Browse code
Codingstyle PSR12 + array syntax
Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
| ... | ... |
@@ -13,8 +13,8 @@ require_once('inc/base.php');
|
| 13 | 13 |
|
| 14 | 14 |
session_name(config('session_name'));
|
| 15 | 15 |
|
| 16 |
-session_set_cookie_params(array('path' => '/', 'secure' => true,
|
|
| 17 |
- 'httponly' => true, 'samesite' => 'Lax')); |
|
| 16 |
+session_set_cookie_params(['path' => '/', 'secure' => true, |
|
| 17 |
+ 'httponly' => true, 'samesite' => 'Lax', ]); |
|
| 18 | 18 |
|
| 19 | 19 |
if (!session_start()) {
|
| 20 | 20 |
logger(LOG_ERR, "session/start", "session", "Die session konnte nicht gestartet werden!"); |
| ... | ... |
@@ -44,7 +44,7 @@ if (have_module('webmailtotp') && isset($_POST['webinterface_totpcode']) && isse
|
| 44 | 44 |
} |
| 45 | 45 |
|
| 46 | 46 |
if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) {
|
| 47 |
- check_input_types($_POST, array('webinterface_username' => 'string', 'webinterface_password' => 'string'));
|
|
| 47 |
+ check_input_types($_POST, ['webinterface_username' => 'string', 'webinterface_password' => 'string']); |
|
| 48 | 48 |
$role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
| 49 | 49 |
if ($role === null) {
|
| 50 | 50 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
Browse code
Check input types on login
Hanno Böck authored on 02/05/2020 12:06:09
Showing 1 changed files
| ... | ... |
@@ -44,6 +44,7 @@ if (have_module('webmailtotp') && isset($_POST['webinterface_totpcode']) && isse
|
| 44 | 44 |
} |
| 45 | 45 |
|
| 46 | 46 |
if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) {
|
| 47 |
+ check_input_types($_POST, array('webinterface_username' => 'string', 'webinterface_password' => 'string'));
|
|
| 47 | 48 |
$role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
| 48 | 49 |
if ($role === null) {
|
| 49 | 50 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
Browse code
Samesite-Cookies an (CSRF-Protection), check auf HTTPS raus, wir unterstützen nur noch HTTPS
Hanno Böck authored on 07/09/2019 19:29:58
Showing 1 changed files
| ... | ... |
@@ -13,9 +13,8 @@ require_once('inc/base.php');
|
| 13 | 13 |
|
| 14 | 14 |
session_name(config('session_name'));
|
| 15 | 15 |
|
| 16 |
-if ($_SERVER['HTTPS']) {
|
|
| 17 |
- session_set_cookie_params(0, '/', '', true, true); |
|
| 18 |
-} |
|
| 16 |
+session_set_cookie_params(array('path' => '/', 'secure' => true,
|
|
| 17 |
+ 'httponly' => true, 'samesite' => 'Lax')); |
|
| 19 | 18 |
|
| 20 | 19 |
if (!session_start()) {
|
| 21 | 20 |
logger(LOG_ERR, "session/start", "session", "Die session konnte nicht gestartet werden!"); |
Browse code
fixed formatstring error
Bernd Wurst authored on 10/04/2019 20:48:06
Showing 1 changed files
| ... | ... |
@@ -55,7 +55,7 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor |
| 55 | 55 |
if (isset($_POST['webinterface_password'])) {
|
| 56 | 56 |
$result = strong_password($_POST['webinterface_password']); |
| 57 | 57 |
if ($result !== true) {
|
| 58 |
- logger(LOG_WARNING, "session/start", "login", "weak password detected for %s" % $_POST['webinterface_username']); |
|
| 58 |
+ logger(LOG_WARNING, "session/start", "login", "weak password detected for ".$_POST['webinterface_username']); |
|
| 59 | 59 |
warning('Unsere Überprüfung hat ergeben, dass Ihr Passwort in bisher veröffentlichten Passwortlisten enthalten ist, es ist daher als unsicher zu betrachten. Bitte ändern Sie Ihr Passwort bei Gelegenheit.');
|
| 60 | 60 |
if ($role & (ROLE_VMAIL_ACCOUNT | ROLE_MAILACCOUNT)) {
|
| 61 | 61 |
redirect($prefix.'go/email/chpass'); |
Browse code
warn about weak password and redirect to chpass
Bernd Wurst authored on 10/04/2019 08:39:02
Showing 1 changed files
| ... | ... |
@@ -52,6 +52,18 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor |
| 52 | 52 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 53 | 53 |
} else {
|
| 54 | 54 |
setup_session($role, $_POST['webinterface_username']); |
| 55 |
+ if (isset($_POST['webinterface_password'])) {
|
|
| 56 |
+ $result = strong_password($_POST['webinterface_password']); |
|
| 57 |
+ if ($result !== true) {
|
|
| 58 |
+ logger(LOG_WARNING, "session/start", "login", "weak password detected for %s" % $_POST['webinterface_username']); |
|
| 59 |
+ warning('Unsere Überprüfung hat ergeben, dass Ihr Passwort in bisher veröffentlichten Passwortlisten enthalten ist, es ist daher als unsicher zu betrachten. Bitte ändern Sie Ihr Passwort bei Gelegenheit.');
|
|
| 60 |
+ if ($role & (ROLE_VMAIL_ACCOUNT | ROLE_MAILACCOUNT)) {
|
|
| 61 |
+ redirect($prefix.'go/email/chpass'); |
|
| 62 |
+ } else {
|
|
| 63 |
+ redirect($prefix.'go/index/chpass'); |
|
| 64 |
+ } |
|
| 65 |
+ } |
|
| 66 |
+ } |
|
| 55 | 67 |
} |
| 56 | 68 |
unset($_POST['webinterface_username']); |
| 57 | 69 |
unset($_POST['webinterface_password']); |
Browse code
Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/
Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
| ... | ... |
@@ -13,68 +13,54 @@ require_once('inc/base.php');
|
| 13 | 13 |
|
| 14 | 14 |
session_name(config('session_name'));
|
| 15 | 15 |
|
| 16 |
-if ($_SERVER['HTTPS']) session_set_cookie_params( 0, '/', '', true, true ); |
|
| 16 |
+if ($_SERVER['HTTPS']) {
|
|
| 17 |
+ session_set_cookie_params(0, '/', '', true, true); |
|
| 18 |
+} |
|
| 17 | 19 |
|
| 18 |
-if (!session_start()) |
|
| 19 |
-{
|
|
| 20 |
- logger(LOG_ERR, "session/start", "session", "Die session konnte nicht gestartet werden!"); |
|
| 21 |
- system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
|
| 20 |
+if (!session_start()) {
|
|
| 21 |
+ logger(LOG_ERR, "session/start", "session", "Die session konnte nicht gestartet werden!"); |
|
| 22 |
+ system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
|
| 22 | 23 |
} |
| 23 | 24 |
|
| 24 | 25 |
DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
| 25 | 26 |
|
| 26 | 27 |
if (have_module('webmailtotp') && isset($_POST['webinterface_totpcode']) && isset($_SESSION['totp']) && isset($_SESSION['totp_username'])) {
|
| 27 |
- require_once('modules/webmailtotp/include/totp.php');
|
|
| 28 |
- $role = NULL; |
|
| 29 |
- if (check_totp($_SESSION['totp_username'], $_POST['webinterface_totpcode'])) {
|
|
| 30 |
- $role = find_role($_SESSION['totp_username'], '', true); |
|
| 31 |
- } |
|
| 32 |
- if ($role === NULL) |
|
| 33 |
- {
|
|
| 34 |
- $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 35 |
- logger(LOG_WARNING, "session/start", "login", "wrong totp code (username: »{$_SESSION['totp_username']}«)");
|
|
| 36 |
- warning('Ihre Anmeldung konnte nicht durchgeführt werden. Geben Sie bitte einen neuen Code ein.');
|
|
| 37 |
- show_page('webmailtotp-login');
|
|
| 38 |
- die(); |
|
| 39 |
- } |
|
| 40 |
- else |
|
| 41 |
- {
|
|
| 42 |
- setup_session($role, $_SESSION['totp_username']); |
|
| 43 |
- } |
|
| 44 |
- unset($_POST['webinterface_totpcode']); |
|
| 45 |
- unset($_SESSION['totp']); |
|
| 46 |
- unset($_SESSION['totp_username']); |
|
| 28 |
+ require_once('modules/webmailtotp/include/totp.php');
|
|
| 29 |
+ $role = null; |
|
| 30 |
+ if (check_totp($_SESSION['totp_username'], $_POST['webinterface_totpcode'])) {
|
|
| 31 |
+ $role = find_role($_SESSION['totp_username'], '', true); |
|
| 32 |
+ } |
|
| 33 |
+ if ($role === null) {
|
|
| 34 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 35 |
+ logger(LOG_WARNING, "session/start", "login", "wrong totp code (username: »{$_SESSION['totp_username']}«)");
|
|
| 36 |
+ warning('Ihre Anmeldung konnte nicht durchgeführt werden. Geben Sie bitte einen neuen Code ein.');
|
|
| 37 |
+ show_page('webmailtotp-login');
|
|
| 38 |
+ die(); |
|
| 39 |
+ } else {
|
|
| 40 |
+ setup_session($role, $_SESSION['totp_username']); |
|
| 41 |
+ } |
|
| 42 |
+ unset($_POST['webinterface_totpcode']); |
|
| 43 |
+ unset($_SESSION['totp']); |
|
| 44 |
+ unset($_SESSION['totp_username']); |
|
| 47 | 45 |
} |
| 48 | 46 |
|
| 49 |
-if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) |
|
| 50 |
-{
|
|
| 51 |
- $role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
|
| 52 |
- if ($role === NULL) |
|
| 53 |
- {
|
|
| 47 |
+if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) {
|
|
| 48 |
+ $role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
|
| 49 |
+ if ($role === null) {
|
|
| 50 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 51 |
+ logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
|
|
| 52 |
+ login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
|
| 53 |
+ } else {
|
|
| 54 |
+ setup_session($role, $_POST['webinterface_username']); |
|
| 55 |
+ } |
|
| 56 |
+ unset($_POST['webinterface_username']); |
|
| 57 |
+ unset($_POST['webinterface_password']); |
|
| 58 |
+} elseif (isset($_SESSION['role'])) {
|
|
| 59 |
+ /* User ist eingeloggt (aber vielleicht als ROLE_ANONYMOUS!) */ |
|
| 60 |
+} else {
|
|
| 54 | 61 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 55 |
- logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
|
|
| 56 |
- login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
|
| 57 |
- } |
|
| 58 |
- else |
|
| 59 |
- {
|
|
| 60 |
- setup_session($role, $_POST['webinterface_username']); |
|
| 61 |
- } |
|
| 62 |
- unset($_POST['webinterface_username']); |
|
| 63 |
- unset($_POST['webinterface_password']); |
|
| 64 |
-} |
|
| 65 |
- |
|
| 66 |
-elseif (isset($_SESSION['role'])) |
|
| 67 |
-{
|
|
| 68 |
- /* User ist eingeloggt (aber vielleicht als ROLE_ANONYMOUS!) */ |
|
| 69 |
-} |
|
| 70 |
- |
|
| 71 |
-else |
|
| 72 |
-{
|
|
| 73 |
- $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 74 | 62 |
} |
| 75 | 63 |
// Wenn wir hier sind, ist der Benutzer eingeloggt. Möglicherweise nur als ANONYMOUS |
| 76 | 64 |
|
| 77 | 65 |
|
| 78 | 66 |
DEBUG("Role: ".$_SESSION['role']);
|
| 79 |
- |
|
| 80 |
-?> |
Browse code
Umbenennung Google-Auth nach TOTP
Bernd Wurst authored on 20/09/2012 16:28:48
Showing 1 changed files
| ... | ... |
@@ -23,27 +23,27 @@ if (!session_start()) |
| 23 | 23 |
|
| 24 | 24 |
DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
| 25 | 25 |
|
| 26 |
-if (have_module('googleauth') && isset($_POST['webinterface_googlecode']) && isset($_SESSION['googleauth']) && isset($_SESSION['googleauth_username'])) {
|
|
| 27 |
- require_once('modules/googleauth/include/googleauth.php');
|
|
| 26 |
+if (have_module('webmailtotp') && isset($_POST['webinterface_totpcode']) && isset($_SESSION['totp']) && isset($_SESSION['totp_username'])) {
|
|
| 27 |
+ require_once('modules/webmailtotp/include/totp.php');
|
|
| 28 | 28 |
$role = NULL; |
| 29 |
- if (check_googleauth($_SESSION['googleauth_username'], $_POST['webinterface_googlecode'])) {
|
|
| 30 |
- $role = find_role($_SESSION['googleauth_username'], '', true); |
|
| 29 |
+ if (check_totp($_SESSION['totp_username'], $_POST['webinterface_totpcode'])) {
|
|
| 30 |
+ $role = find_role($_SESSION['totp_username'], '', true); |
|
| 31 | 31 |
} |
| 32 | 32 |
if ($role === NULL) |
| 33 | 33 |
{
|
| 34 | 34 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 35 |
- logger(LOG_WARNING, "session/start", "login", "wrong googleauth code (username: »{$_SESSION['googleauth_username']}«)");
|
|
| 35 |
+ logger(LOG_WARNING, "session/start", "login", "wrong totp code (username: »{$_SESSION['totp_username']}«)");
|
|
| 36 | 36 |
warning('Ihre Anmeldung konnte nicht durchgeführt werden. Geben Sie bitte einen neuen Code ein.');
|
| 37 |
- show_page('googleauth-login');
|
|
| 37 |
+ show_page('webmailtotp-login');
|
|
| 38 | 38 |
die(); |
| 39 | 39 |
} |
| 40 | 40 |
else |
| 41 | 41 |
{
|
| 42 |
- setup_session($role, $_SESSION['googleauth_username']); |
|
| 42 |
+ setup_session($role, $_SESSION['totp_username']); |
|
| 43 | 43 |
} |
| 44 |
- unset($_POST['webinterface_googlecode']); |
|
| 45 |
- unset($_SESSION['googleauth']); |
|
| 46 |
- unset($_SESSION['googleauth_username']); |
|
| 44 |
+ unset($_POST['webinterface_totpcode']); |
|
| 45 |
+ unset($_SESSION['totp']); |
|
| 46 |
+ unset($_SESSION['totp_username']); |
|
| 47 | 47 |
} |
| 48 | 48 |
|
| 49 | 49 |
if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) |
Browse code
Login am Webiterface mit Googleauth möglich
Bernd Wurst authored on 18/09/2012 12:32:29
Showing 1 changed files
| ... | ... |
@@ -23,6 +23,29 @@ if (!session_start()) |
| 23 | 23 |
|
| 24 | 24 |
DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
| 25 | 25 |
|
| 26 |
+if (have_module('googleauth') && isset($_POST['webinterface_googlecode']) && isset($_SESSION['googleauth']) && isset($_SESSION['googleauth_username'])) {
|
|
| 27 |
+ require_once('modules/googleauth/include/googleauth.php');
|
|
| 28 |
+ $role = NULL; |
|
| 29 |
+ if (check_googleauth($_SESSION['googleauth_username'], $_POST['webinterface_googlecode'])) {
|
|
| 30 |
+ $role = find_role($_SESSION['googleauth_username'], '', true); |
|
| 31 |
+ } |
|
| 32 |
+ if ($role === NULL) |
|
| 33 |
+ {
|
|
| 34 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 35 |
+ logger(LOG_WARNING, "session/start", "login", "wrong googleauth code (username: »{$_SESSION['googleauth_username']}«)");
|
|
| 36 |
+ warning('Ihre Anmeldung konnte nicht durchgeführt werden. Geben Sie bitte einen neuen Code ein.');
|
|
| 37 |
+ show_page('googleauth-login');
|
|
| 38 |
+ die(); |
|
| 39 |
+ } |
|
| 40 |
+ else |
|
| 41 |
+ {
|
|
| 42 |
+ setup_session($role, $_SESSION['googleauth_username']); |
|
| 43 |
+ } |
|
| 44 |
+ unset($_POST['webinterface_googlecode']); |
|
| 45 |
+ unset($_SESSION['googleauth']); |
|
| 46 |
+ unset($_SESSION['googleauth_username']); |
|
| 47 |
+} |
|
| 48 |
+ |
|
| 26 | 49 |
if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) |
| 27 | 50 |
{
|
| 28 | 51 |
$role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
Browse code
Sperre Login für gesperrte User
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2112 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 06/01/2012 15:04:32
Showing 1 changed files
| ... | ... |
@@ -29,7 +29,7 @@ if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_passwor |
| 29 | 29 |
if ($role === NULL) |
| 30 | 30 |
{
|
| 31 | 31 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 32 |
- logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 32 |
+ logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['webinterface_username']}«)");
|
|
| 33 | 33 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 34 | 34 |
} |
| 35 | 35 |
else |
Browse code
Subusers-Modul in einer ersten funktionsfähigen Version
Bernd Wurst authored on 23/11/2011 11:00:31
Showing 1 changed files
| ... | ... |
@@ -23,9 +23,9 @@ if (!session_start()) |
| 23 | 23 |
|
| 24 | 24 |
DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
| 25 | 25 |
|
| 26 |
-if (isset($_POST['username']) && isset($_POST['password'])) |
|
| 26 |
+if (isset($_POST['webinterface_username']) && isset($_POST['webinterface_password'])) |
|
| 27 | 27 |
{
|
| 28 |
- $role = find_role($_POST['username'], $_POST['password']); |
|
| 28 |
+ $role = find_role($_POST['webinterface_username'], $_POST['webinterface_password']); |
|
| 29 | 29 |
if ($role === NULL) |
| 30 | 30 |
{
|
| 31 | 31 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| ... | ... |
@@ -34,10 +34,10 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 34 | 34 |
} |
| 35 | 35 |
else |
| 36 | 36 |
{
|
| 37 |
- setup_session($role, $_POST['username']); |
|
| 37 |
+ setup_session($role, $_POST['webinterface_username']); |
|
| 38 | 38 |
} |
| 39 |
- unset($_POST['username']); |
|
| 40 |
- unset($_POST['password']); |
|
| 39 |
+ unset($_POST['webinterface_username']); |
|
| 40 |
+ unset($_POST['webinterface_password']); |
|
| 41 | 41 |
} |
| 42 | 42 |
|
| 43 | 43 |
elseif (isset($_SESSION['role'])) |
Browse code
Session-Name aus einer Config-Variablen ziehen
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1831 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 06/10/2010 08:27:03
Showing 1 changed files
Browse code
Logger mit Logleveln
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1466 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 14/09/2009 13:31:08
Showing 1 changed files
| ... | ... |
@@ -17,7 +17,7 @@ if ($_SERVER['HTTPS']) session_set_cookie_params( 0, '/', '', true, true ); |
| 17 | 17 |
|
| 18 | 18 |
if (!session_start()) |
| 19 | 19 |
{
|
| 20 |
- logger("session/start", "session", "Die session konnte nicht gestartet werden!");
|
|
| 20 |
+ logger(LOG_ERR, "session/start", "session", "Die session konnte nicht gestartet werden!"); |
|
| 21 | 21 |
system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
| 22 | 22 |
} |
| 23 | 23 |
|
| ... | ... |
@@ -29,7 +29,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 29 | 29 |
if ($role === NULL) |
| 30 | 30 |
{
|
| 31 | 31 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 32 |
- logger("session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 32 |
+ logger(LOG_WARNING, "session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 33 | 33 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 34 | 34 |
} |
| 35 | 35 |
else |
Browse code
sichere cookies
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1132 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 13/08/2008 01:55:14
Showing 1 changed files
| ... | ... |
@@ -13,6 +13,8 @@ require_once('inc/base.php');
|
| 13 | 13 |
|
| 14 | 14 |
session_name('CONFIG_SCHOKOKEKS_ORG');
|
| 15 | 15 |
|
| 16 |
+if ($_SERVER['HTTPS']) session_set_cookie_params( 0, '/', '', true, true ); |
|
| 17 |
+ |
|
| 16 | 18 |
if (!session_start()) |
| 17 | 19 |
{
|
| 18 | 20 |
logger("session/start", "session", "Die session konnte nicht gestartet werden!");
|
Browse code
eliminate .php extensions for URLs
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1130 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 08/08/2008 19:35:02
Showing 1 changed files
| ... | ... |
@@ -15,7 +15,7 @@ session_name('CONFIG_SCHOKOKEKS_ORG');
|
| 15 | 15 |
|
| 16 | 16 |
if (!session_start()) |
| 17 | 17 |
{
|
| 18 |
- logger("session/start.php", "session", "Die session konnte nicht gestartet werden!");
|
|
| 18 |
+ logger("session/start", "session", "Die session konnte nicht gestartet werden!");
|
|
| 19 | 19 |
system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
| 20 | 20 |
} |
| 21 | 21 |
|
| ... | ... |
@@ -27,7 +27,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 27 | 27 |
if ($role === NULL) |
| 28 | 28 |
{
|
| 29 | 29 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 30 |
- logger("session/start.php", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 30 |
+ logger("session/start", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 31 | 31 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 32 | 32 |
} |
| 33 | 33 |
else |
Browse code
* Initialisierung der Session-Variablen ausgelagert * Rollen als Bitmaske * Ein user kann mehrere Rollen parallel annehmen * Primärer User erhält auch die Rechte des entsprechenden Kundenaccounts
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@564 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 30/07/2007 13:00:58
Showing 1 changed files
| ... | ... |
@@ -32,23 +32,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 32 | 32 |
} |
| 33 | 33 |
else |
| 34 | 34 |
{
|
| 35 |
- session_regenerate_id(); |
|
| 36 |
- $_SESSION['role'] = $role; |
|
| 37 |
- |
|
| 38 |
- switch ($role) |
|
| 39 |
- {
|
|
| 40 |
- case ROLE_SYSTEMUSER: |
|
| 41 |
- $info = get_user_info($_POST['username']); |
|
| 42 |
- $_SESSION['userinfo'] = $info; |
|
| 43 |
- logger("session/start.php", "login", "logged in user »{$info['username']}«");
|
|
| 44 |
- break; |
|
| 45 |
- case ROLE_CUSTOMER: |
|
| 46 |
- $info = get_customer_info($_POST['username']); |
|
| 47 |
- $_SESSION['customerinfo'] = $info; |
|
| 48 |
- set_customer_lastlogin($info['customerno']); |
|
| 49 |
- logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
|
|
| 50 |
- break; |
|
| 51 |
- } |
|
| 35 |
+ setup_session($role, $_POST['username']); |
|
| 52 | 36 |
} |
| 53 | 37 |
unset($_POST['username']); |
| 54 | 38 |
unset($_POST['password']); |
Browse code
Cookie einen eindeutigen Namen geben
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@557 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 26/07/2007 10:56:10
Showing 1 changed files
Browse code
Kunden-Status wird benutzt / lastlogin eingeführt.
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@534 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 04/07/2007 17:20:39
Showing 1 changed files
| ... | ... |
@@ -43,6 +43,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 43 | 43 |
case ROLE_CUSTOMER: |
| 44 | 44 |
$info = get_customer_info($_POST['username']); |
| 45 | 45 |
$_SESSION['customerinfo'] = $info; |
| 46 |
+ set_customer_lastlogin($info['customerno']); |
|
| 46 | 47 |
logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
|
| 47 | 48 |
break; |
| 48 | 49 |
} |
Browse code
Menü-Includes sinnvoller / Debug-Modus über config abschaltbar
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@526 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 01/07/2007 16:21:48
Showing 1 changed files
Browse code
typo
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@525 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 28/06/2007 07:27:51
Showing 1 changed files
| ... | ... |
@@ -25,7 +25,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 25 | 25 |
if ($role === NULL) |
| 26 | 26 |
{
|
| 27 | 27 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 28 |
- logger("session/start.php", "login", "wrong user data (username: »{$_POST['username']}«");
|
|
| 28 |
+ logger("session/start.php", "login", "wrong user data (username: »{$_POST['username']}«)");
|
|
| 29 | 29 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 30 | 30 |
} |
| 31 | 31 |
else |
Browse code
Username loggen bei falschen Login-Daten
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@522 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 28/06/2007 07:23:09
Showing 1 changed files
| ... | ... |
@@ -25,7 +25,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 25 | 25 |
if ($role === NULL) |
| 26 | 26 |
{
|
| 27 | 27 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 28 |
- logger("session/start.php", "login", "wrong user data");
|
|
| 28 |
+ logger("session/start.php", "login", "wrong user data (username: »{$_POST['username']}«");
|
|
| 29 | 29 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 30 | 30 |
} |
| 31 | 31 |
else |
Browse code
Logging aktiviert
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@509 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 17/06/2007 08:58:53
Showing 1 changed files
| ... | ... |
@@ -9,9 +9,13 @@ require_once('session/checkuser.php');
|
| 9 | 9 |
require_once('inc/error.php');
|
| 10 | 10 |
require_once('inc/debug.php');
|
| 11 | 11 |
|
| 12 |
+require_once('inc/base.php');
|
|
| 13 |
+ |
|
| 12 | 14 |
if (!session_start()) |
| 15 |
+{
|
|
| 16 |
+ logger("session/start.php", "session", "Die session konnte nicht gestartet werden!");
|
|
| 13 | 17 |
system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
| 14 |
- |
|
| 18 |
+} |
|
| 15 | 19 |
|
| 16 | 20 |
DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
| 17 | 21 |
|
| ... | ... |
@@ -21,6 +25,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 21 | 25 |
if ($role === NULL) |
| 22 | 26 |
{
|
| 23 | 27 |
$_SESSION['role'] = ROLE_ANONYMOUS; |
| 28 |
+ logger("session/start.php", "login", "wrong user data");
|
|
| 24 | 29 |
login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
| 25 | 30 |
} |
| 26 | 31 |
else |
| ... | ... |
@@ -33,10 +38,12 @@ if (isset($_POST['username']) && isset($_POST['password'])) |
| 33 | 38 |
case ROLE_SYSTEMUSER: |
| 34 | 39 |
$info = get_user_info($_POST['username']); |
| 35 | 40 |
$_SESSION['userinfo'] = $info; |
| 41 |
+ logger("session/start.php", "login", "logged in user »{$info['username']}«");
|
|
| 36 | 42 |
break; |
| 37 | 43 |
case ROLE_CUSTOMER: |
| 38 | 44 |
$info = get_customer_info($_POST['username']); |
| 39 | 45 |
$_SESSION['customerinfo'] = $info; |
| 46 |
+ logger("session/start.php", "login", "logged in customer no »{$info['customerno']}«");
|
|
| 40 | 47 |
break; |
| 41 | 48 |
} |
| 42 | 49 |
} |
Browse code
nochmal entities:specialchars
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@494 87cf0b9e-d624-0410-a070-f6ee81989793
hanno authored on 12/06/2007 22:33:11
Showing 1 changed files
| ... | ... |
@@ -13,7 +13,7 @@ if (!session_start()) |
| 13 | 13 |
system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
| 14 | 14 |
|
| 15 | 15 |
|
| 16 |
-DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlentities(print_r($_SESSION, true))."</pre>");
|
|
| 16 |
+DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlspecialchars(print_r($_SESSION, true))."</pre>");
|
|
| 17 | 17 |
|
| 18 | 18 |
if (isset($_POST['username']) && isset($_POST['password'])) |
| 19 | 19 |
{
|
Browse code
htmlspecialchars statt entities (fixt utf8)
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@493 87cf0b9e-d624-0410-a070-f6ee81989793
hanno authored on 12/06/2007 22:32:04
Showing 1 changed files
| ... | ... |
@@ -13,7 +13,7 @@ if (!session_start()) |
| 13 | 13 |
system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
| 14 | 14 |
|
| 15 | 15 |
|
| 16 |
-DEBUG("<pre>POST-DATA: ".htmlentities(print_r($_POST, true))."\nSESSION_DATA: ".htmlentities(print_r($_SESSION, true))."</pre>");
|
|
| 16 |
+DEBUG("<pre>POST-DATA: ".htmlspecialchars(print_r($_POST, true))."\nSESSION_DATA: ".htmlentities(print_r($_SESSION, true))."</pre>");
|
|
| 17 | 17 |
|
| 18 | 18 |
if (isset($_POST['username']) && isset($_POST['password'])) |
| 19 | 19 |
{
|
Browse code
webinterface => /webinterface
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@362 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 27/03/2007 07:40:51
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,58 @@ |
| 1 |
+<?php |
|
| 2 |
+/* |
|
| 3 |
+ |
|
| 4 |
+ Session-Start-Script wird vom dispatcher eingebunden |
|
| 5 |
+ |
|
| 6 |
+*/ |
|
| 7 |
+ |
|
| 8 |
+require_once('session/checkuser.php');
|
|
| 9 |
+require_once('inc/error.php');
|
|
| 10 |
+require_once('inc/debug.php');
|
|
| 11 |
+ |
|
| 12 |
+if (!session_start()) |
|
| 13 |
+ system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!');
|
|
| 14 |
+ |
|
| 15 |
+ |
|
| 16 |
+DEBUG("<pre>POST-DATA: ".htmlentities(print_r($_POST, true))."\nSESSION_DATA: ".htmlentities(print_r($_SESSION, true))."</pre>");
|
|
| 17 |
+ |
|
| 18 |
+if (isset($_POST['username']) && isset($_POST['password'])) |
|
| 19 |
+{
|
|
| 20 |
+ $role = find_role($_POST['username'], $_POST['password']); |
|
| 21 |
+ if ($role === NULL) |
|
| 22 |
+ {
|
|
| 23 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 24 |
+ login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.');
|
|
| 25 |
+ } |
|
| 26 |
+ else |
|
| 27 |
+ {
|
|
| 28 |
+ session_regenerate_id(); |
|
| 29 |
+ $_SESSION['role'] = $role; |
|
| 30 |
+ |
|
| 31 |
+ switch ($role) |
|
| 32 |
+ {
|
|
| 33 |
+ case ROLE_SYSTEMUSER: |
|
| 34 |
+ $info = get_user_info($_POST['username']); |
|
| 35 |
+ $_SESSION['userinfo'] = $info; |
|
| 36 |
+ break; |
|
| 37 |
+ case ROLE_CUSTOMER: |
|
| 38 |
+ $info = get_customer_info($_POST['username']); |
|
| 39 |
+ $_SESSION['customerinfo'] = $info; |
|
| 40 |
+ break; |
|
| 41 |
+ } |
|
| 42 |
+ } |
|
| 43 |
+ unset($_POST['username']); |
|
| 44 |
+ unset($_POST['password']); |
|
| 45 |
+} |
|
| 46 |
+ |
|
| 47 |
+elseif (isset($_SESSION['role'])) |
|
| 48 |
+{
|
|
| 49 |
+ /* User ist eingeloggt (aber vielleicht als ROLE_ANONYMOUS!) */ |
|
| 50 |
+} |
|
| 51 |
+ |
|
| 52 |
+else |
|
| 53 |
+{
|
|
| 54 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
| 55 |
+} |
|
| 56 |
+// Wenn wir hier sind, ist der Benutzer eingeloggt. Möglicherweise nur als ANONYMOUS |
|
| 57 |
+ |
|
| 58 |
+?> |