fix spacing and code style, and when logging in, change view to console
This commit is contained in:
Isaac Connor
parent
9262d9d14e
commit
6d1f85bcd6
|
|
@ -23,8 +23,7 @@
|
|||
// credit: http://wezfurlong.org/blog/2006/nov/http-post-from-php-without-curl/
|
||||
|
||||
|
||||
function do_post_request($url, $data, $optional_headers = null)
|
||||
{
|
||||
function do_post_request($url, $data, $optional_headers = null) {
|
||||
$params = array('http' => array(
|
||||
'method' => 'POST',
|
||||
'content' => $data
|
||||
|
|
@ -44,12 +43,10 @@ function do_post_request($url, $data, $optional_headers = null)
|
|||
return $response;
|
||||
}
|
||||
|
||||
function getAffectedIds( $name )
|
||||
{
|
||||
function getAffectedIds( $name ) {
|
||||
$names = $name."s";
|
||||
$ids = array();
|
||||
if ( isset($_REQUEST[$names]) || isset($_REQUEST[$name]) )
|
||||
{
|
||||
if ( isset($_REQUEST[$names]) || isset($_REQUEST[$name]) ) {
|
||||
if ( isset($_REQUEST[$names]) )
|
||||
$ids = validInt($_REQUEST[$names]);
|
||||
else if ( isset($_REQUEST[$name]) )
|
||||
|
|
@ -58,18 +55,14 @@ function getAffectedIds( $name )
|
|||
return( $ids );
|
||||
}
|
||||
|
||||
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) )
|
||||
{
|
||||
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) )
|
||||
{
|
||||
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS && empty($user) && !empty($_REQUEST['auth']) ) {
|
||||
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
|
||||
userLogin( $authUser['Username'], $authUser['Password'], true );
|
||||
}
|
||||
}
|
||||
|
||||
if ( !empty($action) )
|
||||
{
|
||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
|
||||
{
|
||||
if ( !empty($action) ) {
|
||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) {
|
||||
// if true, a popup will display after login
|
||||
// PP - lets validate reCaptcha if it exists
|
||||
if ( defined('ZM_OPT_USE_GOOG_RECAPTCHA')
|
||||
|
|
@ -83,51 +76,42 @@ if ( !empty($action) )
|
|||
'secret'=> ZM_OPT_GOOG_RECAPTCHA_SECRETKEY,
|
||||
'response' => $_REQUEST['g-recaptcha-response'],
|
||||
'remoteip'=> $_SERVER['REMOTE_ADDR']
|
||||
|
||||
);
|
||||
$res= do_post_request($url, http_build_query($fields));
|
||||
$responseData = json_decode($res,true);
|
||||
// PP - credit: https://github.com/google/recaptcha/blob/master/src/ReCaptcha/Response.php
|
||||
// if recaptcha resulted in error, we might have to deny login
|
||||
if (isset($responseData['success']) && $responseData['success'] == false)
|
||||
{
|
||||
if (isset($responseData['success']) && $responseData['success'] == false) {
|
||||
// PP - before we deny auth, let's make sure the error was not 'invalid secret'
|
||||
// because that means the user did not configure the secret key correctly
|
||||
// in this case, we prefer to let him login in and display a message to correct
|
||||
// the key. Unfortunately, there is no way to check for invalid site key in code
|
||||
// as it produces the same error as when you don't answer a recaptcha
|
||||
if (isset($responseData['error-codes']) && is_array($responseData['error-codes']))
|
||||
{
|
||||
if (!in_array('invalid-input-secret',$responseData['error-codes']))
|
||||
{
|
||||
if (isset($responseData['error-codes']) && is_array($responseData['error-codes'])) {
|
||||
if (!in_array('invalid-input-secret',$responseData['error-codes'])) {
|
||||
Error ("reCaptcha authentication failed");
|
||||
userLogout();
|
||||
$view='login';
|
||||
$refreshParent = true;
|
||||
}
|
||||
else
|
||||
{
|
||||
} else {
|
||||
//Let them login but show an error
|
||||
echo '<script type="text/javascript">alert("'.translate('RecaptchaWarning').'"); </script>';
|
||||
Error ("Invalid recaptcha secret detected");
|
||||
}
|
||||
}
|
||||
} // end if success==false
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
} // end if using reCaptcha
|
||||
}
|
||||
|
||||
// General scope actions
|
||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) )
|
||||
{
|
||||
if ( $action == "login" && isset($_REQUEST['username']) && ( ZM_AUTH_TYPE == "remote" || isset($_REQUEST['password']) ) ) {
|
||||
$username = validStr( $_REQUEST['username'] );
|
||||
$password = isset($_REQUEST['password'])?validStr($_REQUEST['password']):'';
|
||||
userLogin( $username, $password );
|
||||
}
|
||||
elseif ( $action == "logout" )
|
||||
{
|
||||
$refreshParent = true;
|
||||
$view = 'console';
|
||||
} elseif ( $action == "logout" ) {
|
||||
userLogout();
|
||||
$refreshParent = true;
|
||||
$view = 'none';
|
||||
|
|
@ -584,7 +568,7 @@ if ( !empty($action) )
|
|||
}
|
||||
elseif ( !$user['MonitorIds'] )
|
||||
{
|
||||
# FIXME This is actually a race condition. Should lock the table.
|
||||
# FIXME This is actually a race condition. Should lock the table.
|
||||
$maxSeq = dbFetchOne( "select max(Sequence) as MaxSequence from Monitors", "MaxSequence" );
|
||||
$changes[] = "Sequence = ".($maxSeq+1);
|
||||
|
||||
|
|
@ -743,7 +727,7 @@ if ( !empty($action) )
|
|||
// Group edit actions
|
||||
if ( canEdit( 'Groups' ) ) {
|
||||
if ( $action == "group" ) {
|
||||
# Should probably verfy that each monitor id is a valid monitor, that we have access to. HOwever at the moment, you have to have System permissions to do this
|
||||
# Should probably verfy that each monitor id is a valid monitor, that we have access to. HOwever at the moment, you have to have System permissions to do this
|
||||
$monitors = empty( $_POST['newGroup']['MonitorIds'] ) ? NULL : implode(',', $_POST['newGroup']['MonitorIds']);
|
||||
if ( !empty($_POST['gid']) ) {
|
||||
dbQuery( "UPDATE Groups SET Name=?, MonitorIds=? WHERE Id=?", array($_POST['newGroup']['Name'], $monitors, $_POST['gid']) );
|
||||
|
|
|
|||
Loading…
Reference in New Issue