$value) { if ($key == 1) continue; $query .= '&'.$key.'='.$value; } foreach ($_POST as $key => $value) { $query .= '&'.$key.'='.$value; } // Prevent HTTP response splitting attacks // http://en.wikipedia.org/wiki/HTTP_response_splitting $query = str_replace ("\n", "", $query); header ('Location: '.$query); exit; //Always exit after sending location headers } // Pure mode (without menu, header and footer). $config["pure"] = (bool) get_parameter ("pure"); // Auto Refresh page (can now be disabled anywhere in the script) $config["refr"] = (int) get_parameter ("refr"); ob_start (); echo ''."\n"; echo ''."\n"; echo ''; //This starts the page head. In the call back function, things from $page['head'] array will be processed into the head ob_start ('ui_process_page_head'); // Enterprise main enterprise_include ('index.php'); // This tag is included in the buffer passed to ui_process_page_head so // technically it can be stripped echo ''."\n"; require_once ("include/functions_themes.php"); ob_start ('ui_process_page_body'); $config["remote_addr"] = $_SERVER['REMOTE_ADDR']; $sec2 = get_parameter_get ('sec2'); $sec2 = safe_url_extraclean ($sec2); $page = $sec2; //Reference variable for old time sake $sec = get_parameter_get ('sec'); $sec = safe_url_extraclean ($sec); $searchPage = false; $search = get_parameter_get("head_search_keywords"); if (strlen($search) > 0) { $config['search_keywords'] = trim(get_parameter('keywords')); // If not search category providad, we'll use an agent search $config['search_category'] = get_parameter('search_category', 'agents'); if (($config['search_keywords'] != 'Enter keywords to search') && (strlen($config['search_keywords']) > 0)) $searchPage = true; } // Hash login process if (! isset ($config['id_user']) && isset ($_GET["loginhash"])) { $loginhash_data = get_parameter("loginhash_data", ""); $loginhash_user = get_parameter("loginhash_user", ""); if ($config["loginhash_pwd"] != "" && $loginhash_data == md5($loginhash_user.$config["loginhash_pwd"])) { logon_db ($loginhash_user, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $loginhash_user; $config["id_user"] = $loginhash_user; } else { require_once ('general/login_page.php'); pandora_audit("Logon Failed (loginhash", "", "system"); while (@ob_end_flush ()); exit (""); } } elseif (! isset ($config['id_user']) && isset ($_GET["login"])) { // Login process include_once('include/functions_db.php');//Include it to use escape_string_sql function $config["auth_error"] = ""; //Set this to the error message from the authorization mechanism $nick = get_parameter_post ("nick"); //This is the variable with the login $pass = get_parameter_post ("pass"); //This is the variable with the password $nick = escape_string_sql($nick); $pass = escape_string_sql($pass); // process_user_login is a virtual function which should be defined in each auth file. // It accepts username and password. The rest should be internal to the auth file. // The auth file can set $config["auth_error"] to an informative error output or reference their internal error messages to it // process_user_login should return false in case of errors or invalid login, the nickname if correct $nick_in_db = process_user_login ($nick, $pass); if ($nick_in_db !== false) { unset ($_GET["sec2"]); $_GET["sec"] = "general/logon_ok"; logon_db ($nick_in_db, $_SERVER['REMOTE_ADDR']); $_SESSION['id_usuario'] = $nick_in_db; $config['id_user'] = $nick_in_db; //Remove everything that might have to do with people's passwords or logins unset ($_GET['pass'], $pass, $_POST['pass'], $_REQUEST['pass'], $login_good); // Set user language if provided, overriding System language $userinfo = get_user_info ($config['id_user']); if ($userinfo["language"] != ""){ $config['language'] = $userinfo["language"]; } $l10n = NULL; if (file_exists ('./include/languages/'.$config["language"].'.mo')) { $l10n = new gettext_reader (new CachedFileReader ('./include/languages/'.$config["language"].'.mo')); $l10n->load_tables(); } } else { // User not known $login_failed = true; require_once ('general/login_page.php'); pandora_audit("Logon Failed", "Invalid login: ".$nick, $nick); while (@ob_end_flush ()); exit (""); } } elseif (! isset ($config['id_user'])) { // There is no user connected require_once ('general/login_page.php'); while (@ob_end_flush ()); exit (""); } // Log off if (isset ($_GET["bye"])) { include ("general/logoff.php"); $iduser = $_SESSION["id_usuario"]; logoff_db ($iduser, $_SERVER['REMOTE_ADDR']); // Unregister Session (compatible with 5.2 and 6.x, old code was deprecated unset($_SESSION['id_usuario']); unset($iduser); while (@ob_end_flush ()); exit (""); } // http://es2.php.net/manual/en/ref.session.php#64525 // Session locking concurrency speedup! session_write_close (); // Header if ($config["pure"] == 0) { echo '
'; } else { echo '
'; } // Main block of content if ($config["pure"] == 0) { echo '
'; } // Check permissions if (!is_writable ("attachment")){ echo '

'.__('Attachment directory is not writable by HTTP Server').'

'; echo '

'.__('Please check that the web server has write rights on the {HOMEDIR}/attachment directory').'

'; } // Page loader / selector if ($searchPage) { require ('operation/search_results.php'); } else { if ($page != "") { $page .= '.php'; // Enterprise ACL check if (enterprise_hook ('acl_enterprise', array ($config['id_user'], $sec, $sec2)) == false){ require ("general/noaccess.php"); } elseif (file_exists ($page)) { if (! is_extension ($page)){ require ($page); } else { if ($sec[0] == 'g') extension_call_godmode_function (basename ($page)); else extension_call_main_function (basename ($page)); } } else echo '
'.__('Sorry! I can\'t find the page!').''; } else require ("general/logon_ok.php"); } if ($config["pure"] == 0) { echo '
'; // main echo '
 
'; echo '
'; // page (id = page) } else { echo "
"; // main_pure } if ($config["pure"] == 0) { echo ''; echo '
'; //container div } while (@ob_end_flush ()); print_database_debug (); echo ''; $run_time = format_numeric (microtime (true) - $config['start_time'], 3); echo "\n\n"; ?>