Beispiel #1
0
<?php

include_once 'data.php';
if (isset($_SESSION['auth'])) {
    include_once 'functions.php';
    // CHANGE USER'S PASSWORD
    if (!empty($_GET['change_password']) && !empty($_GET['old_password'])) {
        if (empty($_GET['new_password1']) || empty($_GET['new_password2'])) {
            die('Error! Password was not changed. New password required.');
        }
        if ($_GET['new_password1'] !== $_GET['new_password2']) {
            die('Error! Password was not changed. New password typo.');
        }
        $password_changed = NULL;
        database_connect(IL_USER_DATABASE_PATH, 'users');
        if (check_encrypted_password($dbHandle, $_SESSION['user'], $_GET['old_password'])) {
            $user_query = $dbHandle->quote($_SESSION['user_id']);
            $new_password_query = $dbHandle->quote(generate_encrypted_password($_GET['new_password1']));
            $password_changed = $dbHandle->exec("UPDATE users SET password="******" WHERE userID=" . $user_query);
            $error = $dbHandle->errorInfo();
        } else {
            die('Error! Password was not changed. Existing password is incorrect.');
        }
        $dbHandle = null;
        if ($password_changed !== 1) {
            die('Error! Password was not changed. Database error: ' . $error[2]);
        }
    }
    // DELETE A USER
    if (!empty($_GET['delete']) && !empty($_GET['id'])) {
        database_connect(IL_DATABASE_PATH, 'library');
     session_regenerate_id(true);
     $_SESSION['user_id'] = $userID;
     $_SESSION['user'] = $_POST['user'];
     $_SESSION['permissions'] = $permissions;
     $_SESSION['auth'] = true;
 } else {
     /* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */
     // CHECK FOR FORMER LDAP USER
     $result = $dbHandle->query("SELECT password FROM users WHERE username="******"SELECT userID,permissions FROM users WHERE username=" . $username_quoted);
         $user = $result->fetch(PDO::FETCH_ASSOC);
         $result = null;
         if (!empty($user['userID'])) {
             session_regenerate_id(true);
             $_SESSION['user_id'] = $user['userID'];
             $_SESSION['user'] = $_POST['user'];
             $_SESSION['permissions'] = $user['permissions'];
             $_SESSION['auth'] = true;
         }
     } else {
         sendError('Bad username or password.');
     }
 }
 $dbHandle = null;
Beispiel #3
0
             $id = $last_id->fetchColumn();
             $last_id = null;
             $dbHandle->exec("INSERT INTO projects (userID,project) VALUES ({$id},{$username_quoted} || '''s project', '1')");
         }
         $result = $dbHandle->query("SELECT userID FROM users WHERE username={$username_quoted} LIMIT 1");
         $id = $result->fetchColumn();
         $result = null;
         $dbHandle->commit();
         $_SESSION['user_id'] = $id;
         $_SESSION['user'] = $_POST['user'];
         $_SESSION['permissions'] = $permissions;
         $_SESSION['auth'] = true;
     }
 } else {
     /* IF LDAP NOT ENABLED, CHECK THE LOCAL DB */
     if (check_encrypted_password($dbHandle, $username, $password)) {
         $result = $dbHandle->query("SELECT userID,permissions FROM users WHERE username=" . $username_quoted);
         $user = $result->fetch(PDO::FETCH_ASSOC);
         $result = null;
         if (!empty($user['userID'])) {
             $_SESSION['user_id'] = $user['userID'];
             $_SESSION['user'] = $_POST['user'];
             $_SESSION['permissions'] = $user['permissions'];
             $_SESSION['auth'] = true;
             $_SESSION['watermarks'] = '';
         }
     }
 }
 /* OK, THIS IS A REGISTERED USER. DO THE PROXY SETTINGS AND CREATE A TEMP DIR */
 if (isset($_SESSION['auth'])) {
     if ($ini_array['autosign'] == 0) {