Beispiel #1
0
function user_valid_login($login, $password)
{
    global $error, $user_external_group, $user_external_email;
    $ret = false;
    $data = @yp_match(yp_get_default_domain(), 'passwd.byname', $login);
    if (strlen($data)) {
        $data = explode(':', $data);
        if ($user_external_group && $user_external_group != $data[3]) {
            $error = translate('Invalid login');
            return $ret;
        }
        if ($data[1] == crypt($password, substr($data[1], 0, CRYPT_SALT_LENGTH))) {
            if (count($data) >= 4) {
                $ret = true;
                // Check for user in webcal_user.
                // If in NIS and not in DB, then insert...
                $sql = 'SELECT cal_login FROM webcal_user WHERE cal_login = ?';
                $res = dbi_execute($sql, array($login));
                if (!$res || !dbi_fetch_row($res)) {
                    // insert user into webcal_user
                    $uname = explode(' ', $data[4]);
                    $ufirstname = $uname[0];
                    $ulastname = $uname[count($uname) - 1];
                    user_add_user($login, $password, $ufirstname, $ulastname, $login . '@' . $user_external_email, 'N');
                } else {
                    //refresh their password in webcal_user
                    user_update_user_password($login, $password);
                }
            } else {
                $error = translate('Invalid login') . ': ' . translate('incorrect password');
                $ret = false;
            }
        }
    } else {
        // no such user
        $error = translate('Invalid login') . ': ' . translate('no such user');
        $ret = false;
    }
    return $ret;
}
Beispiel #2
0
 if ($formtype == 'edituser') {
     if (!empty($add) && $is_admin) {
         if ($upassword1 != $upassword2) {
             $error = $notIdenticalStr;
         } else {
             if (addslashes($user) != $user) {
                 // This error should get caught before here anyhow,
                 // so no need to translate this. This is just in case. :-)
                 $error = 'Invalid characters in login.';
             } else {
                 if (empty($user)) {
                     // Username cannot be blank. This is currently the only place
                     // that calls addUser that is located in $user_inc.
                     $error = $blankUserStr;
                 } else {
                     user_add_user($user, $upassword1, $ufirstname, $ulastname, $uemail, $uis_admin, $u_enabled);
                     activity_log(0, $login, $user, LOG_USER_ADD, "{$ufirstname} {$ulastname}" . (empty($uemail) ? '' : " <{$uemail}>"));
                 }
             }
         }
     } else {
         if (!empty($add) && !access_can_access_function(ACCESS_USER_MANAGEMENT)) {
             $error = print_not_auth(15);
         } else {
             // Don't allow a user to change themself to an admin by setting
             // uis_admin in the URL by hand. They must be admin beforehand.
             if (!$is_admin) {
                 $uis_admin = 'N';
             }
             user_update_user($user, $ufirstname, $ulastname, $uemail, $uis_admin, $uenabled);
             activity_log(0, $login, $user, LOG_USER_UPDATE, "{$ufirstname} {$ulastname}" . (empty($uemail) ? '' : " <{$uemail}>"));
Beispiel #3
0
if (empty($error) && !$add && !$delete && empty($user_password)) {
    $user_password = $old_password;
}
// admin must be 'Y' or 'N' for call to user_add_user ()
$user_admin = empty($user_admin) || $user_admin != '1' ? 'N' : 'Y';
// If user is editing themself, do not let them take away admin setting.
// We don't want them to accidentally have no admin users left.
if (empty($error) && $user_login == $login && $user_admin == 'N') {
    $error = translate('You cannot remove admin rights from yourself!');
}
if (empty($error) && $delete) {
    user_delete_user($user_login);
} else {
    if (empty($error) && $add) {
        //TODO add $user_enabled
        if (user_add_user($user_login, $user_password, $user_firstname, $user_lastname, $user_email, $user_admin)) {
            // success    :-)
        } else {
            // error
            $error = empty($error) ? translate('Unknown error saving user') : ws_escape_xml($error);
        }
    } else {
        if (empty($error)) {
            // update
            //TODO add $user_enabled
            if (user_update_user($user_login, $user_firstname, $user_lastname, $user_email, $user_admin)) {
                // success    :-)
            } else {
                // error
                $error = empty($error) ? translate('Unknown error saving user') : ws_escape_xml($error);
            }
Beispiel #4
0
     } else {
         if ($upassword1 != $upassword2) {
             $control = '';
             $error = translate('The passwords were not identical.');
         }
     }
     if (empty($error)) {
         user_add_user($user, $upassword1, $ufirstname, $ulastname, $uemail, $uis_admin);
         activity_log(0, 'system', $user, LOG_NEWUSER_FULL, translate('New user via self-registration.'));
     }
 } elseif ($control == 'email') {
     // Process account info for email submission.
     // Need to generate unique passwords and email them to the new user.
     $new_pass = generate_password();
     // TODO allow admin to approve account and emails prior to processing.
     user_add_user($user, $new_pass, $ufirstname, $ulastname, $uemail, $uis_admin);
     $tempName = trim($ufirstname . ' ' . $ulastname);
     $msg = str_replace(', XXX.', strlen($tempName) ? ', ' . $tempName . '.' : '.', translate('Hello, XXX.')) . "\n\n" . translate('A new WebCalendar account has been set up for you.') . "\n\n" . str_replace('XXX', $user, translate('Your username is XXX.')) . "\n\n" . str_replace('XXX', $new_pass, translate('Your password is XXX.')) . "\n\n" . str_replace('XXX', $appStr, translate('Please visit XXX to log in and start using your account!')) . "\n";
     // Add URL to event, if we can figure it out.
     if (!empty($SERVER_URL)) {
         $url = $SERVER_URL . 'login.php';
         if ($htmlmail == 'Y') {
             $url = activate_urls($url);
         }
         $msg .= "\n\n" . $url;
     }
     $msg .= "\n\n" . translate('You may change your password after logging in the first time.') . "\n\n" . translate('If you received this email in error') . "\n\n";
     $adminStr = translate('Administrator', true);
     $name = $appStr . ' ' . translate('Welcome') . ': ' . $ufirstname;
     // Send  via WebCalMailer class.
     $mail->WC_Send($adminStr, $uemail, $ufirstname . ' ' . $ulastname, $name, $msg, $htmlmail, $EMAIL_FALLBACK_FROM);
Beispiel #5
0
/**
 * Check to see if a given login/password is valid.
 *
 * If invalid, the error message will be placed in $error.
 *
 * @param string $login    User login
 * @param string $password User password
 *
 * @return bool True on success
 *
 * @global string Error message
 */
function user_valid_login($login, $password)
{
    global $error, $auth, $imap_host, $imap_port, $allow_auto_create, $PHP_SELF;
    $ret = false;
    //  do_debug ("in imap/user_valid_login...<br />\nl=$login p=$password<br />\n");
    $all_imap_hosts = array();
    $all_imap_ports = array();
    // Check if we do not have a username/password
    if (!isset($login) || !isset($password) || strlen($password) == 0) {
        return $ret;
    }
    # Check that if there is an array of hosts and an array of ports
    # then the number of each is the same
    if (is_array($imap_host) && is_array($imap_port) && count($imap_port) != count($imap_host)) {
        return $ret;
    }
    # Transfer the list of imap hosts to an new value to ensure that
    # an array is always used.
    # If a single value is passed then turn it into an array
    if (is_array($imap_host)) {
        $all_imap_hosts = $imap_host;
    } else {
        $all_imap_hosts = array($imap_host);
    }
    # create an array of the port numbers to match the number of
    # hosts if a single port number has been passed.
    if (is_array($imap_port)) {
        $all_imap_ports = $imap_port;
    } else {
        while (each($all_imap_hosts)) {
            $all_imap_ports[] = $imap_port;
        }
    }
    # iterate over all hosts and return if you get a successful login
    foreach ($all_imap_hosts as $idx => $host) {
        $error_number = '';
        $error_string = '';
        // Connect to IMAP-server
        $stream = fsockopen($host, $all_imap_ports[$idx], $error_number, $error_string, 15);
        $response = fgets($stream, 1024);
        if ($stream) {
            $logon_str = 'a001 LOGIN "' . quoteIMAP($login) . '" "' . quoteIMAP($password) . "\"\r\n";
            fputs($stream, $logon_str);
            $response = fgets($stream, 1024);
            if (substr($response, 5, 2) == 'OK') {
                fputs($stream, "a001 LOGOUT\r\n");
                $response = fgets($stream, 1024);
                $ret = true;
                if ($allow_auto_create && !empty($PHP_SELF) && preg_match("/\\/login.php/", $PHP_SELF)) {
                    //Test if user is in WebCalendar database
                    $prefix = "testuser";
                    user_load_variables($login, $prefix);
                    if (empty($GLOBALS[$prefix . 'login']) || $GLOBALS[$prefix . 'login'] != $login) {
                        user_add_user($login, $password, '', '', '', 'N');
                        //Redirect new users to enter user date
                        $GLOBALS['newUserUrl'] = $GLOBALS['SERVER_URL'] . "edit_user.php?user={$login}";
                    } else {
                        //refresh their password in webcal_user
                        user_update_user_password($login, $password);
                    }
                }
                return $ret;
            }
            fputs($stream, "a001 LOGOUT\r\n");
        }
    }
    // return failure
    return $ret;
}