$val) { if (preg_match($rx_http, $key) ) { $arh_key = preg_replace($rx_http, '', $key); $rx_matches = array(); // do some nasty string manipulations to restore the original letter case // this should work in most cases $rx_matches = explode('_', $arh_key); if (count($rx_matches) > 0 and strlen($arh_key) > 2 ) { foreach ($rx_matches as $ak_key => $ak_val) $rx_matches[$ak_key] = ucfirst($ak_val); $arh_key = implode('-', $rx_matches); } $arh[$arh_key] = $val; } } return $arh; } } ### TODO remove always end ### this comment is for automated removal of parts for production builds. DO NOT REMOVE this comment! /** * Login * * Implements the login screen. */ abstract class LoginBase extends BaseController { /** * __construct * * Constructs a new Login controller. * * @return void */ public function __construct() { $this->_noAuthMethods = array('index', 'forgotPassword'); @session_destroy(); # remove session and session file from /tmp parent::__construct(); $this->load->library('IpAuth'); } ### TODO remove endobase start ### this comment is for automated removal of parts for Wassenburg EndoBase builds. DO NOT REMOVE this comment! # MediPoint only! # TODO put getMediPointData in cust! private function getMediPointData($postDataObj, $responseObj) { $tables = array( 'Locations' => 'UNPACK(LocationID) AS LocationID, Name, ScanCode', 'MaterialTypes' => 'UNPACK(MaterialTypeID) AS MaterialTypeID, UNPACK(MaterialTypeParentID) AS MaterialTypeParentID, Name, SubCategoryNumber', 'Processes' => 'UNPACK(ProcessID) AS ProcessID, Name', 'Locations_Processes' => 'UNPACK(Locations_ProcessesID) AS Locations_ProcessesID, UNPACK(LocationID) AS LocationID, UNPACK(ProcessID) AS ProcessID', 'OutageGroups' => 'UNPACK(OutageGroupID) AS OutageGroupID, Name', 'OutageComponents' => 'UNPACK(OutageComponentID) AS OutageComponentID, UNPACK(OutageGroupID) AS OutageGroupID, Code, Name', 'ProblemCodes' => 'UNPACK(ProblemCodeID) AS ProblemCodeID, Code, Name', 'ActionCodes' => 'UNPACK(ActionCodeID) AS ActionCodeID, Code, Name', 'CauseCodes' => 'UNPACK(CauseCodeID) AS CauseCodeID, Code, Name', 'MaterialTypes_OutageComponents' => 'UNPACK(MaterialTypes_OutageComponentsID) AS MaterialTypes_OutageComponentsID, UNPACK(MaterialTypeID) AS MaterialTypeID, UNPACK(OutageComponentID) AS OutageComponentID', 'InspectionTypes' => 'UNPACK(InspectionTypeID) AS InspectionTypeID, Name', 'Processes_Users' => 'UNPACK(Processes_UsersID) AS Processes_UsersID, UNPACK(ProcessID) AS ProcessID, UNPACK(UserID) AS UserID', 'MaterialTypes_Processes' => 'UNPACK(MaterialTypes_ProcessesID) AS MaterialTypes_ProcessesID, UNPACK(MaterialTypeID) AS MaterialTypeID, UNPACK(ProcessID) AS ProcessID' ); foreach ($tables as $table => $select) { $myVersion = $this->utils->getTableDataVersion($table); $propertyName = $table . 'Version'; $theirVersion = @$postDataObj->$propertyName; $responseObj->$propertyName = $myVersion; if ($theirVersion && $theirVersion < $myVersion) { $responseObj->$table = $this->utils->getTableData($select, $table); } } $schema = $this->utils->getSchemaInfo(); if (property_exists($schema->Tables, 'AdministrativeGroups') && property_exists($schema->Tables, 'AdministrativeGroups_Roles')) { $currentUser = $this->utils->currentUser(); $this->db->select('AdministrativeGroups.AdministrativeGroupID'); $this->db->from('AdministrativeGroups'); $this->db->join('AdministrativeGroups_Roles', 'AdministrativeGroups_Roles.AdministrativeGroupID = AdministrativeGroups.AdministrativeGroupID'); $this->db->where('AdministrativeGroups_Roles.RoleID', $currentUser->RoleID); $query = $this->db->get(); $responseObj->AdministrativeGroups = array(); foreach ($query->result() as $row) { $responseObj->AdministrativeGroups[] = $this->utils->unpack($row->AdministrativeGroupID); } } } ### TODO remove endobase end ### this comment is for automated removal of parts for Wassenburg EndoBase builds. DO NOT REMOVE this comment! public function forgotPassword() { ini_set("log_errors", 1); ini_set("error_log", "/tmp/blah.txt"); $postDataRaw = file_get_contents('php://input'); $postDataObj = json_decode($postDataRaw); if ($postDataObj) { $_POST = json_decode($postDataRaw, true); } $db = $this->db; $u = $this->utils; # send response now and end the connection so the client cannot do a timing attack ignore_user_abort(); ob_start(); $u->respond(Utils::RESPONSE_OK); $length = ob_get_length(); # tell client to close the connection after $length bytes received header('Connection: close'); header("Content-Length: $length"); # flush all output ob_end_flush(); ob_flush(); flush(); #$fp = fopen('/tmp/blah.txt', 'a'); #fwrite($fp, "A\n"); if (!@$_POST['username']) exit; #fwrite($fp, "B\n"); $columnInfo = $this->utils->getColumnsInfo('Users'); $db->select($columnInfo['Expiry'] ? '*, Expiry < NOW() AS Expired' : '*'); $db->from('Users'); $db->where('Name', $_POST['username']); $db->where('Email IS NOT NULL', null, false); $db->where("Email != ''", null, false); $query = $db->get(); $result = $query->result(); if (!sizeof ($result)) exit; #fwrite($fp, "C\n"); $row = $result[0]; $body = "

You requested a password reset link for your Alltrack 2 account.

\n

If you did not, please ignore this email and do nothing.

\n"; if (!$row->Enabled) { $body .= "

Your Alltrack 2 account is disabled.

\n

Please contact an administrator to re-enable your account.

"; #fwrite($fp, "D\n"); } elseif (@$row->Expired) { $body .= "

Your Alltrack 2 account has expired.

\n

Please contact an administrator to re-enable your account.

"; #fwrite($fp, "E\n"); } else { #fwrite($fp, "F\n"); $protocol = !empty($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) !== 'off' ? 'https://' : 'http://'; #fwrite($fp, "1\n"); $randomString = $this->utils->secureRandomString(); #fwrite($fp, "2\n"); $link = $protocol . $_SERVER['HTTP_HOST'] . ALLTRACK_BASE_URL . 'link/reset-password/' . $randomString; #fwrite($fp, "3\n"); $body .= "

Please click the following link to reset your password:

\n

$link

\n"; #fwrite($fp, "4\n"); $body .= "

This link is only valid for one hour and will work only once!

"; #fwrite($fp, "5\n"); $db->set('ResetPasswordLink', $randomString); #fwrite($fp, "6\n"); $db->set('ResetPasswordLinkExpiry', 'NOW() + INTERVAL 1 HOUR', false); #fwrite($fp, "7\n"); $db->where('UserID', $row->UserID); #fwrite($fp, "8\n"); $db->update('Users'); #fwrite($fp, "G\n"); } $altBody = strip_tags($body); #fwrite($fp, $row->Email . "\n"); $ret = $u->sendEmail($row->Email, 'Alltrack 2 password reset link', $body, $altBody); if ($ret) { # error #fwrite($fp, print_r($ret, true)); } exit; } /** * index * * Gets called when no method is specified in the URL. * Shows login screen if POST is empty, otherwise validates login. * Sets session cookie if login valid. * * @return void */ public function index() { $this->session->unset_userdata('alltrack_session_id'); $postDataRaw = file_get_contents('php://input'); $postDataObj = json_decode($postDataRaw); if ($postDataObj) { $_POST = json_decode($postDataRaw, true); } $this->load->library('password'); if (!$this->password->check()) { $this->data['fail'] = true; } else { $this->data['fail'] = false; $columnInfo = $this->utils->getColumnsInfo('Users'); $scanCodeField = array_key_exists('ScanCode', $columnInfo) ? 'ScanCode' : 'RFID'; # backwards compatibility with v40 $oldUsername = $this->input->post('username'); $oldPassword = $this->input->post('password'); if ($oldUsername || $oldPassword) { $username = $oldUsername; $password = $oldPassword; if (!$oldUsername) { $scanCode = $oldPassword; $password = ''; } } else { $username = $this->input->post('Username'); $password = $this->input->post('Password'); $scanCode = $this->input->post('ScanCode'); } if ($username && $password) { $this->db->select('MaxLoginAttempts, BlockTime'); $this->db->from('Settings'); $query = $this->db->get(); $result = $query->result(); $row = $result[0]; if ($row->MaxLoginAttempts && $row->BlockTime) { $this->db->query('DELETE FROM LoginAttempts WHERE LastModified < NOW() - INTERVAL ' . $row->BlockTime . ' MINUTE'); $this->db->trans_start(); $this->db->select('LoginAttemptID, Name, Attempts, LastModified'); $this->db->from('LoginAttempts'); $this->db->where('Name', $username); $query = $this->db->get(); $result = $query->result(); if (!sizeof ($result)) { $this->db->insert('LoginAttempts', array( 'Name' => $username, 'Attempts' => 1 )); } else { $row2 = $result[0]; $this->db->set('Attempts', $row2->Attempts + 1); $this->db->where('Name', $username); $this->db->update('LoginAttempts'); if ($row2->Attempts >= $row->MaxLoginAttempts) { # limit reached if ($postDataObj || substr(strtoupper(@$_SERVER['HTTP_ALLTRACK_USER_AGENT']), 0, 4) == 'PDA/') { # login came from PDA $this->utils->respond(Utils::RESPONSE_AUTHENTICATION_FAILURE); } else { # login came from browser $this->session->set_flashdata('login_result_message', T('Too many failed logins', true)); header('Location: ' . ALLTRACK_BASE_URL); } exit; } } $this->db->trans_complete(); } } # TODO speed up login by only selecting one user when username and password are posted if ($password || @$scanCode) { $this->db->select('UserID, Users.Name, Password, ' . $scanCodeField . ', Path'); $this->db->from('Users'); $this->db->join('Roles', 'Roles.RoleID = Users.RoleID', 'LEFT'); $this->db->join('MenuItems', 'MenuItems.MenuItemID = Roles.MenuItemID', 'LEFT'); $this->db->where('Enabled', true); if (@$columnInfo['Expiry']) { $this->db->group_start(); $this->db->or_where('Expiry IS NULL', null, false); $this->db->or_where('Expiry > NOW()', null, false); $this->db->group_end(); } if ($username && $password) { $this->db->where('Users.Name', $username); } elseif ($scanCode) { $scanCodeEsc = $this->db->escape($scanCode); $this->db->where("LOWER($scanCodeField) = LOWER($scanCodeEsc)", null, false); } $query = $this->db->get(); $result = $query->result(); $verifiedUsers = 0; foreach ($result as $row) { if (($username && $this->password->verify($password, $row->Password)) || (!$username && $scanCode && strtolower($scanCode) == strtolower($row->$scanCodeField))) { $userID = $row->UserID; $dbUserName = $row->Name; $passwordHash = $row->Password; $path = $row->Path; $verifiedUsers++; } } if ($verifiedUsers == 1) { $this->db->where('Name', $username); $this->db->delete('LoginAttempts'); $sessionId = session_id(); $this->db->set('SessionId', $sessionId); if ($this->input->post('timezone')) { $timezoneData = explode('|', $this->input->post('timezone')); $timezoneOffset = $timezoneData[0]; $timezone = $timezoneData[1]; date_default_timezone_set($timezone); if ($username != 'system') { $this->db->set('Timezone', $timezone); $this->db->set('TimezoneOffset', $timezoneOffset); } } $this->db->set('LastActivity', gmdate('Y-m-d H:i:s')); if ($username) { if ($this->password->needs_rehash($passwordHash, PASSWORD_DEFAULT)) { $this->db->set('Password', $this->password->hash($password, PASSWORD_DEFAULT)); } } $this->db->where('UserID', $userID); $this->db->update('Users'); $this->session->alltrack_session_id = $sessionId; if ($postDataObj || substr(strtoupper(@$_SERVER['HTTP_ALLTRACK_USER_AGENT']), 0, 4) == 'PDA/') { # login came from PDA $appVersion = $this->input->post('AppVersion'); if ($appVersion) $appVersion = (int)$appVersion; $obj = new stdClass; $obj->SessionId = $sessionId; $obj->UserID = $this->utils->unpack($userID); $obj->Username = $dbUserName; if ($appVersion >= 55) { $obj->ServerVersion = (int)$this->utils->versionMicro($this->config); } #$this->utils->debug('$_POST: ' . print_r($_POST, true)); $isInventoryApp = false; ### TODO remove endobase start ### this comment is for automated removal of parts for Wassenburg EndoBase builds. DO NOT REMOVE this comment! # TODO temporary hack to check for inventory app if ($this->input->post('ProcessesVersion') === 0 || $this->input->post('ProcessesVersion') === '0') { $isInventoryApp = true; } $tmp = @$_SERVER['HTTP_ALLTRACK_USER_AGENT']; if ($tmp) { $tmp = explode('/', $tmp); if (sizeof($tmp) > 2 && $tmp[2] == 'MediPointInventory') { $isInventoryApp = true; } } if ($isInventoryApp && $appVersion < 57 && $this->input->post('IMEI') == '358851060041567') { $obj->UpdateUrl = 'https://test.medipoint.improvement-it.nl/app/medipoint-inventory-57.apk'; # TODO move to mod? $obj->ForceUpdate = true; } if (!$isInventoryApp && $appVersion < 56 && $this->input->post('IMEI') == '358851060041567') { $obj->UpdateUrl = 'https://test.medipoint.improvement-it.nl/app/medipoint-test-56.apk'; # TODO move to mod? $obj->ForceUpdate = true; } if (false) { $obj->NewServerUrl = 'https://medipoint.improvement-it.nl/'; # use this to point the client to a different server URL DO NOT USE! $obj->NewServerUrl = 'null'; # use this to erase the server URL preference on the client URL DO NOT USE! } if (!$this->input->post('NoData')) { $this->getMediPointData($postDataObj, $obj); # TODO move to mod-medipoint (hook?) } ### TODO remove endobase end ### this comment is for automated removal of parts for Wassenburg EndoBase builds. DO NOT REMOVE this comment! $this->utils->respond(Utils::RESPONSE_OK, $obj); exit; } else { # login came from browser $this->db->insert('Logins', array( 'UserID' => $userID )); $this->session->set_flashdata('just_logged_in', true); header('Location: ' . ALLTRACK_BASE_URL . preg_replace('|^/+|', '', $path)); } } else { if ($postDataObj || substr(strtoupper(@$_SERVER['HTTP_ALLTRACK_USER_AGENT']), 0, 4) == 'PDA/') { # login came from PDA $this->utils->respond(Utils::RESPONSE_AUTHENTICATION_FAILURE); } else { # login came from browser #$this->session->set_flashdata('login_result_message', T('Login incorrect', true)); # Alltrack $this->session->set_flashdata('login_result_message', T('Name and/or password incorrect', true)); # Wassenburg header('Location: ' . ALLTRACK_BASE_URL); } exit; } } else { unset($_COOKIE[$this->config->item('sess_cookie_name')]); setcookie($this->config->item('sess_cookie_name'), '', time() - 604800, ALLTRACK_BASE_URL); if (!empty($this->session->login_result_message)) { #header('X-PHP-Response-Code: 401', true, 401); # TODO this doesn't work #exit; } } } #$this->data['emailErrors'] = $this->utils->checkEmailErrors(); $this->data['title'] = ''; $this->data['versionMajorMinor'] = $this->utils->versionMajorMinor($this->config); $this->data['versionMicro'] = $this->utils->versionMicro($this->config); $this->plugin->load('moment-timezone'); $this->plugin->load('select2'); $this->load->template('login', $this->data); } }

An uncaught Exception was encountered

Type: Error

Message: Class "LoginBase" not found

Filename: /var/www/rrsnen.test.improvement-it.nl/public_html/alltrack-cust-rrs/controllers/Login.php

Line Number: 34

Backtrace:

File: /var/www/rrsnen.test.improvement-it.nl/public_html/alltrack-core/_ci/index.php
Line: 318
Function: require_once

File: /var/www/rrsnen.test.improvement-it.nl/public_html/index.php
Line: 46
Function: require_once