-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathinclude_this.php
More file actions
executable file
·150 lines (137 loc) · 3.88 KB
/
Copy pathinclude_this.php
File metadata and controls
executable file
·150 lines (137 loc) · 3.88 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
<?php
/**
* this page shall be included in every page so that it
* will have all authentication code and required libraries
* those libraries which doesnot serve as a standard library
* shall not be included here ans so it as to be included in specific page
* it is needed
*/
session_start();
date_default_timezone_set('UTC');
$checkVar = true;
/**
* session variable to store last visited page
*/
$tempArray = explode("/",$_SERVER['PHP_SELF']);
$at = str_replace(".php","",$tempArray[count($tempArray)-1]);
unset($tmpArray);
/**
* include important libraries here
*/
include 'config/config.php';
if(!isset($_SESSION[username_key]) || !isset($_SESSION[password_key]) || !isset($_SESSION['id']))
{
header("location: login.php?message=session+expired");
exit;
}
include 'libs/error.php';
include 'libs/db.php';
include 'libs/log.php';
include 'libs/login.php';
include 'libs/access.php';
dbase::start_connection();
$status = -1;
try {
$status = login::authenticate($_SESSION[username_key], $_SESSION[password_key]);
} catch(dbError $ex) {
log::saveLog("DB_ERROR IN AUTHENTICATION: " .$ex->getMessage());
dbase::close_connection();
header("location: login.php?message=session+expired&success=false");
exit;
} catch (InvalidUsername $ex) {
log::saveLog("INVALID CAHRS IN USERNAME - IN_SESSION [SEVERE]");
dbase::close_connection();
header("location: login.php?message=invalid+charecters+in+username&success=false");
exit;
} catch (InvalidPassword $ex) {
log::saveLog("INVALID CAHRS IN PASSWORD - IN_SESSION [SEVERE]");
dbase::close_connection();
header("location: login.php?message=invalid+charecters+in+password&success=false");
exit;
}
/**
* if the session username and password are correct then
* status returned must be 2
*/
if($status != 2)
{
log::saveLog("INVALID CREDENTIALS IN SESSION - [SEVERE]");
dbase::close_connection();
header("location: login.php?message=session+expired&success=false");
exit;
} else {
/**
* this means sucessful login
*/
$query = mysql_query("SELECT last_activity FROM admin WHERE id = '" .$_SESSION['id'] ."';");
if(!$query)
{
/*
* for debugging purpose
*/
echo mysql_error();
dbase::close_connection();
exit;
}
if(!mysql_num_rows($query))
{
/**
* this case shall never happer other than when user has been deleted
*/
unset($_SESSION['id']);
session_destroy();
log::saveLog("USER DELETED WHEN LOGGED IN ");
dbase::close_connection();
header("location: login.php?message=user+does+not+exist+anymore&success=false");
exit;
}
$row = mysql_fetch_array($query);
$lastActivity = $row[0];
/**
* this means that the user didnot do any activity for last
* few minutes hence session expires
*/
if( time() - $lastActivity > login::$sessionTimeout )
{
log::saveLog("SESSION EXPIRED FOR USER ID " .$_SESSION['id']);
unset($_SESSION['id']);
unset($_SESSION[username_key]);
unset($_SESSION[password_key]);
session_destroy();
dbase::close_connection();
header("location: login.php?at=$at&message=session+timeout!++please+login+again&success=false");
exit;
}
/**
* update last user activity
*/
mysql_query("UPDATE admin SET last_activity = '" .time() ."' WHERE id = '" .$_SESSION['id'] ."';");
/**
* code to get access from db
* and store it to class object
*/
$accessObj = new access($_SESSION['id']);
/*
* ignoring the noacess case for now
*/
try
{
$accessObj->getAccessFromDB();
}
catch(noAccess $ex)
{
/* do nothig for now */
}
}
include 'libs/subscriber.php';
include 'libs/mail.php';
include 'libs/groups.php';
/**
* varables to maintain
* > total count of subscribers
* > total no of mails sent
*/
$subscribersCount = subscribers::getSubscribersCount();
$sentMailCount = mail::getSentMailCount();
$groupsCount = group::Count();
?>