From 99786a5a1615b7cb4910838939f6d2b1886be0fd Mon Sep 17 00:00:00 2001 From: mdtrooper Date: Mon, 19 Jan 2015 14:35:56 +0100 Subject: [PATCH] Fixed the custom config values for user in the first login. --- pandora_console/include/config_process.php | 28 ++------------- pandora_console/include/functions_config.php | 35 ++++++++++++++++-- pandora_console/index.php | 38 ++++++++++++-------- 3 files changed, 58 insertions(+), 43 deletions(-) diff --git a/pandora_console/include/config_process.php b/pandora_console/include/config_process.php index 90a7916637..61ff814fac 100644 --- a/pandora_console/include/config_process.php +++ b/pandora_console/include/config_process.php @@ -115,6 +115,7 @@ require_once ($ownDir. 'functions_config.php'); date_default_timezone_set("Europe/Madrid"); + config_process_config(); if (!isset($config["homeurl_static"])) { @@ -142,32 +143,9 @@ else { $config["global_block_size"] = $config["block_size"]; $config["global_flash_charts"] = $config["flash_charts"]; + if (isset ($config['id_user'])) { - $userinfo = get_user_info ($config['id_user']); - - // Refresh the last_connect info in the user table - // if last update was more than 5 minutes ago - if($userinfo['last_connect'] < (time()-SECONDS_1MINUTE)) { - update_user($config['id_user'], array('last_connect' => time())); - } - - // If block_size or flash_chart are provided then override global settings - if (!empty($userinfo["block_size"]) && ($userinfo["block_size"] != 0)) - $config["block_size"] = $userinfo["block_size"]; - - if ($userinfo["flash_chart"] != -1) - $config["flash_charts"] = $userinfo["flash_chart"]; - - // Each user could have it's own timezone) - if (isset($userinfo["timezone"])) { - if ($userinfo["timezone"] != "") { - date_default_timezone_set($userinfo["timezone"]); - } - } - - if (defined('METACONSOLE')) { - $config['metaconsole_access'] = $userinfo["metaconsole_access"]; - } + config_user_set_custom_config(); } // Check if inventory_changes_blacklist is setted, if not create it diff --git a/pandora_console/include/functions_config.php b/pandora_console/include/functions_config.php index daf12e9367..b70b998439 100644 --- a/pandora_console/include/functions_config.php +++ b/pandora_console/include/functions_config.php @@ -1414,8 +1414,8 @@ function config_check () { function config_return_in_bytes($val) { $val = trim($val); - $last = strtolower($val[strlen($val)-1]); - switch($last) { + $last = strtolower($val[strlen($val) - 1]); + switch ($last) { // The 'G' modifier is available since PHP 5.1.0 case 'g': $val *= 1024; @@ -1424,8 +1424,37 @@ function config_return_in_bytes($val) { case 'k': $val *= 1024; } - + return $val; } +function config_user_set_custom_config() { + global $config; + + $userinfo = get_user_info ($config['id_user']); + + // Refresh the last_connect info in the user table + // if last update was more than 5 minutes ago + if ($userinfo['last_connect'] < (time()-SECONDS_1MINUTE)) { + update_user($config['id_user'], array('last_connect' => time())); + } + + // If block_size or flash_chart are provided then override global settings + if (!empty($userinfo["block_size"]) && ($userinfo["block_size"] != 0)) + $config["block_size"] = $userinfo["block_size"]; + + if ($userinfo["flash_chart"] != -1) + $config["flash_charts"] = $userinfo["flash_chart"]; + + // Each user could have it's own timezone) + if (isset($userinfo["timezone"])) { + if ($userinfo["timezone"] != "") { + date_default_timezone_set($userinfo["timezone"]); + } + } + + if (defined('METACONSOLE')) { + $config['metaconsole_access'] = $userinfo["metaconsole_access"]; + } +} ?> diff --git a/pandora_console/index.php b/pandora_console/index.php index a92726bb30..2610bd9996 100755 --- a/pandora_console/index.php +++ b/pandora_console/index.php @@ -69,6 +69,7 @@ if ((! file_exists ("include/config.php")) || (! is_readable ("include/config.ph session_start (); require_once ("include/config.php"); + // If metaconsole activated, redirect to it if ($config['metaconsole'] == 1 && $config['enterprise_installed'] == 1) { header ("Location: " . $config['homeurl'] . "enterprise/meta"); @@ -177,34 +178,34 @@ if (! isset ($config['id_user'])) { $pass = get_parameter_post ("pass"); //This is the variable with the password $nick = db_escape_string_sql($nick); $pass = db_escape_string_sql($pass); - + //Since now, only the $pass variable are needed unset ($_GET['pass'], $_POST['pass'], $_REQUEST['pass']); - + // If the auth_code exists, we assume the user has come through the double auth page if (isset ($_POST['auth_code'])) { $double_auth_success = false; - + // The double authentication is activated and the user has surpassed the first step (the login). // Now the authentication code provided will be checked. if (isset ($_SESSION['prepared_login_da'])) { if (isset ($_SESSION['prepared_login_da']['id_user']) && isset ($_SESSION['prepared_login_da']['timestamp'])) { - + // The user has a maximum of 5 minutes to introduce the double auth code $dauth_period = SECONDS_2MINUTES; $now = time(); $dauth_time = $_SESSION['prepared_login_da']['timestamp']; - + if ($now - $dauth_period < $dauth_time) { // Nick $nick = $_SESSION["prepared_login_da"]['id_user']; // Code $code = (string) get_parameter_post ("auth_code"); - + if (!empty($code)) { $result = validate_double_auth_code($nick, $code); - + if ($result === true) { // Double auth success $double_auth_success = true; @@ -214,7 +215,7 @@ if (! isset ($config['id_user'])) { $login_screen = 'double_auth'; // Error message $config["auth_error"] = __("Invalid code"); - + if (!isset($_SESSION['prepared_login_da']['attempts'])) $_SESSION['prepared_login_da']['attempts'] = 0; $_SESSION['prepared_login_da']['attempts']++; @@ -225,7 +226,7 @@ if (! isset ($config['id_user'])) { $login_screen = 'double_auth'; // Error message $config["auth_error"] = __("The code shouldn't be empty"); - + if (!isset($_SESSION['prepared_login_da']['attempts'])) $_SESSION['prepared_login_da']['attempts'] = 0; $_SESSION['prepared_login_da']['attempts']++; @@ -234,7 +235,7 @@ if (! isset ($config['id_user'])) { else { // Expired login unset ($_SESSION['prepared_login_da']); - + // Error message $config["auth_error"] = __('Expired login'); } @@ -242,7 +243,7 @@ if (! isset ($config['id_user'])) { else { // If the code doesn't exist, remove the prepared login unset ($_SESSION['prepared_login_da']); - + // Error message $config["auth_error"] = __('Login error'); } @@ -252,10 +253,10 @@ if (! isset ($config['id_user'])) { // Error message $config["auth_error"] = __('Login error'); } - + // Remove the authenticator code unset ($_POST['auth_code'], $code); - + if (!$double_auth_success) { $login_failed = true; require_once ('general/login_page.php'); @@ -328,14 +329,14 @@ if (! isset ($config['id_user'])) { 'timestamp' => time(), 'attempts' => 0 ); - + // Load the page to introduce the double auth code $login_screen = 'double_auth'; require_once ('general/login_page.php'); while (@ob_end_flush ()); exit (""); } - + //login ok and password has not expired $process_login = true; @@ -395,6 +396,13 @@ if (! isset ($config['id_user'])) { db_logon ($nick_in_db, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $nick_in_db; $config['id_user'] = $nick_in_db; + + //========================================================== + //-------- SET THE CUSTOM CONFIGS OF USER ------------------ + + config_user_set_custom_config(); + //========================================================== + //Remove everything that might have to do with people's passwords or logins unset ($pass, $login_good);