_common.php
_include.php
if (@is_readable('../include/config.php')) {
include '../include/config.php';
} else if (@is_readable('./include/config.php')) {
include './include/config.php';
} else {
header('Location: error.php?tznMessage='
.urlencode('Could not find or access config.php file. Please edit _include.php file.'));
exit;
}
require_once('/home/simple/security/settings_dev_todo.php');
require_once('/home/simple/public_html/include.php');
header("Content-type: text/html; charset=".FRK_CHARSET);
session_start();
/*header("Content-type: text/html; charset=".FRK_CHARSET);
session_start();*/
include/classes/tzn_generic.php
if (@constant('TZN_TRANS_ID')) {
ini_set("session.use_trans_sid",1);
}
/*if (@constant('TZN_TRANS_ID')) {
ini_set("session.use_trans_sid",1);
}*/
include/classes/tzn_user.php
function isLogged($level=null) {
$lUserId = $_SESSION['tznUserId'];
if ($lUserId == 0 || empty($lUserId) || $this->_logingOut) {
return false;
} else {
$this->id = $lUserId;
$this->level = $_SESSION['tznUserLevel'];
$this->timeZone = $_SESSION['tznUserTimeZone'];
$this->username = $_SESSION['tznUserName'];
$this->lastLoginDate = $_SESSION['tznUserLastLogin'];
$this->lastLoginAddress = $_SESSION['tznUserLastAddress'];
if ($level) {
if ($this->getLvl($level)) {
return true;
} else {
return false;
}
} else {
return true;
}
}
}
function isLogged($level=null) {
$lUserId = $GLOBALS['ID_MEMBER'];
if ($lUserId == 0 || empty($lUserId) || $this->_logingOut || !$GLOBALS['user_info']['is_team']) {
return false;
} else {
$this->id = $lUserId;
$this->level = in_array(19, $GLOBALS['user_info']['groups']) || $GLOBALS['user_info']['is_admin'] ? 4 : 1;
$this->timeZone = $_SESSION['tznUserTimeZone'];
$this->username = $GLOBALS['user_info']['name'];
$this->lastLoginDate = $_SESSION['tznUserLastLogin'];
$this->lastLoginAddress = $_SESSION['tznUserLastAddress'];
$this->getConnection();
$this->query("
INSERT IGNORE INTO " . $this->gTable('member') . " (memberId, email, firstName, username, level, authorId, enabled)
VALUES ($lUserId, '{$GLOBALS['user_info']['email']}', '{$GLOBALS['user_info']['name']}', '{$GLOBALS['user_info']['username']}', " . $this->level . ", $lUserId, 1)");
if ($level) {
if ($this->getLvl($level)) {
return true;
} else {
return false;
}
} else {
return true;
}
}
}
function checkAutoLogin($forReal=true) {
$cookieVal = $_COOKIE['autoLogin'];
if (empty($cookieVal)) {
return false;
}
$arrVal = explode(":",$cookieVal);
$id = $arrVal[0];
$salt = $arrVal[1];
if($this->loadByFilter($this->gTable().'.'.$this->getIdKey()."='".$id
."' AND ".$this->gTable().".salt='".$salt."'"))
{
if (!$forReal) {
return true;
}
setCookie('autoLogin',$this->id.":".$this->salt
,time()+(3600*24*30));
$this->_activateLogin();
return true;
} else {
return false;
}
}
function checkAutoLogin($forReal=true) {
return $GLOBALS['user_info']['is_team'];
}
function isLogged($level=null) {
$lUserId = $GLOBALS['ID_MEMBER'];
if ($lUserId == 0 || empty($lUserId) || $this->_logingOut || !$GLOBALS['user_info']['is_team']) {
return false;
} else {
$this->id = $lUserId;
$this->level = in_array(19, $GLOBALS['user_info']['groups']) || $GLOBALS['user_info']['is_admin'] ? 4 : 1;
$this->timeZone = $_SESSION['tznUserTimeZone'];
$this->username = $GLOBALS['user_info']['name'];
$this->lastLoginDate = $_SESSION['tznUserLastLogin'];
$this->lastLoginAddress = $_SESSION['tznUserLastAddress'];
$this->getConnection();
$this->query("
INSERT IGNORE INTO " . $this->gTable('member') . " (memberId, email, firstName, username, level, authorId, enabled)
VALUES ($lUserId, '{$GLOBALS['user_info']['email']}', '{$GLOBALS['user_info']['name']}', '{$GLOBALS['user_info']['username']}', " . $this->level . ", $lUserId, 1)");
if ($level) {
if ($this->getLvl($level)) {
return true;
} else {
return false;
}
} else {
return true;
}
}
}
function setAutoLogin() {
if (($this->id) && ($this->salt)) {
setCookie('autoLogin',$this->id.":".$this->salt
,time()+(3600*24*30));
$this->autoLogin = '1';
$this->update('autoLogin');
return true;
}
return false;
}
function setAutoLogin() {
return $GLOBALS['user_info']['is_team'];
}
function silentLogin($username, $password) {
if ($username == '') {
return false;
}
if ($this->loadByKey(TZN_USER_LOGIN,$username)) {
if (!$this->enabled) {
//Account Disabled
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_disabled"];
}
if (!$this->zCheckPassword($password)) {
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_password_invalid"];
}
} else {
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_name_not_found"];
return false;
}
return (count($this->_error) == 0);
}
function silentLogin($username, $password) {
return $GLOBALS['user_info']['is_team'];
}
function zCheckPassword($password) {
switch (TZN_USER_PASS_MODE) {
case 1:
if ($this->password == "") {
$this->password = crypt("", $this->salt);
}
if (crypt($password, $this->salt) != $this->password) {
// password invalid
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_pass_invalid"];
$this->zBadAccess();
return false;
}
break;
case 2:
$strSql = "SELECT ENCRYPT('$password','".$this->salt
."') as passHash";
if ($result = $this->query($strSql)) {
if ($row = $result->rNext()) {
if ($row->passHash == $this->password) {
// password OK
break;
}
}
}
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_pass_invalid"];
$this->zBadAccess();
return false; // error or password mismatch
break;
case 3:
$strSql = "SELECT ENCODE('$password','".$this->salt
."') as passHash";
if ($result = $this->query($strSql)) {
if ($row = $result->rNext()) {
if ($row->passHash == $this->password) {
// password OK
break;
}
}
}
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_pass_invalid"];
$this->zBadAccess();
return false; // error or password mismatch
break;
case 4:
if (!$this->password && !$password) {
break;
}
$strSql = "SELECT MD5('$password') as passHash";
if ($result = $this->query($strSql)) {
if ($row = $result->rNext()) {
if ($row->passHash == $this->password) {
// password OK
break;
}
}
}
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_pass_invalid"];
$this->zBadAccess();
return false; // error or password mismatch
break;
default:
for ($i = 0; $i < strlen($this->password); $i += 2) {
$passBin .= chr(hexdec(substr($s,$i,2)));
}
$iv = mcrypt_create_iv (mcrypt_get_iv_size (MCRYPT_3DES,
MCRYPT_MODE_ECB), MCRYPT_RAND);
if (mcrypt_decrypt (MCRYPT_3DES, $this->salt, $passBin,
MCRYPT_MODE_ECB, $iv) == $password)
{
break;
}
$this->_error['login'] =
$GLOBALS["langTznUser"]["user_pass_invalid"];
$this->zBadAccess();
return false;
break;
}
return true;
}
function zCheckPassword($password) {
return $GLOBALS['user_info']['is_team'];
}
function setLogin($username)
{
if ((strlen($username) < TZN_USER_NAME_MIN)
|| (strlen($username) > TZN_USER_NAME_MAX)) {
$this->_error["username"] =
$GLOBALS["langTznUser"]["user_name_limit1"]
.TZN_USER_NAME_MIN.$GLOBALS["langTznUser"]["user_name_limit2"]
.TZN_USER_NAME_MAX.$GLOBALS["langTznUser"]["user_name_limit3"];
return false;
} else if ($this->checkUnique("username",$username)) {
$this->_error["username"] =
$GLOBALS["langTznUser"]["user_name_exists"];
return false;
} else if (ereg('^[a-zA-Z0-9\-_]+$', $username)) {
$this->username = $username;
return true;
} else {
$this->_error["username"] =
$GLOBALS["langTznUser"]["user_name_invalid"];
return false;
}
return true;
}
function setLogin($username)
{
return $GLOBALS['user_info']['is_team'];
}