File: local.php

package info (click to toggle)
ocsinventory-server 2.5%2Bdfsg1-1
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 7,088 kB
  • sloc: php: 27,462; perl: 8,241; sh: 1,680; sql: 1,355; xml: 1,041; makefile: 34
file content (71 lines) | stat: -rwxr-xr-x 2,894 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
<?php
/*
 * Copyright 2005-2016 OCSInventory-NG/OCSInventory-ocsreports contributors.
 * See the Contributors file for more details about them.
 *
 * This file is part of OCSInventory-NG/OCSInventory-ocsreports.
 *
 * OCSInventory-NG/OCSInventory-ocsreports is free software: you can redistribute
 * it and/or modify it under the terms of the GNU General Public License as
 * published by the Free Software Foundation, either version 2 of the License,
 * or (at your option) any later version.
 *
 * OCSInventory-NG/OCSInventory-ocsreports is distributed in the hope that it
 * will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty
 * of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with OCSInventory-NG/OCSInventory-ocsreports. if not, write to the
 * Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
 * MA 02110-1301, USA.
 */
connexion_local_read();
$reqOp = "SELECT id,PASSWORD_VERSION FROM operators WHERE id='%s'";
$arg_reqOp = array($login);
$resOp = mysql2_query_secure($reqOp, $_SESSION['OCS']["readServer"], $arg_reqOp);
$rowOp = mysqli_fetch_object($resOp);
$oldpassword = false;
if ($_SESSION['OCS']['PASSWORD_VERSION'] === false || $rowOp->PASSWORD_VERSION < $_SESSION['OCS']['PASSWORD_VERSION']) {
    $oldpassword = true;
}

if ($oldpassword && $rowOp->PASSWORD_VERSION === '0') {
    $reqOp = "SELECT id,user_group FROM operators WHERE id='%s' and passwd ='%s'";
    $arg_reqOp = array($login, md5($protectedMdp));
    $resOp = mysql2_query_secure($reqOp, $_SESSION['OCS']["readServer"], $arg_reqOp);
    $rowOp = mysqli_fetch_object($resOp);
    if (isset($rowOp->id)) {
        $login_successful = "OK";
        $user_group = $rowOp->user_group;
        $type_log = 'CONNEXION';
        if (version_compare(PHP_VERSION, '5.3.7') >= 0) {
            require_once('require/function_users.php');
            updatePassword($login, $mdp);
        }
    } else {
        $login_successful = $l->g(180);
        $type_log = 'BAD CONNEXION';
    }
} else {
    $reqOp = "SELECT id,user_group,passwd FROM operators WHERE id='%s'";
    $arg_reqOp = array($login);
    $resOp = mysql2_query_secure($reqOp, $_SESSION['OCS']["readServer"], $arg_reqOp);
    $rowOp = mysqli_fetch_object($resOp);
    if (isset($rowOp->id) && password_verify($mdp, $rowOp->passwd)) {
        if ($oldpassword) {
            require_once('require/function_users.php');
            updatePassword($login, $mdp);
        }
        $login_successful = "OK";
        $user_group = $rowOp->user_group;
        $type_log = 'CONNEXION';
    } else {
        $login_successful = $l->g(180);
        $type_log = 'BAD CONNEXION';
    }
}
$value_log = 'USER:' . $login;
$cnx_origine = "LOCAL";
addLog($type_log, $value_log);
?>