2009-03-25 09:34:04 +00:00
|
|
|
<?php
|
2011-01-11 09:21:37 +00:00
|
|
|
/*
|
|
|
|
if (maintenanceMode()) {
|
|
|
|
require_once 'maintenance.php';
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
*/
|
2009-07-21 14:40:36 +00:00
|
|
|
$cle_cookie = 'sdjglsdkhmsoL68';
|
|
|
|
|
2010-03-02 15:50:11 +00:00
|
|
|
// Connection Login/IP
|
|
|
|
if (isset($_REQUEST['checkIp']) && $_REQUEST['checkIp'] == 'only') {
|
|
|
|
if (trim($_REQUEST['login']) == '') {
|
|
|
|
$message = "Erreur 10300 : ".
|
|
|
|
"Identifiant de connexion et/ou mot de passe incorrect !";
|
|
|
|
include('./pages/logout.php');
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
// Affectation login et hach
|
|
|
|
$login = $_REQUEST['login'];
|
|
|
|
$hach = 'iponly:'.$_SERVER['REMOTE_ADDR'];
|
2010-03-03 09:25:08 +00:00
|
|
|
} else if (isset($_SESSION['connected']) && $_SESSION['connected'] == true &&
|
2010-03-03 10:29:00 +00:00
|
|
|
(isset($_REQUEST['action']) == false ||
|
|
|
|
($_REQUEST['action'] != 'logout' &&
|
|
|
|
$_REQUEST['action'] != 'logon'))) {
|
2010-03-02 15:50:11 +00:00
|
|
|
// Vérification SESSION
|
|
|
|
// On vérifie la validité de la session
|
|
|
|
$tabInfo=$_SESSION['tabInfo'];
|
|
|
|
$firephp->log($tabInfo,'tabInfo');
|
|
|
|
|
2010-05-06 13:04:08 +00:00
|
|
|
// Gestion du timeout de session
|
|
|
|
if (isset($tabInfo['timeout']) && !empty($tabInfo['timeout'])){
|
2010-05-06 13:06:36 +00:00
|
|
|
$timeout = $tabInfo['timeout'];
|
2010-05-06 13:04:08 +00:00
|
|
|
} else {
|
|
|
|
$timeout = 1800;
|
|
|
|
}
|
|
|
|
if(ENVIRONNEMENT == 'DEV'){ $timeout = 36000; }
|
|
|
|
|
2010-03-02 15:50:11 +00:00
|
|
|
if ($tabInfo['date_last_action'] + $timeout < time()) {
|
|
|
|
$message = "Vous avez été déconnecté de l'extranet".
|
|
|
|
" suite à un délai d'inactivité trop long (1)";
|
|
|
|
include('./pages/logout.php');
|
|
|
|
}
|
|
|
|
// On met à jour l'heure de la dernière action
|
|
|
|
$tabInfo['date_last_action'] = time();
|
|
|
|
$_SESSION['tabInfo'] = $tabInfo;
|
|
|
|
|
|
|
|
// Affectation login et hach
|
|
|
|
$login = $_SESSION['tabInfo']['login'];
|
|
|
|
((isset($_REQUEST['checkIp']) && $_REQUEST['checkIp'] == 'only') ||
|
|
|
|
(isset($_REQUEST['hash']) && strstr($hach, 'iponly:') != false)) ?
|
|
|
|
($hach = 'iponly:'.$_SERVER['REMOTE_ADDR']) :
|
|
|
|
($hach = $_SESSION['tabInfo']['password']);
|
|
|
|
} else if ($_REQUEST['action'] == 'logon' &&
|
|
|
|
(trim($_REQUEST['login']) != '' && trim($_REQUEST['hach']) != '')) {
|
|
|
|
// Demande de connexion
|
|
|
|
// Le mot de passe doit être vide
|
|
|
|
if ($_REQUEST['pass'] != '') {
|
|
|
|
afficheErreur('Erreur 10005 : Connexion impossible !');
|
|
|
|
}
|
2010-03-16 16:10:45 +00:00
|
|
|
//Erreur javascript
|
|
|
|
if( !isset($_REQUEST['hach']) )
|
|
|
|
{
|
|
|
|
$message = "Le JavaScript semble être désactivé sur votre navigateur ".
|
|
|
|
"Internet.<br/>Contacter votre administrateur.";
|
|
|
|
include('./pages/logout.php');
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2010-03-02 15:50:11 +00:00
|
|
|
// Affectation login et hach
|
|
|
|
$login = $_REQUEST['login'];
|
|
|
|
$hach = $_REQUEST['hach'];
|
2010-03-03 09:25:08 +00:00
|
|
|
} else if ($_REQUEST['action'] == 'logout') {
|
2010-03-02 15:50:11 +00:00
|
|
|
// Force la déconnexion
|
|
|
|
include('./pages/logout.php');
|
|
|
|
die();
|
2010-03-03 09:25:08 +00:00
|
|
|
} else if ($page != 'main' && $_REQUEST['action'] != 'logon') {
|
2010-03-02 15:50:11 +00:00
|
|
|
$message = "Vous avez été déconnecté de l'extranet".
|
|
|
|
" suite à un délai d'inactivité trop long (2)";
|
|
|
|
include('./pages/logout.php');
|
2009-03-25 14:38:22 +00:00
|
|
|
}
|
|
|
|
|
2009-04-02 09:54:01 +00:00
|
|
|
$firephp->log($login, 'login');
|
|
|
|
$firephp->log($hach, 'hach');
|
|
|
|
|
2010-03-02 15:50:11 +00:00
|
|
|
//Déclation du client Soap auprès du webservice
|
|
|
|
$client = new SoapClient( null,
|
2010-02-23 15:27:18 +00:00
|
|
|
array( 'trace' => 1,
|
|
|
|
'soap_version' => SOAP_1_1,
|
|
|
|
'location' => WEBSERVICE_URL,
|
|
|
|
'uri' => WEBSERVICE_URI,
|
|
|
|
'login' => $login,
|
|
|
|
'password' => $hach
|
|
|
|
));
|
2009-03-25 14:38:22 +00:00
|
|
|
|
2010-03-02 15:50:11 +00:00
|
|
|
if ((isset($_REQUEST['action']) && $_REQUEST['action'] == 'logon') ||
|
|
|
|
$_SESSION['connected'] == false) {
|
|
|
|
$secureLocal = md5(date('Ymd') .
|
|
|
|
$_SERVER['REMOTE_ADDR'] .
|
|
|
|
$_SERVER['HTTP_USER_AGENT']);
|
|
|
|
$secureDist = $_REQUEST['secure'];
|
|
|
|
$cookieSecure = $secureLocal.'/'.md5($cle_cookie);
|
|
|
|
$tab = unserialize(@file_get_contents('/tmp/sd_'.$secureLocal.'.tmp'));
|
|
|
|
|
|
|
|
$tabIpInterdites = array(
|
|
|
|
'81.252.88.*',
|
|
|
|
'195.200.187.163',
|
|
|
|
'213.11.81.41',
|
|
|
|
'83.206.171.252',
|
|
|
|
'81.255.32.139',
|
|
|
|
'212.155.191.1*',
|
|
|
|
'217.70.1*.17',
|
|
|
|
'212.37.196.156',
|
|
|
|
'80.245.60.121',
|
|
|
|
'213.246.57.101',
|
|
|
|
//'88.178.249.67',
|
|
|
|
);
|
|
|
|
foreach ($tabIpInterdites as $ip) {
|
|
|
|
if (preg_match('/^'.
|
|
|
|
str_replace('*', '.*', str_replace('.','\.',$ip)).
|
|
|
|
'$/', $_SERVER['REMOTE_ADDR'])) {
|
|
|
|
afficheErreur('Erreur 10105 : Connexion impossible !');
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// Récupération des infos si pas de session
|
|
|
|
try {
|
2010-05-21 09:29:03 +00:00
|
|
|
$adressIp = $_SERVER['REMOTE_ADDR'];
|
|
|
|
$O = $client->getInfosLogin($login, $adressIp);
|
2010-03-02 15:50:11 +00:00
|
|
|
$user = $O['result'];
|
|
|
|
$firephp->log($user,'result');
|
|
|
|
if ($user['connected'] == true) {
|
|
|
|
$tabInfo['login'] = $login;
|
|
|
|
$tabInfo['password'] = $hach;
|
|
|
|
$tabInfo['email'] = $user['email'];
|
2010-05-21 09:29:03 +00:00
|
|
|
$tabInfo['ip'] = $adressIp;
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['host'] = gethostbyaddr($tabInfo['ip']);
|
|
|
|
if (isset($_REQUEST['resolution'])) {
|
|
|
|
$tabInfo['resolution'] = $_REQUEST['resolution'];
|
|
|
|
} else {
|
|
|
|
$tabInfo['resolution'] = '1280*800'; // Duplique' de index.php
|
|
|
|
}
|
|
|
|
if (isset($_REQUEST['nbcolors'])) {
|
|
|
|
$tabInfo['nbcolors'] = $_REQUEST['nbcolors'];
|
|
|
|
} else {
|
|
|
|
$tabInfo['nbcolors'] = 16; // Duplique' de index.php
|
|
|
|
}
|
|
|
|
$tabInfo['user_agent'] = $tab['client_ua'];
|
|
|
|
$tabInfo['referer1'] = $tab['client_referer'];
|
|
|
|
$tabInfo['referer2'] = $_SERVER['HTTP_REFERER'];
|
|
|
|
$tabInfo['referer_login'] = $_SERVER['HTTP_REFERER'];
|
|
|
|
$tabInfo['date_page_www'] = $tab['client_connexion'];
|
|
|
|
$tabInfo['date_login'] = time();
|
|
|
|
$tabInfo['date_last_action'] = time();
|
|
|
|
$tabInfo['nbReponses'] = $user['nbReponses'];
|
|
|
|
$tabInfo['cookie_client'] = md5('login'.$cookieSecure);
|
2010-08-31 13:55:19 +00:00
|
|
|
require_once('../includes/user/permissions.php');
|
|
|
|
if (checkModeEdition($login) == true) {
|
|
|
|
$tabInfo['international_giant'] = 1;
|
|
|
|
} else {
|
|
|
|
$tabInfo['international_giant'] = 0;
|
|
|
|
}
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['mode_edition'] = 0;
|
|
|
|
$tabInfo['profil'] = $user['profil'];
|
|
|
|
$tabInfo['pref'] = $user['pref'];
|
|
|
|
$tabInfo['droits'] = $user['droits'];
|
|
|
|
$tabInfo['nom'] = $user['nom'];
|
|
|
|
$tabInfo['prenom'] = $user['prenom'];
|
|
|
|
$tabInfo['id'] = $user['id'];
|
|
|
|
$tabInfo['idClient'] = $user['idClient'];
|
|
|
|
$tabInfo['reference'] = $user['reference'];
|
|
|
|
$tabInfo['typeScore'] = $user['typeScore'];
|
2010-05-06 13:04:08 +00:00
|
|
|
$tabInfo['timeout'] = $user['timeout'];
|
2010-03-02 15:50:11 +00:00
|
|
|
|
|
|
|
$_SESSION['connected'] = true;
|
|
|
|
$_SESSION['tabInfo'] = $tabInfo;
|
|
|
|
|
|
|
|
logAction($tabInfo['login'],
|
2010-10-08 09:18:18 +00:00
|
|
|
isset($page) ? $page : '',
|
2010-03-02 15:50:11 +00:00
|
|
|
isset($_REQUEST['siret']) ? $_REQUEST['siret'] : '',
|
|
|
|
$tabInfo['ip'],
|
|
|
|
$tabInfo['host'],
|
|
|
|
$tabInfo['resolution'],
|
|
|
|
$tabInfo['nbcolors'],
|
|
|
|
$tabInfo['user_agent'],
|
|
|
|
$tabInfo['referer1'],
|
|
|
|
gmdate('Y/m/d H:i:s',
|
|
|
|
$tabInfo['date_login']+3600),
|
|
|
|
gmdate('Y/m/d H:i:s',
|
|
|
|
$tabInfo['date_last_action']+3600),
|
|
|
|
implode(', ',$_REQUEST)
|
|
|
|
);
|
|
|
|
}
|
2010-02-23 15:27:18 +00:00
|
|
|
//Erreur renvoyé par le webservice
|
2010-03-02 15:50:11 +00:00
|
|
|
elseif ($O['error']['errnum']!=0)
|
2010-02-23 15:27:18 +00:00
|
|
|
{
|
2010-03-02 15:50:11 +00:00
|
|
|
$message = 'Erreur '.
|
|
|
|
$O['error']['errnum'] .' : '.
|
2010-02-23 15:27:18 +00:00
|
|
|
$O['error']['errmsg'];
|
2010-03-02 15:50:11 +00:00
|
|
|
|
2010-02-23 15:27:18 +00:00
|
|
|
if($O['error']['errnum']=='10301' && $login=='rsipdll')
|
|
|
|
{
|
|
|
|
$message.= '<br/>Pour tout problème technique, '.
|
|
|
|
'contactez le service support par téléphone au 01.48.00.04.52 '.
|
|
|
|
'ou par mail à <a href="mailto:support@scores-decisions.com">'.
|
|
|
|
'support@scores-decisions.com</a>';
|
2009-06-03 17:03:44 +00:00
|
|
|
}
|
2009-03-25 14:38:22 +00:00
|
|
|
include('./pages/logout.php');
|
2010-02-23 15:27:18 +00:00
|
|
|
logAction(
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['login'],
|
|
|
|
$page,
|
|
|
|
$_REQUEST['siret'],
|
|
|
|
$tabInfo['ip'],
|
|
|
|
$tabInfo['host'],
|
|
|
|
$tabInfo['resolution'],
|
|
|
|
$tabInfo['nbcolors'],
|
2010-02-23 15:27:18 +00:00
|
|
|
$tabInfo['user_agent'],
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['referer1'],
|
|
|
|
gmdate('Y/m/d H:i:s',$tabInfo['date_login']+3600),
|
|
|
|
gmdate('Y/m/d H:i:s',$tabInfo['date_last_action']+3600),
|
2010-02-23 15:27:18 +00:00
|
|
|
implode(', ',$_REQUEST)
|
|
|
|
);
|
2009-07-21 14:40:36 +00:00
|
|
|
die();
|
2010-02-23 15:27:18 +00:00
|
|
|
}
|
2010-03-02 15:50:11 +00:00
|
|
|
else
|
2010-02-23 15:27:18 +00:00
|
|
|
{
|
|
|
|
$message="Erreur 10302 : ".
|
|
|
|
"Identifiant de connexion et/ou mot de passe incorrect !";
|
2009-03-25 14:38:22 +00:00
|
|
|
include('./pages/logout.php');
|
2010-02-23 15:27:18 +00:00
|
|
|
logAction(
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['login'],
|
|
|
|
$page,
|
|
|
|
$_REQUEST['siret'],
|
|
|
|
$tabInfo['ip'],
|
|
|
|
$tabInfo['host'],
|
|
|
|
$tabInfo['resolution'],
|
|
|
|
$tabInfo['nbcolors'],
|
2010-02-23 15:27:18 +00:00
|
|
|
$tabInfo['user_agent'],
|
2010-03-02 15:50:11 +00:00
|
|
|
$tabInfo['referer1'],
|
|
|
|
gmdate('Y/m/d H:i:s',$tabInfo['date_login']+3600),
|
|
|
|
gmdate('Y/m/d H:i:s',$tabInfo['date_last_action']+3600),
|
2010-02-23 15:27:18 +00:00
|
|
|
implode(', ',$_REQUEST)
|
|
|
|
);
|
2009-07-21 14:40:36 +00:00
|
|
|
die();
|
2009-03-25 14:38:22 +00:00
|
|
|
}
|
2010-03-02 15:50:11 +00:00
|
|
|
}
|
2010-02-23 15:27:18 +00:00
|
|
|
//Erreur SOAP
|
2010-03-02 15:50:11 +00:00
|
|
|
catch (SoapFault $fault)
|
2010-02-23 15:27:18 +00:00
|
|
|
{
|
2011-01-11 09:21:37 +00:00
|
|
|
//maintenanceMode(true);
|
|
|
|
|
2010-02-23 15:27:18 +00:00
|
|
|
if($fault->faultcode!='900')
|
|
|
|
{
|
2009-04-21 08:10:57 +00:00
|
|
|
require_once 'soaperror.php';
|
|
|
|
processSoapFault($client,$fault,$tabInfo);
|
|
|
|
}
|
2010-03-02 15:50:11 +00:00
|
|
|
|
2010-02-23 15:27:18 +00:00
|
|
|
$message = "Erreur 10301 : ".
|
|
|
|
"Identifiant de connexion et/ou mot de passe incorrect !";
|
2010-03-02 15:50:11 +00:00
|
|
|
|
2010-02-23 15:27:18 +00:00
|
|
|
if($login=='rsipdll')
|
|
|
|
{
|
|
|
|
$message.= '<br/>Pour tout problème technique, '.
|
|
|
|
'contactez le service support par téléphone au 01.48.00.04.52 '.
|
|
|
|
'ou par mail à <a href="mailto:support@scores-decisions.com">'.
|
|
|
|
'support@scores-decisions.com</a>';
|
2009-06-03 17:03:44 +00:00
|
|
|
}
|
2010-03-02 15:50:11 +00:00
|
|
|
|
2009-03-25 14:38:22 +00:00
|
|
|
include('./pages/logout.php');
|
|
|
|
die();
|
|
|
|
}
|
|
|
|
}
|
2009-03-25 09:34:04 +00:00
|
|
|
|
|
|
|
?>
|