bashclub/piler
1
0
Fork 0
mirror of https://bitbucket.org/jsuto/piler.git synced 2024-11-07 21:31:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

rewrote php session variables

Browse Source
This commit is contained in:
SJ 2013-11-18 19:24:33 +01:00
parent 0809b5a514
commit 881a2380e0
39 changed files with 302 additions and 609 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
util/gmail-imap-import.php
View File

@ -17,8 +17,6 @@ $request = new Request();
Registry::set("request", $request); Registry::set("request", $request);
session_start();
Registry::set('document', new Document()); Registry::set('document', new Document());

11
webui/config.php
View File

@ -267,7 +267,14 @@ define('NOW', time());
require_once 'config-site.php'; require_once 'config-site.php';
if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme'])) { $config['THEME'] = $_SESSION['theme']; } require($config['DIR_BASE'] . "/system/registry.php");
require($config['DIR_BASE'] . "/system/request.php");
$session = new Session();
Registry::set("session", $session);
if($session->get("theme") && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $session->get("theme"))) { $config['THEME'] = $session->get("theme"); }
include("system/helper/detectmobilebrowser.php"); include("system/helper/detectmobilebrowser.php");
@ -275,7 +282,7 @@ if(MOBILE_DEVICE == 1 || OUTLOOK == 1) { $config['THEME'] = 'mobile'; }
// make sure auditors are restricted in a saas environment // make sure auditors are restricted in a saas environment
if($config['ENABLE_SAAS'] == 1) { $config['RESTRICTED_AUDITOR'] = 1; } if($config['ENABLE_SAAS'] == 1) { $config['RESTRICTED_AUDITOR'] = 1; }
if(isset($_SESSION['username']) && $_SESSION['username'] == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; } if($session->get("username") == 'auditor@local') { $config['RESTRICTED_AUDITOR'] = 0; }

8
webui/controller/common/error.php
View File

@ -9,13 +9,15 @@ class ControllerCommonError extends Controller {
$this->template = "common/error.tpl"; $this->template = "common/error.tpl";
$this->layout = "common/layout"; $this->layout = "common/layout";
$session = Registry::get('session');
$this->document->title = $this->data['text_error']; $this->document->title = $this->data['text_error'];
$this->data['errortitle'] = $this->data['text_error']; $this->data['errortitle'] = $this->data['text_error'];
if(isset($_SESSION['error'])){ if($session->get("error")) {
$this->data['errorstring'] = $_SESSION['error']; $this->data['errorstring'] = $session->get("error");
unset($_SESSION['error']); $session->set("error", "");
} }
else { else {
$this->data['errorstring'] = "this is the errorstring"; $this->data['errorstring'] = "this is the errorstring";

11
webui/controller/login/google.php
View File

@ -14,6 +14,7 @@ class ControllerLoginGoogle extends Controller {
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
$session = Registry::get('session');
$this->load->model('user/auth'); $this->load->model('user/auth');
$this->load->model('user/user'); $this->load->model('user/user');
@ -44,19 +45,19 @@ class ControllerLoginGoogle extends Controller {
if(isset($_GET['code'])) { if(isset($_GET['code'])) {
$client->authenticate(); $client->authenticate();
$_SESSION['access_token'] = $client->getAccessToken(); $session->set("access_token", $client->getAccessToken());
header('Location: ' . GOOGLE_REDIRECT_URL); header('Location: ' . GOOGLE_REDIRECT_URL);
} }
if(isset($_SESSION['access_token'])) { if($session->get("access_token")) {
$client->setAccessToken($_SESSION['access_token']); $client->setAccessToken($session->get("access_token"));
} }
if($client->getAccessToken()) { if($client->getAccessToken()) {
$_SESSION['access_token'] = $client->getAccessToken(); $session->set("access_token", $client->getAccessToken());
$token = json_decode($_SESSION['access_token']); $token = json_decode($session->get("access_token"));
if(isset($token->{'access_token'}) && isset($token->{'refresh_token'})) { if(isset($token->{'access_token'}) && isset($token->{'refresh_token'})) {
$account = $oauth2->userinfo->get(); $account = $oauth2->userinfo->get();

3
webui/controller/message/bulkrestore.php
View File

@ -9,6 +9,7 @@ class ControllerMessageBulkrestore extends Controller {
$this->template = "message/bulkrestore.tpl"; $this->template = "message/bulkrestore.tpl";
$this->layout = "common/layout-empty"; $this->layout = "common/layout-empty";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -65,7 +66,7 @@ class ControllerMessageBulkrestore extends Controller {
$rcpt = $this->model_search_search->get_message_recipients($id); $rcpt = $this->model_search_search->get_message_recipients($id);
} }
else { else {
array_push($rcpt, $_SESSION['email']); array_push($rcpt, $session->get("email"));
} }
if(count($rcpt) > 0) { if(count($rcpt) > 0) {

4
webui/controller/message/note.php
View File

@ -10,7 +10,7 @@ class ControllerMessageNote extends Controller {
$this->template = "message/note.tpl"; $this->template = "message/note.tpl";
$this->layout = "common/layout-empty"; $this->layout = "common/layout-empty";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -20,7 +20,7 @@ class ControllerMessageNote extends Controller {
if(isset($this->request->post['note']) && isset($this->request->post['id'])) { if(isset($this->request->post['note']) && isset($this->request->post['id'])) {
if($this->model_search_search->check_your_permission_by_id($this->request->post['id']) == 1) { if($this->model_search_search->check_your_permission_by_id($this->request->post['id']) == 1) {
$this->model_search_message->add_message_note($this->request->post['id'], $_SESSION['uid'], urldecode($this->request->post['note'])); $this->model_search_message->add_message_note($this->request->post['id'], $session->get("uid"), urldecode($this->request->post['note']));
} }
} }
} }

3
webui/controller/message/restore.php
View File

@ -9,6 +9,7 @@ class ControllerMessageRestore extends Controller {
$this->template = "message/restore.tpl"; $this->template = "message/restore.tpl";
$this->layout = "common/layout-empty"; $this->layout = "common/layout-empty";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -55,7 +56,7 @@ class ControllerMessageRestore extends Controller {
/* send the email to all the recipients of the original email if we are admin or auditor users */ /* send the email to all the recipients of the original email if we are admin or auditor users */
if(Registry::get('auditor_user') == 0) { if(Registry::get('auditor_user') == 0) {
array_push($rcpt, $_SESSION['email']); array_push($rcpt, $session->get("email"));
} }
$this->data['data'] = $this->data['text_failed_to_restore']; $this->data['data'] = $this->data['text_failed_to_restore'];

7
webui/controller/message/view.php
View File

@ -9,6 +9,7 @@ class ControllerMessageView extends Controller {
$this->template = "message/view.tpl"; $this->template = "message/view.tpl";
$this->layout = "common/layout-empty"; $this->layout = "common/layout-empty";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -56,7 +57,7 @@ class ControllerMessageView extends Controller {
if($this->request->server['REQUEST_METHOD'] == 'POST' && isset($this->request->post['tag'])) { if($this->request->server['REQUEST_METHOD'] == 'POST' && isset($this->request->post['tag'])) {
$this->model_search_message->add_message_tag($this->data['id'], $_SESSION['uid'], $this->request->post['tag']); $this->model_search_message->add_message_tag($this->data['id'], $session->get("uid"), $this->request->post['tag']);
header("Location: " . $_SERVER['HTTP_REFERER']); header("Location: " . $_SERVER['HTTP_REFERER']);
exit; exit;
} }
@ -66,8 +67,8 @@ class ControllerMessageView extends Controller {
$this->data['attachments'] = $this->model_search_message->get_attachment_list($this->data['piler_id']); $this->data['attachments'] = $this->model_search_message->get_attachment_list($this->data['piler_id']);
$this->data['message'] = $this->model_search_message->extract_message($this->data['piler_id'], $this->data['search']); $this->data['message'] = $this->model_search_message->extract_message($this->data['piler_id'], $this->data['search']);
$this->data['message']['tag'] = $this->model_search_message->get_message_tag($this->data['id'], $_SESSION['uid']); $this->data['message']['tag'] = $this->model_search_message->get_message_tag($this->data['id'], $session->get("uid"));
$this->data['message']['note'] = $this->model_search_message->get_message_note($this->data['id'], $_SESSION['uid']); $this->data['message']['note'] = $this->model_search_message->get_message_note($this->data['id'], $session->get("uid"));
$this->data['images'] = array(); $this->data['images'] = array();

3
webui/controller/search/folder.php
View File

@ -8,6 +8,7 @@ class ControllerSearchFolder extends Controller {
$this->id = "folder"; $this->id = "folder";
$this->template = "search/folder.tpl"; $this->template = "search/folder.tpl";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -16,7 +17,7 @@ class ControllerSearchFolder extends Controller {
$this->data['folders'] = $this->model_folder_folder->get_folders_for_user(); $this->data['folders'] = $this->model_folder_folder->get_folders_for_user();
$this->data['extra_folders'] = $this->model_folder_folder->get_extra_folders_for_user(); $this->data['extra_folders'] = $this->model_folder_folder->get_extra_folders_for_user();
$this->data['folders_by_hier'] = $this->model_folder_folder->get_all_folder_ids_hier($_SESSION['uid']); $this->data['folders_by_hier'] = $this->model_folder_folder->get_all_folder_ids_hier($session->get("uid"));
$this->render(); $this->render();
} }

3
webui/controller/search/tag.php
View File

@ -11,6 +11,7 @@ class ControllerSearchTag extends Controller {
$this->layout = "common/layout-empty"; $this->layout = "common/layout-empty";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -29,7 +30,7 @@ class ControllerSearchTag extends Controller {
for($i=0; $i<count($ids); $i++) { $q .= ",?"; } for($i=0; $i<count($ids); $i++) { $q .= ",?"; }
$q = preg_replace("/^\,/", "", $q); $q = preg_replace("/^\,/", "", $q);
$this->model_search_message->bulk_add_message_tag($ids, $_SESSION['uid'], urldecode($this->request->post['tag']), $q); $this->model_search_message->bulk_add_message_tag($ids, $session->get("uid"), urldecode($this->request->post['tag']), $q);
} }
} }
} }

6
webui/controller/user/add.php
View File

@ -11,7 +11,7 @@ class ControllerUserAdd extends Controller {
$this->template = "user/add.tpl"; $this->template = "user/add.tpl";
$this->layout = "common/layout"; $this->layout = "common/layout";
$session = Registry::get('session');
$request = Registry::get('request'); $request = Registry::get('request');
$db = Registry::get('db'); $db = Registry::get('db');
@ -40,7 +40,7 @@ class ControllerUserAdd extends Controller {
if($this->validate() == true){ if($this->validate() == true){
$ret = $this->model_user_user->add_user($this->request->post); $ret = $this->model_user_user->add_user($this->request->post);
$_SESSION['last_domain'] = $this->request->post['domain']; $session->set("last_domain", $this->request->post['domain']);
if($ret == 1){ if($ret == 1){
$this->data['x'] = $this->data['text_successfully_added']; $this->data['x'] = $this->data['text_successfully_added'];
@ -73,6 +73,8 @@ class ControllerUserAdd extends Controller {
$this->data['errorstring'] = $this->data['text_you_are_not_admin']; $this->data['errorstring'] = $this->data['text_you_are_not_admin'];
} }
$this->data['last_domain'] = $session->get("last_domain");
$this->render(); $this->render();
} }

20
webui/controller/user/settings.php
View File

@ -30,17 +30,21 @@ class ControllerUserSettings extends Controller {
$d = $r = ''; $d = $r = '';
$auditemails = $auditdomains = $auditgroups = $auditfolders = ''; $auditemails = $auditdomains = $auditgroups = $auditfolders = '';
$auditemails = implode(", ", $_SESSION['emails']); $auditemails = implode(", ", $session->get("emails"));
foreach($_SESSION['auditdomains'] as $d) { $_auditdomains = $session->get("auditdomains");
$auditdomains .= ', '.$d;
foreach($_auditdomains as $d) {
$auditdomains .= ', ' . $d;
} }
$auditdomains = preg_replace("/^,\s/", "", $auditdomains); $auditdomains = preg_replace("/^,\s/", "", $auditdomains);
$auditgroups = preg_replace("/\s/", ", ", $this->model_group_group->get_groups_by_uid($_SESSION['uid'])); $auditgroups = preg_replace("/\s/", ", ", $this->model_group_group->get_groups_by_uid($session->get("uid")));
$folders = $session->get("folders");
foreach ($_SESSION['folders'] as $r) { foreach ($folders as $r) {
$auditfolders .= ', '.$r; $auditfolders .= ', ' . $r;
} }
$auditfolders = preg_replace("/^,\s/", "", $auditfolders); $auditfolders = preg_replace("/^,\s/", "", $auditfolders);
@ -76,6 +80,8 @@ class ControllerUserSettings extends Controller {
$this->data['page_len'] = get_page_length(); $this->data['page_len'] = get_page_length();
$this->data['theme'] = $session->get("theme");
$this->data['lang'] = $session->get("lang");
$this->render(); $this->render();
} }

6
webui/index.php
View File

@ -1,15 +1,9 @@
<?php <?php
session_start();
require_once("config.php"); require_once("config.php");
require(DIR_SYSTEM . "/startup.php"); require(DIR_SYSTEM . "/startup.php");
$session = new Session();
Registry::set("session", $session);
$request = new Request(); $request = new Request();
Registry::set("request", $request); Registry::set("request", $request);

17
webui/model/accounting/accounting.php
View File

@ -196,8 +196,12 @@ class ModelAccountingAccounting extends Model
private function __getEmails() { private function __getEmails() {
$return = array(); $return = array();
array_push($return,$_SESSION['email']); $session = Registry::get('session');
foreach ($_SESSION['emails'] as $e) {
array_push($return, $session->get("email"));
$emails = $session->get("emails");
foreach ($emails as $e) {
array_push($return,$e); array_push($return,$e);
} }
@ -206,12 +210,15 @@ class ModelAccountingAccounting extends Model
private function __getDomains() { private function __getDomains() {
$return = array(); $return = array();
$session = Registry::get('session');
if(Registry::get('admin_user') >= 1) { if(Registry::get('admin_user') >= 1) {
$return = $this->__getAcceptedDomains(); $return = $this->__getAcceptedDomains();
}elseif(Registry::get('auditor_user') == 1) { }elseif(Registry::get('auditor_user') == 1) {
array_push($return,$_SESSION['domain']); array_push($return, $session->get("domain"));
foreach ($_SESSION['auditdomains'] as $d) { $auditdomains = $session->get("auditdomains");
foreach ($auditdomains as $d) {
array_push($return,$d); array_push($return,$d);
} }
} }

7
webui/model/audit/audit.php
View File

@ -12,6 +12,7 @@ class ModelAuditAudit extends Model {
$date1 = $date2 = 0; $date1 = $date2 = 0;
$q = ''; $q = '';
$session = Registry::get('session');
if($data['sort'] == "user") { $sort = "email"; } if($data['sort'] == "user") { $sort = "email"; }
if($data['sort'] == "ipaddr") { $sort = "ipaddr"; } if($data['sort'] == "ipaddr") { $sort = "ipaddr"; }
@ -40,7 +41,9 @@ class ModelAuditAudit extends Model {
} }
if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) { if(Registry::get('admin_user') == 0 && RESTRICTED_AUDITOR == 1) {
while(list($k, $v) = each($_SESSION['auditdomains'])) { $auditdomains = $session->get("auditdomains");
while(list($k, $v) = each($auditdomains)) {
if($q) { $q .= ","; } if($q) { $q .= ","; }
$q .= "?"; $q .= "?";
array_push($arr, $v); array_push($arr, $v);
@ -48,7 +51,7 @@ class ModelAuditAudit extends Model {
$where .= " AND domain IN ($q) "; $where .= " AND domain IN ($q) ";
reset($_SESSION['auditdomains']); reset($session->get("auditdomains"));
} }

26
webui/model/folder/folder.php
View File

@ -43,10 +43,12 @@ class ModelFolderFolder extends Model {
public function get_folders_for_user() { public function get_folders_for_user() {
$q = str_repeat("?,", count($_SESSION['folders'])); $session = Registry::get('session');
$q = str_repeat("?,", count($session->get("folders")));
$q = preg_replace("/\,$/", "", $q); $q = preg_replace("/\,$/", "", $q);
$query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER . "` WHERE id IN ($q)", $_SESSION['folders']); $query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER . "` WHERE id IN ($q)", $session->get("folders"));
if(isset($query->rows)) { return $query->rows; } if(isset($query->rows)) { return $query->rows; }
@ -55,7 +57,9 @@ class ModelFolderFolder extends Model {
public function get_extra_folders_for_user() { public function get_extra_folders_for_user() {
$query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? ORDER BY name", array($_SESSION['uid'])); $session = Registry::get('session');
$query = $this->db->query("SELECT `id`, `name` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? ORDER BY name", array($session->get("uid")));
if(isset($query->rows)) { return $query->rows; } if(isset($query->rows)) { return $query->rows; }
@ -64,7 +68,9 @@ class ModelFolderFolder extends Model {
private function is_your_extra_folder($folder_id = 0) { private function is_your_extra_folder($folder_id = 0) {
$query = $this->db->query("SELECT `id` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? AND id=?", array($_SESSION['uid'], $folder_id)); $session = Registry::get('session');
$query = $this->db->query("SELECT `id` FROM `" . TABLE_FOLDER_EXTRA . "` WHERE uid=? AND id=?", array($session->get("uid"), $folder_id));
if(isset($query->row['id'])) { return 1; } if(isset($query->row['id'])) { return 1; }
return 0; return 0;
@ -187,11 +193,15 @@ class ModelFolderFolder extends Model {
public function add_extra_folder($name = '') { public function add_extra_folder($name = '') {
if($name == '') { return -1; } if($name == '') { return -1; }
$query = $this->db->query("INSERT INTO " . TABLE_FOLDER_EXTRA . " (uid, name) VALUES(?,?)", array($_SESSION['uid'], $name)); $session = Registry::get('session');
$query = $this->db->query("INSERT INTO " . TABLE_FOLDER_EXTRA . " (uid, name) VALUES(?,?)", array($session->get("uid"), $name));
$last_id = $this->db->getLastId(); $last_id = $this->db->getLastId();
if(!isset($_SESSION['extra_folders'][$last_id])) { array_push($_SESSION['extra_folders'], $last_id); } $extra_folders = $session->get("extra_folders");
if(!isset($extra_folders[$last_id])) { array_push($extra_folders, $last_id); }
return $this->db->countAffected(); return $this->db->countAffected();
} }
@ -200,7 +210,9 @@ class ModelFolderFolder extends Model {
public function remove_extra_folder($id = 0) { public function remove_extra_folder($id = 0) {
if($id == 0) { return -1; } if($id == 0) { return -1; }
$query = $this->db->query("DELETE FROM " . TABLE_FOLDER_EXTRA . " WHERE id=? AND uid=?", array($id, $_SESSION['uid'])); $session = Registry::get('session');
$query = $this->db->query("DELETE FROM " . TABLE_FOLDER_EXTRA . " WHERE id=? AND uid=?", array($id, $session->get("uid")));
if($this->db->countAffected() == 1) { if($this->db->countAffected() == 1) {
$query = $this->db->query("DELETE FROM " . TABLE_FOLDER_MESSAGE . " WHERE folder_id=?", array($id)); $query = $this->db->query("DELETE FROM " . TABLE_FOLDER_MESSAGE . " WHERE folder_id=?", array($id));
return $this->db->countAffected(); return $this->db->countAffected();

4
webui/model/mail/mail.php
View File

@ -54,8 +54,10 @@ class ModelMailMail extends Model {
public function connect_imap() { public function connect_imap() {
$this->imap = new Zend_Mail_Protocol_Imap(IMAP_HOST, IMAP_PORT, IMAP_SSL); $this->imap = new Zend_Mail_Protocol_Imap(IMAP_HOST, IMAP_PORT, IMAP_SSL);
$session = Registry::get('session');
if($this->imap) { if($this->imap) {
if($this->imap->login($_SESSION['username'], $_SESSION['password'])) { return 1; } if($this->imap->login($session->get("username"), $session->get("password"))) { return 1; }
} }
return 0; return 0;

7
webui/model/saas/customer.php
View File

@ -93,9 +93,12 @@ class ModelSaasCustomer extends Model
); );
if(!isset($_SESSION['email']) || !strchr($_SESSION['email'], '@') ) { return $data; } $session = Registry::get('session');
list ($user, $domain) = explode("@", $_SESSION['email']);
if($session->get("email") == '' || !strchr($session->get("email"), '@') ) { return $data; }
list ($user, $domain) = explode("@", $session->get("email"));
if(MEMCACHED_ENABLED) { if(MEMCACHED_ENABLED) {
$cache_key = sha1("customer_settings:" . $domain); $cache_key = sha1("customer_settings:" . $domain);

79
webui/model/search/search.php
View File

@ -129,6 +129,7 @@ class ModelSearchSearch extends Model {
$emailfilter = $this->assemble_email_address_filter(); $emailfilter = $this->assemble_email_address_filter();
$session = Registry::get('session');
$i = 0; $i = 0;
@ -194,7 +195,7 @@ class ModelSearchSearch extends Model {
if(ENABLE_FOLDER_RESTRICTIONS == 1) { if(ENABLE_FOLDER_RESTRICTIONS == 1) {
$s = explode(" ", $data['folders']); $s = explode(" ", $data['folders']);
while(list($k,$v) = each($s)) { while(list($k,$v) = each($s)) {
if(in_array($v, $_SESSION['folders'])) { if(in_array($v, $session->get("folders"))) {
array_push($__folders, $v); array_push($__folders, $v);
} }
} }
@ -203,7 +204,7 @@ class ModelSearchSearch extends Model {
$folders = "folder IN (" . implode(",", $__folders) . ") AND "; $folders = "folder IN (" . implode(",", $__folders) . ") AND ";
} }
else { else {
$folders = "folder IN (" . implode(",", $_SESSION['folders']) . ") AND "; $folders = "folder IN (" . implode(",", $session->get("folders")) . ") AND ";
} }
} }
@ -275,6 +276,8 @@ class ModelSearchSearch extends Model {
if($reference == '') { return $ids; } if($reference == '') { return $ids; }
$session = Registry::get('session');
$query = $this->db->query("SELECT id FROM " . TABLE_META . " WHERE message_id=? OR reference=? ORDER BY id DESC", array($reference, $reference)); $query = $this->db->query("SELECT id FROM " . TABLE_META . " WHERE message_id=? OR reference=? ORDER BY id DESC", array($reference, $reference));
foreach($query->rows as $q) { foreach($query->rows as $q) {
@ -285,7 +288,7 @@ class ModelSearchSearch extends Model {
$query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $ids) . ")"); $query = $this->sphx->query("SELECT id, folder FROM " . SPHINX_MAIN_INDEX . " WHERE id IN (" . implode(",", $ids) . ")");
$ids = array(); $ids = array();
foreach($query->rows as $q) { foreach($query->rows as $q) {
if(isset($q['folder']) && in_array($q['folder'], $_SESSION['folders'])) { array_push($ids, $q['id']); } if(isset($q['folder']) && in_array($q['folder'], $session->get("folders"))) { array_push($ids, $q['id']); }
} }
} }
@ -302,9 +305,11 @@ class ModelSearchSearch extends Model {
private function get_sphinx_id_list($s = '', $sphx_table = '', $field = '') { private function get_sphinx_id_list($s = '', $sphx_table = '', $field = '') {
$id_list = ''; $id_list = '';
$session = Registry::get('session');
$s = $this->fixup_sphinx_operators($s); $s = $this->fixup_sphinx_operators($s);
$q = $this->sphx->query("SELECT id FROM $sphx_table WHERE uid=" . $_SESSION['uid'] . " AND MATCH('@$field $s') "); $q = $this->sphx->query("SELECT id FROM $sphx_table WHERE uid=" . $session->get("uid") . " AND MATCH('@$field $s') ");
foreach($q->rows as $a) { foreach($q->rows as $a) {
$id_list .= "," . $a['id']; $id_list .= "," . $a['id'];
@ -321,9 +326,11 @@ class ModelSearchSearch extends Model {
$q = ''; $q = '';
$__folders = array(); $__folders = array();
$session = Registry::get('session');
$s = explode(" ", $extra_folders); $s = explode(" ", $extra_folders);
while(list($k,$v) = each($s)) { while(list($k,$v) = each($s)) {
if(in_array($v, $_SESSION['extra_folders']) && is_numeric($v)) { if(in_array($v, $session->get("extra_folders")) && is_numeric($v)) {
array_push($__folders, $v); array_push($__folders, $v);
if($q) { $q .= ",?"; } if($q) { $q .= ",?"; }
else { $q = "?"; } else { $q = "?"; }
@ -358,6 +365,8 @@ class ModelSearchSearch extends Model {
if(isset($m['meta'])) { return unserialize($m['meta']); } if(isset($m['meta'])) { return unserialize($m['meta']); }
} }
$session = Registry::get('session');
$query = $this->db->query("SELECT `id`, `to` FROM `" . TABLE_RCPT . "` WHERE `id` IN ($q)", $ids); $query = $this->db->query("SELECT `id`, `to` FROM `" . TABLE_RCPT . "` WHERE `id` IN ($q)", $ids);
if(isset($query->rows)) { if(isset($query->rows)) {
@ -377,7 +386,7 @@ class ModelSearchSearch extends Model {
if(isset($query->rows)) { if(isset($query->rows)) {
array_unshift($ids, (int)$_SESSION['uid']); array_unshift($ids, (int)$session->get("uid"));
$tags = $this->db->query("SELECT `id`, `tag` FROM `" . TABLE_TAG . "` WHERE `uid`=? AND `id` IN ($q)", $ids); $tags = $this->db->query("SELECT `id`, `tag` FROM `" . TABLE_TAG . "` WHERE `uid`=? AND `id` IN ($q)", $ids);
@ -413,7 +422,7 @@ class ModelSearchSearch extends Model {
$m['date'] = date(DATE_TEMPLATE, $m['sent']); $m['date'] = date(DATE_TEMPLATE, $m['sent']);
$m['size'] = nice_size($m['size']); $m['size'] = nice_size($m['size']);
in_array($m['from'], $_SESSION['emails']) ? $m['yousent'] = 1 : $m['yousent'] = 0; in_array($m['from'], $session->get("emails")) ? $m['yousent'] = 1 : $m['yousent'] = 0;
/* /*
* verifying 20 messages takes some time, still it's useful * verifying 20 messages takes some time, still it's useful
@ -514,7 +523,11 @@ class ModelSearchSearch extends Model {
private function get_all_your_address() { private function get_all_your_address() {
$s = ''; $s = '';
while(list($k, $v) = each($_SESSION['emails'])) { $session = Registry::get('session');
$emails = $session->get("emails");
while(list($k, $v) = each($emails)) {
if($s) { $s .= '| ' . $this->fix_email_address_for_sphinx($v); } if($s) { $s .= '| ' . $this->fix_email_address_for_sphinx($v); }
else { $s = $this->fix_email_address_for_sphinx($v); } else { $s = $this->fix_email_address_for_sphinx($v); }
} }
@ -531,15 +544,19 @@ class ModelSearchSearch extends Model {
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { return 1; } if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 0) { return 1; }
$session = Registry::get('session');
array_push($arr, $id); array_push($arr, $id);
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
if(validdomain($_SESSION['domain']) == 1) { if(validdomain($session->get("domain")) == 1) {
$q .= ",?"; $q .= ",?";
array_push($a, $_SESSION['domain']); array_push($a, $session->get("domain"));
} }
while(list($k, $v) = each($_SESSION['auditdomains'])) { $auditdomains = $session->get("auditdomains");
while(list($k, $v) = each($auditdomains)) {
if(validdomain($v) == 1 && !in_array($v, $a)) { if(validdomain($v) == 1 && !in_array($v, $a)) {
$q .= ",?"; $q .= ",?";
array_push($a, $v); array_push($a, $v);
@ -547,7 +564,9 @@ class ModelSearchSearch extends Model {
} }
} }
else { else {
while(list($k, $v) = each($_SESSION['emails'])) { $emails = $session->get("emails");
while(list($k, $v) = each($emails)) {
if(validemail($v) == 1) { if(validemail($v) == 1) {
$q .= ",?"; $q .= ",?";
array_push($a, $v); array_push($a, $v);
@ -561,7 +580,7 @@ class ModelSearchSearch extends Model {
if(ENABLE_FOLDER_RESTRICTIONS == 1) { if(ENABLE_FOLDER_RESTRICTIONS == 1) {
$query = $this->sphx->query("SELECT folder FROM " . SPHINX_MAIN_INDEX . " WHERE id=" . (int)$id); $query = $this->sphx->query("SELECT folder FROM " . SPHINX_MAIN_INDEX . " WHERE id=" . (int)$id);
if(isset($query->row['folder']) && in_array($query->row['folder'], $_SESSION['folders'])) { return 1; } if(isset($query->row['folder']) && in_array($query->row['folder'], $session->get("folders"))) { return 1; }
} }
else { else {
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
@ -583,6 +602,8 @@ class ModelSearchSearch extends Model {
if(count($id) < 1) { return $result; } if(count($id) < 1) { return $result; }
$session = Registry::get('session');
$arr = $id; $arr = $id;
for($i=0; $i<count($id); $i++) { for($i=0; $i<count($id); $i++) {
@ -593,12 +614,14 @@ class ModelSearchSearch extends Model {
$q2 = preg_replace("/^\,/", "", $q2); $q2 = preg_replace("/^\,/", "", $q2);
if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) { if(Registry::get('auditor_user') == 1 && RESTRICTED_AUDITOR == 1) {
if(validdomain($_SESSION['domain']) == 1) { if(validdomain($session->get("domain")) == 1) {
$q .= ",?"; $q .= ",?";
array_push($a, $_SESSION['domain']); array_push($a, $session->get("domain"));
} }
while(list($k, $v) = each($_SESSION['auditdomains'])) { $auditdomains = $session->get("auditdomains");
while(list($k, $v) = each($auditdomains)) {
if(validdomain($v) == 1 && !in_array($v, $a)) { if(validdomain($v) == 1 && !in_array($v, $a)) {
$q .= ",?"; $q .= ",?";
array_push($a, $v); array_push($a, $v);
@ -607,7 +630,9 @@ class ModelSearchSearch extends Model {
} }
else { else {
if(Registry::get('auditor_user') == 0) { if(Registry::get('auditor_user') == 0) {
while(list($k, $v) = each($_SESSION['emails'])) { $emails = $session->get("emails");
while(list($k, $v) = each($emails)) {
if(validemail($v) == 1) { if(validemail($v) == 1) {
$q .= ",?"; $q .= ",?";
array_push($a, $v); array_push($a, $v);
@ -641,7 +666,7 @@ class ModelSearchSearch extends Model {
if($query->num_rows > 0) { if($query->num_rows > 0) {
foreach ($query->rows as $q) { foreach ($query->rows as $q) {
if(ENABLE_FOLDER_RESTRICTIONS == 1) { if(ENABLE_FOLDER_RESTRICTIONS == 1) {
if(in_array($q['folder'], $_SESSION['folders'])) { array_push($result, $q['id']); } if(in_array($q['folder'], $session->get("folders"))) { array_push($result, $q['id']); }
} }
else { else {
array_push($result, $q['id']); array_push($result, $q['id']);
@ -660,8 +685,9 @@ class ModelSearchSearch extends Model {
public function get_search_terms() { public function get_search_terms() {
$session = Registry::get('session');
$query = $this->db->query("SELECT term, ts FROM " . TABLE_SEARCH . " WHERE email=? ORDER BY ts DESC", array($_SESSION['email'])); $query = $this->db->query("SELECT term, ts FROM " . TABLE_SEARCH . " WHERE email=? ORDER BY ts DESC", array($session->get("email")));
if(isset($query->rows)) { return $query->rows; } if(isset($query->rows)) { return $query->rows; }
return array(); return array();
@ -671,12 +697,14 @@ class ModelSearchSearch extends Model {
public function add_search_term($term = '') { public function add_search_term($term = '') {
if($term == '') { return 0; } if($term == '') { return 0; }
$session = Registry::get('session');
parse_str($term, $s); parse_str($term, $s);
if(!isset($s['search']) || $s['search'] == '') { return 0; } if(!isset($s['search']) || $s['search'] == '') { return 0; }
if($this->update_search_term($term) == 0) { if($this->update_search_term($term) == 0) {
AUDIT(ACTION_SAVE_SEARCH, '', '', '', $term); AUDIT(ACTION_SAVE_SEARCH, '', '', '', $term);
$query = $this->db->query("INSERT INTO " . TABLE_SEARCH . " (email, ts, term) VALUES(?,?,?)", array($_SESSION['email'], time(), $term)); $query = $this->db->query("INSERT INTO " . TABLE_SEARCH . " (email, ts, term) VALUES(?,?,?)", array($session->get("email"), time(), $term));
} }
return 1; return 1;
@ -688,14 +716,18 @@ class ModelSearchSearch extends Model {
AUDIT(ACTION_SEARCH, '', '', '', $term); AUDIT(ACTION_SEARCH, '', '', '', $term);
$query = $this->db->query("UPDATE " . TABLE_SEARCH . " SET ts=? WHERE term=? AND email=?", array(time(), $term, $_SESSION['email'])); $session = Registry::get('session');
$query = $this->db->query("UPDATE " . TABLE_SEARCH . " SET ts=? WHERE term=? AND email=?", array(time(), $term, $session->get("email")));
return $this->db->countAffected(); return $this->db->countAffected();
} }
public function remove_search_term($ts = 0) { public function remove_search_term($ts = 0) {
$query = $this->db->query("DELETE FROM " . TABLE_SEARCH . " WHERE email=? AND ts=?", array($_SESSION['email'], $ts)); $session = Registry::get('session');
$query = $this->db->query("DELETE FROM " . TABLE_SEARCH . " WHERE email=? AND ts=?", array($session->get("email"), $ts));
} }
@ -736,6 +768,7 @@ class ModelSearchSearch extends Model {
private function make_cache_file_name($data = array(), $sortorder = '') { private function make_cache_file_name($data = array(), $sortorder = '') {
$s = ''; $s = '';
$session = Registry::get('session');
while(list($k, $v) = each($data)) { while(list($k, $v) = each($data)) {
if($v) { if($v) {
@ -744,7 +777,7 @@ class ModelSearchSearch extends Model {
} }
} }
return sha1($_SESSION['email'] . "/" . $s . "-" . (NOW - NOW % 3600) . "-" . $sortorder); return sha1($session->get("email") . "/" . $s . "-" . (NOW - NOW % 3600) . "-" . $sortorder);
} }
} }

10
webui/model/stat/chart.php
View File

@ -7,6 +7,8 @@ class ModelStatChart extends Model {
$ydata2 = array(); $ydata2 = array();
$dates = array(); $dates = array();
$session = Registry::get('session');
$chart = new LineChart($size_x, $size_y); $chart = new LineChart($size_x, $size_y);
$chart->getPlot()->getPalette()->setLineColor(array( $chart->getPlot()->getPalette()->setLineColor(array(
@ -35,11 +37,13 @@ class ModelStatChart extends Model {
if(Registry::get('admin_user') == 0) { if(Registry::get('admin_user') == 0) {
$q = ''; $q = '';
foreach($_SESSION['auditdomains'] as $a) { $auditdomains = $session->get('auditdomains');
foreach($auditdomains as $a) {
if($q) { $q .= ",?"; } else { $q = "?"; } if($q) { $q .= ",?"; } else { $q = "?"; }
} }
reset($_SESSION['auditdomains']); reset($auditdomains);
$query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . VIEW_MESSAGES . " where arrived > $range AND todomain IN ($q) $domains $grouping ORDER BY ts DESC limit $limit", $_SESSION['auditdomains']); $query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . VIEW_MESSAGES . " where arrived > $range AND todomain IN ($q) $domains $grouping ORDER BY ts DESC limit $limit", $auditdomains);
} else { } else {
$query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . TABLE_META . " where arrived > $range $grouping ORDER BY ts DESC limit $limit"); $query = $this->db->query("select arrived-(arrived%$delta) as ts, count(*) as num from " . TABLE_META . " where arrived > $range $grouping ORDER BY ts DESC limit $limit");
} }

20
webui/model/user/google.php
View File

@ -4,6 +4,8 @@ class ModelUserGoogle extends Model {
public function check_for_account($google_account = array()) { public function check_for_account($google_account = array()) {
$session = Registry::get('session');
$query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".password, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . ", " . TABLE_EMAIL . " WHERE " . TABLE_EMAIL . ".email=? AND " . TABLE_EMAIL . ".uid=" . TABLE_USER . ".uid", array($google_account['email'])); $query = $this->db->query("SELECT " . TABLE_USER . ".username, " . TABLE_USER . ".uid, " . TABLE_USER . ".realname, " . TABLE_USER . ".dn, " . TABLE_USER . ".password, " . TABLE_USER . ".isadmin, " . TABLE_USER . ".domain FROM " . TABLE_USER . ", " . TABLE_EMAIL . " WHERE " . TABLE_EMAIL . ".email=? AND " . TABLE_EMAIL . ".uid=" . TABLE_USER . ".uid", array($google_account['email']));
if($query->num_rows == 1) { if($query->num_rows == 1) {
@ -39,16 +41,16 @@ class ModelUserGoogle extends Model {
$this->model_domain_domain->addDomain($user['domain'], $user['domain']); $this->model_domain_domain->addDomain($user['domain'], $user['domain']);
} }
$_SESSION['username'] = $user['username']; $session->set("username", $user['username']);
$_SESSION['uid'] = $user['uid']; $session->set("uid", $user['uid']);
$_SESSION['admin_user'] = 0; $session->set("admin_user", 0);
$_SESSION['email'] = $user['username']; $session->set("email", $user['username']);
$_SESSION['domain'] = $query->row['domain']; $session->set("domain", $query->row['domain']);
$_SESSION['realname'] = $query->row['realname']; $session->set("realname", $query->row['realname']);
$_SESSION['emails'] = $this->model_user_user->get_users_all_email_addresses($user['uid']); $session->set("emails", $this->model_user_user->get_users_all_email_addresses($user['uid']));
$_SESSION['folders'] = $this->model_folder_folder->get_all_folder_ids($user['uid']); $session->set("folders", $this->model_folder_folder->get_all_folder_ids($user['uid']));
$_SESSION['extra_folders'] = $this->model_folder_folder->get_all_extra_folder_ids($user['uid']); $session->set("extra_folders", $this->model_folder_folder->get_all_extra_folder_ids($user['uid']));
AUDIT(ACTION_LOGIN, $user['username'], '', '', 'successful auth against Google'); AUDIT(ACTION_LOGIN, $user['username'], '', '', 'successful auth against Google');

16
webui/model/user/prefs.php
View File

@ -5,11 +5,13 @@ class ModelUserPrefs extends Model {
public function get_user_preferences($username = '') { public function get_user_preferences($username = '') {
if($username == "") { return 0; } if($username == "") { return 0; }
$session = Registry::get('session');
$query = $this->db->query("SELECT * FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username)); $query = $this->db->query("SELECT * FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username));
if(isset($query->row['pagelen'])) { $_SESSION['pagelen'] = $query->row['pagelen']; } else { $_SESSION['pagelen'] = PAGE_LEN; } if(isset($query->row['pagelen'])) { $session->set("pagelen", $query->row['pagelen']); } else { $session->set("pagelen", PAGE_LEN); }
if(isset($query->row['theme'])) { $_SESSION['theme'] = $query->row['theme']; } else { $_SESSION['theme'] = THEME; } if(isset($query->row['theme'])) { $session->set("theme", $query->row['theme']); } else { $session->set("theme", THEME); }
if(isset($query->row['lang'])) { $_SESSION['lang'] = $query->row['lang']; } else { $_SESSION['lang'] = DEFAULT_LANG; } if(isset($query->row['lang'])) { $session->set("lang", $query->row['lang']); } else { $session->set("lang", DEFAULT_LANG); }
return 1; return 1;
} }
@ -20,6 +22,8 @@ class ModelUserPrefs extends Model {
if(!isset($prefs['pagelen']) || !is_numeric($prefs['pagelen']) || $prefs['pagelen'] < 10 || $prefs['pagelen'] > 100 if(!isset($prefs['pagelen']) || !is_numeric($prefs['pagelen']) || $prefs['pagelen'] < 10 || $prefs['pagelen'] > 100
|| !isset($prefs['theme']) || !preg_match("/^([a-zA-Z0-9\-\_]+)$/", $prefs['theme']) || !file_exists(DIR_THEME . $prefs['theme']) ) { return 1; } || !isset($prefs['theme']) || !preg_match("/^([a-zA-Z0-9\-\_]+)$/", $prefs['theme']) || !file_exists(DIR_THEME . $prefs['theme']) ) { return 1; }
$session = Registry::get('session');
$query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username)); $query = $this->db->query("SELECT COUNT(*) AS num FROM " . TABLE_USER_SETTINGS . " WHERE username=?", array($username));
if((int)@$query->row['num'] == 1) { if((int)@$query->row['num'] == 1) {
@ -30,9 +34,9 @@ class ModelUserPrefs extends Model {
} }
$_SESSION['pagelen'] = $prefs['pagelen']; $session->set("pagelen", $prefs['pagelen']);
$_SESSION['theme'] = $prefs['theme']; $session->set("theme", $prefs['theme']);
$_SESSION['lang'] = $prefs['lang']; $session->set("lang", $prefs['lang']);
LOGGER("set user preference", $username); LOGGER("set user preference", $username);

4
webui/model/user/user.php
View File

@ -85,7 +85,9 @@ class ModelUserUser extends Model {
public function get_users_all_domains($uid = 0) { public function get_users_all_domains($uid = 0) {
$data = array(); $data = array();
array_push($data, $_SESSION['domain']); $session = Registry::get('session');
array_push($data, $session->get('domain'));
if($uid > 0) { if($uid > 0) {
$query = $this->db->query("SELECT domain FROM " . TABLE_DOMAIN_USER . " WHERE uid=?", array((int)$uid)); $query = $this->db->query("SELECT domain FROM " . TABLE_DOMAIN_USER . " WHERE uid=?", array((int)$uid));

4
webui/qr.php
View File

@ -1,13 +1,9 @@
<?php <?php
session_start();
require_once("config.php"); require_once("config.php");
require(DIR_SYSTEM . "/startup.php"); require(DIR_SYSTEM . "/startup.php");
$session = new Session();
$loader = new Loader(); $loader = new Loader();
$language = new Language(); $language = new Language();

13
webui/securimage/captcha.html
View File

@ -1,13 +0,0 @@
<!-- The following is example HTML that can be used on your form -->
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left">
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" onclick="this.blur()" align="bottom" border="0"></a><br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="16" />
</p>

207
webui/securimage/example_form.ajax.php
View File

@ -1,207 +0,0 @@
<?php
session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
$GLOBALS['ct_recipient'] = 'YOU@EXAMPLE.COM'; // Change to your email address!
$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
$GLOBALS['DEBUG_MODE'] = 1;
// CHANGE TO 0 TO TURN OFF DEBUG MODE
// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
// Process the form, if it was submitted
process_si_contact_form();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Securimage Example Form</title>
<style type="text/css">
<!--
#success_message { border: 1px solid #000; width: 550px; text-align: left; padding: 10px 7px; background: #33ff33; color: #000; font-weight; bold; font-size: 1.2em; border-radius: 4px; -moz-border-radius: 4px; -webkit-border-radius: 4px; }
fieldset { width: 90%; }
legend { font-size: 24px; }
.note { font-size: 18px; }
-->
</style>
</head>
<body>
<fieldset>
<legend>Example Form</legend>
<p class="note">
This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
This example form also demonstrates how to submit a form to itself to display error messages.
</p>
<div id="success_message" style="display: none">Your message has been sent!<br />We will contact you as soon as possible.</div>
<form method="post" action="" id="contact_form" onsubmit="return processForm()">
<input type="hidden" name="do" value="contact" />
<p>
<strong>Name*:</strong><br />
<input type="text" name="ct_name" size="35" value="" />
</p>
<p>
<strong>Email*:</strong><br />
<input type="text" name="ct_email" size="35" value="" />
</p>
<p>
<strong>URL:</strong><br />
<input type="text" name="ct_URL" size="35" value="" />
</p>
<p>
<strong>Message*:</strong><br />
<textarea name="ct_message" rows="12" cols="60"></textarea>
</p>
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
<strong>Enter Code*:</strong><br />
<input type="text" name="ct_captcha" size="12" maxlength="8" />
</p>
<p>
<br />
<input type="submit" value="Submit Message" />
</p>
</form>
</fieldset>
<script src="http://code.jquery.com/jquery-1.10.1.min.js"></script>
<script type="text/javascript">
$.noConflict();
function reloadCaptcha()
{
jQuery('#siimage').src = './securimage_show.php?sid=' + Math.random();
}
function processForm()
{
jQuery.ajax({
url: '<?php echo $_SERVER['PHP_SELF'] ?>',
type: 'POST',
data: jQuery('#contact_form').serialize(),
dataType: 'json',
}).done(function(data) {
if (data.error === 0) {
jQuery('#success_message').show();
jQuery('#contact_form')[0].reset();
reloadCaptcha();
setTimeout("jQuery('#success_message').fadeOut()", 30000);
} else {
alert("There was an error with your submission.\n\n" + data.message);
}
});
return false;
}
</script>
</body>
</html>
<?php
// The form processor PHP code
function process_si_contact_form()
{
if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
// if the form has been submitted
foreach($_POST as $key => $value) {
if (!is_array($key)) {
// sanitize the input data
if ($key != 'ct_message') $value = strip_tags($value);
$_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
}
}
$name = @$_POST['ct_name']; // name from the form
$email = @$_POST['ct_email']; // email from the form
$URL = @$_POST['ct_URL']; // url from the form
$message = @$_POST['ct_message']; // the message from the form
$captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
$name = substr($name, 0, 64); // limit name to 64 characters
$errors = array(); // initialize empty error array
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// only check for errors if the form is not in debug mode
if (strlen($name) < 3) {
// name too short, add error
$errors['name_error'] = 'Your name is required';
}
if (strlen($email) == 0) {
// no email address given
$errors['email_error'] = 'Email address is required';
} else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
// invalid email format
$errors['email_error'] = 'Email address entered is invalid';
}
if (strlen($message) < 20) {
// message length too short
$errors['message_error'] = 'Please enter a message';
}
}
// Only try to validate the captcha if the form has no errors
// This is especially important for ajax calls
if (sizeof($errors) == 0) {
require_once dirname(__FILE__) . '/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
$errors['captcha_error'] = 'Incorrect security code entered';
}
}
if (sizeof($errors) == 0) {
// no errors, send the form
$time = date('r');
$message = "A message was submitted from the contact form. The following information was provided.<br /><br />"
. "Name: $name<br />"
. "Email: $email<br />"
. "URL: $URL<br />"
. "Message:<br />"
. "<pre>$message</pre>"
. "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
. "Time: $time<br />"
. "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// send the message with mail()
mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
}
$return = array('error' => 0, 'message' => 'OK');
die(json_encode($return));
} else {
$errmsg = '';
foreach($errors as $key => $error) {
// set up error messages to display with each field
$errmsg .= " - {$error}\n";
}
$return = array('error' => 1, 'message' => $errmsg);
die(json_encode($return));
}
} // POST
} // function process_si_contact_form()

192
webui/securimage/example_form.php
View File

@ -1,192 +0,0 @@
<?php
session_start(); // this MUST be called prior to any output including whitespaces and line breaks!
$GLOBALS['DEBUG_MODE'] = 1;
// CHANGE TO 0 TO TURN OFF DEBUG MODE
// IN DEBUG MODE, ONLY THE CAPTCHA CODE IS VALIDATED, AND NO EMAIL IS SENT
$GLOBALS['ct_recipient'] = 'YOU@EXAMPLE.COM'; // Change to your email address!
$GLOBALS['ct_msg_subject'] = 'Securimage Test Contact Form';
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-type" content="text/html;charset=UTF-8" />
<title>Securimage Example Form</title>
<style type="text/css">
<!--
.error { color: #f00; font-weight: bold; font-size: 1.2em; }
.success { color: #00f; font-weight: bold; font-size: 1.2em; }
fieldset { width: 90%; }
legend { font-size: 24px; }
.note { font-size: 18px;
-->
</style>
</head>
<body>
<fieldset>
<legend>Example Form</legend>
<p class="note">
This is an example PHP form that processes user information, checks for errors, and validates the captcha code.<br />
This example form also demonstrates how to submit a form to itself to display error messages.
</p>
<?php
process_si_contact_form(); // Process the form, if it was submitted
if (isset($_SESSION['ctform']['error']) && $_SESSION['ctform']['error'] == true): /* The last form submission had 1 or more errors */ ?>
<span class="error">There was a problem with your submission. Errors are displayed below in red.</span><br /><br />
<?php elseif (isset($_SESSION['ctform']['success']) && $_SESSION['ctform']['success'] == true): /* form was processed successfully */ ?>
<span class="success">The captcha was correct and the message has been sent!</span><br /><br />
<?php endif; ?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER['REQUEST_URI'] . $_SERVER['QUERY_STRING']) ?>" id="contact_form">
<input type="hidden" name="do" value="contact" />
<p>
<strong>Name*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['name_error'] ?><br />
<input type="text" name="ct_name" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_name']) ?>" />
</p>
<p>
<strong>Email*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['email_error'] ?><br />
<input type="text" name="ct_email" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_email']) ?>" />
</p>
<p>
<strong>URL:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['URL_error'] ?><br />
<input type="text" name="ct_URL" size="35" value="<?php echo htmlspecialchars(@$_SESSION['ctform']['ct_URL']) ?>" />
</p>
<p>
<strong>Message*:</strong>&nbsp; &nbsp;<?php echo @$_SESSION['ctform']['message_error'] ?><br />
<textarea name="ct_message" rows="12" cols="60"><?php echo htmlspecialchars(@$_SESSION['ctform']['ct_message']) ?></textarea>
</p>
<p>
<img id="siimage" style="border: 1px solid #000; margin-right: 15px" src="./securimage_show.php?sid=<?php echo md5(uniqid()) ?>" alt="CAPTCHA Image" align="left" />
<object type="application/x-shockwave-flash" data="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage_play.swf?bgcol=#ffffff&amp;icon_file=./images/audio_icon.png&amp;audio_file=./securimage_play.php" />
</object>
&nbsp;
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
<strong>Enter Code*:</strong><br />
<?php echo @$_SESSION['ctform']['captcha_error'] ?>
<input type="text" name="ct_captcha" size="12" maxlength="16" />
</p>
<p>
<br />
<input type="submit" value="Submit Message" />
</p>
</form>
</fieldset>
</body>
</html>
<?php
// The form processor PHP code
function process_si_contact_form()
{
$_SESSION['ctform'] = array(); // re-initialize the form session data
if ($_SERVER['REQUEST_METHOD'] == 'POST' && @$_POST['do'] == 'contact') {
// if the form has been submitted
foreach($_POST as $key => $value) {
if (!is_array($key)) {
// sanitize the input data
if ($key != 'ct_message') $value = strip_tags($value);
$_POST[$key] = htmlspecialchars(stripslashes(trim($value)));
}
}
$name = @$_POST['ct_name']; // name from the form
$email = @$_POST['ct_email']; // email from the form
$URL = @$_POST['ct_URL']; // url from the form
$message = @$_POST['ct_message']; // the message from the form
$captcha = @$_POST['ct_captcha']; // the user's entry for the captcha code
$name = substr($name, 0, 64); // limit name to 64 characters
$errors = array(); // initialize empty error array
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// only check for errors if the form is not in debug mode
if (strlen($name) < 3) {
// name too short, add error
$errors['name_error'] = 'Your name is required';
}
if (strlen($email) == 0) {
// no email address given
$errors['email_error'] = 'Email address is required';
} else if ( !preg_match('/^(?:[\w\d]+\.?)+@(?:(?:[\w\d]\-?)+\.)+\w{2,4}$/i', $email)) {
// invalid email format
$errors['email_error'] = 'Email address entered is invalid';
}
if (strlen($message) < 20) {
// message length too short
$errors['message_error'] = 'Please enter a message';
}
}
// Only try to validate the captcha if the form has no errors
// This is especially important for ajax calls
if (sizeof($errors) == 0) {
require_once dirname(__FILE__) . '/securimage.php';
$securimage = new Securimage();
if ($securimage->check($captcha) == false) {
$errors['captcha_error'] = 'Incorrect security code entered<br />';
}
}
if (sizeof($errors) == 0) {
// no errors, send the form
$time = date('r');
$message = "A message was submitted from the contact form. The following information was provided.<br /><br />"
. "Name: $name<br />"
. "Email: $email<br />"
. "URL: $URL<br />"
. "Message:<br />"
. "<pre>$message</pre>"
. "<br /><br />IP Address: {$_SERVER['REMOTE_ADDR']}<br />"
. "Time: $time<br />"
. "Browser: {$_SERVER['HTTP_USER_AGENT']}<br />";
$message = wordwrap($message, 70);
if (isset($GLOBALS['DEBUG_MODE']) && $GLOBALS['DEBUG_MODE'] == false) {
// send the message with mail()
mail($GLOBALS['ct_recipient'], $GLOBALS['ct_msg_subject'], $message, "From: {$GLOBALS['ct_recipient']}\r\nReply-To: {$email}\r\nContent-type: text/html; charset=ISO-8859-1\r\nMIME-Version: 1.0");
}
$_SESSION['ctform']['error'] = false; // no error with form
$_SESSION['ctform']['success'] = true; // message sent
} else {
// save the entries, this is to re-populate the form
$_SESSION['ctform']['ct_name'] = $name; // save name from the form submission
$_SESSION['ctform']['ct_email'] = $email; // save email
$_SESSION['ctform']['ct_URL'] = $URL; // save URL
$_SESSION['ctform']['ct_message'] = $message; // save message
foreach($errors as $key => $error) {
// set up error messages to display with each field
$_SESSION['ctform'][$key] = "<span style=\"font-weight: bold; color: #f00\">$error</span>";
}
$_SESSION['ctform']['error'] = true; // set error floag
}
} // POST
}
$_SESSION['ctform']['success'] = false; // clear success value after running

130
webui/securimage/securimage.php
View File

@ -853,13 +853,13 @@ class Securimage
try { try {
$audio = $this->getAudibleCode(); $audio = $this->getAudibleCode();
} catch (Exception $ex) { } catch (Exception $ex) {
if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) { if (($fp = @fopen(dirname(__FILE__) . '/si.error_log', 'a+')) !== false) {
fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n"); fwrite($fp, date('Y-m-d H:i:s') . ': Securimage audio error "' . $ex->getMessage() . '"' . "\n");
fclose($fp); fclose($fp);
} }
$audio = $this->audioError(); $audio = $this->audioError();
} }
if ($this->canSendHeaders() || $this->send_headers == false) { if ($this->canSendHeaders() || $this->send_headers == false) {
if ($this->send_headers) { if ($this->send_headers) {
@ -890,15 +890,15 @@ class Securimage
if (!$this->no_exit) exit; if (!$this->no_exit) exit;
} }
/** /**
* Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned * Return the code from the session or sqlite database if used. If none exists yet, an empty string is returned
* *
* @param $array bool True to receive an array containing the code and properties * @param $array bool True to receive an array containing the code and properties
* @return array|string Array if $array = true, otherwise a string containing the code * @return array|string Array if $array = true, otherwise a string containing the code
*/ */
public function getCode($array = false, $returnExisting = false) public function getCode($array = false, $returnExisting = false)
{ {
$code = ''; $code = '';
$time = 0; $time = 0;
$disp = 'error'; $disp = 'error';
@ -911,31 +911,31 @@ class Securimage
} else { } else {
return $this->code; return $this->code;
} }
} }
if ($this->no_session != true) { if ($this->no_session != true) {
if (isset($_SESSION['securimage_code_value'][$this->namespace]) && if (isset($_SESSION['securimage_code_value'][$this->namespace]) &&
trim($_SESSION['securimage_code_value'][$this->namespace]) != '') { trim($_SESSION['securimage_code_value'][$this->namespace]) != '') {
if ($this->isCodeExpired( if ($this->isCodeExpired(
$_SESSION['securimage_code_ctime'][$this->namespace]) == false) { $_SESSION['securimage_code_ctime'][$this->namespace]) == false) {
$code = $_SESSION['securimage_code_value'][$this->namespace]; $code = $_SESSION['securimage_code_value'][$this->namespace];
$time = $_SESSION['securimage_code_ctime'][$this->namespace]; $time = $_SESSION['securimage_code_ctime'][$this->namespace];
$disp = $_SESSION['securimage_code_disp'] [$this->namespace]; $disp = $_SESSION['securimage_code_disp'] [$this->namespace];
} }
} }
} }
if (empty($code) && $this->use_database) { if (empty($code) && $this->use_database) {
// no code in session - may mean user has cookies turned off // no code in session - may mean user has cookies turned off
$this->openDatabase(); $this->openDatabase();
$code = $this->getCodeFromDatabase(); $code = $this->getCodeFromDatabase();
} else { /* no code stored in session or sqlite database, validation will fail */ } } else { /* no code stored in session or sqlite database, validation will fail */ }
if ($array == true) { if ($array == true) {
return array('code' => $code, 'ctime' => $time, 'display' => $disp); return array('code' => $code, 'ctime' => $time, 'display' => $disp);
} else { } else {
return $code; return $code;
} }
} }
/** /**
@ -1378,24 +1378,24 @@ class Securimage
header("Pragma: no-cache"); header("Pragma: no-cache");
} }
switch ($this->image_type) { switch ($this->image_type) {
case self::SI_IMAGE_JPEG: case self::SI_IMAGE_JPEG:
if ($this->send_headers) header("Content-Type: image/jpeg"); if ($this->send_headers) header("Content-Type: image/jpeg");
imagejpeg($this->im, null, 90); imagejpeg($this->im, null, 90);
break; break;
case self::SI_IMAGE_GIF: case self::SI_IMAGE_GIF:
if ($this->send_headers) header("Content-Type: image/gif"); if ($this->send_headers) header("Content-Type: image/gif");
imagegif($this->im); imagegif($this->im);
break; break;
default: default:
if ($this->send_headers) header("Content-Type: image/png"); if ($this->send_headers) header("Content-Type: image/png");
imagepng($this->im); imagepng($this->im);
break; break;
} }
} else { } else {
echo '<hr /><strong>' echo '<hr /><strong>'
.'Failed to generate captcha image, content has already been ' .'Failed to generate captcha image, content has already been '
.'output.<br />This is most likely due to misconfiguration or ' .'output.<br />This is most likely due to misconfiguration or '
.'a PHP error was sent to the browser.</strong>'; .'a PHP error was sent to the browser.</strong>';
} }
@ -1943,10 +1943,10 @@ class Securimage
if ($this->audio_gap_max > 0 && $this->audio_gap_max > $this->audio_gap_min) { if ($this->audio_gap_max > 0 && $this->audio_gap_max > $this->audio_gap_min) {
$wavCaptcha->insertSilence( mt_rand($this->audio_gap_min, $this->audio_gap_max) / 1000.0 ); $wavCaptcha->insertSilence( mt_rand($this->audio_gap_min, $this->audio_gap_max) / 1000.0 );
} }
} catch (Exception $ex) { } catch (Exception $ex) {
// failed to open file, or the wav file is broken or not supported // failed to open file, or the wav file is broken or not supported
// 2 wav files were not compatible, different # channels, bits/sample, or sample rate // 2 wav files were not compatible, different # channels, bits/sample, or sample rate
throw $ex; throw $ex;
} }
} }
@ -2038,18 +2038,18 @@ class Securimage
* *
* @return bool true if headers haven't been sent and no output/errors will break audio/images, false if unsafe * @return bool true if headers haven't been sent and no output/errors will break audio/images, false if unsafe
*/ */
protected function canSendHeaders() protected function canSendHeaders()
{ {
if (headers_sent()) { if (headers_sent()) {
// output has been flushed and headers have already been sent // output has been flushed and headers have already been sent
return false; return false;
} else if (strlen((string)ob_get_contents()) > 0) { } else if (strlen((string)ob_get_contents()) > 0) {
// headers haven't been sent, but there is data in the buffer that will break image and audio data // headers haven't been sent, but there is data in the buffer that will break image and audio data
return false; return false;
} }
return true; return true;
} }
/** /**
* Return a random float between 0 and 0.9999 * Return a random float between 0 and 0.9999

5
webui/system/controller.php
View File

@ -86,9 +86,10 @@ class Controller {
protected function fetch(){ protected function fetch(){
$session = Registry::get('session');
if(isset($_SESSION['theme']) && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $_SESSION['theme']) && file_exists(DIR_THEME . $_SESSION['theme']) ) { if($session->get("theme") && preg_match("/^([a-zA-Z0-9\-\_]+)$/", $session->get("theme")) && file_exists(DIR_THEME . $session->get("theme")) ) {
$file = DIR_THEME . $_SESSION['theme'] . '/templates/' . $this->template; $file = DIR_THEME . $session->get("theme") . '/templates/' . $this->template;
} else { } else {
$file = DIR_THEME . THEME . '/templates/' . $this->template; $file = DIR_THEME . THEME . '/templates/' . $this->template;
} }

9
webui/system/language.php
View File

@ -8,10 +8,11 @@ class Language {
global $langs; global $langs;
$lang = ''; $lang = '';
$session = Registry::get('session');
if(isset($_SESSION['lang']) && $_SESSION['lang'] != '') { if($session->get("lang")) {
$file = DIR_LANGUAGE . $_SESSION['lang'] . '/messages.php'; $file = DIR_LANGUAGE . $session->get("lang") . '/messages.php';
define('LANG', $_SESSION['lang']); define('LANG', $session->get("lang"));
} }
else { else {
$pref_langs = $this->get_preferred_languages(); $pref_langs = $this->get_preferred_languages();
@ -26,7 +27,7 @@ class Language {
if($lang == '') { $lang = DEFAULT_LANG; } if($lang == '') { $lang = DEFAULT_LANG; }
$_SESSION['lang'] = $lang; $session->set("lang", $lang);
$file = DIR_LANGUAGE . $lang . '/messages.php'; $file = DIR_LANGUAGE . $lang . '/messages.php';
} }

42
webui/system/misc.php
View File

@ -3,8 +3,10 @@
function LOGGER($event = '', $username = '') { function LOGGER($event = '', $username = '') {
if($event == "") { return 0; } if($event == "") { return 0; }
$session = Registry::get('session');
if($username == '') { if($username == '') {
if(isset($_SESSION['username'])) { $username = $_SESSION['username']; } if($session->get("username")) { $username = $session->get("username"); }
else { $username = 'unknown'; } else { $username = 'unknown'; }
} }
@ -16,8 +18,10 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = '
if(ENABLE_AUDIT == 0) { return 0; } if(ENABLE_AUDIT == 0) { return 0; }
$session = Registry::get('session');
if($ipaddr == '' && isset($_SERVER['REMOTE_ADDR'])) { $ipaddr = $_SERVER['REMOTE_ADDR']; } if($ipaddr == '' && isset($_SERVER['REMOTE_ADDR'])) { $ipaddr = $_SERVER['REMOTE_ADDR']; }
if($email == '') { $email = $_SESSION['email']; } if($email == '') { $email = $session->get("email"); }
$a = explode("@", $email); $a = explode("@", $email);
@ -30,42 +34,51 @@ function AUDIT($action = 0, $email = '', $ipaddr = '', $id = 0, $description = '
function getAuthenticatedUsername() { function getAuthenticatedUsername() {
$session = Registry::get('session');
if(isset($_SESSION['username'])){ return $_SESSION['username']; } if($session->get("username")) { return $session->get("username"); }
return ""; return "";
} }
function isAdminUser() { function isAdminUser() {
if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 1){ return 1; } $session = Registry::get('session');
if($session->get("admin_user") == 1){ return 1; }
return 0; return 0;
} }
function isAuditorUser() { function isAuditorUser() {
if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 2){ return 1; } $session = Registry::get('session');
if($session->get("admin_user") == 2){ return 1; }
return 0; return 0;
} }
function isReadonlyAdmin() { function isReadonlyAdmin() {
if(isset($_SESSION['admin_user']) && $_SESSION['admin_user'] == 3){ return 1; } $session = Registry::get('session');
if($session->get("admin_user") == 3){ return 1; }
return 0; return 0;
} }
function logout() { function logout() {
AUDIT(ACTION_LOGOUT, $_SESSION['email'], '', '', ''); $session = Registry::get('session');
$_SESSION['username'] = ""; AUDIT(ACTION_LOGOUT, $session->get("email"), '', '', '');
$_SESSION['admin_user'] = 0;
unset($_SESSION['username']); $session->set("username", "");
unset($_SESSION['admin_user']); $session->set("admin_user", 0);
$session->remove("username");
$session->remove("admin_user");
Registry::set('username', ''); Registry::set('username', '');
@ -82,9 +95,10 @@ function isBinary($num = '') {
function get_page_length() { function get_page_length() {
$page_len = PAGE_LEN; $page_len = PAGE_LEN;
$session = Registry::get('session');
if(isset($_SESSION['pagelen']) && is_numeric($_SESSION['pagelen']) && $_SESSION['pagelen'] >= 10 && $_SESSION['pagelen'] <= MAX_SEARCH_HITS) {
$page_len = $_SESSION['pagelen']; if($session->get("pagelen") && is_numeric($session->get("pagelen")) && $session->get("pagelen") >= 10 && $session->get("pagelen") <= MAX_SEARCH_HITS) {
$page_len = $session->get("pagelen");
} }
return $page_len; return $page_len;

12
webui/system/request.php
View File

@ -27,12 +27,12 @@ class Request {
class Session { class Session {
public function __construct() { public function __construct() {
//session_start(); session_start();
} }
public function get($s = '') { public function get($k = '') {
if($s && isset($_SESSION[$s])) { return $_SESSION[$s]; } if($k && isset($_SESSION[$k])) { return $_SESSION[$k]; }
return ''; return '';
} }
@ -44,6 +44,12 @@ class Session {
} }
public function remove($k = '') {
if($k) { unset($_SESSION[$k]); }
}
} }

4
webui/system/startup.php
View File

@ -6,8 +6,8 @@ require(DIR_SYSTEM . "/front.php");
require(DIR_SYSTEM . "/language.php"); require(DIR_SYSTEM . "/language.php");
require(DIR_SYSTEM . "/loader.php"); require(DIR_SYSTEM . "/loader.php");
require(DIR_SYSTEM . "/model.php"); require(DIR_SYSTEM . "/model.php");
require(DIR_SYSTEM . "/registry.php"); //require(DIR_SYSTEM . "/registry.php");
require(DIR_SYSTEM . "/request.php"); //require(DIR_SYSTEM . "/request.php");
require(DIR_SYSTEM . "/router.php"); require(DIR_SYSTEM . "/router.php");
require(DIR_SYSTEM . "/misc.php"); require(DIR_SYSTEM . "/misc.php");

2
webui/view/theme/default/templates/login/login.tpl
View File

@ -26,7 +26,7 @@
<body id="loginpage"> <body id="loginpage">
<?php if(!isset($_SESSION['username'])){ ?> <?php if(!Registry::get('username')) { ?>
<div id="logincontainer" class="container"> <div id="logincontainer" class="container">
<div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="Login" /></div> <div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="Login" /></div>

2
webui/view/theme/default/templates/user/add.tpl
View File

@ -42,7 +42,7 @@
<div class="controls"> <div class="controls">
<select name="domain" id="domain"> <select name="domain" id="domain">
<?php asort($domains); foreach ($domains as $domain) { ?> <?php asort($domains); foreach ($domains as $domain) { ?>
<option value="<?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?>"<?php if( (isset($post) && $domain == $post['domain']) || (!isset($post) && isset($_SESSION['last_domain']) && $domain == $_SESSION['last_domain']) ){ ?> selected="selected"<?php } ?>><?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?></option> <option value="<?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?>"<?php if( (isset($post) && $domain == $post['domain']) || (!isset($post) && $domain == $last_domain) ){ ?> selected="selected"<?php } ?>><?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?></option>
<?php } ?> <?php } ?>
</select> </select>
<?php if ( isset($errors['domain']) ) { ?><span class="help-inline"><?php print $errors['domain']; ?></span><?php } ?> <?php if ( isset($errors['domain']) ) { ?><span class="help-inline"><?php print $errors['domain']; ?></span><?php } ?>

4
webui/view/theme/default/templates/user/settings.tpl
View File

@ -66,7 +66,7 @@
<div class="controls"> <div class="controls">
<select name="theme"> <select name="theme">
<?php foreach(Registry::get('themes') as $t) { ?> <?php foreach(Registry::get('themes') as $t) { ?>
<option value="<?php print $t; ?>"<?php if(isset($_SESSION['theme']) && $_SESSION['theme'] == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option> <option value="<?php print $t; ?>"<?php if($theme == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>
@ -77,7 +77,7 @@
<select name="lang"> <select name="lang">
<option value=""><?php print $text_use_browser_settings; ?></option> <option value=""><?php print $text_use_browser_settings; ?></option>
<?php foreach(Registry::get('langs') as $t) { ?> <?php foreach(Registry::get('langs') as $t) { ?>
<option value="<?php print $t; ?>"<?php if(isset($_SESSION['lang']) && $_SESSION['lang'] == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option> <option value="<?php print $t; ?>"<?php if($lang == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>

2
webui/view/theme/mobile/templates/login/login.tpl
View File

@ -30,7 +30,7 @@
<body class="loginpage"> <body class="loginpage">
<?php if(!isset($_SESSION['username'])){ ?> <?php if(!Registry::get('username')) { ?>
<div id="logincontainer" class="container"> <div id="logincontainer" class="container">
<div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="<?php print $text_login; ?>" /></div> <div id="logo-lg"><img src="<?php print SITE_URL; ?><?php print SITE_LOGO_LG; ?>" alt="Archive Logo Image" title="<?php print $text_login; ?>" /></div>

2
webui/view/theme/mobile/templates/user/add.tpl
View File

@ -26,7 +26,7 @@
<div class="domaincell"> <div class="domaincell">
<select name="domain" class="span5"> <select name="domain" class="span5">
<?php asort($domains); foreach ($domains as $domain) { ?> <?php asort($domains); foreach ($domains as $domain) { ?>
<option value="<?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?>"<?php if( (isset($post) && $domain == $post['domain']) || (!isset($post) && isset($_SESSION['last_domain']) && $domain == $_SESSION['last_domain']) ){ ?> selected="selected"<?php } ?>><?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?></option> <option value="<?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?>"<?php if( (isset($post) && $domain == $post['domain']) || (!isset($post) && $domain == $last_domain) ){ ?> selected="selected"<?php } ?>><?php if(is_array($domain)){ print $domain['mapped']; } else { print $domain; } ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>

4
webui/view/theme/mobile/templates/user/settings.tpl
View File

@ -73,7 +73,7 @@
<div class="tcell"> <div class="tcell">
<select name="theme"> <select name="theme">
<?php foreach(Registry::get('themes') as $t) { ?> <?php foreach(Registry::get('themes') as $t) { ?>
<option value="<?php print $t; ?>"<?php if(isset($_SESSION['theme']) && $_SESSION['theme'] == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option> <option value="<?php print $t; ?>"<?php if($theme == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>
@ -85,7 +85,7 @@
<select name="lang"> <select name="lang">
<option value=""><?php print $text_use_browser_settings; ?></option> <option value=""><?php print $text_use_browser_settings; ?></option>
<?php foreach(Registry::get('langs') as $t) { ?> <?php foreach(Registry::get('langs') as $t) { ?>
<option value="<?php print $t; ?>"<?php if(isset($_SESSION['lang']) && $_SESSION['lang'] == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option> <option value="<?php print $t; ?>"<?php if($lang == $t) { ?> selected="selected"<?php } ?>><?php print $t; ?></option>
<?php } ?> <?php } ?>
</select> </select>
</div> </div>