SC9 error on LDAP login

Scriptcase 9 Bugs
#1

Hi,

I have updated version of SC ( 9.7.018) and created security module with LDAP authentication and everything looks fine until I try to logon. It gives me the following error:

Fatal error : Uncaught Error: Call to undefined function sc_logged_is_blocked() in /opt/NetMake/v9-php73/wwwroot/scriptcase/app …

Can anybody help?

Thanks.

#2

In you login app, tick in the Internal Libraries the sc_logged.php file which has this function, like this:

image

Sorry, the image is in Portuguese, but I hope you can understand and it can help you.

#3

Thanks! Don’t worry aboy portuguese, I speak Spanish and have many portuguese workmates.

Anyway, I haven’t got this sc_logged.php library…

Look at mines:

image
image1549×254 7.23 KB

#4

It’s an internal library which is created when you use the Security from Scriptcase…

#5
<?php function sc_logged($user, $ip = '') { $str_sql = "SELECT date_login, ip FROM sec_logged WHERE login = ". sc_sql_injection($user) ." AND sc_session <> ".sc_sql_injection('_SC_FAIL_SC_'); sc_select(data, $str_sql); if({data} === FALSE || !isset($data->fields[0])) { $ip = ($ip == '') ? $_SERVER['REMOTE_ADDR'] : $ip; sc_logged_in($user, $ip); return true; } else { sc_reset_apl_conf("ap_logged"); sc_apl_status("ap_logged", 'on'); sc_redir("ap_logged", user=$user, 'modal'); return false; } } function sc_verify_logged() { $str_sql = "SELECT count(*) FROM sec_logged WHERE login = ". sc_sql_injection([logged_user]) . " AND date_login = ". sc_sql_injection([logged_date_login]) ." AND sc_session <> ".sc_sql_injection('_SC_FAIL_SC_'); sc_lookup(rs_logged, $str_sql); if({rs_logged[0][0]} != 1) { sc_redir("ap_Login","","_parent"); } } function sc_logged_in($user, $ip = '') { $ip = ($ip == '') ? $_SERVER['REMOTE_ADDR'] : $ip; [logged_user] = $user; [logged_date_login] = microtime(true); $str_sql = "DELETE FROM sec_logged WHERE login = ". sc_sql_injection($user) . " AND sc_session = ".sc_sql_injection('_SC_FAIL_SC_')." AND ip = ".sc_sql_injection($ip); sc_exec_sql($str_sql); $str_sql = "INSERT INTO sec_logged(login, date_login, sc_session, ip) VALUES (". sc_sql_injection($user) .", ". sc_sql_injection([logged_date_login]) .", ". sc_sql_injection(session_id()) .", ". sc_sql_injection($ip) .")"; sc_exec_sql($str_sql); } function sc_logged_in_fail($user, $ip = '') { $ip = ($ip == '') ? $_SERVER['REMOTE_ADDR'] : $ip; $user = sc_sql_injection($user); $str_sql = "INSERT INTO sec_logged(login, date_login, sc_session, ip) VALUES (" . sc_sql_injection($user) . ", " . sc_sql_injection(microtime(true)) . ", ". sc_sql_injection('_SC_FAIL_SC_').", " . sc_sql_injection($ip) . ")"; sc_exec_sql($str_sql); return true; } function sc_logged_is_blocked($ip = '') { $ip = ($ip == '') ? $_SERVER['REMOTE_ADDR'] : $ip; $minutes_ago = strtotime("-". [sett_brute_force_time_block] ." minutes"); $str_select = "SELECT count(*) FROM sec_logged WHERE sc_session = ".sc_sql_injection('_SC_BLOCKED_SC_')." AND ip = ".sc_sql_injection($ip)." AND date_login > ". sc_sql_injection($minutes_ago); sc_lookup(rs_logged, $str_select); if({rs_logged} !== FALSE && {rs_logged[0][0]} == 1) { $message = {lang_user_blocked}; $message = sprintf($message, 10); sc_error_message($message); return true; } $str_select = "SELECT count(*) FROM sec_logged WHERE sc_session = ".sc_sql_injection('_SC_FAIL_SC_')." AND ip = ".sc_sql_injection($ip)." AND date_login > ". sc_sql_injection($minutes_ago); sc_lookup(rs_logged, $str_select); if({rs_logged} !== FALSE && {rs_logged[0][0]} == [sett_brute_force_attempts] ) { $str_sql = "INSERT INTO sec_logged(login, date_login, sc_session, ip) VALUES (".sc_sql_injection('blocked').", ". sc_sql_injection(microtime(true)) .", ".sc_sql_injection('_SC_BLOCKED_SC_'). ", ". sc_sql_injection($ip) .")"; sc_exec_sql($str_sql); $message = {lang_user_blocked}; $message = sprintf($message, [sett_brute_force_time_block]); sc_error_message($message); return true; } return false; } function sc_logged_out($user, $date_login = '') { $date_login = ($date_login == '' ? "" : " AND date_login = ". sc_sql_injection($date_login) .""); $str_sql = "SELECT sc_session FROM sec_logged WHERE login = ". sc_sql_injection($user) ." ". $date_login . " AND sc_session <> ".sc_sql_injection('_SC_FAIL_SC_'); sc_lookup(data, $str_sql); if(isset({data[0][0]}) && !empty({data[0][0]})) { $session_bkp = $_SESSION; $sessionid = session_id(); session_write_close(); session_id({data[0][0]}); session_start(); $_SESSION['logged_user'] = 'logout'; session_write_close(); session_id($sessionid); session_start(); $_SESSION = $session_bkp; } $str_sql = "DELETE FROM sec_logged WHERE login = ". sc_sql_injection($user) . " " . $date_login; sc_exec_sql($str_sql); sc_reset_global([logged_date_login], [logged_user]); } function sc_looged_check_logout() { if(isset([logged_user]) && ([logged_user] == 'logout' || empty([logged_user]))) { sc_reset_global ([usr_login], [logged_user], [logged_date_login], [usr_email]); } } ?>
1 Like