tyler.durden
/
pandorafms
mirror of https://github.com/pandorafms/pandorafms.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Removed unwanted traces

This commit is contained in:
fbsanchez 2020-10-19 10:59:46 +02:00
parent 7b73a36eb0
commit f6020e8791
3 changed files with 83 additions and 37 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pandora_console/general/login_page.php
View File

@ -450,7 +450,12 @@ if ($login_screen == 'logout') {
echo '<div class="content_message_alert">';
echo '<div class="text_message_alert">';
echo '<h1>'.__('Logged out').'</h1>';
echo '<p>'.__('Your session has ended. Please close your browser window to close this %s session.', get_product_name()).'</p>';
if (empty($config['logout_msg']) === true) {
echo '<p>'.__('Your session has ended. Please close your browser window to close this %s session.', get_product_name()).'</p>';
} else {
echo '<p>'.__($config['logout_msg']).'</p>';
}
echo '</div>';
echo '<div class="button_message_alert">';
html_print_submit_button('Ok', 'hide-login-logout', false);

40
pandora_console/include/load_session.php
View File

@ -64,14 +64,23 @@ function pandora_session_close()
function pandora_session_read($session_id)
{
$session_id = addslashes($session_id);
$session_data = db_get_value(
'data',
'tsessions_php',
'id_session',
$session_id
// Do not use SQL cache here.
$session_data = db_get_all_rows_sql(
sprintf(
'SELECT data
FROM `tsessions_php` WHERE id_session="%s"',
$session_id
),
false,
false
);
if (!empty($session_data)) {
if (is_array($session_data) === true) {
$session_data = $session_data[0]['data'];
}
if (empty($session_data) === false) {
return $session_data;
} else {
return '';
@ -90,7 +99,6 @@ function pandora_session_read($session_id)
function pandora_session_write($session_id, $data)
{
$session_id = addslashes($session_id);
if (is_ajax()) {
// Avoid session upadte while processing ajax responses - notifications.
if (get_parameter('check_new_notifications', false)) {
@ -101,18 +109,22 @@ function pandora_session_write($session_id, $data)
$values = [];
$values['last_active'] = time();
if (!empty($data)) {
if (empty($data) === false) {
$values['data'] = addslashes($data);
}
$session_exists = (bool) db_get_value(
'COUNT(id_session)',
'tsessions_php',
'id_session',
$session_id
// Do not use SQL cache here.
$session_exists = db_get_all_rows_sql(
sprintf(
'SELECT id_session
FROM `tsessions_php` WHERE id_session="%s"',
$session_id
),
false,
false
);
if (!$session_exists) {
if ($session_exists === false) {
$values['id_session'] = $session_id;
$retval_write = db_process_sql_insert('tsessions_php', $values);
} else {

73
pandora_console/index.php
View File

@ -222,7 +222,7 @@ echo '<head>'."\n";
ob_start('ui_process_page_head');
// Enterprise main.
enterprise_include('index.php');
enterprise_include_once('index.php');
echo '<script type="text/javascript">';
echo 'var dispositivo = navigator.userAgent.toLowerCase();';
@ -395,23 +395,25 @@ if (! isset($config['id_user'])) {
$nick_in_db = $_SESSION['prepared_login_da']['id_user'];
$expired_pass = false;
} else if (($config['auth'] == 'saml') && ($login_button_saml)) {
$saml_path = $config['homedir'].'/'.ENTERPRISE_DIR.'/include/auth/saml.php';
if (!$saml_path) {
enterprise_include_once('include/auth/saml.php');
$saml_user_id = enterprise_hook('saml_process_user_login');
if (!$saml_user_id) {
include_once 'general/noaccesssaml.php';
} else {
include_once $saml_path;
$saml_user_id = saml_process_user_login();
if (!$saml_user_id) {
include_once 'general/noaccesssaml.php';
}
}
$nick_in_db = $saml_user_id;
if (!$nick_in_db) {
$nick_in_db = $saml_user_id;
if (!$nick_in_db) {
$samlid = $_SESSION['samlid'];
$_SESSION = [];
session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
if ($config['auth'] == 'saml' && empty($samlid) === false) {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
saml_logout();
enterprise_include_once('include/auth/saml.php');
enterprise_hook('saml_logout', [$samlid]);
}
}
} else {
@ -735,7 +737,7 @@ if (! isset($config['id_user'])) {
exit('</html>');
}
} else {
} else if (isset($_GET['bye']) === false) {
// There is no user connected.
if ($config['enterprise_installed']) {
enterprise_include_once('include/functions_reset_pass.php');
@ -962,22 +964,49 @@ if (file_exists(ENTERPRISE_DIR.'/load_enterprise.php')) {
// Log off.
if (isset($_GET['bye'])) {
$iduser = $_SESSION['id_usuario'];
$samlid = $_SESSION['samlid'];
if ($config['auth'] === 'saml') {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
enterprise_include_once('include/auth/saml.php');
$samlid = $_SESSION['samlid'];
$saml_logout_state = (string) get_parameter('LogoutState', '');
if (empty($saml_logout_state) === false) {
try {
$state = \SimpleSAML\Auth\State::loadState(
$saml_logout_state,
'MyLogoutState'
);
$ls = $state['saml:sp:LogoutStatus'];
// Only works for SAML SP.
if ($ls['Code'] === 'urn:oasis:names:tc:SAML:2.0:status:Success'
&& isset($ls['SubCode']) === false
) {
// Successful logout.
$config['logout_msg'] = 'You have been logged out.';
} else {
// Logout failed. Tell the user to close the browser.
$config['logout_msg'] = 'We were unable to log you out of all your sessions. To be completely sure that you are logged out, you need to close your web browser.';
}
} catch (Exception $e) {
$config['logout_msg'] = 'Failed to logout from SAML: '.$e->getMessage();
}
}
}
// Process logout.
include 'general/logoff.php';
if ($config['auth'] == 'saml' && empty($samlid) === false) {
include_once $config['saml_path'].'simplesamlphp/lib/_autoload.php';
enterprise_include('include/auth/saml.php');
enterprise_hook('saml_logout', [$samlid]);
}
$_SESSION = [];
session_destroy();
header_remove('Set-Cookie');
setcookie(session_name(), $_COOKIE[session_name()], (time() - 4800), '/');
if ($config['auth'] == 'saml' && empty($samlid) === false) {
enterprise_hook('saml_logout', [$samlid]);
}
while (@ob_end_flush()) {
// Dumping...
continue;