;123 148 </div><?php 149 150 break; 151 124 152 default: 125 153 126 154 echo "phpBMS Error: ".$this->number; 127 155 if($this->title) echo ": ".$this->title; 128 156 if($this->details) echo " - ".$this->details; 129 130 break;157 158 break; 131 159 }//end switch 132 160 }// end dispaly function 133 161 162 163 // this function logs the error in the phpBMS log table 134 164 function logError(){ 165 135 166 $message = $_SERVER["REQUEST_URI"]."\n"; 136 167 $message .= $this->number; 168 137 169 if($this->title) 138 170 $message.=": ".$this->title; 171 139 172 if($this->details) 140 173 $message.="\n\n".$this->details; 141 174 142 175 $log = new phpbmsLog($message,"ERROR"); 176 143 177 }//end logError 144 178 145 179 }//end appError class 146 180 181 182 // This is the class for logging items tot the phpBMS 183 // log table; 147 184 class phpbmsLog{ 148 149 var $db =NULL;150 var $type ="ERROR";151 var $value ="";152 var $userid =2;153 185 186 var $db = NULL; 187 var $type = "ERROR"; 188 var $value = ""; 189 var $userid = 2; 190 154 191 function phpbmsLog($value=NULL,$type=NULL,$userid=NULL,$db=NULL,$sendLog=true){ 155 192 … … 158 195 if($db){ 159 196 if(is_object($db)){ 160 $this->db=$db; 161 197 198 $this->db = $db; 199 162 200 $this->db->showError=false; 163 201 $this->db->logError=false; 164 202 $this->db->stopOnError=false; 165 } 166 } 167 else{ 203 204 }//endif object 205 206 } else { 207 168 208 if(class_exists("db")){ 209 169 210 $this->db= new db(false); 170 211 171 212 $this->db->showError=false; 172 213 $this->db->logError=false; 173 214 $this->db->stopOnError=false; 174 215 175 216 $this->db->connect(); 176 217 $this->db->selectSchema(); 177 } else 218 219 } else 178 220 return false; 179 } 180 221 222 }//endif db 223 181 224 if($value) 182 $this->value=$value; 225 $this->value = $value; 226 183 227 if($type) 184 $this->type=$type; 228 $this->type = $type; 229 185 230 if($userid) 186 $this->userid =((int) $userid);187 231 $this->userid = ((int) $userid); 232 188 233 if($sendLog) 189 234 return $this->sendLog(); 190 235 else 191 236 return true; 192 193 }//end function 194 237 238 }//end function init 239 240 241 // inserts record into log table 195 242 function sendLog(){ 196 197 $ip=$_SERVER["REMOTE_ADDR"]; 198 199 $querystatement="INSERT INTO `log` (`type`,`value`,`userid`,`ip`) VALUES ("; 200 $querystatement.="\"".mysql_real_escape_string($this->type)."\", "; 201 $querystatement.="\"".mysql_real_escape_string($this->value)."\", "; 202 $querystatement.=$this->userid.", "; 203 $querystatement.="\"".$ip."\")"; 204 205 $this->db->query($querystatement); 206 207 } 208 }//end phpbmslog 209 210 211 243 244 $ip = $_SERVER["REMOTE_ADDR"]; 245 246 $insertstatement = " 247 INSERT INTO 248 `log` 249 (`type`, `value`, `userid`, `ip`) VALUES ( 250 '".mysql_real_escape_string($this->type)."', 251 '".mysql_real_escape_string($this->value)."', 252 ".$this->userid.", 253 '".$ip."' 254 )"; 255 256 $this->db->query($insertstatement); 257 258 }//end function sendLog 259 260 }//end class phpbmslog 261 262 263 // This class handles the loading of the database, session and application 264 // variables, as well as verifying API level logins 212 265 class phpbmsSession{ 213 266 214 var $db =null;267 var $db = null; 215 268 216 269 function loadDBSettings($reportError = true){ 270 217 271 // This functions looks for the settings.php file, and loads 218 272 // the database variables as constants. As an added benefit 219 273 // it adds the phpBMS root as an included path. 220 221 $path=""; 222 $count=1; 274 223 275 224 276 //need to look for settings file... only go up a total of 10 directories 225 $currdirectory= getcwd(); 226 227 while(!file_exists("settings.php") and ($count<10)){ 277 $currdirectory = getcwd(); 278 279 //Prep the setting of the application path; 280 $currentURL = explode("/",$_SERVER["PHP_SELF"]); 281 array_pop($currentURL); 282 283 $count = 0; 284 $path = ""; 285 286 //We need to find the applications root 287 while(!file_exists("phpbmsversion.php") && $count < 9){ 288 228 289 $path.="../"; 229 290 @ chdir("../"); 230 291 $count++; 231 } 232 292 293 }//end while 294 295 //Now set the Web location (APP_PATH) 296 $appPath = "/"; 297 for($i = 0; $i < count($currentURL) - $count; $i++) 298 if($currentURL[$i]) 299 $appPath .= $currentURL[$i]."/"; 300 301 define("APP_PATH", $appPath); 302 233 303 $settingsfile = @ fopen("settings.php","r"); 304 234 305 if($settingsfile){ 235 //loop through the settings file and load variables into the session 306 307 //loop through the settings file and load variables into the session 236 308 while( !feof($settingsfile)) { 237 $line=NULL; 238 $key=NULL; 239 $value=NULL; 240 $line=fscanf($settingsfile,"%[^=]=%[^[]]",$key,$value); 309 310 $line = NULL; 311 $key = NULL; 312 $value = NULL; 313 $line = @ fscanf($settingsfile,"%[^=]=%[^[]]",$key,$value); 314 241 315 if ($line){ 316 242 317 $key=trim($key); 243 318 $value=trim($value); 244 if($key!="" and !strpos($key,"]")){ 319 320 if($key!="" and !strpos($key,"]")){ 321 245 322 $startpos=strpos($value,"\""); 246 323 $endpos=strrpos($value,"\""); 324 247 325 if($endpos!=false) 248 326 $value=substr($value,$startpos+1,$endpos-$startpos-1); 249 if(strpos($key,"mysql_")===0){ 327 328 if(strpos($key,"mysql_")===0) 250 329 define(strtoupper($key),$value); 251 } 252 } 253 } 254 } 255 330 331 }//endif key 332 333 }//endif line 334 335 }//endwhile 336 256 337 @ fclose($settingsfile); 257 338 … … 261 342 262 343 //this adds the phpbms root to the include path 263 if ( ! 264 265 266 267 268 269 270 define( "PATH_SEPARATOR", ";" );271 else272 273 344 if ( !defined( "PATH_SEPARATOR" ) ) { 345 346 //if we cannot determin the OS, we will assume its unix 347 if(!isset($_ENV["OS"])) 348 $_ENV["OS"] = "unix"; 349 350 if ( strpos( $_ENV["OS"], "Win" ) !== false ) 351 define( "PATH_SEPARATOR", ";" ); 352 else 353 define( "PATH_SEPARATOR", ":" ); 354 274 355 }//end if 275 356 276 $pathToAdd=@ getcwd(); 277 ini_set("include_path",ini_get("include_path").PATH_SEPARATOR.$pathToAdd); 278 279 //Now to set the path 280 $pathrev = strrev($_SERVER["PHP_SELF"]); 281 $choppos=0; 282 283 for($x=0;$x<$count;$x++) 284 $choppos = strpos($pathrev,"/",$choppos+1); 285 define("APP_PATH",strrev(substr($pathrev,$choppos))); 286 357 $pathToAdd = @ getcwd(); 358 359 //Now we include the root application path to php's include path 360 if(ini_set("include_path", ini_get("include_path").PATH_SEPARATOR.$pathToAdd) === false && $reportError) 361 $error = new appError(-310, "Your implementation of PHP does not allow changing of the include path. You may need to modify your PHP settings to allow phpBMS to modify this php ini setting. If you are using a web hosting company, you may need to contact them to allow this.", "Cannot add to include path", true, true, false); 362 363 364 //return directory to current directory 287 365 @ chdir ($currdirectory); 366 288 367 return $path; 368 289 369 } else { 370 290 371 if($reportError) 291 $error= new appError(-300,"You may need to run the install process, or set the permission on your settings file correctly.","Settings File Could Not Be Read",true,true,false); 372 $error = new appError(-300,"","",true,true,false); 373 292 374 return false; 293 } 375 376 }//endif settingsfile 377 294 378 }//end function 295 379 380 296 381 function loadSettings($encoding = "utf8"){ 297 // We are going to make sure that we are using utf8 382 383 // We are going to make sure that we are using utf8 298 384 // but it works only in mySQL 5, so we supress errors 299 385 // when trying it. 300 386 if($this->db==NULL) 301 387 $error=new appError(-310,"","Database not loaded"); 302 388 303 389 $this->db->logError = false; 304 390 $this->db->stopOnError = false; 305 391 306 392 $this->db->setEncoding($encoding); 307 393 308 394 $this->db->logError = true; 309 395 310 396 $querystatement = "SELECT name,value FROM settings"; 311 397 … … 313 399 314 400 if(!$queryresult){ 401 315 402 $error= new appError(-310,"If you have not ran the update script for phpBMS, please run it before logging in.","Could Not Retrieve Settings From Database"); 316 403 return false; 404 317 405 } else { 406 318 407 while($therecord=$this->db->fetchArray($queryresult)){ 319 408 320 409 //old versions used a reserved constant in certain php versions 321 410 if($therecord["name"] == "currency_symbol") 322 411 $therecord["name"] = "currency_sym"; 323 412 324 413 if(!defined(strtoupper($therecord["name"]))) 325 414 define(strtoupper($therecord["name"]),$therecord["value"]); … … 330 419 if(!isset($_SERVER['REQUEST_URI'])) { 331 420 $_SERVER['REQUEST_URI'] = $_SERVER['SCRIPT_NAME']; 332 421 333 422 if(!defined("HOUR_FORMAT")) 334 423 define("HOUR_FORMAT","%I"); 335 424 336 425 // Append the query string if it exists and isn't null 337 426 if (isset($_SERVER['QUERY_STRING']) && !empty($_SERVER['QUERY_STRING'])) … … 342 431 343 432 return true; 344 } 345 } 346 347 433 434 }//endif queryresult 435 436 }//end function 437 438 439 // This is in a function in case we want to do sessions differently in the future 348 440 function startSession(){ 349 // This is in a function in case we want to do sessions differently in the future 350 441 351 442 session_name("phpBMS".preg_replace('/\W/',"",APPLICATION_NAME)."v096ID"); 352 443 session_start(); 353 } 354 355 356 function verifyAPIlogin($user,$pass){ 357 $thereturn=false; 444 445 }//end function startSesion 446 447 448 function verifyAPIlogin($user, $pass){ 449 450 $thereturn = false; 358 451 $this->db->stopOnError = false; 359 360 $querystatement = "SELECT id, firstname, lastname, email, phone, department, employeenumber, admin 361 FROM users 362 WHERE login!=\"Scheduler\" AND login=\"".mysql_real_escape_string($user)."\" 363 AND password=ENCODE(\"".mysql_real_escape_string($pass)."\",\"".mysql_real_escape_string(ENCRYPTION_SEED)."\") 364 AND revoked=0 AND portalaccess=1"; 452 453 $querystatement = " 454 SELECT 455 id, 456 firstname, 457 lastname, 458 email, 459 phone, 460 department, 461 employeenumber, 462 admin 463 FROM 464 users 465 WHERE 466 login != 'Scheduler' 467 AND login = '".mysql_real_escape_string($user)."' 468 AND password = ENCODE('".mysql_real_escape_string($pass)."', '".mysql_real_escape_string(ENCRYPTION_SEED)."') 469 AND revoked = 0 470 AND portalaccess = 1"; 471 365 472 $queryresult = $this->db->query($querystatement); 473 366 474 if(!$queryresult) { 475 367 476 $error = new appError(-720,"","Error retrieving user record",true,true,true,"json"); 368 477 return false; 369 } 370 478 479 }//endif 480 371 481 if($this->db->numRows($queryresult)){ 482 372 483 //We found a record that matches in the database 373 484 // populate the session and go in 374 $_SESSION["userinfo"]=$this->db->fetchArray($queryresult); 375 376 $querystatement="UPDATE users SET modifieddate=modifieddate, lastlogin=Now() WHERE id = ".$_SESSION["userinfo"]["id"]; 377 $queryresult=@ $this->db->query($querystatement); 378 if(!$queryresult) { 485 $_SESSION["userinfo"] = $this->db->fetchArray($queryresult); 486 487 $querystatement = " 488 UPDATE 489 users 490 SET 491 modifieddate=modifieddate, 492 lastlogin=Now() 493 WHERE 494 id = ".$_SESSION["userinfo"]["id"]; 495 496 $queryresult = @ $this->db->query($querystatement); 497 498 if(!$queryresult) 379 499 $error = new appError(-730,"","Error Updating User Login Time",true,true,true,"json"); 380 } else 381 $thereturn=true; 382 } 383 return $thereturn; 384 } 385 386 }//end loginSession class 387 388 389 // Start Code 390 //================================================================================================================= 391 //php <4.3.0 compatibility 392 if(!function_exists("mysql_real_escape_string")){ 393 function mysql_real_escape_string($string){ 394 return mysql_escape_string($string); 395 } 396 397 function utf8_replaceEntity($result){ 398 $value = (int)$result[1]; 399 $string = ''; 400 401 $len = round(pow($value,1/8)); 402 403 for($i=$len;$i>0;$i--){ 404 $part = ($value & (255>>2)) | pow(2,7); 405 if ( $i == 1 ) $part |= 255<<(8-$len); 406 407 $string = chr($part) . $string; 408 409 $value >>= 6; 410 } 411 412 return $string; 413 } 414 415 if(!function_exists("mysql_real_escape_string")){ 416 function html_entity_decode($string){ 417 return preg_replace_callback('/&#([0-9]+);/u','utf8_replaceEntity',$string); 418 }//end function 419 }//end if 420 421 }// end PHP<4.3 compatibility 500 else 501 $thereturn = true; 502 503 }//endif numrows 504 505 return $thereturn; 506 507 }//end function verifyAPIlogin 508 509 510 //Check to see if install folders are present. If so, do not continue. 511 function checkForInstallDirs($errorFormat = "xhtml"){ 512 513 //first lets check for the main programs install folder 514 if(file_exists("install") && is_dir("install")) 515 $error = new appError(-353,"You must remove the install directory and all modules' install directories before phpBMS can run.","Main Install Directory Present",true,true,true,$errorFormat); 516 517 $thedir= @ opendir("modules"); 518 519 while($entry = readdir($thedir)){ 520 521 if($entry != "." && $entry != ".." && $entry != "base" && $entry != "sample" && is_dir("modules/".$entry)){ 522 523 if(file_exists("modules/".$entry."/install") && is_dir("modules/".$entry."/install")){ 524 525 $error = new appError(-354,"You must remove the install directory and all modules' install directories before phpBMS can run.","Module '".$entry."' Install Directory Present",true,true,true,$errorFormat); 526 527 }//endif 528 529 }//endif 530 531 }//end if 532 533 }//end function checkForInstallDirs 534 535 }//end phpbmsSession class 536 422 537 423 538 424 539 // Start Login verification Code 425 //============================================================================== ===================================540 //============================================================================== 426 541 if(!isset($sqlEncoding)) 427 542 $sqlEncoding = "utf8"; 428 543 429 544 if(!defined("noStartup")){ 545 430 546 $scriptname = basename($_SERVER["PHP_SELF"]); 431 547 $phpbmsSession = new phpbmsSession; 432 548 433 549 //Testing for API login 434 550 if(strpos($scriptname,"api_")!==false){ 435 551 if(isset($_POST["phpbmsusername"]) && isset($_POST["phpbmspassword"])){ 552 436 553 $phpbmsSession->loadDBSettings(APP_DEBUG); 437 554 555 if(!APP_DEBUG) 556 $phpbmsSession->checkForInstallDirs("json"); 557 438 558 include_once("include/db.php"); 439 559 $db = new db(); 440 560 $phpbmsSession->db = $db; 441 561 442 include_once("common_functions.php"); 562 include_once("common_functions.php"); 443 563 $phpbmsSession->loadSettings($sqlEncoding); 444 564 $phpbms = new phpbms($db); 445 446 565 566 447 567 if(!$phpbmsSession->verifyAPILogin($_POST["phpbmsusername"],$_POST["phpbmspassword"])) 448 568 $error = new appError(-700,"","Login credentials incorrect",true,true,true,"json"); 569 449 570 } else 450 571 $error= new appError(-710,"","No login credentials passed",true,true,true,"json"); 572 451 573 } else { 452 574 453 575 $phpbmsSession->loadDBSettings(APP_DEBUG); 454 455 576 577 if(!APP_DEBUG) 578 $phpbmsSession->checkForInstallDirs(); 579 580 //start database 456 581 include_once("include/db.php"); 457 582 $db = new db(); 458 583 459 584 $phpbmsSession->db = $db; 460 585 586 //load application settings from table 461 587 $phpbmsSession->loadSettings($sqlEncoding); 462 588 463 589 include_once("common_functions.php"); 464 590 $phpbms = new phpbms($db); 465 591 466 592 if(!isset($noSession)) 467 593 $phpbmsSession->startSession(); 468 594 469 595 if (!isset($_SESSION["userinfo"]) && $scriptname != "index.php") { 470 596 471 597 if(isset($loginNoKick)){ 598 472 599 if(!isset($loginNoDisplayError)) 473 600 exit(); 601 474 602 } else{ 603 475 604 goURL(APP_PATH."index.php"); 476 } 477 } 478 479 } 480 481 $db->stopOnError=true; 605 606 }//endif 607 608 }//endif iseet userinfo 609 610 }//endif 611 612 $db->stopOnError = true; 613 482 614 }//end if 483 615
