igor/Metadata_PHP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Мелочь

Browse Source
This commit is contained in:
igor
2023-08-24 13:22:15 +06:00
parent 4aa9eaa9d3
commit f5fb0d08ad
4 changed files with 57 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
metadata/dbms/records.php
View File

@ -1,4 +1,5 @@
<?php
use lfkeitel\phptotp\{Base32,Totp};
//sleep(1);
//ini_set('display_errors','Off'); //Чтоб ошибки не отправлялись клиентам
@ -718,7 +719,8 @@
{
if(array_key_exists($nextnode->getAttribute("n"),$row))
{
$xmlstring.='<![CDATA['.$row[$nextnode->getAttribute("n")].']]>';
$field = $nextnode->getAttribute("n");
$xmlstring.='<![CDATA['.$row[$field].']]>';
}else
{
sendError("Column \"".$nextnode->getAttribute("n")."\" not exists in \"$typename\" for select!");
@ -934,6 +936,8 @@
$cmd=getCdataValue(findFirstNode($reqNode,"cmd"));
$login=getCdataValue(findFirstNode($reqNode,"login"));
$password=getCdataValue(findFirstNode($reqNode,"password"));
$key=getCdataValue(findFirstNode($reqNode,"key"));
$time=getCdataValue(findFirstNode($reqNode,"time"));
$guid=getCdataValue(findFirstNode($reqNode,"guid")); //Зачем коментил?
if($cmd==0) //Restore password by email
@ -973,7 +977,7 @@
$html .= '<b>' . $password . '</b>';
$html .= '</body></html>';
//mail($login,'rigor.kz','Not implement',"Content-type: text/html; charset=utf-8\r\nFrom: rigor Site <info@rigor.kz>");
if (!mail($login, 'Password for transit.istt.kz', $html, "Content-type: text/html; charset=utf-8\r\nFrom: Transit Site <no-reply@istt.kz>")) {
if (!mail($login, 'Password for monitoring', $html, "Content-type: text/html; charset=utf-8\r\nFrom: Transit Site <no-reply@istt.kz>")) {
sendError("Failed to send mail to: " . $row["email"]);
}
}
@ -1030,6 +1034,8 @@
$xs.=' <surname><![CDATA['.$row['surname'].']]></surname>'."\n";
$xs.=' <patronymic><![CDATA['.$row['patronymic'].']]></patronymic>'."\n";
$xs.=' <company_id><![CDATA['.$row['company_id'].']]></company_id>'."\n";
$xs.=' <expiration><![CDATA['.$row['expiration'].']]></expiration>'."\n";
$xs.=' <overdue><![CDATA['.$row['overdue'].']]></overdue>'."\n";
}
}
$xs.='</metadata>';
@ -1046,16 +1052,34 @@
$name='';
$surname='';
$patronymic='';
$expiration=false;
$overdue=false;
$sql="select * from ".$Schema."p__Login(".getSQLValue($idType,$_SESSION['USER_ID']).",'$login','$password',null,null,null);";
/*
$ga=new GoogleAuthenticator;
$code=$ga->getCode($user->ga_secret);
if ($code!=$_POST['code']) return new AuthError('invalid code');
*/
$res = $db->query($sql);
if($res->rowCount()>0)
{ $result = $res->fetch(PDO::FETCH_ASSOC);
{
$result = $res->fetch(PDO::FETCH_ASSOC);
$ans='1';
$_SESSION['USER_ID']=$result['id'];
$name=$result['name'];
$surname=$result['surname'];
$patronymic=$result['patronymic'];
$expiration=$result['expiration']; //Дата смены пароля
$overdue=$result['overdue']; //Просрочен ли пароль
//Проверяю на соответствие токену TOPT если секретный ключ задан
if($result['secret']){
$secret = Base32::decode($result['secret']);
$genkey = (new Totp('sha1',0,60))->GenerateToken($secret,$time);
if($key != $genkey) {
$ans = '0';
$_SESSION['USER_ID'] = '';
}
}
}
$xs='<?xml version="1.0" encoding="utf-8"?>'."\n";
$xs.='<metadata fn="7">'."\n";
@ -1065,6 +1089,8 @@
$xs.=' <name><![CDATA['.$name.' '.$surname.' '.$patronymic.']]></name>'."\n";
$xs.=' <sesid><![CDATA['.session_id().']]></sesid>'."\n";
$xs.=' <sesname><![CDATA['.session_name().']]></sesname>'."\n";
$xs.=' <expiration><![CDATA['.$expiration.']]></expiration>'."\n";
$xs.=' <overdue><![CDATA['.$overdue.']]></overdue>'."\n";
$xs.='</metadata>';
header('Content-type: text/xml');
header("Cache-Control: no-cache, must-revalidate");