//Send to user his new pw if key is conform
case "generate_new_password":
//check if key is okay
$data = $db->fetch_row("SELECT valeur FROM " . $pre . "misc WHERE intitule = '" . $_POST['login'] . "' AND type = 'password_recovery'");
if ($_POST['key'] == $data[0]) {
//Generate and change pw
$new_pw = "";
include '../includes/libraries/pwgen/pwgen.class.php';
$pwgen = new PWGen();
$pwgen->setLength(10);
$pwgen->setSecure(true);
$pwgen->setSymbols(false);
$pwgen->setCapitalize(true);
$pwgen->setNumerals(true);
$new_pw_not_crypted = $pwgen->generate();
$new_pw = encrypt(string_utf8_decode($new_pw_not_crypted));
//update DB
$db->query_update("users", array('pw' => $new_pw), "login = '******'login'] . "'");
//Delete recovery in DB
$db->query_delete("misc", array('type' => 'password_recovery', 'intitule' => $_POST['login'], 'valeur' => $key));
//Get email
$data_user = $db->query_first("SELECT email FROM " . $pre . "users WHERE login = '******'login'] . "'");
$_SESSION['validite_pw'] = false;
//load library
require_once "../includes/libraries/phpmailer/class.phpmailer.php";
//send to user
$mail = new PHPMailer();
$mail->SetLanguage("en", "../includes/libraries/phpmailer/language/");
$mail->IsSMTP();
// send via SMTP
$mail->Host = $smtp_server;
$db->query_update("users", array('fonction_id' => $new_fonctions), "id = " . $val[0]);
break;
## ADD NEW USER ##
## ADD NEW USER ##
case "add_new_user":
//Check KEY
if ($_POST['key'] != $_SESSION['key']) {
//error
exit;
}
// Check if user already exists
$db->query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . $pre . "users WHERE login LIKE '" . mysql_real_escape_string(stripslashes($_POST['login'])) . "'");
$data = $db->fetch_array();
if (empty($data['id'])) {
//Add user in DB
$new_user_id = $db->query_insert("users", array('login' => htmlspecialchars_decode($_POST['login']), 'pw' => encrypt(string_utf8_decode($_POST['pw'])), 'email' => $_POST['email'], 'admin' => $_POST['admin'] == "true" ? '1' : '0', 'gestionnaire' => $_POST['manager'] == "true" ? '1' : '0', 'read_only' => $_POST['read_only'] == "true" ? '1' : '0', 'personal_folder' => $_POST['personal_folder'] == "true" ? '1' : '0', 'fonction_id' => $_POST['manager'] == "true" ? $_SESSION['fonction_id'] : '0', 'groupes_interdits' => $_POST['manager'] == "true" ? $data['groupes_interdits'] : '0', 'groupes_visibles' => $_POST['manager'] == "true" ? $data['groupes_visibles'] : '0'));
//Create personnal folder
if ($_POST['personal_folder'] == "true") {
$db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1'));
}
//Create folder and role for domain
if ($_POST['new_folder_role_domain'] == "true") {
//create folder
$new_folder_id = $db->query_insert("nested_tree", array('parent_id' => 0, 'title' => mysql_real_escape_string(stripslashes($_POST['domain'])), 'personal_folder' => 0, 'renewal_period' => 0, 'bloquer_creation' => '0', 'bloquer_modification' => '0'));
//Add complexity
$db->query_insert("misc", array('type' => 'complex', 'intitule' => $new_folder_id, 'valeur' => 50));
//Create role
$new_role_id = $db->query_insert("roles_title", array('title' => mysql_real_escape_string(stripslashes($_POST['domain']))));
//Associate new role to new folder
$db->query_insert('roles_values', array('folder_id' => $new_folder_id, 'role_id' => $new_role_id));
//Add the new user to this role
### CASE ####
### update an ITEM
case "update_item":
//init
$reload_page = false;
//Get existing values
$data = $db->query_first("SELECT * FROM " . $pre . "items WHERE id=" . $_POST['id']);
/*
//decrypt
require_once '../includes/libraries/crypt/aes.class.php'; // AES PHP implementation
require_once '../includes/libraries/crypt/aesctr.class.php'; // AES Counter Mode implementation
$pw = urldecode(AesCtr::decrypt($_POST['pw'], $_SESSION['cle_session'], 256));
$login = urldecode(AesCtr::decrypt($_POST['login'], $_SESSION['cle_session'], 256));
$label = urldecode(AesCtr::decrypt($_POST['label'], $_SESSION['cle_session'], 256));
*/
$pw = string_utf8_decode($_POST['pw']);
$resticted_to = $_POST['restricted_to'];
//encrypt PW
if ($_POST['salt_key_set'] == 1 && isset($_POST['salt_key_set']) && $_POST['if_pf'] == 1 && isset($_POST['if_pf'])) {
$pw = encrypt($pw, mysql_real_escape_string(stripslashes($_SESSION['my_sk'])));
$resticted_to = $_SESSION['user_id'];
} else {
$pw = encrypt($pw);
}
//---Manage tags
//deleting existing tags for this item
$db->query("DELETE FROM " . $pre . "tags WHERE item_id = '" . $_POST['id'] . "'");
//Add new tags
$tags = explode(' ', $_POST['tags']);
foreach ($tags as $tag) {
if (!empty($tag)) {
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title');
$tree->rebuild();
} else {
//lock user in database
$db->query_update('users', array('disabled' => 1, 'key_tempo' => ""), "id=" . $_POST['id']);
}
break;
## UPDATE PASSWORD OF USER ##
## UPDATE PASSWORD OF USER ##
case "modif_mdp_user":
//Check KEY
if ($_POST['key'] != $_SESSION['key']) {
//error
exit;
}
$db->query_update("users", array('pw' => encrypt(string_utf8_decode($_POST['newmdp']))), "id = " . $_POST['id']);
break;
## UPDATE EMAIL OF USER ##
## UPDATE EMAIL OF USER ##
case "modif_mail_user":
//Check KEY
if ($_POST['key'] != $_SESSION['key']) {
//error
exit;
}
$db->query_update("users", array('email' => $_POST['newemail']), "id = " . $_POST['id']);
break;
// UPDATE CAN CREATE ROOT FOLDER RIGHT
// UPDATE CAN CREATE ROOT FOLDER RIGHT
case "can_create_root_folder":
//Check KEY
session_start();
error_reporting(E_ERROR);
require_once 'main.functions.php';
// connect to the server
require_once "class.database.php";
$db = new Database($server, $user, $pass, $database, $pre);
$db->connect();
//User's language loading
$k['langage'] = @$_SESSION['user_language'];
require_once '../includes/language/' . $_SESSION['user_language'] . '.php';
// Construction de la requête en fonction du type de valeur
switch ($_POST['type']) {
case "change_pw":
//Get a string with the old pw array
$last_pw = explode(';', $_SESSION['last_pw']);
$new_pw = encrypt(string_utf8_decode($_POST['new_pw']));
//if size is bigger then clean the array
if (sizeof($last_pw) > $_SESSION['settings']['number_of_used_pw'] && $_SESSION['settings']['number_of_used_pw'] > 0) {
for ($x = 0; $x < $_SESSION['settings']['number_of_used_pw']; $x++) {
unset($last_pw[$x]);
}
//reinit SESSION
$_SESSION['last_pw'] = implode(';', $last_pw);
} else {
if ($_SESSION['settings']['number_of_used_pw'] == 0) {
$_SESSION['last_pw'] = "";
$last_pw = array();
}
}
//check if new pw is different that old ones
if (in_array($new_pw, $last_pw)) {
