_common.php _include.php if (@is_readable('../include/config.php')) { include '../include/config.php'; } else if (@is_readable('./include/config.php')) { include './include/config.php'; } else { header('Location: error.php?tznMessage=' .urlencode('Could not find or access config.php file. Please edit _include.php file.')); exit; } require_once('/home/simple/security/settings_dev_todo.php'); require_once('/home/simple/public_html/include.php'); header("Content-type: text/html; charset=".FRK_CHARSET); session_start(); /*header("Content-type: text/html; charset=".FRK_CHARSET); session_start();*/ include/classes/tzn_generic.php if (@constant('TZN_TRANS_ID')) { ini_set("session.use_trans_sid",1); } /*if (@constant('TZN_TRANS_ID')) { ini_set("session.use_trans_sid",1); }*/ include/classes/tzn_user.php function isLogged($level=null) { $lUserId = $_SESSION['tznUserId']; if ($lUserId == 0 || empty($lUserId) || $this->_logingOut) { return false; } else { $this->id = $lUserId; $this->level = $_SESSION['tznUserLevel']; $this->timeZone = $_SESSION['tznUserTimeZone']; $this->username = $_SESSION['tznUserName']; $this->lastLoginDate = $_SESSION['tznUserLastLogin']; $this->lastLoginAddress = $_SESSION['tznUserLastAddress']; if ($level) { if ($this->getLvl($level)) { return true; } else { return false; } } else { return true; } } } function isLogged($level=null) { $lUserId = $GLOBALS['ID_MEMBER']; if ($lUserId == 0 || empty($lUserId) || $this->_logingOut || !$GLOBALS['user_info']['is_team']) { return false; } else { $this->id = $lUserId; $this->level = in_array(19, $GLOBALS['user_info']['groups']) || $GLOBALS['user_info']['is_admin'] ? 4 : 1; $this->timeZone = $_SESSION['tznUserTimeZone']; $this->username = $GLOBALS['user_info']['name']; $this->lastLoginDate = $_SESSION['tznUserLastLogin']; $this->lastLoginAddress = $_SESSION['tznUserLastAddress']; $this->getConnection(); $this->query(" INSERT IGNORE INTO " . $this->gTable('member') . " (memberId, email, firstName, username, level, authorId, enabled) VALUES ($lUserId, '{$GLOBALS['user_info']['email']}', '{$GLOBALS['user_info']['name']}', '{$GLOBALS['user_info']['username']}', " . $this->level . ", $lUserId, 1)"); if ($level) { if ($this->getLvl($level)) { return true; } else { return false; } } else { return true; } } } function checkAutoLogin($forReal=true) { $cookieVal = $_COOKIE['autoLogin']; if (empty($cookieVal)) { return false; } $arrVal = explode(":",$cookieVal); $id = $arrVal[0]; $salt = $arrVal[1]; if($this->loadByFilter($this->gTable().'.'.$this->getIdKey()."='".$id ."' AND ".$this->gTable().".salt='".$salt."'")) { if (!$forReal) { return true; } setCookie('autoLogin',$this->id.":".$this->salt ,time()+(3600*24*30)); $this->_activateLogin(); return true; } else { return false; } } function checkAutoLogin($forReal=true) { return $GLOBALS['user_info']['is_team']; } function isLogged($level=null) { $lUserId = $GLOBALS['ID_MEMBER']; if ($lUserId == 0 || empty($lUserId) || $this->_logingOut || !$GLOBALS['user_info']['is_team']) { return false; } else { $this->id = $lUserId; $this->level = in_array(19, $GLOBALS['user_info']['groups']) || $GLOBALS['user_info']['is_admin'] ? 4 : 1; $this->timeZone = $_SESSION['tznUserTimeZone']; $this->username = $GLOBALS['user_info']['name']; $this->lastLoginDate = $_SESSION['tznUserLastLogin']; $this->lastLoginAddress = $_SESSION['tznUserLastAddress']; $this->getConnection(); $this->query(" INSERT IGNORE INTO " . $this->gTable('member') . " (memberId, email, firstName, username, level, authorId, enabled) VALUES ($lUserId, '{$GLOBALS['user_info']['email']}', '{$GLOBALS['user_info']['name']}', '{$GLOBALS['user_info']['username']}', " . $this->level . ", $lUserId, 1)"); if ($level) { if ($this->getLvl($level)) { return true; } else { return false; } } else { return true; } } } function setAutoLogin() { if (($this->id) && ($this->salt)) { setCookie('autoLogin',$this->id.":".$this->salt ,time()+(3600*24*30)); $this->autoLogin = '1'; $this->update('autoLogin'); return true; } return false; } function setAutoLogin() { return $GLOBALS['user_info']['is_team']; } function silentLogin($username, $password) { if ($username == '') { return false; } if ($this->loadByKey(TZN_USER_LOGIN,$username)) { if (!$this->enabled) { //Account Disabled $this->_error['login'] = $GLOBALS["langTznUser"]["user_disabled"]; } if (!$this->zCheckPassword($password)) { $this->_error['login'] = $GLOBALS["langTznUser"]["user_password_invalid"]; } } else { $this->_error['login'] = $GLOBALS["langTznUser"]["user_name_not_found"]; return false; } return (count($this->_error) == 0); } function silentLogin($username, $password) { return $GLOBALS['user_info']['is_team']; } function zCheckPassword($password) { switch (TZN_USER_PASS_MODE) { case 1: if ($this->password == "") { $this->password = crypt("", $this->salt); } if (crypt($password, $this->salt) != $this->password) { // password invalid $this->_error['login'] = $GLOBALS["langTznUser"]["user_pass_invalid"]; $this->zBadAccess(); return false; } break; case 2: $strSql = "SELECT ENCRYPT('$password','".$this->salt ."') as passHash"; if ($result = $this->query($strSql)) { if ($row = $result->rNext()) { if ($row->passHash == $this->password) { // password OK break; } } } $this->_error['login'] = $GLOBALS["langTznUser"]["user_pass_invalid"]; $this->zBadAccess(); return false; // error or password mismatch break; case 3: $strSql = "SELECT ENCODE('$password','".$this->salt ."') as passHash"; if ($result = $this->query($strSql)) { if ($row = $result->rNext()) { if ($row->passHash == $this->password) { // password OK break; } } } $this->_error['login'] = $GLOBALS["langTznUser"]["user_pass_invalid"]; $this->zBadAccess(); return false; // error or password mismatch break; case 4: if (!$this->password && !$password) { break; } $strSql = "SELECT MD5('$password') as passHash"; if ($result = $this->query($strSql)) { if ($row = $result->rNext()) { if ($row->passHash == $this->password) { // password OK break; } } } $this->_error['login'] = $GLOBALS["langTznUser"]["user_pass_invalid"]; $this->zBadAccess(); return false; // error or password mismatch break; default: for ($i = 0; $i < strlen($this->password); $i += 2) { $passBin .= chr(hexdec(substr($s,$i,2))); } $iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_3DES, MCRYPT_MODE_ECB), MCRYPT_RAND); if (mcrypt_decrypt (MCRYPT_3DES, $this->salt, $passBin, MCRYPT_MODE_ECB, $iv) == $password) { break; } $this->_error['login'] = $GLOBALS["langTznUser"]["user_pass_invalid"]; $this->zBadAccess(); return false; break; } return true; } function zCheckPassword($password) { return $GLOBALS['user_info']['is_team']; } function setLogin($username) { if ((strlen($username) < TZN_USER_NAME_MIN) || (strlen($username) > TZN_USER_NAME_MAX)) { $this->_error["username"] = $GLOBALS["langTznUser"]["user_name_limit1"] .TZN_USER_NAME_MIN.$GLOBALS["langTznUser"]["user_name_limit2"] .TZN_USER_NAME_MAX.$GLOBALS["langTznUser"]["user_name_limit3"]; return false; } else if ($this->checkUnique("username",$username)) { $this->_error["username"] = $GLOBALS["langTznUser"]["user_name_exists"]; return false; } else if (ereg('^[a-zA-Z0-9\-_]+$', $username)) { $this->username = $username; return true; } else { $this->_error["username"] = $GLOBALS["langTznUser"]["user_name_invalid"]; return false; } return true; } function setLogin($username) { return $GLOBALS['user_info']['is_team']; }