web/index.php line 84

Open in your IDE?
  1. <?php
  3. // use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
  5. // $Id: index.php,v 2.8 2011/06/13 13:40:57 zkonyves Exp $
  7. $targets = array('api.php''figments.php''download.php''internal/attachments_list.php''guest_login.php');
  9. foreach ($targets as $target) {
  10.     $url "/$target";
  11.     if (
  12.         (isset($_SERVER['REQUEST_URI']) && substr($_SERVER['REQUEST_URI'], 0strlen($url)) === $url)
  13.         || (isset($_SERVER['REDIRECT_URL']) && $_SERVER['REDIRECT_URL'] === $url)
  14.     ) {
  15.         include $target;
  16.         exit;
  17.     }
  18. }
  20. // $user = $kernel->getContainer()->get('session');
  21. require_once "../includes/prepend.php";
  22. require "../includes/prepend_session_loader.php";
  23. require_once "classes/class.user.php";
  24. require_once  "classes/class.report_usage_activity.php";
  25. // $user = $kernel->getContainer()->get('security');
  26. // echo "<pre>";var_dump($_SESSION['_sf2_attributes']["_security_main"]);exit;
  27. // echo "<pre>";var_dump($kernel->getContainer()->get("security.csrf.token_manager")->getToken("_csrf_token"));exit;
  28. $report = new ReportUsageActivity();
  29. //AcM//include_once( "classes/xmlrpc.authenticate.php" );
  31. $vars    =    array_merge($_GET$_POST$vars);
  33. // $_REQUEST
  34. $varsVariables = [
  35.     'username'
  36. ];
  37. foreach ($varsVariables as $value) {
  38.     if (!isset($vars[$value])) {
  39.         $vars[$value] = null;
  40.     }
  41. }
  42. //AcM//$auth    =&  new xmlrpcAuthenticate( $Config->xmlrpc['authenticate']['server'], $Config->xmlrpc['server'], "taskmeister", false );
  43. $User    =    new User_Class($db);
  45. if (!isset($vars['action'])) {
  46.     $vars['action'] = '';
  47. }
  49. // sign out the user to avoid circulaar redirections
  50. // if (isset($_SESSION['last_login_try']) && (time() - $_SESSION['last_login_try'] < 2)) {
  51. //     $_SESSION['page_retry_count']++;
  52. // } else {
  53. //     $_SESSION['page_retry_count'] = 0;
  54. // }
  55. // if ($_SESSION['page_retry_count'] > 4) {
  56. //     $_SESSION['page_retry_count'] = 0;
  57. //     unset($_SESSION['S']);
  58. //     unset($_SESSION['user_id']);
  59. //     unset($_SESSION['username']);
  60. //     session_destroy();
  61. //     setcookie($Config->cookie_name, "", time() - 3600, $Config->cookie_path, $Config->cookie_domain, 0);
  62. //     // redirect("/main.php?mode=logout".($_SESSION['TMUser']->username ? ("&username=" . $_SESSION['TMUser']->username) : ""));
  64. //     // App can only have one entry point
  65. //     // Patch all redirects to URLs other than index.php
  66. //     // to require the appropriate PHP file instead.
  67. //     $_GET["mode"] = "logout";
  68. //     $_GET["username"] = !empty($_SESSION['TMUser']->username) ? $_SESSION['TMUser']->username : "";
  69. //     require "main.php";
  70. //     exit;
  71. // }
  72. $_SESSION['last_login_try'] = time();
  73. if (!isset($_COOKIE[$Config->cookie_name])) {
  74.     $_COOKIE[$Config->cookie_name] = null;
  75. }
  77. if ($vars['action'] != "logged_out") {
  78.     if (isset($_SESSION['user_id'])) {
  79.         // redirect("/main.php" . (isset($vars['mode']) ? "?mode=" . $vars['mode'] : ""));
  81.         $_GET["mode"] = !empty($vars['mode']) ? $vars['mode'] : "";
  82.         require "main.php";
  83.         exit;
  84.     } elseif (strlen($_COOKIE[$Config->cookie_name])) {
  85.         $_SESSION['TMUser'] = new TaskMeisterUser();
  86.         if ($_SESSION['TMUser']->loginByAuthKey($_COOKIE['authKey'])) {
  87.             if (strpos($_SERVER['PHP_SELF'], "index.php") !== false && $vars['username'] ?? null != $_SESSION['TMUser']->userInfo['username'] && (strlen($_SESSION['TMUser']->userInfo['username']) && 0)) {
  88.                 header("Location: index.php?mode=logout");
  89.                 exit();
  90.             }
  91.             if (!$_SESSION['TMUser']->hasToolAccess($_SESSION['TMUser']->user_id$_SESSION['TMUser']->tool_id) || strlen($_SESSION['TMUser']->login_error) > 5) {
  92.                 $vars['username'] = $vars['username'] ? $vars['username'] : $_SESSION['TMUser']->userInfo['username'];
  93.                 $vars['error'] = strlen($_SESSION['TMUser']->login_error) > $_SESSION['TMUser']->login_error "Invalid username/password";
  94.                 unset($_SESSION['TMUser']);
  95.                 unset($_SESSION['S']);
  96.                 unset($_SESSION['user_id']);
  97.             } else {
  98.                 $_SESSION['user_id'] = $_SESSION['TMUser']->user_id;
  99.                 $_SESSION['username'] = $_SESSION['TMUser']->username;
  101.                 $_SESSION['all_company_ids'] = array($_SESSION['TMUser']->primary_company_id);
  102.                 if ($_SESSION['TMUser']->hasPermission("sub_companies.manage")) {
  103.                     $_SESSION['all_company_ids'] = ($_SESSION['all_company_ids'] + $_SESSION['TMUser']->child_company_ids);
  104.                 }
  105.             }
  106.         } else {
  107.             unset($_SESSION['TMUser']);
  108.             if (!isset($Config->web_prefix)) {
  109.                 $Config->web_prefix null;
  110.             }
  111.             setcookie($Config->cookie_name""time() - 3600$Config->cookie_path$Config->cookie_domain0);
  112.             if ($_SERVER['PHP_SELF'] != $Config->web_prefix "index.php") {
  113.                 header("Location: " $Config->web_prefix "index.php");
  114.                 exit();
  115.             }
  116.         }
  118.         if ($_SESSION['TMUser']->logged_in && $_SESSION['user_id']) {
  119.             $user_prefs $User->getUserPrefs($_SESSION['user_id']);
  120.             $view_mode    =    $user_prefs['view_mode'] == "list" || $user_prefs['view_mode'] == "calendar" $user_prefs['view_mode'] : "calendar";
  122.             if ($_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
  123.                 // redirect($Config->web_prefix."main.php?mode=pref");
  125.                 $_GET["mode"] = "pref";
  126.                 require "main.php";
  127.                 exit;
  128.             } else {
  129.                 $_GET["mode"] = $view_mode;
  130.                 require "main.php";
  131.                 exit;
  132.                 // redirect((isset($_SESSION['request_location']) ? $_SESSION['request_location'] : $Config->web_prefix."main.php?mode=" . $view_mode));
  133.             }
  134.         }
  135.     }
  136. } else {
  137.     $url "/index.php";
  138.     if (isset($vars) && isset($vars['username']) && !empty($vars['username'])) {
  139.         $url .= "?username={$vars['username']}";
  140.     }
  141.     redirect($url);
  142. }
  144. if ($vars['action'] == "login") {
  145.     $_SESSION['TMUser'] = new TaskMeisterUser();
  146.     if ($_SESSION['TMUser']->login($vars['username'], $vars['password'])) {
  147.         if (
  148.             !$_SESSION['TMUser']->hasToolAccess(
  149.                 $_SESSION['TMUser']->user_id,
  150.                 $_SESSION['TMUser']->tool_id
  151.             ) ||
  152.             strlen($_SESSION['TMUser']->login_error) > 5
  153.         ) {
  154.             $vars['error'] = strlen($_SESSION['TMUser']->login_error) > $_SESSION['TMUser']->login_error "Invalid username/password";
  155.             unset($_SESSION['TMUser']);
  156.             unset($_SESSION['S']);
  157.             unset($_SESSION['user_id']);
  158.         } else {
  159.             $_SESSION['user_id']    = $_SESSION['TMUser']->user_id;
  160.             $_SESSION['username']   = $_SESSION['TMUser']->getUsernameByID($_SESSION['TMUser']->user_id);
  162.             // get UserPrefs
  163.             $user_prefs $User->getUserPrefs($_SESSION['user_id']);
  164.             $view_mode                =    $user_prefs['view_mode'] == "list" || $user_prefs['view_mode'] == "calendar" $user_prefs['view_mode'] : "calendar";
  165.             //$view_mode                = "first_view";
  166.             $report->login();
  167.             if (!isset($_SERVER['SERVER_ADDR'])) {
  168.                 $_SERVER['SERVER_ADDR'] = null;
  169.             }
  170.             if (!isset($_SERVER['REMOTE_ADDR'])) {
  171.                 $_SERVER['REMOTE_ADDR'] = null;
  172.             }
  173.             if ($_SERVER['SERVER_ADDR'] == $_SERVER['REMOTE_ADDR']) {
  174.                 // redirect($Config->web_prefix."main.php?mode=pref&a=login");
  176.                 $_GET["mode"] = "pref";
  177.                 $_GET["a"] = "login";
  178.                 require "main.php";
  179.                 exit;
  180.             } else {
  181.                 // redirect((isset($_SESSION['request_location']) ? $_SESSION['request_location'] : $Config->web_prefix."main.php?mode=" . $view_mode.'&a=login'));
  183.                 $_GET["mode"] = $view_mode;
  184.                 $_GET["a"] = "login";
  185.                 require "main.php";
  186.                 exit;
  187.             }
  188.         }
  189.     } else {
  190.         $vars['error'] = strlen($_SESSION['TMUser']->login_error) > $_SESSION['TMUser']->login_error "Invalid username/password";
  191.     }
  192. } elseif ($vars['action'] == "guest_login" || isset($vars['guest_username'])) {
  193.     $guest_enabled false;
  194.     $_SESSION['TMUser'] = new TaskMeisterUser();
  195.     $user_data $_SESSION['TMUser']->getUserDataByUsername($vars['guest_username']);
  196.     if (count($user_data)) {
  197.         if ($_SESSION['TMUser']->hasToolAccess($user_data['user_id'], 1)) {
  198.             $User = new User_Class($db);
  199.             $user_prefs $User->getUserPrefs($user_data['user_id']);
  200.             if ($user_prefs['guest_enabled']) {
  201.                 $guest_enabled true;
  202.             }
  203.         }
  204.     }
  205.     //$res = $db->query("SELECT * FROM user_prefs WHERE username = '" . $vars['guest_username'] . "' AND guest_enabled = 1");
  206.     //if( $db->num_rows($res) == 1 ) {
  207.     if ($guest_enabled) {
  208.         //$data = $db->fetch_array($res);
  209.         $data $user_prefs;
  210.         $guest_login false;
  211.         if (strlen($data['guest_password'])) {
  212.             if ($vars['guest_password'] == $data['guest_password']) {
  213.                 $guest_login true;
  214.             } elseif ($vars['use_password']) {
  215.                 $vars['guest_error'] = "Invalid Guest Username/Password";
  216.             }
  217.         } else {
  218.             $guest_login true;
  219.         }
  222.         if ($guest_login) {
  223.             // log the user in
  224.             $user_id $data['user_id'];
  226.             // create a session class instance.
  227.             $_SESSION['S'] = new Session_Class($user_id$db);
  228.             $_SESSION['S']->comp_id $_SESSION['TMUser']->getPrimaryCompanyId($user_data['user_id']);
  229.             $_SESSION['TMUser']->primary_company_id $_SESSION['S']->comp_id;
  230.             $_SESSION['S']->set_selection_to_all();
  231.             $_SESSION['S']->set_tmpl_selection_to_all();
  232.             $_SESSION['S']->group_id $_SESSION['TMUser']->getGroupIDByGroup_name('guest');
  233.             $_SESSION['S']->is_guest true;
  234.             $_SESSION['S']->all_companies = array($_SESSION['S']->comp_id);
  235.             $_SESSION['user_id'] = $user_id;
  236.         }
  237.     } else {
  238.         $vars['guest_error'] = "The username you entered does not belong to a valid Task Meister account<br />".
  239.         "or the user does not have their guest account enabled.";
  240.     }
  242.     if (isset($_SESSION['user_id'])) {
  243.         // redirect("/main.php?mode=calendar&a=login");
  245.         $_GET["mode"] = "calendar";
  246.         $_GET["a"] = "login";
  247.         require "main.php";
  248.         exit;
  249.     }
  250. }
  251. if (!isset($vars['error'])) {
  252.     $vars['error'] = null;
  253. }
  254. if (!isset($vars['guest_error'])) {
  255.     $vars['guest_error'] = null;
  256. }
  257. if (!isset($vars['username'])) {
  258.     $vars['username'] = null;
  259. }
  260. if (!isset($vars['guest_username'])) {
  261.     $vars['guest_username'] = null;
  262. }
  264. $tpl->assign("page_title""Task Manager: Login" . ($vars['error'] != "" || $vars['guest_error'] != "" " Error" ""));
  266. $tpl->assign("accessmeister_url"$Config->accessmeister_url);
  268. $tpl->assign("error"$vars['error']);
  269. $tpl->assign("guest_error"$vars['guest_error']);
  270. $tpl->assign("username"$vars['username']);
  271. $tpl->assign("guest_username"$vars['guest_username']);
  272. $tpl->assign('company_header_image'"images/header.gif");
  273. $tpl->assign("help_page"'<a href="http://helpmeister.bizware.com/display.php/taskmeister?108" target="helpmeister" title="Help with this page">' . ($vars['view'] == "normal" '<img src="/images/help.gif" width="20" height="20" alt="Help with this page" border="0" />' "Help") . '</a>');
  274. $tpl->assign("login_button", ($vars['view'] == "normal" '<input type="image" alt="submit"  src="/images/buttons'.$company_style.'/login_off.gif" onfocus="submit_flip(this, \'/images/buttons'.$company_style.'/login_on.gif\');" onmouseover="submit_flip(this, \'/images/buttons'.$company_style.'/login_on.gif\');" onblur="submit_flip(this, \'/images/buttons'.$company_style.'/login_off.gif\');" border="0" tabindex="3">' '<a href="javascript:document.login.submit();" tabindex="3">[ Login ]</a>'));
  275. $tpl->assign("guest_login_button", ($vars['view'] == "normal" '<input type="image" alt="submit"  src="/images/buttons'.$company_style.'/login_off.gif" onfocus="submit_flip(this, \'/images/buttons'.$company_style.'/login_on.gif\');" onmouseover="submit_flip(this, \'/images/buttons'.$company_style.'/login_on.gif\');" onblur="submit_flip(this, \'/images/buttons'.$company_style.'/login_off.gif\');" border="0" tabindex="6">' '<a href="javascript:document.guest_login.submit();" tabindex="6">[ Login ]</a>'));
  276. $tpl->display("login.tpl");