home *** CD-ROM | disk | FTP | other *** search
/ PCNet 2006 April / PCnet 2006-06.4.iso / shareware / nmsetup.exe / WebServer / web / _session_common.php < prev    next >
Encoding:
PHP Script  |  2006-05-01  |  5.8 KB  |  201 lines
  1. <?php
  2. ////////////////////////////////////////////////////////////////////////////////
  3. // <!--Copyright (c) 2005 Pure Networks Inc.  All rights reserved.-->
  4. ////////////////////////////////////////////////////////////////////////////////
  5. //
  6. // Build: 3.0.6121.0 (Stable)
  7. // $Revision: #3 $
  8. //
  9.  
  10. session_start();
  11. // Common functions
  12. require "_util.php";
  13. require "_config.php";
  14. require "_error_codes.php";
  15. $sNetworkName = "";
  16.  
  17. $bLoggedIn = false;
  18.  
  19. try
  20. {
  21.     $nmNetworkLib = new COM("PureNetworks.NetMagic.NmRaNetworkLib");
  22.     $nmNetworkLib->EnsureLoaded();
  23.     $sNetworkName = $nmNetworkLib->NetworkName;
  24.     
  25.     $nmRaHelper = new COM("PureNetworks.NetMagic.NmRaMgrHelper");
  26.     $nmRaManager = $nmRaHelper->GetNmRaManager();
  27.     $sIntoTitle = $nmRaManager->IntroHeadline;
  28.     $sIntroHeadline = htmlentities($sIntoTitle);
  29.     $sHomeUrl = $nmRaManager->HomeUrl;
  30. }
  31. catch(com_exception $ex)
  32. {
  33.     $sNetworkName = "(Could not determine the network name)";
  34.     log_activity("Attempting nmNetworkLib->NetworkName", "exception", $ex->getMessage());
  35.     if ($sNavLocation != "error")
  36.     {
  37.         gotoAbs("/error/103/return");
  38.         exit();
  39.     }
  40. }
  41.  
  42. if ($sNavLocation != "error" && $sNavLocation != "help")
  43. {
  44.     // we have to check for shields up FIRST, as being in shields up mode will make it such 
  45.     // that we have no WAN IP address and that error case will fail out too.
  46.     try
  47.     {
  48.         $bShieldsUp = $nmNetworkLib->RaShieldsUp ;
  49.         if ($bShieldsUp)
  50.         {
  51.             logoff();
  52.             log_activity("shields up check", "failure", return_error_text(112, "", $arErrors));
  53.             if ($sNavLocation != "error")
  54.             {
  55.                 gotoAbs("/error/112/return");
  56.                 exit();
  57.             }
  58.         }
  59.     }
  60.     catch(com_exception $ex)
  61.     {
  62.         logoff();
  63.         log_activity("Attempting nmNetworkLib->RaShieldsUp", "exception", $ex->getMessage());
  64.         if ($sNavLocation != "error")
  65.         {
  66.             gotoAbs('/error/113');
  67.             exit();
  68.         }
  69.     }
  70. }
  71.  
  72. // they are not logged in and thus have no session, let's set the transfer cookie
  73. switch ($sNavLocation)
  74. {
  75.     case "upload":
  76.     case "login":
  77.     case "download":
  78.     case "debug":
  79.     case "whatsnew":
  80.     case "details":
  81.     case "feed":
  82.     case "error":
  83.     case "playlist":
  84.     case "preferences":
  85.     case "rdp":
  86.     case "robots":
  87.     case "slideshow":
  88.     case "usbcamera":
  89.     case "xslt":
  90.         // do nothing, we don't want a transfer URL here
  91.         break;
  92.     default:
  93.         set_transfer_cookie();
  94. }
  95.  
  96.     if (is_user_logged_on() == 0)
  97.     {
  98.         if ($sNavLocation == "upload")
  99.         {
  100. ?>
  101.             <script type="text/javascript">
  102.                 window.close();
  103.                 if (window.opener)
  104.                 {
  105.                     window.opener.location.reload();                
  106.                 }
  107.             </script>
  108. <?php        exit();
  109.         }
  110.     }
  111.     else
  112.     {
  113.         // they are logged in
  114.         
  115.         // let's see if the password is set to blank and if so shoot them to login
  116.         try
  117.         {
  118.             $newhash = strtolower($nmRaManager->GetPasswordHash(session_id()));
  119.     
  120.             if (strcmp($newhash, md5("" . session_id())) == 0)
  121.             {
  122.                 log_activity("blank password check", "failure", $newhash);
  123.                 logoff();
  124.                 gotoAbs("/authorize/114");
  125.                 exit();
  126.             }
  127.         }
  128.         catch (exception $ex)
  129.         {
  130.             log_activity("Attempting blank password check", "exception", $ex->getMessage());
  131.             gotoAbs("/authorize/103");
  132.             exit();
  133.         }
  134.         
  135.         // let's see if it's them or a spoofer
  136.         if (check_cookie_IP(strtolower(md5(md5($_SERVER['REMOTE_ADDR'])))) == 1)
  137.         {
  138.             $bLoggedIn = true;
  139.             logonUpdate();
  140.             $_SESSION['session_id'] = strtolower(md5(md5($_SERVER['REMOTE_ADDR'])));
  141.         }
  142.         else
  143.         {
  144.             log_activity("session IP check", "failure", return_error_text(111, "", $arErrors));
  145.             gotoAbs("/authorize/111");
  146.             exit();
  147.         }
  148.     }
  149.  
  150.     function check_cookie_IP($sCookieIp)
  151.     {
  152.         $arRequestHeaders = apache_request_headers();
  153.         //check for existence of VIA headers
  154.         $sVia = ""; $sVIA = ""; $svia = "";
  155.         if (isset($arRequestHeaders['Via']))
  156.         {
  157.             $sVia = $arRequestHeaders['Via'];
  158.         }
  159.         if (isset($arRequestHeaders['VIA']))
  160.         {
  161.             $sVIA = $arRequestHeaders['VIA'];
  162.         }
  163.         if (isset($arRequestHeaders['via']))
  164.         {
  165.             $svia = $arRequestHeaders['via'];
  166.         }
  167.         
  168.         if (strlen($sVia) > 0 OR strlen($sVIA) > 0 OR strlen($svia) > 0 )
  169.         {
  170.             // we likely have a proxy server here that may return multiple addresses, so we can't rely on a user having a single IP.
  171.             return 1;
  172.         }
  173.         else
  174.         {
  175.             if (isset($_SESSION['session_id']))
  176.             {
  177.                 if ($sCookieIp == $_SESSION['session_id'])
  178.                 {
  179.                     // stored ip matches requesting ip, proceed
  180.                     return 1;
  181.                 }
  182.                 else
  183.                 {
  184.                     logoff();
  185.                     return 0;
  186.                 }
  187.             }
  188.             else
  189.             {
  190.                 // stored ip not found, but it should be stored at login, so there is some issue here (cookies disabled after login, full cookie not specified)
  191.                 logoff();
  192.                 return 0;
  193.             }
  194.         }
  195.     }
  196.  
  197. if ($bLoggedIn && $sNavLocation != "download")
  198. {
  199.     header("Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0");
  200. }
  201. ?>