2009-03-25 09:34:04 +00:00
< ? php
2009-07-21 14:40:36 +00:00
$timeout = 1800 ;
if ( ENVIRONNEMENT == 'DEV' ){ $timeout = 36000 ; }
$cle_cookie = 'sdjglsdkhmsoL68' ;
2009-03-25 09:34:04 +00:00
//V<> rification en session
2009-04-01 07:32:44 +00:00
if ( $_REQUEST [ 'checkIp' ] == 'only' ){
2009-07-21 14:40:36 +00:00
2009-03-25 14:38:22 +00:00
if ( trim ( $_REQUEST [ 'login' ]) == '' ) {
$message = " Erreur 10300 : Identifiant de connexion et/ou mot de passe incorrect ! " ;
include ( './pages/logout.php' );
die ();
}
2009-07-21 14:40:36 +00:00
$login = $_REQUEST [ 'login' ];
$hach = 'iponly:' . $_SERVER [ 'REMOTE_ADDR' ];
2009-04-02 09:54:01 +00:00
2009-04-02 17:26:48 +00:00
} elseif ( $_SESSION [ 'connected' ] == TRUE && $_REQUEST [ 'action' ] != 'logout' && $_REQUEST [ 'action' ] != 'logon' ) {
2009-03-25 14:38:22 +00:00
// On v<> rifie la validit<69> de la session
2009-03-25 09:34:04 +00:00
$tabInfo = $_SESSION [ 'tabInfo' ];
2009-06-03 17:03:44 +00:00
$firephp -> log ( $tabInfo , 'tabInfo' );
2009-07-21 14:40:36 +00:00
2009-03-25 09:34:04 +00:00
if ( $tabInfo [ 'date_last_action' ] + $timeout < time ()) {
$message = " Vous avez <20> t<EFBFBD> d<> connect<63> de l'extranet suite <20> un d<> lai d'inactivit<69> trop long (1) " ;
include ( './pages/logout.php' );
}
// On met <20> jour l'heure de la derni<6E> re action
$tabInfo [ 'date_last_action' ] = time ();
$_SESSION [ 'tabInfo' ] = $tabInfo ;
2009-07-21 14:40:36 +00:00
2009-03-25 14:38:22 +00:00
//Affectation Login et pass
$login = $_SESSION [ 'tabInfo' ][ 'login' ];
2009-07-21 14:40:36 +00:00
( $_REQUEST [ 'checkIp' ] == 'only' || strstr ( $hach , 'iponly:' ) != FALSE ) ? ( $hach = 'iponly:' . $_SERVER [ 'REMOTE_ADDR' ]) : ( $hach = $_SESSION [ 'tabInfo' ][ 'password' ]);
2009-04-02 09:54:01 +00:00
} elseif ( $_REQUEST [ 'action' ] == 'logon' && ( trim ( $_REQUEST [ 'login' ]) != '' && trim ( $_REQUEST [ 'hach' ]) != '' ) ) {
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
if ( trim ( $_REQUEST [ 'login' ]) == '' ) {
$message = " Erreur 10300 : Identifiant de connexion et/ou mot de passe incorrect ! " ;
include ( './pages/logout.php' );
die ();
}
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
if ( $_REQUEST [ 'pass' ] != '' ) afficheErreur ( 'Erreur 10005 : Connexion impossible !' );
//if ($_REQUEST['lang']!='fr') afficheErreur('Erreur 10006 : Connexion impossible !');
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
$login = $_REQUEST [ 'login' ];
2009-07-21 14:40:36 +00:00
$hach = $_REQUEST [ 'hach' ];
2009-04-02 09:54:01 +00:00
} elseif ( $_REQUEST [ 'action' ] == 'logout' ) {
include ( './pages/logout.php' );
die ();
2009-03-25 14:38:22 +00:00
} elseif ( $page != 'main' && $_REQUEST [ 'action' ] != 'logon' ) {
2009-03-25 09:34:04 +00:00
$message = " Vous avez <20> t<EFBFBD> d<> connect<63> de l'extranet suite <20> un d<> lai d'inactivit<69> trop long (2) " ;
2009-07-21 14:40:36 +00:00
include ( './pages/logout.php' );
2009-03-25 14:38:22 +00:00
}
2009-04-02 09:54:01 +00:00
$firephp -> log ( $login , 'login' );
$firephp -> log ( $hach , 'hach' );
2009-03-25 14:38:22 +00:00
/** D<> clation du client Soap aupr<70> s du webservice **/
$client = new SoapClient ( null , array ( 'trace' => 1 ,
'soap_version' => SOAP_1_1 ,
'location' => WEBSERVICE_URL ,
'uri' => WEBSERVICE_URI ,
'login' => $login ,
'password' => $hach
));
2009-04-02 09:54:01 +00:00
if ( $_REQUEST [ 'action' ] == 'logon' || $_SESSION [ 'connected' ] == FALSE )
2009-07-21 14:40:36 +00:00
{
2009-04-02 09:54:01 +00:00
//unset($_SESSION);
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
$secureLocal = md5 ( date ( 'Ymd' ) . $_SERVER [ 'REMOTE_ADDR' ] . $_SERVER [ 'HTTP_USER_AGENT' ]);
$secureDist = $_REQUEST [ 'secure' ];
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
$cookieSecure = $secureLocal . '/' . md5 ( $cle_cookie );
$tab = unserialize ( @ file_get_contents ( '/tmp/sd_' . $secureLocal . '.tmp' ));
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
$tabIpInterdites = array ( '81.252.88.*' ,
'195.200.187.163' ,
'213.11.81.41' ,
'83.206.171.252' ,
'81.255.32.139' ,
'212.155.191.1*' ,
'217.70.1*.17' ,
'212.37.196.156' ,
'80.245.60.121' ,
'213.246.57.101' ,
//'88.178.249.67',
);
foreach ( $tabIpInterdites as $ip ) {
if ( preg_match ( '/^' . str_replace ( '*' , '.*' , str_replace ( '.' , '\.' , $ip )) . '$/' , $_SERVER [ 'REMOTE_ADDR' ]) ){
afficheErreur ( 'Erreur 10105 : Connexion impossible !' );
2009-07-21 14:40:36 +00:00
}
2009-04-02 09:54:01 +00:00
}
2009-07-21 14:40:36 +00:00
//R<> cup<75> ration des infos si pas de session
2009-03-25 14:38:22 +00:00
try {
$O = $client -> getInfosLogin ( $login , $_SERVER [ 'REMOTE_ADDR' ]);
$user = $O [ 'result' ];
2009-04-02 17:26:48 +00:00
$firephp -> log ( $user , 'result' );
2009-07-21 14:40:36 +00:00
if ( $user [ 'connected' ] == true )
2009-03-25 14:38:22 +00:00
{
$tabInfo [ 'login' ] = $login ;
$tabInfo [ 'password' ] = $hach ;
$tabInfo [ 'email' ] = $user [ 'email' ];
$tabInfo [ 'ip' ] = $_SERVER [ 'REMOTE_ADDR' ];
$tabInfo [ 'host' ] = gethostbyaddr ( $tabInfo [ 'ip' ]);
$tabInfo [ 'resolution' ] = $_REQUEST [ 'resolution' ];
$tabInfo [ 'nbcolors' ] = $_REQUEST [ 'nbcolors' ];
$tabInfo [ 'user_agent' ] = $tab [ 'client_ua' ];
$tabInfo [ 'referer1' ] = $tab [ 'client_referer' ];
$tabInfo [ 'referer2' ] = $_SERVER [ 'HTTP_REFERER' ];
$tabInfo [ 'referer_login' ] = $_SERVER [ 'HTTP_REFERER' ];
$tabInfo [ 'date_page_www' ] = $tab [ 'client_connexion' ];
$tabInfo [ 'date_login' ] = time ();
$tabInfo [ 'date_last_action' ] = time ();
$tabInfo [ 'nbReponses' ] = $user [ 'nbReponses' ];
$tabInfo [ 'cookie_client' ] = md5 ( 'login' . $cookieSecure );
$tabInfo [ 'mode_edition' ] = 0 ;
$tabInfo [ 'profil' ] = $user [ 'profil' ];
$tabInfo [ 'pref' ] = $user [ 'pref' ];
$tabInfo [ 'droits' ] = $user [ 'droits' ];
$tabInfo [ 'nom' ] = $user [ 'nom' ];
$tabInfo [ 'prenom' ] = $user [ 'prenom' ];
$tabInfo [ 'id' ] = $user [ 'id' ];
$tabInfo [ 'idClient' ] = $user [ 'idClient' ];
$tabInfo [ 'reference' ] = $user [ 'reference' ];
2010-01-13 16:23:29 +00:00
$tabInfo [ 'typeScore' ] = $user [ 'typeScore' ];
2009-03-25 14:38:22 +00:00
$_SESSION [ 'connected' ] = true ;
$_SESSION [ 'tabInfo' ] = $tabInfo ;
2009-07-21 14:40:36 +00:00
2009-04-02 09:54:01 +00:00
//include('./pages/main.php');
2009-03-25 14:38:22 +00:00
logAction ( $tabInfo [ 'login' ], $page , $_REQUEST [ 'siret' ], $tabInfo [ 'ip' ], $tabInfo [ 'host' ], $tabInfo [ 'resolution' ], $tabInfo [ 'nbcolors' ], $tabInfo [ 'user_agent' ], $tabInfo [ 'referer1' ], gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_login' ] + 3600 ), gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_last_action' ] + 3600 ), implode ( ', ' , $_REQUEST ));
2009-07-21 14:40:36 +00:00
2009-03-25 14:38:22 +00:00
} elseif ( $O [ 'error' ][ 'errnum' ] <> 0 ) {
$message = 'Erreur ' . $O [ 'error' ][ 'errnum' ] . ' : ' . $O [ 'error' ][ 'errmsg' ];
2009-06-03 17:03:44 +00:00
if ( $O [ 'error' ][ 'errnum' ] == '10301' && $login == 'rsipdll' ){
2009-07-21 14:40:36 +00:00
$message .= '<br/>Pour tout probl<62> me technique, contactez le service support par t<> l<EFBFBD> phone au 01.48.00.04.52 ou par mail <20> <a href="mailto:support@scores-decisions.com">support@scores-decisions.com</a>' ;
2009-06-03 17:03:44 +00:00
}
2009-03-25 14:38:22 +00:00
include ( './pages/logout.php' );
logAction ( $tabInfo [ 'login' ], $page , $_REQUEST [ 'siret' ], $tabInfo [ 'ip' ], $tabInfo [ 'host' ], $tabInfo [ 'resolution' ], $tabInfo [ 'nbcolors' ], $tabInfo [ 'user_agent' ], $tabInfo [ 'referer1' ], gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_login' ] + 3600 ), gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_last_action' ] + 3600 ), implode ( ', ' , $_REQUEST ));
print_r ( $tabInfoUser );
2009-07-21 14:40:36 +00:00
die ();
2009-06-03 17:03:44 +00:00
} else {
2009-03-25 14:38:22 +00:00
$message = " Erreur 10302 : Identifiant de connexion et/ou mot de passe incorrect ! " ;
include ( './pages/logout.php' );
logAction ( $tabInfo [ 'login' ], $page , $_REQUEST [ 'siret' ], $tabInfo [ 'ip' ], $tabInfo [ 'host' ], $tabInfo [ 'resolution' ], $tabInfo [ 'nbcolors' ], $tabInfo [ 'user_agent' ], $tabInfo [ 'referer1' ], gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_login' ] + 3600 ), gmdate ( 'Y/m/d H:i:s' , $tabInfo [ 'date_last_action' ] + 3600 ), implode ( ', ' , $_REQUEST ));
print_r ( $tabInfoUser );
2009-07-21 14:40:36 +00:00
die ();
2009-03-25 14:38:22 +00:00
}
} catch ( SoapFault $fault ) {
2009-07-21 14:40:36 +00:00
if ( $fault -> faultcode != '900' ){
2009-04-21 08:10:57 +00:00
require_once 'soaperror.php' ;
processSoapFault ( $client , $fault , $tabInfo );
}
2009-03-25 14:38:22 +00:00
$message = " Erreur 10301 : Identifiant de connexion et/ou mot de passe incorrect ! " ;
2009-06-03 17:03:44 +00:00
if ( $login == 'rsipdll' ){
2009-07-21 14:40:36 +00:00
$message .= '<br/>Pour tout probl<62> me technique, contactez le service support par t<> l<EFBFBD> phone au 01.48.00.04.52 ou par mail <20> <a href="mailto:support@scores-decisions.com">support@scores-decisions.com</a>' ;
2009-06-03 17:03:44 +00:00
}
2009-03-25 14:38:22 +00:00
include ( './pages/logout.php' );
die ();
}
}
2009-03-25 09:34:04 +00:00
?>
