global.php

jsp程序开发系统

<?php
// +-------------------------------------------------------------+
// | DeskPRO v [2.0.1 Production]
// | Copyright (C) 2001 - 2004 Headstart Solutions Limited
// | Supplied by WTN-WDYL
// | Nullified by WTN-WDYL
// | Distribution via WebForum, ForumRU and associated file dumps
// +-------------------------------------------------------------+
// | DESKPRO IS NOT FREE SOFTWARE
// +-------------------------------------------------------------+
// | License ID : Full Enterprise License =) ...
// | License Owner : WTN-WDYL Team
// +-------------------------------------------------------------+
// | $RCSfile: global.php,v $
// | $Date: 2004/02/12 21:16:57 $
// | $Revision: 1.62 $
// +-------------------------------------------------------------+
// | File Details:
// | - Initialization and authentication (administration interface)
// +-------------------------------------------------------------+

error_reporting(E_ALL & ~E_NOTICE);

############################### INCLUDE FILES ###############################

define('ADMINZONE', 1);
define('LOC_JAVASCRIPT', './../includes/javascript/');
define('LOC_IMAGES', './../images/');
define('LOC_CSS', './../includes/css/');
define('INCLUDE_PATH', './../includes/');

require_once(INCLUDE_PATH . 'init.php');
require_once(INCLUDE_PATH . 'config.php');

############################### SECURITY CHECK ###############################

if (!developer_check(1)) {
	if (file_exists('./../install/index.php')) {
		
		echo "<html><body><p>Security alert! index.php was found in the /install/ folder. This file (or the install directory) must be deleted or renamed via FTP, SSH, or telnet
			before the administration interface will run.</p></body></html>";
		exit();
	}
}

############################### SESSIONS / USER DATA ###############################

// log out
if ($_REQUEST['do'] == 'logout') {

	// it needs to be a valid session before we can log out of it otherwise we are just adding
	// entries to tech_log that we shouldn't be
	$session = validate_session(NULL, NULL, 1);

	logout_tech_session($_COOKIE['dp_admin_sessionid'], $session['techid']);
	global_login('You have been logged out.', 1);
}

// If we are *NOT* showing the login page or running a cron job, perform authentication checks
if (!defined('LOGIN') and !(defined('CRONZONE'))) { 
	
	$session = validate_session(NULL, NULL, 1);

	if ($_REQUEST['original_uri']) {
		$req = $_REQUEST['original_uri'];
	} else {
		$req = $_SERVER['REQUEST_URI'];
	}
	
	// we have a session so get tech details
	if (is_array($session)) {
		if ($session['techid']) {
			$user = $db->query_return("SELECT * FROM tech WHERE id = '$session[techid]'");
		}

	// bad session, check userid/password if they are being remembered
	} elseif ($_COOKIE['dp_admin_userid'] AND $_COOKIE['dp_admin_password']) {

		$user = $db->query_return("	
			SELECT * FROM tech 
			WHERE id = '" . mysql_escape_string($_COOKIE['dp_admin_userid']) . "' 
			AND password_cookie = '" . mysql_escape_string($_COOKIE['dp_admin_password']) . "'
		");	

		// If the cookie is bogus but he's logging in anyway, keep going.
		if (!is_array($user) AND !(($_REQUEST['login_form'] == 'login') OR strtolower($_REQUEST['submit'] == 'login'))) {
			delete_cookies();
			sleep(1);
			global_login('The cookie your browser provided is invalid.');
		}

		// if we are here then the username/password match so we make a new session based on that
		$session = make_session($user[id]);
		dp_setcookie('dp_admin_sessionid', $session[sessionid]);
	}

	// is tech/admin trying to login
	if ($_REQUEST['login_form'] == 'login' OR strtolower($_REQUEST['submit']) == 'login') { 

		$user = $db->query_return("
				SELECT * FROM tech 
				WHERE username = '". mysql_escape_string($_POST[username]) . "'
			");

		// check username exists
		if (!$db->num_rows()) {
			delete_cookies();
			sleep(1);
			global_login('The username you specified is not registered.');
		}

		// check username and password are coorect
		if (($user['id']) AND ($_REQUEST['username'] != '') AND ($_REQUEST['password'] == $user['password'])) {
			
			// make session from logged in user
			$session = make_session($user[id]);

			// set cookie based on session
			dp_setcookie('dp_admin_sessionid', $session[sessionid], $ever);

			// if we are staying logged in, we remember the userid/password at this point
			if ($_REQUEST[cookie]) {
				dp_setcookie('dp_admin_userid', $user[id], 'ever');
				dp_setcookie('dp_admin_password', $user[password_cookie], 'ever');
			}
		
			// Rebuild GET, POST and FILE data
			$_getvars = unserialize($_POST['_getvars']);
			$_GET = array_merge($_GET, $_getvars);

			$_postvars = unserialize($_POST['_postvars']);
			$_POST = array_merge($_POST, $_postvars);

			$_filevars = unserialize($_POST['_filevars']);
			$_FILES = array_merge($_FILES, $_filevars);

			if ($_REQUEST['_request']) {
				$_REQUEST = unserialize($_REQUEST['_request']);
			} else {
				$_REQUEST = array_merge($_GET,$_POST,$_COOKIE);
			}

		} else { 

			// username is correct, but password is wrong
			delete_cookies();
			sleep(1);
			global_login('The password you specified was invalid.');
		}
	}

	// no session at this point? need to login
	if (!is_array($session)) {
		global_login('Please login');
	}

	// is tech disabled?
	if (is_array($user)) {
		if ($user[disabled]) {
			sleep(1);
			global_login($user['disabled_reason']);
		}
	}

	// Don't let non-admins in, either.
	if (!$user[is_admin]) {
		global_login('You are not an administrator.');
	}
}

$settings['timezone'] -= ($settings['timezone'] - $settings['timezone_offset']);

if ($user['timezone'] != NULL) {
	    $settings['timezone'] -= ($settings['timezone'] - $user['timezone']);
}   


if ($user['timezone_dst']) {
	    $settings['timezone']++;
}   


/*
	FROM HERE THE USER HAS BEEN AUTHENTICATED (or in cron mode / logging in in login.php)
*/

?>