<?php
################################################################################
# @Name : login.php
# @Desc : login page
# @call : index.php
# @paramters :
# @Autor : Flox
# @Create : 07/03/2010
# @Update : 29/01/2014
# @Version : 3.0.6
################################################################################
//initialize variables
if(!isset($state)) $state = '';
if(!isset($userid)) $userid = '';
if(!isset($techread)) $techread = '';
if(!isset($findnom)) $findnom = '';
if(!isset($profile)) $profile = '';
if(!isset($newpassword)) $newpassword = '';
if(!isset($salt)) $salt= '';
if(!isset($dcgen)) $dcgen= '';
if(!isset($ldap_type)) $ldap_type= '';
if(!isset($message)) $message= '';
if(!isset($_SESSION['user_id'])) $_SESSION['user_id'] = '';
if(!isset($_SESSION['login'])) $_SESSION['login'] = '';
if(!isset($_GET['page'])) $_GET['page'] = '';
if(!isset($_GET['state'])) $_GET['state'] = '';
if(!isset($_GET['techread'])) $_GET['techread'] = '';
if(!isset($_GET['userid'])) $_GET['userid'] = '';
if(!isset($_GET['userid'])) $_GET['userid'] = '';
if(!isset($_GET['id'])) $_GET['id'] = '';
//default values
if($_GET['state']=='') $_GET['state'] = '%';
if($_GET['state']=='') $_GET['state'] = '%';
//actions on submit
if (isset($_POST['submit']))
{
$login = (isset($_POST['login'])) ? $_POST['login'] : '';
$pass = (isset($_POST['pass'])) ? $_POST['pass'] : '';
$qusr = mysql_query("SELECT * FROM `tusers` WHERE 1");
while ($row=mysql_fetch_array($qusr))
{
////Uppercase login converter
$login = strtoupper($login);
$nom = strtoupper($row['login']);
//double (OR) test for crypted password transition
if ($nom == $login && ($row['password']==$pass || $row['password']==md5($row['salt'] . md5($pass))) && $row['password']!='' && $row['disable']==0)
{
$findnom=$row['login'];
$findpwd=$row['password'];
$user_id=$row['id'];
$profile=$row['profile'];
$findsalt=$row['salt'];
//update no crypted password to crypted password
if($row['password']==$pass)
{
//password conversion
$salt = substr(md5(uniqid(rand(), true)), 0, 5); // Generate a random key
$newpassword=md5($salt . md5($row['password'])); // store in md5, md5 password + salt
//update query
$query = "UPDATE tusers SET password='$newpassword', salt='$salt' WHERE id LIKE '$user_id'";
$exec = mysql_query($query) or die('Erreur SQL !<br /><br />'.mysql_error());
}
}
}
if ($findnom != "")
{
$_SESSION['login'] = "$findnom";
$_SESSION['user_id'] = "$user_id";
//update last time connection
$query = "UPDATE tusers SET last_login='$datetime' WHERE id LIKE '$user_id'";
$exec = mysql_query($query) or die('Erreur SQL !<br /><br />'.mysql_error());
echo "Chargement...";
//select page to redirect for email link case
if($_GET['id']) {
$www = './index.php?page=ticket&id='.$_GET['id'].'';
} else {
$www = "./index.php?page=dashboard&userid=$user_id&state=1";
}
//web redirection
echo "<SCRIPT LANGUAGE='JavaScript'>
<!--
function redirect()
{
window.location='$www'
}
setTimeout('redirect()');
-->
</SCRIPT>";
}
else if (($rparameters['ldap'])=='1' && ($rparameters['ldap_auth']=='1'))
{
/////////// if Gestsup user is not found and LDAP is enable search in LDAP///////////
// LDAP connect
$ldap=ldap_connect($rparameters['ldap_server'],$rparameters['ldap_port']) or die("Impossible de se connecter au serveur LDAP.");
ldap_set_option($ldap, LDAP_OPT_NETWORK_TIMEOUT, 1);
ldap_set_option($ldap, LDAP_OPT_PROTOCOL_VERSION, 3);
$domain=$rparameters['ldap_domain'];
if ($rparameters['ldap_type']==0)
{
@$ldapbind = ldap_bind($ldap, "$login@$domain", $pass);
} else {
//Generate DC Chain from domain parameter
$dcpart=explode(".",$domain);
$i=0;
while($i<count($dcpart)) {
$dcgen="$dcgen,dc=$dcpart[$i]";
$i++;
}
$ldapbind = ldap_bind($ldap, "uid=$login,$rparameters[ldap_url]$dcgen", $pass);
}
if ($ldapbind && $pass!='')
{
$_SESSION['login'] = "$login";
$q = mysql_query("SELECT id FROM tusers where login='$login'");
$r = mysql_fetch_array($q);
$_SESSION['user_id'] = "$r[0]";
if($r['0']=='')
{
// if error with login or password
$message= '<div class="alert alert-danger">
<button type="button" class="close" data-dismiss="alert">
<i class="icon-remove"></i>
</button>
<strong>
<i class="icon-remove"></i>
Erreur
</strong>
Votre compte est inexistant dans ce logiciel.
<br>
</div>';
$www = "./index.php";
session_destroy();
//web redirection to login page
echo "<SCRIPT LANGUAGE='JavaScript'>
<!--
function redirect()
{
window.location='$www'
}
setTimeout('redirect()',$rparameters[time_display_msg]);
-->
</SCRIPT>";
} else {
//update last time connection
$query = "UPDATE tusers SET last_login='$datetime' WHERE id LIKE '$r[0]'";
$exec = mysql_query($query) or die('Erreur SQL !<br /><br />'.mysql_error());
$www = "./index.php?page=dashboard&userid=$r[0]&state=1";
//web redirection
echo "<SCRIPT LANGUAGE='JavaScript'>
<!--
function redirect()
{
window.location='$www'
}
setTimeout('redirect()');
-->
</SCRIPT>";
}
} else {
// if error with login or password
$message= '<div class="alert alert-danger">
<button type="button" class="close" data-dismiss="alert">
<i class="icon-remove"></i>
</button>
<strong>
<i class="icon-remove"></i>
Erreur
</strong>
<br />
Votre nom d\'utilisateur ou mot de passe, n\'est pas correct
</div>';
$www = "./index.php";
session_destroy();
//web redirection to login page
echo "<SCRIPT LANGUAGE='JavaScript'>
<!--
function redirect()
{
window.location='$www'
}
setTimeout('redirect()',$rparameters[time_display_msg]);
-->
</SCRIPT>";
}
}
else
{
// if error with login or password
$message= '<div class="alert alert-danger">
<button type="button" class="close" data-dismiss="alert">
<i class="icon-remove"></i>
</button>
<strong>
<i class="icon-remove"></i>
Erreur
</strong>
Votre nom d\'utilisateur ou mot de passe, n\'est pas correct.
<br>
</div>';
$www = "./index.php";
session_destroy();
//web redirection to login page
echo "<SCRIPT LANGUAGE='JavaScript'>
<!--
function redirect()
{
window.location='$www'
}
setTimeout('redirect()',$rparameters[time_display_msg]);
-->
</SCRIPT>";
}
};
// if user isn't connected then display authentication else display dashboard
if ($_SESSION['login'] == '')
{
if($rparameters['ldap_auth']==1)
{
if ($rparameters['ldap_type']==0) $ldap_type='Windows'; else $ldap_type='OpenLDAP';
$info='<i title="Vous pouvez utiliser votre identifiant et mot de passe '.$ldap_type.'" class="icon-question-sign smaller-80"></i>';
} else { $info='';}
echo '
<body class="login-layout">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="main-container">
<div class="main-content">
<div class="row">
<div class="col-sm-10 col-sm-offset-1">
<div class="login-container">
<div class="center">
<h1>
<i class="icon-ticket green"></i>
<span class="white">GestSup</span>
<font size="2px">'.$rparameters['version'].'</font>
</h1>
<h4 class="blue">';if (isset($rparameters['company'])) echo $rparameters['company']; echo' </h4>
<img style="border-style: none" alt="logo" src="./upload/logo/'; if (isset($rparameters['logo'])) echo $rparameters['logo']; echo '" />
</div>
<br />
'.$message.'
<div class="space-6"></div>
<div class="position-relative">
<div id="login-box" class="login-box visible widget-box no-border">
<div class="widget-body">
<div class="widget-main">
<h4 class="header blue lighter bigger">
<i class="icon-lock green"></i>
Saissisez vos identifiants
'.$info.'
</h4>
<div class="space-6"></div>
<form id="conn" method="post" action="">
<fieldset>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="text" id="login" name="login" class="span12" placeholder="Nom d\'utilisateur" />
<i class="icon-user"></i>
</span>
</label>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="password" id="pass" name="pass" class="span12" placeholder="Mot de passe" />
<i class="icon-lock"></i>
</span>
</label>
<div class="space"></div>
<div class="clearfix">
<button onclick="submit()" type="submit" id="submit" name="submit" class="pull-right btn btn-sm btn-primary">
<i class="icon-ok"></i>
Connexion
</button>
</div>
<div class="space-4"></div>
</fieldset>
</form>
</div><!--/widget-main-->
</div><!--/widget-body-->
</div><!--/login-box-->
</div><!--/position-relative-->
</div>
</div><!--/.span-->
</div><!--/.row-fluid-->
</div>
<span style="position: absolute; bottom: 0; right: 0;"><a href="http://gestsup.fr">GestSup.fr</a></span>
</div><!--/.main-container-->
<script type="text/JavaScript">
document.getElementById("login").focus();
</script>
';
}
?>
- Output for 7.4.0
- Notice: Undefined variable: rparameters in /in/o7jBe on line 226
Notice: Trying to access array offset on value of type null in /in/o7jBe on line 226
Notice: Undefined variable: rparameters in /in/o7jBe on line 249
Notice: Trying to access array offset on value of type null in /in/o7jBe on line 249
<body class="login-layout">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="main-container">
<div class="main-content">
<div class="row">
<div class="col-sm-10 col-sm-offset-1">
<div class="login-container">
<div class="center">
<h1>
<i class="icon-ticket green"></i>
<span class="white">GestSup</span>
<font size="2px"></font>
</h1>
<h4 class="blue"> </h4>
<img style="border-style: none" alt="logo" src="./upload/logo/" />
</div>
<br />
<div class="space-6"></div>
<div class="position-relative">
<div id="login-box" class="login-box visible widget-box no-border">
<div class="widget-body">
<div class="widget-main">
<h4 class="header blue lighter bigger">
<i class="icon-lock green"></i>
Saissisez vos identifiants
</h4>
<div class="space-6"></div>
<form id="conn" method="post" action="">
<fieldset>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="text" id="login" name="login" class="span12" placeholder="Nom d'utilisateur" />
<i class="icon-user"></i>
</span>
</label>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="password" id="pass" name="pass" class="span12" placeholder="Mot de passe" />
<i class="icon-lock"></i>
</span>
</label>
<div class="space"></div>
<div class="clearfix">
<button onclick="submit()" type="submit" id="submit" name="submit" class="pull-right btn btn-sm btn-primary">
<i class="icon-ok"></i>
Connexion
</button>
</div>
<div class="space-4"></div>
</fieldset>
</form>
</div><!--/widget-main-->
</div><!--/widget-body-->
</div><!--/login-box-->
</div><!--/position-relative-->
</div>
</div><!--/.span-->
</div><!--/.row-fluid-->
</div>
<span style="position: absolute; bottom: 0; right: 0;"><a href="http://gestsup.fr">GestSup.fr</a></span>
</div><!--/.main-container-->
<script type="text/JavaScript">
document.getElementById("login").focus();
</script>
- Output for 5.3.0 - 5.3.29, 5.4.0 - 5.4.45, 5.5.0 - 5.5.38, 5.6.0 - 5.6.28, 7.0.0 - 7.0.20, 7.1.0 - 7.1.33, 7.2.17 - 7.2.25, 7.3.0 - 7.3.12
- Notice: Undefined variable: rparameters in /in/o7jBe on line 226
Notice: Undefined variable: rparameters in /in/o7jBe on line 249
<body class="login-layout">
<br />
<br />
<br />
<br />
<br />
<br />
<br />
<div class="main-container">
<div class="main-content">
<div class="row">
<div class="col-sm-10 col-sm-offset-1">
<div class="login-container">
<div class="center">
<h1>
<i class="icon-ticket green"></i>
<span class="white">GestSup</span>
<font size="2px"></font>
</h1>
<h4 class="blue"> </h4>
<img style="border-style: none" alt="logo" src="./upload/logo/" />
</div>
<br />
<div class="space-6"></div>
<div class="position-relative">
<div id="login-box" class="login-box visible widget-box no-border">
<div class="widget-body">
<div class="widget-main">
<h4 class="header blue lighter bigger">
<i class="icon-lock green"></i>
Saissisez vos identifiants
</h4>
<div class="space-6"></div>
<form id="conn" method="post" action="">
<fieldset>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="text" id="login" name="login" class="span12" placeholder="Nom d'utilisateur" />
<i class="icon-user"></i>
</span>
</label>
<label class="block clearfix">
<span class="block input-icon input-icon-right">
<input class="form-control" type="password" id="pass" name="pass" class="span12" placeholder="Mot de passe" />
<i class="icon-lock"></i>
</span>
</label>
<div class="space"></div>
<div class="clearfix">
<button onclick="submit()" type="submit" id="submit" name="submit" class="pull-right btn btn-sm btn-primary">
<i class="icon-ok"></i>
Connexion
</button>
</div>
<div class="space-4"></div>
</fieldset>
</form>
</div><!--/widget-main-->
</div><!--/widget-body-->
</div><!--/login-box-->
</div><!--/position-relative-->
</div>
</div><!--/.span-->
</div><!--/.row-fluid-->
</div>
<span style="position: absolute; bottom: 0; right: 0;"><a href="http://gestsup.fr">GestSup.fr</a></span>
</div><!--/.main-container-->
<script type="text/JavaScript">
document.getElementById("login").focus();
</script>
preferences:
174.99 ms | 415 KiB | 193 Q