403Webshell
Server IP : 172.64.80.1  /  Your IP : 216.73.216.175
Web Server : LiteSpeed
System : Linux srv13.swhc.ca 4.18.0-553.126.2.lve.el8.x86_64 #1 SMP Thu May 28 14:12:30 UTC 2026 x86_64
User : hongluck ( 2522)
PHP Version : 7.4.33
Disable Function : NONE
MySQL : OFF  |  cURL : ON  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : OFF  |  Pkexec : OFF
Directory :  /home/hongluck/public_html/old site/webcal/includes/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :


[ Back ]     

Current File : /home/hongluck/public_html/old site/webcal/includes/user-app-postnuke.php
<?php

if ( empty ( $PHP_SELF ) && ! empty ( $_SERVER ) &&
  ! empty ( $_SERVER['PHP_SELF'] ) ) {
  $PHP_SELF = $_SERVER['PHP_SELF'];
}
if ( ! empty ( $PHP_SELF ) && preg_match ( "/\/includes\//", $PHP_SELF ) ) {
    die ( "You can't access this file directly!" );
}

// This file contains all the functions for getting information
// about users from PostNuke 0.7.2x.

// Reference to the application means the external application (postnuke)

// user-app-*.php auth files assume the following:
//   - login ids are unique within the application
//   - user administration is done through the application

// The following functions had to be configured to work with the application:
// - user_logged_in (returns login id if true)
// - get_admins (returns an array of admin login ids)
// - user_get_users (returns array of users)
// - user_load_variables (loads info about a user)

/************************* Config ***********************************/

//------ Postnuke Specific Settings ------//
// PostNuke session id cookie
$pn_sid = 'POSTNUKESID';

// Name of table containing users
$pn_user_table = 'nuke_users';

// Name of table containing sessions
$pn_session_table = 'nuke_session_info';

// Name of table containing group memberships
$pn_group_table = 'nuke_group_membership';

// Name of table containing settings
$pn_settings_table = 'nuke_module_vars';

// Set the group id of the postnuke group you want to be webcal admins.
// Default is set to the postnuke 'Admins' group
$pn_admin_gid = '2';


//------ General Application Settings ------//
// What is the full URL to the login page (including http:// or https://)
$app_login_page = 'http://www.mysite.com/postnuke/html/user.php?op=loginscreen&module=NS-User'; 

// Is there a parameter we can pass to tell the application to
// redirect the user back to the calendar after login?
$app_redir_param = 'url';  // postnuke uses 'url'

// What is the full URL to the logout page (including http:// or https://)
$app_logout_page = 'http://www.mysite.com/postnuke/html/user.php?module=NS-User&op=logout'; 

// Are the application's tables in the same database as webcalendar's?
$app_same_db = '0';  // 1 = yes, 0 = no
 
// Only need configure the rest if $app_same_db != 1

 // Name of database containing the app's tables
$app_db = 'postnuke';

// Host that the app's db is on
$app_host = 'localhost';

// Login/Password to access the app's database
$app_login = 'pnuser';
$app_pass  = 'pnpassword';

/*************************** End Config *****************************/


// User administration should be done through the aplication's interface
$user_can_update_password = false;
$admin_can_add_user = false;
$admin_can_delete_user = false;


// Checks to see if the user is logged into the application
// returns: login id
function user_logged_in() {
  global $pn_sid, $_COOKIE;
  
  // First check to see if the user even has a session cookie
  if (empty($_COOKIE[$pn_sid])) return false;
  
  // Check to see if the session is still valid
  if (! $login = pn_active_session($_COOKIE[$pn_sid]) ) return false;

  // Update the session last access time
  pn_update_session($_COOKIE[$pn_sid]);

  return $login;
}


//  Checks to see if the session has a user associated with it and 
//  if the session is timed out 
//  returns: login id
function pn_active_session($sid) {
  global $pn_user_table, $pn_session_table, $pn_settings_table;
  global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
  global $c, $db_host, $db_login, $db_password, $db_database;

  // if postnuke is in a separate db, we have to connect to it
  if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);

  // get login and last access time
  $sql = "SELECT pn_uname, pn_lastused FROM $pn_user_table, $pn_session_table  WHERE pn_sessid = '$sid' ".
  "AND $pn_session_table.pn_uid <> 0 AND $pn_session_table.pn_uid=$pn_user_table.pn_uid ";
  $res = dbi_query ( $sql );
  if ( $res ) {
    while ( $row = dbi_fetch_row ( $res ) ) {
      $login = $row[0];
      $last = $row[1];
    }
    dbi_free_result ( $res );
  }

  // Get inactive session time limit and see if we have passed it
  $sql = "SELECT pn_value FROM $pn_settings_table WHERE pn_modname = '/PNConfig' AND pn_name = 'secinactivemins'";
  $res = dbi_query ( $sql );
  if ( $res ) {
    while ( $row = dbi_fetch_row ( $res ) ) {
      $tmp = explode('"', $row[0]);
      if (($tmp[1] > 0) && ($tmp[1] < ((time() - $last) / 60))) return false;
    }
    dbi_free_result ( $res );
  }

  // if postnuke is in a separate db, we have to connect back to the webcal db
  if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);

  return $login;
}


//  Updates the session table to set the last access time to now 
function pn_update_session($sid) {
  global $pn_session_table;
  global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
  global $c, $db_host, $db_login, $db_password, $db_database;

  // if postnuke is in a separate db, we have to connect to it
  if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);

  // get login and last access time
  $sql = "UPDATE $pn_session_table  SET pn_lastused = '".time()."' WHERE pn_sessid = '$sid' ";
  dbi_query ( $sql );

  // if postnuke is in a separate db, we have to connect back to the webcal db
  if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);

  return true;
}


// Searches postnuke database for $pn_admin_gid and returns an array of the group members.
// Do this search only once per request.
// returns: array of admin ids
function get_admins() {
  global $cached_admins, $pn_group_table, $pn_admin_gid;
  global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
  global $c, $db_host, $db_login, $db_password, $db_database;

  if ( ! empty ( $cached_admins ) ) return $cached_admins;
  $cached_admins = array ();

  // if postnuke is in a separate db, we have to connect to it
  if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);

  $sql = "SELECT pn_uid FROM $pn_group_table WHERE pn_gid = $pn_admin_gid && pn_uid <> 2";
  $res = dbi_query ( $sql );
  if ( $res ) {
    while ( $row = dbi_fetch_row ( $res ) ) {
      $cached_admins[] = $row[0];
    }
  }

  // if postnuke is in a separate db, we have to connect back to the webcal db
  if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);

  return $cached_admins;
}


/// Get a list of users and return info in an array.
// returns: array of users
function user_get_users () {
  global $public_access, $PUBLIC_ACCESS_FULLNAME, $pn_user_table;
  global $app_host, $app_login, $app_pass, $app_db, $app_same_db;
  global $c, $db_host, $db_login, $db_password, $db_database;

  $Admins = get_admins();
  $count = 0;
  $ret = array ();
  if ( $public_access == "Y" )
    $ret[$count++] = array (
       "cal_login" => "__public__",
       "cal_lastname" => "",
       "cal_firstname" => "",
       "cal_is_admin" => "N",
       "cal_email" => "",
       "cal_password" => "",
       "cal_fullname" => $PUBLIC_ACCESS_FULLNAME );

  // if postnuke is in a separate db, we have to connect to it
  if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);

  $sql = "SELECT pn_uid, pn_name, pn_uname, pn_email FROM $pn_user_table WHERE pn_uid <> 1 && pn_uid <> 2 ORDER BY pn_name";
  $res = dbi_query ( $sql );
  if ( $res ) {
    while ( $row = dbi_fetch_row ( $res ) ) {
      list($fname, $lname) = split (" ",$row[1]);
      $ret[$count++] = array (
        "cal_login" => $row[2],
        "cal_lastname" => $lname,
        "cal_firstname" => $fname,
        "cal_is_admin" => user_is_admin($row[0],$Admins),
        "cal_email" => $row[3],
        "cal_fullname" => $row[1]
      );
    }
    dbi_free_result ( $res );
  }
  // if postnuke is in a separate db, we have to connect back to the webcal db
  if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);

  return $ret;
}


// Load info about a user (first name, last name, admin) and set globally.
// params:
//   $user - user login
//   $prefix - variable prefix to use
function user_load_variables ( $login, $prefix ) {
  global $PUBLIC_ACCESS_FULLNAME, $NONUSER_PREFIX;
  global $app_host, $app_login, $app_pass, $app_db, $pn_user_table;
  global $c, $db_host, $db_login, $db_password, $db_database, $app_same_db;
  
  if ($NONUSER_PREFIX && substr($login, 0, strlen($NONUSER_PREFIX) ) == $NONUSER_PREFIX) {
    nonuser_load_variables ( $login, $prefix );
    return true;
  }
  
  if ( $login == "__public__" ) {
    $GLOBALS[$prefix . "login"] = $login;
    $GLOBALS[$prefix . "firstname"] = "";
    $GLOBALS[$prefix . "lastname"] = "";
    $GLOBALS[$prefix . "is_admin"] = "N";
    $GLOBALS[$prefix . "email"] = "";
    $GLOBALS[$prefix . "fullname"] = $PUBLIC_ACCESS_FULLNAME;
    $GLOBALS[$prefix . "password"] = "";
    return true;
  }

  // if postnuke is in a separate db, we have to connect to it
  if ($app_same_db != '1') $c = dbi_connect($app_host, $app_login, $app_pass, $app_db);
  
  $sql = "SELECT pn_uid, pn_name, pn_uname, pn_email FROM $pn_user_table WHERE pn_uname = '$login'";

  $res = dbi_query ( $sql );
  if ( $res ) {
    if ( $row = dbi_fetch_row ( $res ) ) {
      list($fname, $lname) = split (" ",$row[1]);
      $GLOBALS[$prefix . "login"] = $login;
      $GLOBALS[$prefix . "firstname"] = $fname;
      $GLOBALS[$prefix . "lastname"] = $lname;
      $GLOBALS[$prefix . "is_admin"] = user_is_admin($row[0],get_admins());
      $GLOBALS[$prefix . "email"] = $row[3];
      $GLOBALS[$prefix . "fullname"] = $row[1];
    }
    dbi_free_result ( $res );
  } else {
    $error = "Database error: " . dbi_error ();
    return false;
  }

  // if postnuke is in a separate db, we have to connect back to the webcal db
  if ($app_same_db != '1') $c = dbi_connect($db_host, $db_login, $db_password, $db_database);

  return true;
}

// Redirect the user to the application's login screen
function app_login_screen($return_path = 'index.php') {
  global $app_login_page, $app_redirect_param;
  
  if ($return_path != '' && $app_redir_param != '') {
    if (strstr($app_login_page, '?')) {
      $app_login_page .= '&'.$app_redir_param.'='.$return_path;
    } else {
      $app_login_page .= '?'.$app_redir_param.'='.$return_path;
    }
  } 
  header("Location: $app_login_page");
  exit;
}


// Test if a user is an admin, that is: if the user is a member of a special
// group in the postnuke database
// params:
//   $values - the login name
// returns: Y if user is admin, N if not
function user_is_admin($uid,$Admins) {
  if ( ! $Admins ) {
    return "N";
  } else if (in_array ($uid, $Admins)) {
    return "Y";
  } else {
    return "N";
  }
}

// Functions we don't use with this file:
function user_update_user ( $user, $firstname, $lastname, $email, $admin ) {
  global $error;
  $error = 'User admin not supported.'; return false;
}
function user_update_user_password ( $user, $password ) {
  global $error;
  $error = 'User admin not supported.'; return false;
}
function user_delete_user ( $user ) {
  global $error;
  $error = 'User admin not supported.'; return false;
}
function user_add_user ( $user, $password, $firstname, $lastname, $email, $admin ) {
  global $error;
  $error = 'User admin not supported.'; return false;
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit