//Send to user his new pw if key is conform case "generate_new_password": //check if key is okay $data = $db->fetch_row("SELECT valeur FROM " . $pre . "misc WHERE intitule = '" . $_POST['login'] . "' AND type = 'password_recovery'"); if ($_POST['key'] == $data[0]) { //Generate and change pw $new_pw = ""; include '../includes/libraries/pwgen/pwgen.class.php'; $pwgen = new PWGen(); $pwgen->setLength(10); $pwgen->setSecure(true); $pwgen->setSymbols(false); $pwgen->setCapitalize(true); $pwgen->setNumerals(true); $new_pw_not_crypted = $pwgen->generate(); $new_pw = encrypt(string_utf8_decode($new_pw_not_crypted)); //update DB $db->query_update("users", array('pw' => $new_pw), "login = '******'login'] . "'"); //Delete recovery in DB $db->query_delete("misc", array('type' => 'password_recovery', 'intitule' => $_POST['login'], 'valeur' => $key)); //Get email $data_user = $db->query_first("SELECT email FROM " . $pre . "users WHERE login = '******'login'] . "'"); $_SESSION['validite_pw'] = false; //load library require_once "../includes/libraries/phpmailer/class.phpmailer.php"; //send to user $mail = new PHPMailer(); $mail->SetLanguage("en", "../includes/libraries/phpmailer/language/"); $mail->IsSMTP(); // send via SMTP $mail->Host = $smtp_server;
$db->query_update("users", array('fonction_id' => $new_fonctions), "id = " . $val[0]); break; ## ADD NEW USER ## ## ADD NEW USER ## case "add_new_user": //Check KEY if ($_POST['key'] != $_SESSION['key']) { //error exit; } // Check if user already exists $db->query("SELECT id, fonction_id, groupes_interdits, groupes_visibles FROM " . $pre . "users WHERE login LIKE '" . mysql_real_escape_string(stripslashes($_POST['login'])) . "'"); $data = $db->fetch_array(); if (empty($data['id'])) { //Add user in DB $new_user_id = $db->query_insert("users", array('login' => htmlspecialchars_decode($_POST['login']), 'pw' => encrypt(string_utf8_decode($_POST['pw'])), 'email' => $_POST['email'], 'admin' => $_POST['admin'] == "true" ? '1' : '0', 'gestionnaire' => $_POST['manager'] == "true" ? '1' : '0', 'read_only' => $_POST['read_only'] == "true" ? '1' : '0', 'personal_folder' => $_POST['personal_folder'] == "true" ? '1' : '0', 'fonction_id' => $_POST['manager'] == "true" ? $_SESSION['fonction_id'] : '0', 'groupes_interdits' => $_POST['manager'] == "true" ? $data['groupes_interdits'] : '0', 'groupes_visibles' => $_POST['manager'] == "true" ? $data['groupes_visibles'] : '0')); //Create personnal folder if ($_POST['personal_folder'] == "true") { $db->query_insert("nested_tree", array('parent_id' => '0', 'title' => $new_user_id, 'bloquer_creation' => '0', 'bloquer_modification' => '0', 'personal_folder' => '1')); } //Create folder and role for domain if ($_POST['new_folder_role_domain'] == "true") { //create folder $new_folder_id = $db->query_insert("nested_tree", array('parent_id' => 0, 'title' => mysql_real_escape_string(stripslashes($_POST['domain'])), 'personal_folder' => 0, 'renewal_period' => 0, 'bloquer_creation' => '0', 'bloquer_modification' => '0')); //Add complexity $db->query_insert("misc", array('type' => 'complex', 'intitule' => $new_folder_id, 'valeur' => 50)); //Create role $new_role_id = $db->query_insert("roles_title", array('title' => mysql_real_escape_string(stripslashes($_POST['domain'])))); //Associate new role to new folder $db->query_insert('roles_values', array('folder_id' => $new_folder_id, 'role_id' => $new_role_id)); //Add the new user to this role
### CASE #### ### update an ITEM case "update_item": //init $reload_page = false; //Get existing values $data = $db->query_first("SELECT * FROM " . $pre . "items WHERE id=" . $_POST['id']); /* //decrypt require_once '../includes/libraries/crypt/aes.class.php'; // AES PHP implementation require_once '../includes/libraries/crypt/aesctr.class.php'; // AES Counter Mode implementation $pw = urldecode(AesCtr::decrypt($_POST['pw'], $_SESSION['cle_session'], 256)); $login = urldecode(AesCtr::decrypt($_POST['login'], $_SESSION['cle_session'], 256)); $label = urldecode(AesCtr::decrypt($_POST['label'], $_SESSION['cle_session'], 256)); */ $pw = string_utf8_decode($_POST['pw']); $resticted_to = $_POST['restricted_to']; //encrypt PW if ($_POST['salt_key_set'] == 1 && isset($_POST['salt_key_set']) && $_POST['if_pf'] == 1 && isset($_POST['if_pf'])) { $pw = encrypt($pw, mysql_real_escape_string(stripslashes($_SESSION['my_sk']))); $resticted_to = $_SESSION['user_id']; } else { $pw = encrypt($pw); } //---Manage tags //deleting existing tags for this item $db->query("DELETE FROM " . $pre . "tags WHERE item_id = '" . $_POST['id'] . "'"); //Add new tags $tags = explode(' ', $_POST['tags']); foreach ($tags as $tag) { if (!empty($tag)) {
$tree = new NestedTree($pre . 'nested_tree', 'id', 'parent_id', 'title'); $tree->rebuild(); } else { //lock user in database $db->query_update('users', array('disabled' => 1, 'key_tempo' => ""), "id=" . $_POST['id']); } break; ## UPDATE PASSWORD OF USER ## ## UPDATE PASSWORD OF USER ## case "modif_mdp_user": //Check KEY if ($_POST['key'] != $_SESSION['key']) { //error exit; } $db->query_update("users", array('pw' => encrypt(string_utf8_decode($_POST['newmdp']))), "id = " . $_POST['id']); break; ## UPDATE EMAIL OF USER ## ## UPDATE EMAIL OF USER ## case "modif_mail_user": //Check KEY if ($_POST['key'] != $_SESSION['key']) { //error exit; } $db->query_update("users", array('email' => $_POST['newemail']), "id = " . $_POST['id']); break; // UPDATE CAN CREATE ROOT FOLDER RIGHT // UPDATE CAN CREATE ROOT FOLDER RIGHT case "can_create_root_folder": //Check KEY
session_start(); error_reporting(E_ERROR); require_once 'main.functions.php'; // connect to the server require_once "class.database.php"; $db = new Database($server, $user, $pass, $database, $pre); $db->connect(); //User's language loading $k['langage'] = @$_SESSION['user_language']; require_once '../includes/language/' . $_SESSION['user_language'] . '.php'; // Construction de la requête en fonction du type de valeur switch ($_POST['type']) { case "change_pw": //Get a string with the old pw array $last_pw = explode(';', $_SESSION['last_pw']); $new_pw = encrypt(string_utf8_decode($_POST['new_pw'])); //if size is bigger then clean the array if (sizeof($last_pw) > $_SESSION['settings']['number_of_used_pw'] && $_SESSION['settings']['number_of_used_pw'] > 0) { for ($x = 0; $x < $_SESSION['settings']['number_of_used_pw']; $x++) { unset($last_pw[$x]); } //reinit SESSION $_SESSION['last_pw'] = implode(';', $last_pw); } else { if ($_SESSION['settings']['number_of_used_pw'] == 0) { $_SESSION['last_pw'] = ""; $last_pw = array(); } } //check if new pw is different that old ones if (in_array($new_pw, $last_pw)) {