616 lines
18 KiB
PHP
616 lines
18 KiB
PHP
<?php
|
|
|
|
/**
|
|
* Bitrix Framework
|
|
* @package bitrix
|
|
* @subpackage main
|
|
* @copyright 2001-2024 Bitrix
|
|
*/
|
|
|
|
use Bitrix\Main;
|
|
use Bitrix\Main\Session\Legacy\HealerEarlySessionStart;
|
|
use Bitrix\Main\DI\ServiceLocator;
|
|
|
|
require_once __DIR__ . "/start.php";
|
|
|
|
$application = Main\HttpApplication::getInstance();
|
|
$application->initializeExtendedKernel([
|
|
"get" => $_GET,
|
|
"post" => $_POST,
|
|
"files" => $_FILES,
|
|
"cookie" => $_COOKIE,
|
|
"server" => $_SERVER,
|
|
"env" => $_ENV
|
|
]);
|
|
|
|
if (class_exists('\Dev\Main\Migrator\ModuleUpdater'))
|
|
{
|
|
\Dev\Main\Migrator\ModuleUpdater::checkUpdates('main', __DIR__);
|
|
}
|
|
|
|
if (!Main\ModuleManager::isModuleInstalled('bitrix24'))
|
|
{
|
|
// wwall rules
|
|
(new Main\Security\W\WWall)->handle();
|
|
|
|
$application->addBackgroundJob([
|
|
Main\Security\W\WWall::class, 'refreshRules'
|
|
]);
|
|
|
|
// vendor security notifications
|
|
$application->addBackgroundJob([
|
|
Main\Security\Notifications\VendorNotifier::class, 'refreshNotifications'
|
|
]);
|
|
}
|
|
|
|
if (defined('SITE_ID'))
|
|
{
|
|
define('LANG', SITE_ID);
|
|
}
|
|
|
|
$context = $application->getContext();
|
|
$context->initializeCulture(defined('LANG') ? LANG : null, defined('LANGUAGE_ID') ? LANGUAGE_ID : null);
|
|
|
|
// needs to be after culture initialization
|
|
$application->start();
|
|
|
|
// Register main's services
|
|
ServiceLocator::getInstance()->registerByModuleSettings('main');
|
|
|
|
// constants for compatibility
|
|
$culture = $context->getCulture();
|
|
define('SITE_CHARSET', $culture->getCharset());
|
|
define('FORMAT_DATE', $culture->getFormatDate());
|
|
define('FORMAT_DATETIME', $culture->getFormatDatetime());
|
|
define('LANG_CHARSET', SITE_CHARSET);
|
|
|
|
$site = $context->getSiteObject();
|
|
if (!defined('LANG'))
|
|
{
|
|
define('LANG', ($site ? $site->getLid() : $context->getLanguage()));
|
|
}
|
|
define('SITE_DIR', ($site ? $site->getDir() : ''));
|
|
if (!defined('SITE_SERVER_NAME'))
|
|
{
|
|
define('SITE_SERVER_NAME', ($site ? $site->getServerName() : ''));
|
|
}
|
|
define('LANG_DIR', SITE_DIR);
|
|
|
|
if (!defined('LANGUAGE_ID'))
|
|
{
|
|
define('LANGUAGE_ID', $context->getLanguage());
|
|
}
|
|
define('LANG_ADMIN_LID', LANGUAGE_ID);
|
|
|
|
if (!defined('SITE_ID'))
|
|
{
|
|
define('SITE_ID', LANG);
|
|
}
|
|
|
|
/** @global $lang */
|
|
$lang = $context->getLanguage();
|
|
|
|
//define global application object
|
|
$GLOBALS["APPLICATION"] = new CMain;
|
|
|
|
if (!defined("POST_FORM_ACTION_URI"))
|
|
{
|
|
define("POST_FORM_ACTION_URI", htmlspecialcharsbx(GetRequestUri()));
|
|
}
|
|
|
|
$GLOBALS["MESS"] = [];
|
|
$GLOBALS["ALL_LANG_FILES"] = [];
|
|
IncludeModuleLangFile(__DIR__."/tools.php");
|
|
IncludeModuleLangFile(__FILE__);
|
|
|
|
error_reporting(COption::GetOptionInt("main", "error_reporting", E_COMPILE_ERROR | E_ERROR | E_CORE_ERROR | E_PARSE) & ~E_DEPRECATED & ~E_WARNING & ~E_NOTICE);
|
|
|
|
if (!defined("BX_COMP_MANAGED_CACHE") && COption::GetOptionString("main", "component_managed_cache_on", "Y") != "N")
|
|
{
|
|
define("BX_COMP_MANAGED_CACHE", true);
|
|
}
|
|
|
|
// global functions
|
|
require_once __DIR__ . "/filter_tools.php";
|
|
|
|
/*ZDUyZmZNTU2YjkzMDVhMmE4N2FjMjEyYWE5OTJkNGFlNGE5MGY=*/$GLOBALS['____388060648']= array(base64_decode('ZG'.'V'.'maW5l'));if(!function_exists(__NAMESPACE__.'\\___1678968270')){function ___1678968270($_20035105){static $_2076737375= false; if($_2076737375 == false) $_2076737375=array('RU'.'5DT0'.'RF','WQ'.'='.'=');return base64_decode($_2076737375[$_20035105]);}};class CBXFeatures{ public static function IsFeatureEnabled($_271642536){ return true;} public static function IsFeatureEditable($_271642536){ return true;} public static function SetFeatureEnabled($_271642536, $_1195969772= true){} public static function SaveFeaturesSettings($_1917237345, $_1942680964){} public static function GetFeaturesList(){ return array();} public static function InitiateEditionsSettings($_46783537){} public static function ModifyFeaturesSettings($_46783537, $_520119360){} public static function IsFeatureInstalled($_271642536){ return true;}} $GLOBALS['____388060648'][0](___1678968270(0), ___1678968270(1));/**/ //Do not remove this
|
|
|
|
// Component 2.0 template engines
|
|
$GLOBALS['arCustomTemplateEngines'] = [];
|
|
|
|
// User fields manager
|
|
$GLOBALS['USER_FIELD_MANAGER'] = new CUserTypeManager;
|
|
|
|
// todo: remove global
|
|
$GLOBALS['BX_MENU_CUSTOM'] = CMenuCustom::getInstance();
|
|
|
|
if (file_exists(($_fname = __DIR__ . "/classes/general/update_db_updater.php")))
|
|
{
|
|
$US_HOST_PROCESS_MAIN = false;
|
|
include $_fname;
|
|
}
|
|
|
|
if (($_fname = getLocalPath("init.php")) !== false)
|
|
{
|
|
include_once $_SERVER["DOCUMENT_ROOT"] . $_fname;
|
|
}
|
|
|
|
if (($_fname = getLocalPath("php_interface/init.php", BX_PERSONAL_ROOT)) !== false)
|
|
{
|
|
include_once $_SERVER["DOCUMENT_ROOT"] . $_fname;
|
|
}
|
|
|
|
if (($_fname = getLocalPath("php_interface/" . SITE_ID . "/init.php", BX_PERSONAL_ROOT)) !== false)
|
|
{
|
|
include_once $_SERVER["DOCUMENT_ROOT"] . $_fname;
|
|
}
|
|
|
|
if ((!(defined("STATISTIC_ONLY") && STATISTIC_ONLY && !str_starts_with($GLOBALS["APPLICATION"]->GetCurPage(), BX_ROOT . "/admin/"))) && COption::GetOptionString("main", "include_charset", "Y") == "Y" && LANG_CHARSET != '')
|
|
{
|
|
header("Content-Type: text/html; charset=".LANG_CHARSET);
|
|
}
|
|
|
|
if (COption::GetOptionString("main", "set_p3p_header", "Y") == "Y")
|
|
{
|
|
header("P3P: policyref=\"/bitrix/p3p.xml\", CP=\"NON DSP COR CUR ADM DEV PSA PSD OUR UNR BUS UNI COM NAV INT DEM STA\"");
|
|
}
|
|
|
|
$license = $application->getLicense();
|
|
header("X-Powered-CMS: Bitrix Site Manager (" . ($license->isDemoKey() ? "DEMO" : $license->getPublicHashKey()) . ")");
|
|
|
|
if (COption::GetOptionString("main", "update_devsrv", "") == "Y")
|
|
{
|
|
header("X-DevSrv-CMS: Bitrix");
|
|
}
|
|
|
|
//agents
|
|
if (COption::GetOptionString("main", "check_agents", "Y") == "Y")
|
|
{
|
|
$application->addBackgroundJob(["CAgent", "CheckAgents"], [], Main\Application::JOB_PRIORITY_LOW);
|
|
}
|
|
|
|
//send email events
|
|
if (COption::GetOptionString("main", "check_events", "Y") !== "N")
|
|
{
|
|
$application->addBackgroundJob(['\Bitrix\Main\Mail\EventManager', 'checkEvents'], [], Main\Application::JOB_PRIORITY_LOW - 1);
|
|
}
|
|
|
|
$healerOfEarlySessionStart = new HealerEarlySessionStart();
|
|
$healerOfEarlySessionStart->process($application->getKernelSession());
|
|
|
|
$kernelSession = $application->getKernelSession();
|
|
$kernelSession->start();
|
|
$application->getSessionLocalStorageManager()->setUniqueId($kernelSession->getId());
|
|
|
|
foreach (GetModuleEvents("main", "OnPageStart", true) as $arEvent)
|
|
{
|
|
ExecuteModuleEventEx($arEvent);
|
|
}
|
|
|
|
//define global user object
|
|
$GLOBALS["USER"] = new CUser;
|
|
|
|
//session control from group policy
|
|
$arPolicy = $GLOBALS["USER"]->GetSecurityPolicy();
|
|
$currTime = time();
|
|
if (
|
|
(
|
|
//IP address changed
|
|
$kernelSession['SESS_IP']
|
|
&& $arPolicy["SESSION_IP_MASK"] != ''
|
|
&& (
|
|
(ip2long($arPolicy["SESSION_IP_MASK"]) & ip2long($kernelSession['SESS_IP']))
|
|
!=
|
|
(ip2long($arPolicy["SESSION_IP_MASK"]) & ip2long($_SERVER['REMOTE_ADDR']))
|
|
)
|
|
)
|
|
||
|
|
(
|
|
//session timeout
|
|
$arPolicy["SESSION_TIMEOUT"] > 0
|
|
&& $kernelSession['SESS_TIME'] > 0
|
|
&& ($currTime - $arPolicy["SESSION_TIMEOUT"] * 60) > $kernelSession['SESS_TIME']
|
|
)
|
|
||
|
|
(
|
|
//signed session
|
|
isset($kernelSession["BX_SESSION_SIGN"])
|
|
&& $kernelSession["BX_SESSION_SIGN"] != bitrix_sess_sign()
|
|
)
|
|
||
|
|
(
|
|
//session manually expired, e.g. in $User->LoginHitByHash
|
|
isSessionExpired()
|
|
)
|
|
)
|
|
{
|
|
$compositeSessionManager = $application->getCompositeSessionManager();
|
|
$compositeSessionManager->destroy();
|
|
|
|
$application->getSession()->setId(Main\Security\Random::getString(32));
|
|
$compositeSessionManager->start();
|
|
|
|
$GLOBALS["USER"] = new CUser;
|
|
}
|
|
$kernelSession['SESS_IP'] = $_SERVER['REMOTE_ADDR'] ?? null;
|
|
if (empty($kernelSession['SESS_TIME']))
|
|
{
|
|
$kernelSession['SESS_TIME'] = $currTime;
|
|
}
|
|
elseif (($currTime - $kernelSession['SESS_TIME']) > 60)
|
|
{
|
|
$kernelSession['SESS_TIME'] = $currTime;
|
|
}
|
|
if (!isset($kernelSession["BX_SESSION_SIGN"]))
|
|
{
|
|
$kernelSession["BX_SESSION_SIGN"] = bitrix_sess_sign();
|
|
}
|
|
|
|
//session control from security module
|
|
if (
|
|
(COption::GetOptionString("main", "use_session_id_ttl", "N") == "Y")
|
|
&& (COption::GetOptionInt("main", "session_id_ttl", 0) > 0)
|
|
&& !defined("BX_SESSION_ID_CHANGE")
|
|
)
|
|
{
|
|
if (!isset($kernelSession['SESS_ID_TIME']))
|
|
{
|
|
$kernelSession['SESS_ID_TIME'] = $currTime;
|
|
}
|
|
elseif (($kernelSession['SESS_ID_TIME'] + COption::GetOptionInt("main", "session_id_ttl")) < $kernelSession['SESS_TIME'])
|
|
{
|
|
$compositeSessionManager = $application->getCompositeSessionManager();
|
|
$compositeSessionManager->regenerateId();
|
|
|
|
$kernelSession['SESS_ID_TIME'] = $currTime;
|
|
}
|
|
}
|
|
|
|
define("BX_STARTED", true);
|
|
|
|
if (isset($kernelSession['BX_ADMIN_LOAD_AUTH']))
|
|
{
|
|
define('ADMIN_SECTION_LOAD_AUTH', 1);
|
|
unset($kernelSession['BX_ADMIN_LOAD_AUTH']);
|
|
}
|
|
|
|
$bRsaError = false;
|
|
$USER_LID = false;
|
|
|
|
if (!defined("NOT_CHECK_PERMISSIONS") || NOT_CHECK_PERMISSIONS !== true)
|
|
{
|
|
$doLogout = isset($_REQUEST["logout"]) && (strtolower($_REQUEST["logout"]) == "yes");
|
|
|
|
if ($doLogout && $GLOBALS["USER"]->IsAuthorized())
|
|
{
|
|
$secureLogout = (Main\Config\Option::get("main", "secure_logout", "N") == "Y");
|
|
|
|
if (!$secureLogout || check_bitrix_sessid())
|
|
{
|
|
$GLOBALS["USER"]->Logout();
|
|
LocalRedirect($GLOBALS["APPLICATION"]->GetCurPageParam('', ['logout', 'sessid']));
|
|
}
|
|
}
|
|
|
|
// authorize by cookies
|
|
if (!$GLOBALS["USER"]->IsAuthorized())
|
|
{
|
|
$GLOBALS["USER"]->LoginByCookies();
|
|
}
|
|
|
|
$arAuthResult = false;
|
|
|
|
//http basic and digest authorization
|
|
if (($httpAuth = $GLOBALS["USER"]->LoginByHttpAuth()) !== null)
|
|
{
|
|
$arAuthResult = $httpAuth;
|
|
$GLOBALS["APPLICATION"]->SetAuthResult($arAuthResult);
|
|
}
|
|
|
|
//Authorize user from authorization html form
|
|
//Only POST is accepted
|
|
if (isset($_POST["AUTH_FORM"]) && $_POST["AUTH_FORM"] != '')
|
|
{
|
|
if (COption::GetOptionString('main', 'use_encrypted_auth', 'N') == 'Y')
|
|
{
|
|
//possible encrypted user password
|
|
$sec = new CRsaSecurity();
|
|
if (($arKeys = $sec->LoadKeys()))
|
|
{
|
|
$sec->SetKeys($arKeys);
|
|
$errno = $sec->AcceptFromForm(['USER_PASSWORD', 'USER_CONFIRM_PASSWORD', 'USER_CURRENT_PASSWORD']);
|
|
if ($errno == CRsaSecurity::ERROR_SESS_CHECK)
|
|
{
|
|
$arAuthResult = ["MESSAGE" => GetMessage("main_include_decode_pass_sess"), "TYPE" => "ERROR"];
|
|
}
|
|
elseif ($errno < 0)
|
|
{
|
|
$arAuthResult = ["MESSAGE" => GetMessage("main_include_decode_pass_err", ["#ERRCODE#" => $errno]), "TYPE" => "ERROR"];
|
|
}
|
|
|
|
if ($errno < 0)
|
|
{
|
|
$bRsaError = true;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (!$bRsaError)
|
|
{
|
|
if (!defined("ADMIN_SECTION") || ADMIN_SECTION !== true)
|
|
{
|
|
$USER_LID = SITE_ID;
|
|
}
|
|
|
|
$_POST["TYPE"] = $_POST["TYPE"] ?? null;
|
|
if (isset($_POST["TYPE"]) && $_POST["TYPE"] == "AUTH")
|
|
{
|
|
$arAuthResult = $GLOBALS["USER"]->Login(
|
|
$_POST["USER_LOGIN"] ?? '',
|
|
$_POST["USER_PASSWORD"] ?? '',
|
|
$_POST["USER_REMEMBER"] ?? ''
|
|
);
|
|
}
|
|
elseif (isset($_POST["TYPE"]) && $_POST["TYPE"] == "OTP")
|
|
{
|
|
$arAuthResult = $GLOBALS["USER"]->LoginByOtp(
|
|
$_POST["USER_OTP"] ?? '',
|
|
$_POST["OTP_REMEMBER"] ?? '',
|
|
$_POST["captcha_word"] ?? '',
|
|
$_POST["captcha_sid"] ?? ''
|
|
);
|
|
}
|
|
elseif (isset($_POST["TYPE"]) && $_POST["TYPE"] == "SEND_PWD")
|
|
{
|
|
$arAuthResult = CUser::SendPassword(
|
|
$_POST["USER_LOGIN"] ?? '',
|
|
$_POST["USER_EMAIL"] ?? '',
|
|
$USER_LID,
|
|
$_POST["captcha_word"] ?? '',
|
|
$_POST["captcha_sid"] ?? '',
|
|
$_POST["USER_PHONE_NUMBER"] ?? ''
|
|
);
|
|
}
|
|
elseif (isset($_POST["TYPE"]) && $_POST["TYPE"] == "CHANGE_PWD")
|
|
{
|
|
$arAuthResult = $GLOBALS["USER"]->ChangePassword(
|
|
$_POST["USER_LOGIN"] ?? '',
|
|
$_POST["USER_CHECKWORD"] ?? '',
|
|
$_POST["USER_PASSWORD"] ?? '',
|
|
$_POST["USER_CONFIRM_PASSWORD"] ?? '',
|
|
$USER_LID,
|
|
$_POST["captcha_word"] ?? '',
|
|
$_POST["captcha_sid"] ?? '',
|
|
true,
|
|
$_POST["USER_PHONE_NUMBER"] ?? '',
|
|
$_POST["USER_CURRENT_PASSWORD"] ?? ''
|
|
);
|
|
}
|
|
|
|
if ($_POST["TYPE"] == "AUTH" || $_POST["TYPE"] == "OTP")
|
|
{
|
|
//special login form in the control panel
|
|
if ($arAuthResult === true && defined('ADMIN_SECTION') && ADMIN_SECTION === true)
|
|
{
|
|
//store cookies for next hit (see CMain::GetSpreadCookieHTML())
|
|
$GLOBALS["APPLICATION"]->StoreCookies();
|
|
$kernelSession['BX_ADMIN_LOAD_AUTH'] = true;
|
|
|
|
// die() follows
|
|
CMain::FinalActions('<script>window.onload=function(){(window.BX || window.parent.BX).AUTHAGENT.setAuthResult(false);};</script>');
|
|
}
|
|
}
|
|
}
|
|
$GLOBALS["APPLICATION"]->SetAuthResult($arAuthResult);
|
|
}
|
|
elseif (!$GLOBALS["USER"]->IsAuthorized() && isset($_REQUEST['bx_hit_hash']))
|
|
{
|
|
//Authorize by unique URL
|
|
$GLOBALS["USER"]->LoginHitByHash($_REQUEST['bx_hit_hash']);
|
|
}
|
|
}
|
|
|
|
//logout or re-authorize the user if something importand has changed
|
|
$GLOBALS["USER"]->CheckAuthActions();
|
|
|
|
//magic short URI
|
|
if (defined("BX_CHECK_SHORT_URI") && BX_CHECK_SHORT_URI && CBXShortUri::CheckUri())
|
|
{
|
|
//local redirect inside
|
|
die();
|
|
}
|
|
|
|
//application password scope control
|
|
if (($applicationID = $GLOBALS["USER"]->getContext()->getApplicationId()) !== null)
|
|
{
|
|
$appManager = Main\Authentication\ApplicationManager::getInstance();
|
|
if ($appManager->checkScope($applicationID) !== true)
|
|
{
|
|
$event = new Main\Event("main", "onApplicationScopeError", ['APPLICATION_ID' => $applicationID]);
|
|
$event->send();
|
|
|
|
$context->getResponse()->setStatus("403 Forbidden");
|
|
$application->end();
|
|
}
|
|
}
|
|
|
|
//define the site template
|
|
if (!defined("ADMIN_SECTION") || ADMIN_SECTION !== true)
|
|
{
|
|
$siteTemplate = "";
|
|
if (!empty($_REQUEST["bitrix_preview_site_template"]) && is_string($_REQUEST["bitrix_preview_site_template"]) && $GLOBALS["USER"]->CanDoOperation('view_other_settings'))
|
|
{
|
|
//preview of site template
|
|
$signer = new Main\Security\Sign\Signer();
|
|
try
|
|
{
|
|
//protected by a sign
|
|
$requestTemplate = $signer->unsign($_REQUEST["bitrix_preview_site_template"], "template_preview".bitrix_sessid());
|
|
|
|
$aTemplates = CSiteTemplate::GetByID($requestTemplate);
|
|
if ($template = $aTemplates->Fetch())
|
|
{
|
|
$siteTemplate = $template["ID"];
|
|
|
|
//preview of unsaved template
|
|
if (isset($_GET['bx_template_preview_mode']) && $_GET['bx_template_preview_mode'] == 'Y' && $GLOBALS["USER"]->CanDoOperation('edit_other_settings'))
|
|
{
|
|
define("SITE_TEMPLATE_PREVIEW_MODE", true);
|
|
}
|
|
}
|
|
}
|
|
catch (Main\Security\Sign\BadSignatureException)
|
|
{
|
|
}
|
|
}
|
|
if ($siteTemplate == "")
|
|
{
|
|
$siteTemplate = CSite::GetCurTemplate();
|
|
}
|
|
|
|
if (!defined('SITE_TEMPLATE_ID'))
|
|
{
|
|
define("SITE_TEMPLATE_ID", $siteTemplate);
|
|
}
|
|
|
|
if (!defined('SITE_TEMPLATE_PATH'))
|
|
{
|
|
define("SITE_TEMPLATE_PATH", getLocalPath('templates/'.SITE_TEMPLATE_ID, BX_PERSONAL_ROOT));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// prevents undefined constants
|
|
if (!defined('SITE_TEMPLATE_ID'))
|
|
{
|
|
define('SITE_TEMPLATE_ID', '.default');
|
|
}
|
|
|
|
define('SITE_TEMPLATE_PATH', '/bitrix/templates/.default');
|
|
}
|
|
|
|
//magic parameters: show page creation time
|
|
if (isset($_GET["show_page_exec_time"]))
|
|
{
|
|
if ($_GET["show_page_exec_time"] == "Y" || $_GET["show_page_exec_time"] == "N")
|
|
{
|
|
$kernelSession["SESS_SHOW_TIME_EXEC"] = $_GET["show_page_exec_time"];
|
|
}
|
|
}
|
|
|
|
//magic parameters: show included file processing time
|
|
if (isset($_GET["show_include_exec_time"]))
|
|
{
|
|
if ($_GET["show_include_exec_time"] == "Y" || $_GET["show_include_exec_time"] == "N")
|
|
{
|
|
$kernelSession["SESS_SHOW_INCLUDE_TIME_EXEC"] = $_GET["show_include_exec_time"];
|
|
}
|
|
}
|
|
|
|
//magic parameters: show include areas
|
|
if (!empty($_GET["bitrix_include_areas"]))
|
|
{
|
|
$GLOBALS["APPLICATION"]->SetShowIncludeAreas($_GET["bitrix_include_areas"]=="Y");
|
|
}
|
|
|
|
//magic sound
|
|
if ($GLOBALS["USER"]->IsAuthorized())
|
|
{
|
|
$cookie_prefix = COption::GetOptionString('main', 'cookie_name', 'BITRIX_SM');
|
|
if (!isset($_COOKIE[$cookie_prefix.'_SOUND_LOGIN_PLAYED']))
|
|
{
|
|
$GLOBALS["APPLICATION"]->set_cookie('SOUND_LOGIN_PLAYED', 'Y', 0);
|
|
}
|
|
}
|
|
|
|
//magic cache
|
|
Main\Composite\Engine::shouldBeEnabled();
|
|
|
|
// should be before proactive filter on OnBeforeProlog
|
|
$userPassword = $_POST["USER_PASSWORD"] ?? null;
|
|
$userConfirmPassword = $_POST["USER_CONFIRM_PASSWORD"] ?? null;
|
|
|
|
foreach(GetModuleEvents("main", "OnBeforeProlog", true) as $arEvent)
|
|
{
|
|
ExecuteModuleEventEx($arEvent);
|
|
}
|
|
|
|
// need to reinit
|
|
$GLOBALS["APPLICATION"]->SetCurPage(false);
|
|
|
|
if (!defined("NOT_CHECK_PERMISSIONS") || NOT_CHECK_PERMISSIONS !== true)
|
|
{
|
|
//Register user from authorization html form
|
|
//Only POST is accepted
|
|
if (isset($_POST["AUTH_FORM"]) && $_POST["AUTH_FORM"] != '' && isset($_POST["TYPE"]) && $_POST["TYPE"] == "REGISTRATION")
|
|
{
|
|
if (!$bRsaError)
|
|
{
|
|
if (COption::GetOptionString("main", "new_user_registration", "N") == "Y" && (!defined("ADMIN_SECTION") || ADMIN_SECTION !== true))
|
|
{
|
|
$arAuthResult = $GLOBALS["USER"]->Register(
|
|
$_POST["USER_LOGIN"] ?? '',
|
|
$_POST["USER_NAME"] ?? '',
|
|
$_POST["USER_LAST_NAME"] ?? '',
|
|
$userPassword,
|
|
$userConfirmPassword,
|
|
$_POST["USER_EMAIL"] ?? '',
|
|
$USER_LID,
|
|
$_POST["captcha_word"] ?? '',
|
|
$_POST["captcha_sid"] ?? '',
|
|
false,
|
|
$_POST["USER_PHONE_NUMBER"] ?? ''
|
|
);
|
|
|
|
$GLOBALS["APPLICATION"]->SetAuthResult($arAuthResult);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ((!defined("NOT_CHECK_PERMISSIONS") || NOT_CHECK_PERMISSIONS !== true) && (!defined("NOT_CHECK_FILE_PERMISSIONS") || NOT_CHECK_FILE_PERMISSIONS !== true))
|
|
{
|
|
$real_path = $context->getRequest()->getScriptFile();
|
|
|
|
if (!$GLOBALS["USER"]->CanDoFileOperation('fm_view_file', [SITE_ID, $real_path]) || (defined("NEED_AUTH") && NEED_AUTH && !$GLOBALS["USER"]->IsAuthorized()))
|
|
{
|
|
if ($GLOBALS["USER"]->IsAuthorized() && empty($arAuthResult["MESSAGE"]))
|
|
{
|
|
$arAuthResult = ["MESSAGE" => GetMessage("ACCESS_DENIED").' '.GetMessage("ACCESS_DENIED_FILE", ["#FILE#" => $real_path]), "TYPE" => "ERROR"];
|
|
|
|
if (COption::GetOptionString("main", "event_log_permissions_fail", "N") === "Y")
|
|
{
|
|
CEventLog::Log(CEventLog::SEVERITY_SECURITY, "USER_PERMISSIONS_FAIL", "main", $GLOBALS["USER"]->GetID(), $real_path);
|
|
}
|
|
}
|
|
|
|
if (defined("ADMIN_SECTION") && ADMIN_SECTION === true)
|
|
{
|
|
if (isset($_REQUEST["mode"]) && ($_REQUEST["mode"] === "list" || $_REQUEST["mode"] === "settings"))
|
|
{
|
|
echo "<script>top.location='".$GLOBALS["APPLICATION"]->GetCurPage()."?".DeleteParam(["mode"])."';</script>";
|
|
die();
|
|
}
|
|
elseif (isset($_REQUEST["mode"]) && $_REQUEST["mode"] === "frame")
|
|
{
|
|
echo "<script>
|
|
const w = (opener? opener.window:parent.window);
|
|
w.location.href='" .$GLOBALS["APPLICATION"]->GetCurPage()."?".DeleteParam(["mode"])."';
|
|
</script>";
|
|
die();
|
|
}
|
|
elseif (defined("MOBILE_APP_ADMIN") && MOBILE_APP_ADMIN === true)
|
|
{
|
|
echo json_encode(["status" => "failed"]);
|
|
die();
|
|
}
|
|
}
|
|
|
|
/** @noinspection PhpUndefinedVariableInspection */
|
|
$GLOBALS["APPLICATION"]->AuthForm($arAuthResult);
|
|
}
|
|
}
|
|
|
|
//Do not remove this
|
|
|