/**
* Renew session
*/
public function action_renew()
{
$input = request::input(null, true, true);
$result = ['success' => false, 'error' => []];
if (!empty($input['token'])) {
$crypt = new crypt();
$token_data = $crypt->token_validate($input['token'], ['skip_time_validation' => true]);
if (!($token_data === false || $token_data['id'] !== 'general')) {
$result['success'] = true;
}
}
layout::render_as($result, 'application/json');
}
/**
* This would process error message sent from frontend
*/
public function action_index()
{
$input = request::input();
if (!empty($input['token'])) {
$crypt = new crypt();
$token_data = $crypt->token_validate($input['token'], ['skip_time_validation' => true]);
if (!($token_data === false || $token_data['id'] !== 'general')) {
$input['data'] = json_decode($input['data'], true);
error_base::error_handler('javascript', $input['data']['message'], $input['data']['file'], $input['data']['line']);
}
}
// rendering
layout::render_as(file_get_contents(__DIR__ . '/error.png'), 'image/png');
}
public static function init()
{
$username = get('username');
$password = get('password');
if (!$username) {
exit('Пожалуйста, укажите имя для пользователя.');
}
if (!$password) {
exit('Пожалуйста, укажите пароль пользователю.');
}
if (string::length($password) < 6) {
exit('Ваш пароль не может быть менее 6 символов.');
}
$user = users::get_by_name($username);
if (!$user) {
exit('Данного пользователя не существует.');
}
if (!crypt::is_valid($password, $user->hash, $user->salt)) {
exit('Указанный вами пароль не совпадает с тем, что был указан при регистрации.');
}
$is_authorized = template_session::login($user->id);
if (!$is_authorized) {
exit('Нарушение логической цепи: авторизация не произведена.');
}
}
public static function is_valid($password, $hash, $salt)
{
list($tmp_hash, $tmp_salt) = crypt::password($password, $salt);
if ($tmp_hash === $hash and $tmp_salt === $salt) {
return true;
}
return false;
}
public static function add($name, $password, $role_id)
{
list($hash, $salt) = crypt::password($password);
$q = new cquery(RUDE_DATABASE_TABLE_USERS);
$q->add(RUDE_DATABASE_FIELD_NAME, $name);
$q->add(RUDE_DATABASE_FIELD_HASH, $hash);
$q->add(RUDE_DATABASE_FIELD_SALT, $salt);
$q->add(RUDE_DATABASE_FIELD_ROLE_ID, $role_id);
$q->query();
return $q->get_id();
}
function testPasswordEncryption()
{
global $opt;
$opt['logic']['password_hash'] = false;
$plain_text = 'very important data';
$md5HashedPassword = crypt::encryptPassword($plain_text);
$this->assertEquals('c75ac45eabed45d667359462b6a8e93e', $md5HashedPassword);
$opt['logic']['password_hash'] = true;
$opt['logic']['password_salt'] = '?S<,XyB1Y[y_Gz>b';
$encryptedPassword = crypt::encryptPassword($plain_text);
$this->assertEquals('8b1d376a76e6430738d8322a6e3f4ebd5e8632f67052de7b74c8ca745bda6f11c7ea05db7de0c14bb097d3033557eb81d7fae21de988efc5353ed2f77dab504b', $encryptedPassword);
}
function AddManager($username, $password, $bd)
{
include dirname(__FILE__) . "/ressources/settings.inc";
$password = crypt::hmac('artica', $password);
$date = date('Y-m-d H:i:s');
$sql = "SELECT user_pwd FROM dotclear_user WHERE user_id='{$uid}'";
$ligne = @mysql_fetch_array(zQUERY_SQL($bd, $sql));
if ($ligne["user_pwd"] == null) {
$sql = "INSERT INTO `dotclear_user` (`user_id`, `user_super`, `user_status`, `user_pwd`, `user_recover_key`,\n \t\t\t\t`user_name`, `user_firstname`, `user_displayname`, `user_email`, `user_url`,\n \t\t\t\t`user_desc`, `user_default_blog`, `user_options`, `user_lang`, `user_tz`,\n \t\t\t\t`user_post_status`, `user_creadt`,\n \t\t\t`user_upddt`) VALUES\n\t\t\t\t('{$username}', 1, 1, '{$password}', NULL, '{$username}', '{$username}', NULL, '*****@*****.**', \n\t\t\t\tNULL, NULL, NULL, 'a:3:{s:9:\"edit_size\";i:24;s:14:\"enable_wysiwyg\";b:1;s:11:\"post_format\";s:4:\"wiki\";}', 'en',\n\t\t\t\t 'Europe/Berlin', -2, '{$date}', '{$date}');";
zQUERY_SQL($bd, $sql);
} else {
$sql = "UPDATE `artica_backup`.`dotclear_user` SET `user_pwd` = '{$password}' WHERE `dotclear_user`.`user_id` = '{$username}' LIMIT 1 ;";
zQUERY_SQL($bd, $sql);
}
}
public function login()
{
$this->pass = parent::encrypt($this->pass);
$select = DataBase::connect()->prepare("select * from client where login=:login and pass=:pass");
$ex = $select->execute(array('login' => $this->login, 'pass' => $this->pass));
$e = $select->rowCount();
if ($e > 0) {
while ($line = $select->fetch(PDO::FETCH_OBJ)) {
$this->id = $line->id_client;
}
session_start();
$_SESSION["login"] = $this->login;
$_SESSION["pass"] = $this->pass;
$_SESSION["id"] = $this->id;
header('location:compte.php');
} else {
return false;
}
}
function addUserSignup($user_id, $user_fullname, $user_email, $password, $lang, $token)
{
global $core;
# Clean Up user_id
$user_id = preg_replace("( )", "_", $user_id);
$user_id = cleanString($user_id);
# Check if user's information already exist in not pending users
$rs1 = $core->con->select("SELECT user_id, user_fullname, user_email\n\t\tFROM " . $core->prefix . "user\n\t\tWHERE lower(user_id) = '" . strtolower($user_id) . "'\n\t\tOR lower(user_fullname) = '" . strtolower($user_fullname) . "'\n\t\tOR lower(user_email) = '" . strtolower($user_email) . "'");
if ($rs1->count() > 0) {
if ($rs1->f('user_id') == $user_id) {
$error[] = sprintf(T_('The user %s already exists'), $user_id);
}
if ($rs1->f('user_fullname') == $user_fullname) {
$error[] = sprintf(T_('The user %s already exists'), $user_fullname);
}
if ($rs1->f('user_email') == $user_email) {
$error[] = sprintf(T_('The email address %s is already in use'), $user_email);
}
} else {
# Check if website is already in use
$rs2 = $core->con->select("SELECT " . $core->prefix . "user.user_id\n\t\t\tFROM " . $core->prefix . "user, " . $core->prefix . "site\n\t\t\tWHERE " . $core->prefix . "site.user_id = " . $core->prefix . "user.user_id\n\t\t\tAND site_url = '" . $url . "'");
if ($rs2->count() > 0) {
$error[] = sprintf(T_('The website %s is already assigned to the user %s'), $url, $user_id);
}
}
# All OK
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = $user_id;
$cur->user_fullname = $user_fullname;
$cur->user_email = $user_email;
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $password);
$cur->user_token = $token;
$cur->user_status = 0;
$cur->user_lang = $lang;
$cur->created = array(' NOW() ');
$cur->modified = array(' NOW() ');
$cur->insert();
}
return $error;
}
foreach ($core->getFormaters() as $v) {
$formaters_combo[$v] = $v;
}
foreach ($core->blog->getAllPostStatus() as $k => $v) {
$status_combo[$v] = $k;
}
# Language codes
$langs = l10n::getISOcodes(1, 1);
foreach ($langs as $k => $v) {
$lang_avail = $v == 'en' || is_dir(DC_L10N_ROOT . '/' . $v);
$lang_combo[] = new formSelectOption($k, $v, $lang_avail ? 'avail10n' : '');
}
# Add or update user
if (isset($_POST['user_name'])) {
try {
$pwd_check = !empty($_POST['cur_pwd']) && $core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['cur_pwd']));
if ($core->auth->allowPassChange() && !$pwd_check && $user_email != $_POST['user_email']) {
throw new Exception(__('If you want to change your email or password you must provide your current password.'));
}
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_name = $user_name = $_POST['user_name'];
$cur->user_firstname = $user_firstname = $_POST['user_firstname'];
$cur->user_displayname = $user_displayname = $_POST['user_displayname'];
$cur->user_email = $user_email = $_POST['user_email'];
$cur->user_url = $user_url = $_POST['user_url'];
$cur->user_lang = $user_lang = $_POST['user_lang'];
$cur->user_tz = $user_tz = $_POST['user_tz'];
$cur->user_post_status = $user_post_status = $_POST['user_post_status'];
$user_options['edit_size'] = (int) $_POST['user_edit_size'];
if ($user_options['edit_size'] < 1) {
$user_options['edit_size'] = 10;
$sql = "SELECT user_id, user_fullname, user_email FROM " . $core->prefix . "user\n\t\t\t\tWHERE lower(user_id) != '" . strtolower($user_id) . "'\n\t\t\t\tAND (lower(user_fullname) = '" . strtolower($new_fullname['value']) . "'\n\t\t\t\tOR lower(user_email) = '" . strtolower($new_email['value']) . "')";
$rs1 = $core->con->select($sql);
if ($rs1->count() > 0) {
if ($rs1->f('user_fullname') == $new_fullname['value']) {
$error[] = sprintf(T_('The user %s already exists'), $new_fullname['value']);
}
if ($rs1->f('user_email') == $new_email['value']) {
$error[] = sprintf(T_('The email address %s is already in use by %s'), $new_email['value'], $rs1->f('user_id'));
}
}
if (empty($error)) {
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_fullname = $new_fullname['value'];
$cur->user_email = $new_email['value'];
if (!empty($new_password['value'])) {
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $new_password['value']);
}
$cur->modified = array(' NOW() ');
$cur->update("WHERE user_id = '{$user_id}'");
$user_perms = $core->getUserRolePermissions($user_id);
if ($user_perms->{'role'} == "god") {
$blog_settings->put('author_mail', $new_email['value'], "string");
$blog_settings->put('author', $new_fullname['value'], "string");
}
$output = sprintf(T_("User %s successfully updated"), $new_id['value']);
}
} else {
if (!$new_fullname['success']) {
$error[] = $new_fullname['error'];
}
if (!$new_email['success']) {
protected function importUsers()
{
$db = $this->db();
$prefix = $this->vars['db_prefix'];
$rs = $db->select('SELECT * FROM ' . $prefix . 'user');
try {
$this->con->begin();
while ($rs->fetch()) {
if (!$this->core->userExists($rs->user_id)) {
$cur = $this->con->openCursor($this->prefix . 'user');
$cur->user_id = $rs->user_id;
$cur->user_name = $rs->user_nom;
$cur->user_firstname = $rs->user_prenom;
$cur->user_displayname = $rs->user_pseudo;
$cur->user_pwd = crypt::createPassword();
$cur->user_email = $rs->user_email;
$cur->user_lang = $rs->user_lang;
$cur->user_tz = $this->core->blog->settings->system->blog_timezone;
$cur->user_post_status = $rs->user_post_pub ? 1 : -2;
$cur->user_options = new ArrayObject(array('edit_size' => (int) $rs->user_edit_size, 'post_format' => $rs->user_post_format));
$permissions = array();
switch ($rs->user_level) {
case '0':
$cur->user_status = 0;
break;
case '1':
# editor
$permissions['usage'] = true;
break;
case '5':
# advanced editor
$permissions['contentadmin'] = true;
$permissions['categories'] = true;
$permissions['media_admin'] = true;
break;
case '9':
# admin
$permissions['admin'] = true;
break;
}
$this->core->addUser($cur);
$this->core->setUserBlogPermissions($rs->user_id, $this->blog_id, $permissions);
}
}
$this->con->commit();
$db->close();
} catch (Exception $e) {
$this->con->rollback();
$db->close();
throw $e;
}
}
/**
* Client unique ID
*
* Returns a "almost" safe client unique ID.
*
* @param string $key HMAC key
* @return string
*/
public static function browserUID($key)
{
$uid = '';
$uid .= isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_ENCODING']) ? $_SERVER['HTTP_ACCEPT_ENCODING'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_LANGUAGE']) ? $_SERVER['HTTP_ACCEPT_LANGUAGE'] : '';
$uid .= isset($_SERVER['HTTP_ACCEPT_CHARSET']) ? $_SERVER['HTTP_ACCEPT_CHARSET'] : '';
return crypt::hmac($key, $uid);
}
if ($rs0->f('nb') > 0) {
$flash['error'][] = T_("Two users have the same name, impossible to import. Please try again. Username : "******"user");
$cur->user_id = $user_id;
$cur->user_fullname = $nom_membre;
$cur->user_email = $email_membre;
$cur->user_status = $statut_membre;
$cur->user_lang = $blog_settings->get('planet_lang');
$cur->created = array('NOW()');
$cur->modified = array('NOW()');
if ($user_id == $author_id) {
$cur->update("WHERE user_id == '" . $author_id . "'");
} else {
$cur->user_pwd = crypt::hmac($user_id, $email_membre);
$cur->insert();
}
$rs3 = $core->con->select('SELECT MAX(site_id) ' . 'FROM ' . $core->prefix . 'site ');
$next_site_id = (int) $rs3->f(0) + 1;
$cur = $core->con->openCursor($core->prefix . 'site');
$cur->site_id = $next_site_id;
$cur->user_id = $user_id;
$cur->site_name = '';
$cur->site_url = $site_membre;
$cur->site_status = 1;
$cur->created = array(' NOW() ');
$cur->modified = array(' NOW() ');
$cur->insert();
}
break;
private function set_cookie_crypt()
{
$crypt_type = $this->get_config()->cookie->crypt->type;
if ($crypt_type) {
http_cookie::set_crypt(crypt::get($crypt_type));
}
}
try {
$ret_code = dc_lang_install($dest);
} catch (Exception $e) {
@unlink($dest);
throw $e;
}
@unlink($dest);
http::redirect('langs.php?added=' . $ret_code);
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
}
# Upload a language pack
if ($is_writable && !empty($_POST['upload_pkg'])) {
try {
if (empty($_POST['your_pwd']) || !$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
throw new Exception(__('Password verification failed'));
}
files::uploadStatus($_FILES['pkg_file']);
$dest = DC_L10N_ROOT . '/' . $_FILES['pkg_file']['name'];
if (!move_uploaded_file($_FILES['pkg_file']['tmp_name'], $dest)) {
throw new Exception(__('Unable to move uploaded file.'));
}
try {
$ret_code = dc_lang_install($dest);
} catch (Exception $e) {
@unlink($dest);
throw $e;
}
@unlink($dest);
http::redirect('langs.php?added=' . $ret_code);
/**
* Send an email
*
* @param array $options
* @return array
*/
public function send($options)
{
$result = ['success' => false, 'error' => [], 'unique_id' => null];
// see if we need to validate
if (empty($options['validated'])) {
$temp = $this->validate($options);
if (!$temp['success']) {
return $temp;
} else {
if (!empty($temp['data']['requires_fetching'])) {
// we error if we require fetching from database
$result['error'][] = 'Fetching of email addresses is required!';
return $result;
} else {
$options = $temp['data'];
}
}
}
// to, cc, bcc
$recepients = [];
foreach (['to', 'cc', 'bcc'] as $r) {
$recepients[$r] = [];
foreach ($options[$r] as $v) {
// todo: add recepient name here
$recepients[$r][] = $v['email'];
}
$recepients[$r] = implode(',', $recepients[$r]);
}
// crypt object
$crypt = new crypt();
// todo: use unique id for tracking
$result['unique_id'] = $crypt->hash([$recepients, $options['subject'], microtime()]);
// generating header
if (isset($options['header'])) {
$header = $options['header'];
} else {
$header = '';
}
if (isset($options['from']['name'])) {
$header .= "From: {$options['from']['name']} <{$options['from']['email']}>\n";
$header .= "Organization: {$options['from']['name']}\n";
} else {
$header .= "From: {$options['from']['email']}\n";
}
if (!empty($recepients['bcc'])) {
$header .= "Bcc: " . $recepients['bcc'] . "\n";
}
if (!empty($recepients['cc'])) {
$header .= "Cc: " . $recepients['cc'] . "\n";
}
$header .= "Reply-To: {$options['from']['email']}\n";
$header .= "Errors-To: {$options['from']['email']}\n";
$header .= "MIME-Version: 1.0\n";
$header .= "X-Mailer: PHP/" . phpversion() . "\n";
// generating body for no attachment and a single message
if (empty($options['attachments']) && count($options['message']) == 1) {
$part = reset($options['message']);
$header .= "Content-Type: {$part['type']};\n charset=\"{$part['charset']}\"\n";
$header .= "Content-Transfer-Encoding: {$part['encoding']}\n";
$body = $part['data'];
} else {
// has attachments or multiple messages
$body_text = "";
$unique_hash = $crypt->hash(mt_rand());
$body_boundary = "boundary." . $unique_hash;
$body_header = "";
$body_header .= "Content-Type: multipart/alternative; boundary=\"{$body_boundary}\"\n";
$body_header .= "Content-Transfer-Encoding: 7bit\n";
$body_header .= "Content-Disposition: inline\n";
// going though messages
foreach ($options['message'] as $part) {
$body_text .= "--{$body_boundary}\n";
$body_text .= "Content-Type: {$part['type']}; charset=\"{$part['charset']}\"\n";
$body_text .= "Content-Transfer-Encoding: {$part['encoding']}\n\n";
$body_text .= $this->encode_part($part) . "\n\n";
}
$body_text .= "\n--{$body_boundary}--\n";
// if we have attachments
$text_part = "\nThis is a multi-part message in MIME format.\n\n";
if (!empty($options['attachments'])) {
$attachment_boundary = "boundary." . $unique_hash . ".attachments";
$header .= "Content-Type: multipart/mixed; boundary=\"{$attachment_boundary}\"";
$text_part .= "--{$attachment_boundary}\n";
$text_part .= "{$body_header}\n";
$text_part .= $body_text;
// going though them
foreach ($options['attachments'] as $v) {
$text_part .= "--{$attachment_boundary}\n";
$text_part .= "Content-Type: {$v['type']}; name=\"{$v['name']}\"\n";
$text_part .= "Content-Transfer-Encoding: base64\n";
$text_part .= "Content-Disposition: attachment; filename=\"{$v['name']}\"\n\n";
$text_part .= $this->encode_part(['data' => $v['data'], 'encoding' => 'base64']);
}
$text_part .= "\n--{$attachment_boundary}--\n";
} else {
$header .= $body_header;
$text_part .= $body_text;
}
$body = $text_part;
}
// trying to deliver
if (mail($recepients['to'], $options['subject'], $body, $header)) {
$result['success'] = true;
} else {
$result['error'][] = 'Could not deliver mail!';
}
return $result;
}
public static function checkUserCode($core, $code)
{
$code = pack('H*', $code);
$user_id = trim(@pack('a32', substr($code, 0, 32)));
$pwd = @unpack('H40hex', substr($code, 32, 40));
if ($user_id === false || $pwd === false) {
return false;
}
$pwd = $pwd['hex'];
$strReq = 'SELECT user_id, user_pwd ' . 'FROM ' . $core->prefix . 'user ' . "WHERE user_id = '" . $core->con->escape($user_id) . "' ";
$rs = $core->con->select($strReq);
if ($rs->isEmpty()) {
return false;
}
if (crypt::hmac(DC_MASTER_KEY, $rs->user_pwd) != $pwd) {
return false;
}
return $rs->user_id;
}
$default_tz = $_tz;
}
}
unset($_tz);
}
}
# Create schema
$_s = new dbStruct($core->con, $core->prefix);
require dirname(__FILE__) . '/../../inc/dbschema/db-schema.php';
$si = new dbStruct($core->con, $core->prefix);
$changes = $si->synchronize($_s);
# Create user
$cur = $core->con->openCursor($core->prefix . 'user');
$cur->user_id = $u_login;
$cur->user_super = 1;
$cur->user_pwd = crypt::hmac(DC_MASTER_KEY, $u_pwd);
$cur->user_name = (string) $u_name;
$cur->user_firstname = (string) $u_firstname;
$cur->user_email = (string) $u_email;
$cur->user_lang = $dlang;
$cur->user_tz = $default_tz;
$cur->user_creadt = array('NOW()');
$cur->user_upddt = array('NOW()');
$cur->user_options = serialize($core->userDefaults());
$cur->insert();
$core->auth->checkUser($u_login);
$admin_url = preg_replace('%install/index.php$%', '', $_SERVER['REQUEST_URI']);
$root_url = preg_replace('%/admin/install/index.php$%', '', $_SERVER['REQUEST_URI']);
# Create blog
$cur = $core->con->openCursor($core->prefix . 'blog');
$cur->blog_id = 'default';
* @throws \RuntimeException raised on missing mcrypt
* @throws \InvalidArgumentException raised on decrypting failed
* @param string $cipher encrypted message
* @return string decrypted message
*/
public function decrypt($cipher)
{
// test for tag on cipher and pass back provided cipher as is if tag is missing
if (substr($cipher, 0, 8) !== 'TXF!CIPH') {
log::warning('actually not decrypting since cipher is not properly encrypted');
return $cipher;
}
if (!is_callable('mcrypt_module_open')) {
throw new \RuntimeException('missing mcrypt');
}
// actually decrypt provided cipher
mcrypt_generic_init($this->cryptModule, $this->preparedKey(), $this->preparedIV());
$decrypted = mdecrypt_generic($this->cryptModule, substr($cipher, 8));
mcrypt_generic_deinit($this->cryptModule);
// check integrity of decrypted message
$cleartext = substr($decrypted, 20);
$hash = substr($decrypted, 0, 20);
if (sha1($cleartext, true) !== $hash) {
log::error('decryption failed');
throw new \InvalidArgumentException('decryption failed');
}
return $cleartext;
}
}
crypt::init();
/**
* Restores variable space from current snapshot made to be storable in
* session.
*/
protected final function makeUsable()
{
if (trim($this->storable)) {
if (data::autoType(config::get('session.encrypt', false), 'boolean')) {
try {
$space = unserialize(crypt::create()->decrypt($this->storable));
} catch (\InvalidArgumentException $e) {
log::warning('session lost due to failed decryption, might be okay if browser lost cookie in between');
$space = array();
}
} else {
$space = unserialize($this->storable);
}
if (is_array($space)) {
$this->usable = $space;
}
$this->storable = null;
}
if (!is_array($this->usable)) {
$this->usable = array();
}
}
protected function importUsers()
{
$db = $this->db();
$prefix = $this->vars['db_prefix'];
$rs = $db->select('SELECT * FROM ' . $prefix . 'users');
try {
$this->con->begin();
while ($rs->fetch()) {
$user_login = preg_replace('/[^A-Za-z0-9@._-]/', '-', $rs->user_login);
$this->vars['user_ids'][$rs->ID] = $user_login;
if (!$this->core->userExists($user_login)) {
$cur = $this->con->openCursor($this->prefix . 'user');
$cur->user_id = $user_login;
$cur->user_pwd = crypt::createPassword();
$cur->user_displayname = $rs->user_nicename;
$cur->user_email = $rs->user_email;
$cur->user_url = $rs->user_url;
$cur->user_creadt = $rs->user_registered;
$cur->user_lang = $this->core->blog->settings->lang;
$cur->user_tz = $this->core->blog->settings->blog_timezone;
$permissions = array();
$rs_meta = $db->select('SELECT * FROM ' . $prefix . 'usermeta WHERE user_id = ' . $rs->ID);
while ($rs_meta->fetch()) {
switch ($rs_meta->meta_key) {
case 'first_name':
$cur->user_firstname = $this->cleanStr($rs_meta->meta_value);
break;
case 'last_name':
$cur->user_name = $this->cleanStr($rs_meta->meta_value);
break;
case 'description':
$cur->user_desc = $this->cleanStr($rs_meta->meta_value);
break;
case 'rich_editing':
$cur->user_options = new ArrayObject(array('enable_wysiwyg' => $rs_meta->meta_value == 'true' ? true : false));
break;
case 'wp_user_level':
switch ($rs_meta->meta_value) {
case '0':
# Subscriber
$cur->user_status = 0;
break;
case '1':
# Contributor
$permissions['usage'] = true;
$permissions['publish'] = true;
$permissions['delete'] = true;
break;
case '2':
# Author
# Author
case '3':
case '4':
$permissions['contentadmin'] = true;
$permissions['media'] = true;
break;
case '5':
# Editor
# Editor
case '6':
case '7':
$permissions['contentadmin'] = true;
$permissions['categories'] = true;
$permissions['media_admin'] = true;
$permissions['pages'] = true;
$permissions['blogroll'] = true;
break;
case '8':
# Administrator
# Administrator
case '9':
case '10':
$permissions['admin'] = true;
break;
}
break;
}
}
$this->core->addUser($cur);
$this->core->setUserBlogPermissions($cur->user_id, $this->blog_id, $permissions);
}
}
$this->con->commit();
$db->close();
} catch (Exception $e) {
$this->con->rollback();
$db->close();
throw $e;
}
}
/**
* Pre render processing
*/
public static function pre_render()
{
$crypt_class = new crypt();
$token = urldecode($crypt_class->token_create('general'));
layout::js_data(['token' => $token, 'controller_full' => application::get(['mvc', 'full']), 'flag' => ['global' => ['format' => format::$options]], 'object_data_domains' => ['data' => object_data_domains::get_static()]]);
}
$blog_id = '';
if (!empty($_POST['blog_id'])) {
try {
$rs = $core->getBlog($_POST['blog_id']);
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
if ($rs->isEmpty()) {
$core->error->add(__('No such blog ID'));
} else {
$blog_id = $rs->blog_id;
}
}
# Delete the blog
if (!$core->error->flag() && $blog_id && !empty($_POST['del'])) {
if (!$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['pwd']))) {
$core->error->add(__('Password verification failed'));
} else {
try {
$core->delBlog($blog_id);
http::redirect('blogs.php?del=1');
} catch (Exception $e) {
$core->error->add($e->getMessage());
}
}
}
dcPage::open('Delete a blog');
if (!$core->error->flag()) {
echo '<h2>' . __('Delete a blog') . '</h2>' . '<p class="message">' . __('Warning') . '</p>' . '<p>' . sprintf(__('You are about to delete the blog %s. Every entry, comment and category will be deleted.'), '<strong>' . $blog_id . '</strong>') . '</p>' . '<p>' . __('Please give your password to confirm the blog deletion.') . '</p>';
echo '<form action="blog_del.php" method="post">' . '<div>' . $core->formNonce() . '</div>' . '<p><label>' . __('Your password:'******' ' . form::password('pwd', 20, 255) . '</label></p>' . '<p><input type="submit" name="del" value="' . __('Delete this blog') . '" />' . form::hidden('blog_id', $blog_id) . '</p>' . '</form>';
}
private function getUserCursor(&$cur)
{
if ($cur->isField('user_id') && !preg_match('/^[A-Za-z0-9@._-]{2,}$/', $cur->user_id)) {
throw new Exception(T_('User ID must contain at least 2 characters using letters, numbers or symbols.'));
}
if ($cur->user_url !== null && $cur->user_url != '') {
if (!preg_match('|^http(s?)://|', $cur->user_url)) {
$cur->user_url = 'http://' . $cur->user_url;
}
}
if ($cur->isField('user_pwd')) {
if (strlen($cur->user_pwd) < 6) {
throw new Exception(T_('Password must contain at least 6 characters.'));
}
$cur->user_pwd = crypt::hmac('BP_MASTER_KEY', $cur->user_pwd);
}
if ($cur->user_lang !== null && !preg_match('/^[a-z]{2}(-[a-z]{2})?$/', $cur->user_lang)) {
throw new Exception(T_('Invalid user language code'));
}
if ($cur->user_upddt === null) {
$cur->user_upddt = array('NOW()');
}
if ($cur->user_options !== null) {
$cur->user_options = serialize((array) $cur->user_options);
}
}
public function try_login($user, $password, $permanent)
{
if ($password == '') {
return LOGIN_EMPTY_USERPASSWORD;
}
$encryptedPassword = crypt::encryptPassword($password);
return $this->try_login_encrypted($user, $encryptedPassword, $permanent);
}
public function process($do)
{
if ($do == 'single' || $do == 'full') {
$this->status = $do;
return;
}
$to_unlink = false;
# Single blog import
$files = $this->getPublicFiles();
$single_upl = null;
if (!empty($_POST['public_single_file']) && in_array($_POST['public_single_file'], $files)) {
$single_upl = false;
} elseif (!empty($_FILES['up_single_file'])) {
$single_upl = true;
}
if ($single_upl !== null) {
if ($single_upl) {
files::uploadStatus($_FILES['up_single_file']);
$file = DC_TPL_CACHE . '/' . md5(uniqid());
if (!move_uploaded_file($_FILES['up_single_file']['tmp_name'], $file)) {
throw new Exception(__('Unable to move uploaded file.'));
}
$to_unlink = true;
} else {
$file = $_POST['public_single_file'];
}
try {
$bk = new dcImport($this->core, $file);
$bk->importSingle();
} catch (Exception $e) {
if ($to_unlink) {
@unlink($file);
}
throw $e;
}
if ($to_unlink) {
@unlink($file);
}
http::redirect($this->getURL() . '&do=single');
}
# Full import
$full_upl = null;
if (!empty($_POST['public_full_file']) && in_array($_POST['public_full_file'], $files)) {
$full_upl = false;
} elseif (!empty($_FILES['up_full_file'])) {
$full_upl = true;
}
if ($full_upl !== null && $this->core->auth->isSuperAdmin()) {
if (empty($_POST['your_pwd']) || !$this->core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY, $_POST['your_pwd']))) {
throw new Exception(__('Password verification failed'));
}
if ($full_upl) {
files::uploadStatus($_FILES['up_full_file']);
$file = DC_TPL_CACHE . '/' . md5(uniqid());
if (!move_uploaded_file($_FILES['up_full_file']['tmp_name'], $file)) {
throw new Exception(__('Unable to move uploaded file.'));
}
$to_unlink = true;
} else {
$file = $_POST['public_full_file'];
}
try {
$bk = new dcImport($this->core, $file);
$bk->importFull();
} catch (Exception $e) {
if ($to_unlink) {
@unlink($file);
}
throw $e;
}
if ($to_unlink) {
@unlink($file);
}
http::redirect($this->getURL() . '&do=full');
}
header('content-type:text/plain');
var_dump($_POST);
exit;
$this->status = true;
}
public static function encryptPassword($password)
{
// Calls the password encryption chained
$pwmd5 = crypt::firstStagePasswordEncryption($password);
return crypt::secondStagePasswordEncryption($pwmd5);
}
/**
* Sets up user folders and keys for serverside encryption
*
* @param string $passphrase to encrypt server-stored private key with
* @return bool
*/
public function setupServerSide($passphrase = null)
{
// Set directories to check / create
$setUpDirs = array($this->userDir, $this->publicKeyDir, $this->encryptionDir, $this->keysPath);
// Check / create all necessary dirs
foreach ($setUpDirs as $dirPath) {
if (!$this->view->file_exists($dirPath)) {
$this->view->mkdir($dirPath);
}
}
// Create user keypair
// we should never override a keyfile
if (!$this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
// Generate keypair
$keypair = Crypt::createKeypair();
if ($keypair) {
\OC_FileProxy::$enabled = false;
// Encrypt private key with user pwd as passphrase
$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $passphrase, Helper::getCipher());
// Save key-pair
if ($encryptedPrivateKey) {
$header = crypt::generateHeader();
$this->view->file_put_contents($this->privateKeyPath, $header . $encryptedPrivateKey);
$this->view->file_put_contents($this->publicKeyPath, $keypair['publicKey']);
}
\OC_FileProxy::$enabled = true;
}
} else {
// check if public-key exists but private-key is missing
if ($this->view->file_exists($this->publicKeyPath) && !$this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library', 'public key exists but private key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
} else {
if (!$this->view->file_exists($this->publicKeyPath) && $this->view->file_exists($this->privateKeyPath)) {
\OCP\Util::writeLog('Encryption library', 'private key exists but public key is missing for "' . $this->keyId . '"', \OCP\Util::FATAL);
return false;
}
}
}
return true;
}
function setPassword($password)
{
if (!mb_ereg_match(REGEX_PASSWORD, $password)) {
return false;
}
if (cracklib_checkPW($password, array('open', 'caching', 'cache', $this->getUsername(), $this->getFirstName(), $this->getLastName())) == false) {
return false;
}
$encryptedPassword = crypt::encryptPassword($password);
return $this->reUser->setValue('password', $encryptedPassword);
}
