ผมใช้ ldaphack9 กับลายไทยเวอร์ชั่น
MamboLaiThaiGlobalV4[1].5.3h-StableAndSecurityPatch1
หนิดหนึ่งถ้าใช้ ldaphack9 กับลายไทยแล้ว
ในเว็บ admin จะ error และ login เข้าไปไม่ได้
เหอๆ แต่เกือบจะแก้ไม่ได้แหนะ
โชคดีจริงที่เดาถูก
ต้องไปแก้ไฟล์ ldaphack9includesmambo.php
ให้แทนที่โคดทั้งหมดของไฟล์ด้วยโคดนี้
-------------------------------------------------------------------------------
<?php
/**
* @version $Id: index.php,v 1.6 2005/11/21 11:57:50 csouza
Exp $
* @package Mambo
* @copyright (C) 2000 - 2005 Miro International Pty Ltd
* @license http://www.gnu.org/copyleft/gpl.html
GNU/GPL
* Mambo is Free Software
*/
// fix to address the globals overwrite problem in php
versions < 4.4.1
$protect_globals = array('_REQUEST', '_GET', '_POST',
'_COOKIE', '_FILES',
'_SERVER', '_ENV', 'GLOBALS', '_SESSION');
foreach ($protect_globals as $global) {
if ( in_array($global ,
array_keys($_REQUEST)) ||
in_array($global , array_keys($_GET))
||
in_array($global , array_keys($_POST)) ||
in_array($global , array_keys($_COOKIE)) ||
in_array($global , array_keys($_FILES))) {
die("Invalid
Request.");
}
}
/** Set flag that this is a parent file */
define( "_VALID_MOS", 1 );
if (!file_exists( '../configuration.php' )) {
header(
'Location: ../installation/index.php' );
exit();
}
require_once( '../configuration.php' );
require_once( '../includes/mambo.php' );
include_once ( $mosConfig_absolute_path .'/language/'.
$mosConfig_lang
.'.php' );
// adminLanguage Language
if ($mosConfig_alang === NULL) {
include_once
($mosConfig_absolute_path."/language/admin_english.php"); }
else {
if (file_exists
($mosConfig_absolute_path."/language/admin_".$mosConfig_alang.".php"))
{
include_once
($mosConfig_absolute_path."/language/admin_".$mosConfig_alang.".php");
}
}
$adminLanguage =& new adminLanguage();
$database = new database( $mosConfig_host,
$mosConfig_user,
$mosConfig_password, $mosConfig_db, $mosConfig_dbprefix
);
$database->debug( $mosConfig_debug );
$acl = new gacl_api();
$option = mosGetParam( $_REQUEST, 'option', NULL );
// mainframe is an API workhorse, lots of 'core'
interaction routines
$mainframe = new mosMainFrame( $database, $option, '..',
true );
if (isset( $_POST['submit'] )) {
/** escape and
trim to minimise injection of malicious sql */
$usrname =
$database->getEscaped( trim( mosGetParam( $_POST,
'usrname',
'' ) ) );
$pass
= $database->getEscaped( trim( mosGetParam( $_POST, 'pass',
'' )
) );
if (!$pass)
{
echo
"<script>alert('".$adminLanguage->A_ALERT_ENTER_PASSWORD."');
document.location.href='index.php';</script>
";
} else {
$pass = md5( $pass );
}
$query =
"SELECT COUNT(*)"
. "
FROM
#__users"
. "
WHERE (
LOWER( usertype ) = 'administrator'"
. "
OR LOWER(
usertype ) = 'superadministrator'"
. "
OR LOWER(
usertype ) = 'super administrator' )"
;
$database->setQuery( $query );
$count = intval(
$database->loadResult() );
if ($count < 1)
{
echo "<script>alert(""._LOGIN_NOADMINS."");
window.history.go(-1);
</script>
";
exit();
}
$query =
"SELECT * FROM #__users WHERE username='$usrname' AND
block='0'";
$database->setQuery( $query );
$my = null;
$database->loadObject( $my );
/** find the
user group (or groups in the future) */
$grp
= $acl->getAroGroup( $my->id );
$my->gid
= $grp->group_id;
$my->usertype =
$grp->name;
if ($my->id)
{
// EXTERNAL AUTH START
if ($my->password{0}=="@") {
$pluginid = substr($my->password, 1);
$authplugins = include( $mosConfig_absolute_path .
"/includes/authentication/plugins.php" );
foreach ($authplugins as $pi) {
// only use published external systems of the proper type.
if (($pluginid == $pi->getID()) &&
($pi->isPublished())) {
$userattributes = array();
if ($pi->authenticate($usrname,$clearpass,$userattributes))
{
$pass = $my->password;
break;
}
}
}
}
// EXTERNAL AUTH END
if (strcmp( $my->password, $pass )
|| !$acl->acl_check( 'administration', 'login', 'users',
$my->usertype
)) {
echo
"<script>alert('".$adminLanguage->A_ALERT_INCORRECT."');
document.location.href='index.php';</script>
";
exit();
}
session_name( md5( $mosConfig_live_site ) );
session_start();
$logintime =
time();
$session_id = md5(
"$my->id$my->username$my->usertype$logintime" );
$query = "INSERT INTO #__session"
. "
SET time='$logintime', session_id='$session_id', "
. "userid='$my->id', usertype='$my->usertype',
username='$my->username'"
;
$database->setQuery( $query );
if (!$database->query()) {
echo $database->stderr();
}
$_SESSION['session_id']
= $session_id;
$_SESSION['session_user_id']
= $my->id;
$_SESSION['session_username']
= $my->username;
$_SESSION['session_usertype']
= $my->usertype;
$_SESSION['session_gid']
= $my->gid;
$_SESSION['session_logintime']
= $logintime;
$_SESSION['session_userstate']
= array();
session_write_close();
/** cannot using mosredirect as this stuffs up the cookie in IIS
*/
echo
"<script>document.location.href='index2.php';</script>
";
exit();
} else {
echo
"<script>alert('".$adminLanguage->A_ALERT_INCORRECT_TRY."');
document.location.href='index.php';</script>
";
exit();
}
} else {
initGzip();
$path =
$mosConfig_absolute_path . '/administrator/templates/' .
$mainframe->getTemplate() . '/login.php';
require_once(
$path );
doGzip();
}
?>
โป้ง-เขียน
| ||
|